JP2007328411A - Image processing apparatus, authentication server selection method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable selection of authentication server which suits a user only by input of user information when selecting one server which MFP (Multi-Function Peripherals) requests from a plurality of available authentication servers even when login of a telnet (telecommunication network) or an ftp (file transfer protocol), etc. or indication of a server to be selected is difficult due to not having an advanced UI (user interface) in an operation section. <P>SOLUTION: The MFP updates or manages an authentication server table which records frequency of success of requested authentication for every registered authentication server whenever login is successful (S211), refers to history information of the table at login by the user, and performs order of requesting user authentication in descending order of success frequency of server (S205-209). Since server selection is performed by this priority order, priority is given to a server of good response, and performance is kept good. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention is capable of requesting user authentication from an authentication server via a network, and performing an image output process in response to a processing request on the condition that user authentication is established. More specifically, the present invention relates to an image processing apparatus such as a facsimile apparatus, and more specifically, to select the image processing apparatus, the authentication server selection method, and the authentication server for selecting the requested authentication server based on the user information attached to the processing request. Related to the program.

As a device that performs image processing based on the function to print out input document data, MFPs (Multi-Function Peripherals) that combine functions such as copying, faxing, printers, scanners, and document boxes are widely used. Has been. The MFP is connected to a network such as the Internet or an intranet, and in addition to digitized data of a paper document input through a scanner included in the MFP, the MFP is also input from an external device such as a host PC via the network. As seen in functions such as a document box, it is stored and managed in a storage device such as an HDD.
Considering that documents stored and managed in the storage device can be used jointly by multiple users and can be accessed via a network when connected to the network, tampering, unauthorized access, There is a risk of information leakage, and there is a strong need to protect data from such danger and ensure security. In particular, in the case of an MFP machine having a paper document input means, there is a high necessity because a case where an internal confidential document is digitized is assumed.

In order to ensure the required security, this type of image processing device used on the network is equipped with a user authentication function, which restricts the use of the logged-in user and stores user usage history information. User management is possible.
Taking an MFP as an example, it is often the case that one MFP installed on the floor is shared by users in a plurality of departments. In such a case, a method of performing user management in a system having an authentication server for each department is usually adopted as in the case of PC (Personal Computer) user management.
However, when the system is configured by such a method, in the case of the MFP, since the user account does not exist in the MFP but exists in a plurality of authentication servers, a switching operation for selecting an authentication server to be used from the MFP becomes necessary. .
In the case of PC user management, since the PC is generally used for personal use, it is only necessary to request an authentication from the authentication server that manages the department to which the user who is mainly used belongs. There is almost no need to switch from the departmental authentication server to another.
However, in the case of an MFP, an operation situation is assumed in which a plurality of authentication servers are selected and switched for each user.

As a prior art related to an authentication function that enables selection of a means for requesting authentication when using a plurality of authentication means from an image processing apparatus such as an MFP on a network, the following Patent Document 1 (Japanese Patent Laid-Open No. 2005-149256) is disclosed. Gazette).
In a system in which different types of authentication means exist on the network, Patent Literature 1 sets priorities for different types of authentication means that can be used in advance by a user operation on the setting screen, and sets the authentication means according to the settings. The functions that can be selected are shown. According to this function, even when authentication is not possible due to some reason, such as when there is no user account in the authentication method that requested authentication earlier, the next authentication method with the set priority is selected and requested for authentication. Make it possible to do.
Therefore, every time authentication fails, the user can perform the operation again to designate another authentication means, and the operability can be improved. Patent Document 1 shows an example in which priority is set from the operation panel of the MFP, with local authentication by means built in the MFP, NT authentication or LDAP authentication by a server provided on the network being selected. Yes.
JP 2005-149256 A

However, the function that enables the selection of the authentication means according to the priority order setting described in Patent Document 1 is set to be performed every time the user logs in, particularly in the case of an MFP that is shared by many users, when trying to use the optimum setting. It becomes necessary to do. In addition, when the operation screen for performing this setting is a small screen and a UI (User Interface) that does not have a keyboard, the operation procedure becomes complicated. In addition, although the complexity of the operation similar to the above is different from the priority order setting method of Patent Document 1, the authentication means to be selected, which is a method generally performed by a PC, is specified by input to the user operation screen. This also occurs when the method to do this is introduced into the MFP.
In addition, the MFP is often used from a remote machine such as a PC because a print output request and device status monitoring are performed via a network. In this case, the MFP uses a login method such as telnet (telecommunication network) or ftp (file transfer protocol), or enters the login ID and password using PJL (Printer Job Language) into the print data created by the printer driver. There is no way to obtain information other than user name and password. Therefore, there is a problem that information for instructing the authentication server cannot be obtained, and an appropriate authentication server cannot be selected.
The present invention has been made in order to solve this problem in view of the above-described problems of the prior art, and the problem is that a server to be selected when selecting a server that requests authentication from a plurality of available authentication servers. Even when using a login method such as telnet or ftp, which is difficult to provide instructions, or when it is not possible to prepare a UI that can easily specify the server to be selected on the operation panel, only user information can be entered to authenticate the user. It is possible to select a server and improve convenience.

According to the first aspect of the present invention, it is possible to accept a processing request to which user information is attached and request user authentication based on the user information to an authentication server via a network, and respond to the processing request on condition that user authentication is established. In an image processing apparatus that performs image output processing to be processed, an authentication server registration unit that registers the authentication server that can request user authentication, and an authentication history storage that stores history information of the requested user authentication for each authentication server And authentication server selection means for selecting a server for requesting user authentication from the servers registered in the authentication server registration means based on the history information of user authentication stored in the authentication history storage means. The above-described problems are solved by doing so.
According to a second aspect of the present invention, in the image processing apparatus according to the first aspect, the authentication server selecting means stores the statistical value of the number of requests successfully authenticated as the user authentication history information of the authentication history storage means. The authentication server to be selected is characterized in that the priority order is the order in which the number of requests that have been successfully authenticated is in descending order, and in this way, the above-described problems are solved.

According to a third aspect of the present invention, in the image processing apparatus according to the first or second aspect, the authentication server selection unit is configured to add user authentication information to the user information attached to the processing request. It is a means for selecting a server indicated in the designation information of the authentication server in preference to selection based on history information, and by doing so, the above-mentioned problems are solved.
According to a fourth aspect of the present invention, in the image processing apparatus according to the third aspect, the designation information of the authentication server is designated by a keyword corresponding to each authentication server name, and the designated keyword is selected by the authentication server selection means. Means for converting to an authentication server name necessary for processing is provided, and in this way, the above-described problems are solved.

The invention according to claim 5 is the image according to any one of claims 1 to 4, wherein an authentication server that has succeeded in the latest authentication is stored for each user as the history information of user authentication of the authentication history storage means. In the processing apparatus, the authentication server selection unit is a unit that gives the highest priority to the authentication server that has succeeded in the latest authentication stored for each user in the authentication history storage unit, and selects the authentication server. This solves the above problem.
According to a sixth aspect of the present invention, in the image processing apparatus according to the fifth aspect, the information stored for each user as an authentication server that has succeeded in the latest authentication in the authentication history storage means Means for initializing by at least one of / OFF and system reset is provided, and the above-described problem is solved by doing so.

The invention of claim 7 accepts a processing request with user information attached, and can request user authentication based on the user information to an authentication server via a network, and respond to the processing request on condition that user authentication is established. In an authentication server selection method in an image processing apparatus that performs image output processing to be processed, an authentication server registration process for registering an authentication server that can request user authentication, and history information of the requested user authentication is stored for each authentication server. The authentication server that requests user authentication from the server registered in the authentication server registration step is selected based on the authentication history storage step to be performed and the user authentication history information for each authentication server stored in the authentication history storage step. An authentication server selection step is performed, and the above-described problem is solved by doing so.
The invention according to claim 8 is the authentication server selection method according to claim 7, wherein the authentication server selection information is attached to the user information attached to the processing request. The server indicated in the designation information of the authentication server is selected in preference to the selection by information, and the above-described problem is solved by doing so.
According to a ninth aspect of the present invention, in the authentication server selecting method according to the seventh or eighth aspect, the authentication history storing step stores, as user authentication history information, an authentication server that has succeeded in the latest authentication for each user. The authentication server selection step is characterized in that the authentication server that succeeded in the latest authentication stored for each user in the authentication history storage step is given the highest priority and is selected. The present invention solves the above problems.

  According to a tenth aspect of the present invention, there is provided a computer in which a program for causing an image processing apparatus according to the first aspect to function as each means of an authentication server registration unit, an authentication history storage unit, and an authentication server selection unit. The above-mentioned problem is solved by driving with.

According to the present invention, when a user requests processing to the image processing apparatus, an authentication server capable of user authentication can be provided on the image processing apparatus side only by inputting user information without inputting an instruction to instruct the authentication server. You can choose. Therefore, except for the conventional restrictions that require an authentication server instruction, when using a login method such as telnet or ftp, or a UI (User Interface) that can provide advanced functions on a large screen cannot be prepared on the operation panel. Even in this case, an authentication server with a user account can be selected, a more versatile authentication function can be provided, and a user operation can be simplified (claims 1 and 7).
In addition, since a frequently used authentication server is preferentially selected, it is possible to improve responsiveness to an authentication request for a high-frequency user without making troublesome settings (claim 2).
In addition, as a method suitable for log-in by remote operation performed using a PC, at the time of log-in, by specifying the authentication server desired by the user attached to the user information, priority is given to selection on the image processing apparatus side, It is possible to make a selection according to the user's intention (claims 3 and 8). At this time, by specifying an authentication server with a keyword corresponding to each authentication server name, the user's operation procedure can be further simplified (claim 4).
In addition, since the latest authentication server that has been successfully authenticated by the user is selected with the highest priority, the responsiveness to the authentication request can be improved (claims 5 and 9).
Further, in order to enable selection corresponding to the user, the server information stored in claim 5 is initialized by any one of elapse of a predetermined time, power ON / OFF, or reset operation. It is possible to eliminate problems that occur in such systems. That is, in a system in which multiple authentication servers can be used for master / backup, if a fast master authentication server happens to be down, if the backup authentication server is switched, the backup authentication server will not temporarily respond. There is a problem that there is no timing for switching to the master authentication server, and the slow server continues to be used. This problem can be solved by initializing the stored server information (claim 6).
In addition, since the function for selecting the authentication server is provided by the program, the function realizing means can be easily configured (claim 10).

In the following, as an embodiment of the image processing apparatus of the present invention, an example in which an MFP is used as an implementation apparatus will be shown.
The MFP according to the present embodiment provides a composite function such as a copy / printer / fax / scanner, print output based on image output data generated by these functions, or an external device (PC, facsimile, etc.). Image output processing such as data transfer to
In addition to responding to login requests for copying, fax transmission, etc., which are instructed from the operation panel of the main body, this image output processing is used for log-out of print output and browsing requests from a remote machine such as a PC (Personal Computer) via the network. Respond.
In addition, the MFP of this example accepts a log-in request from the remote machine that requests MFP status monitoring, access to management information of the MFP, and the like, and performs processing in response to these requests.
However, if processing is performed for all processing requests that are logged in, it is not possible to protect data from dangers such as falsification, unauthorized access, and information leakage of stored and managed documents and data, and security cannot be ensured. The user authentication is performed for the login performed through the operation panel or the network, and when the authentication is established, the login is permitted and the requested job processing is executed.

The MFP of this example uses an authentication server connected to the network for user authentication. That is, the MFP requests input of user identification information such as a user ID when a user requests processing and logs in, and requests user authentication from the authentication server based on the input user ID and the like. The result of establishment / non-establishment of user authentication is obtained from It should be noted that the functions necessary for the MFP to use the authentication server connected to the network and the configuration necessary for realizing the functions are basically described in Patent Document 1 described above as a conventional example. Thus, it can be implemented by using existing technology.
However, the MFP of this example is an MFP that can authenticate a user only by inputting a user ID or the like without inputting an instruction for the authentication server when a user logs in after requesting processing. This function is not a feature of the prior art but is a feature of this MFP.
Although this embodiment shows an example implemented in an MFP, it is also used in an image processing apparatus such as a network printer or a network facsimile that is used in a similar environment on a network and needs to secure security. It can be implemented similarly.
In the embodiment described below, an example in which the user authentication function is handled by the authentication server is shown. However, the same user authentication function as the authentication server has is built in an image processing apparatus such as an MFP and used as one server. Alternatively, all may depend on the authentication server.

First, a processing system that makes it possible to use an authentication server connected to the network from the MFP will be exemplified, and the premise of the configuration and operation of the MFP as an element of the processing system will be described.
FIG. 1 exemplifies the outline of the configuration of this processing system.
The processing system of FIG. 1 assumes a case where one MFP 100 is used jointly by users of a plurality of departments (groups), and is configured to manage the PC groups 300a and 300b used by the users of each group. Accordingly, authentication servers 200a and 200b are provided corresponding to the PC groups 300a and 300b of the group, respectively, and a plurality of authentication servers 200a and 200b can be used from the MFP 100.
Accordingly, the MFP 100, the PC groups 300a and 300b (hereinafter simply referred to as “PC”) are connected to the authentication servers 200a and 200b on a LAN (Local Area Network).
In this processing system, the user logs in to use the copy function, for example, from the operation panel of the MFP 100 as in the existing system, and prints output and stored documents from the PC of his / her department via the network. Log in the browsing request.

Authentication servers 200a and 200b have security account managers (SAM) 210a and 210b each having a user account information database, and perform user authentication in response to a request from MFP 100 using this function. Note that the user account information is usually registered as a combination of a user name (ID) and a password.
As will be described in detail later, MFP 100 has a function of selecting an authentication server capable of user authentication from a plurality of authentication servers 200a and 200b, and instructs user authentication to the authentication server selected by this function. log in.
The network printer 180 and the network FAX 170 connected to the LAN shown in FIG. 1 are other examples of image processing apparatuses that can use the authentication servers 200a and 200b via the network.
As described above, the authentication servers 200a and 200b respond to logins from different image processing apparatuses (terminals) such as the MFP 100, the printer 180, and the FAX 170. When performing user authentication, by logging in to the authentication servers 200a and 200b having the SAM database, it can be operated so that the same account is recognized on any terminal.
Here, user authentication for logs generated in the network printer 180 and the network FAX 170 can be performed in the same manner as in the MFP 100, and therefore, detailed description is omitted instead of the following description taking the MFP 100 as an example.

FIG. 2 is a diagram showing an outline of the hardware configuration of the MFP in FIG.
In the hardware configuration of FIG. 2, a CPU (Central Processing Unit) 11 is an arithmetic unit for operating software, a ROM (Read Only Memory) 12 is a memory device for storing a software program, and a RAM (Random Access Memory) 13 is a program. Is a memory device for temporarily storing data, and these constitute a system control unit. The configuration of software stored in the ROM 12 is outlined in FIG.
In addition, the system control unit controls each device of the image storage device 14, the nonvolatile memory 15, the LAN controller 16, the DCR 17, the scanner 18, the plotter 19, and the operation display panel 20 under the control according to the software program, and performs a target function. The operation for realizing is performed.
Here, the image storage device 14 is a storage device for storing image information passed through the scanner 18 for inputting image information and the LAN controller 16 using a relatively large capacity storage medium.
The non-volatile memory 15 is a non-volatile storage device for storing various setting information such as initial setting values even when the power is turned off.
The LAN controller 16 is a controller for connecting to a network such as Ethernet (registered trademark) or wireless LAN.
The DCR 17 is a conversion device for converting image information (bitmap) into an electronic document.
The scanner 18 is a reading device for converting a paper document into image information (bitmap).
The plotter 19 is a device that prints out image information on paper.
The operation display panel 20 is a device that receives a job processing request or execution instruction by a user operation through an operation screen of an LCD (Liquid Crystal Display) touch panel and notifies the user of the job execution status.
Note that data exchange between the devices is mainly performed via the internal bus 10. FIG. 2 shows the hardware configuration of the MFP. The copy, printer, and scanner are subsets of the configuration shown in FIG.

FIG. 3 is a schematic diagram showing a software configuration in the system control unit of the MFP. Note that the software configuration shown in the figure shows the configuration of the main part related to the user authentication function, and this embodiment is based on the configuration assuming a Windows (registered trademark) network adopted in an existing MFP. The element which realizes the newly required function is added.
The software configuration of the MFP as a premise is roughly composed of a software group of an application unit 30 and a platform unit 40.
Applications such as a copy application 31, a printer application 32, a fax application 33, a scanner application 34, and a document box application 35 of the application unit 30 are used when the processing functions provided in the MFP are used. This is mainly a screen display control program that performs application-specific processing such as UI (User Interface) screen control, key operation control, and job generation.
The copy application 31 performs a copying operation, the printer application 32 performs a printing operation, the fax application 33 performs a facsimile operation, the scanner application 34 performs a reading operation, and the document box application 35 performs image printing on the image storage device 14. Software for saving information and performing operations to acquire image information via a network such as the Web.

The platform unit 40 interprets a processing request from an application, generates a hardware resource acquisition request, and handles the processing commonly required by each application in order to manage the hardware resource. For this purpose, an SRM (system resource manager) and an OS (operating system) shown as the overall control 39 in FIG. 3 are provided. The overall control 39 aggregates and delivers data to the following CS.
In addition, various CSs (control services) are mounted on the platform unit 40. An authentication service 36 and a network service 37 are implemented as CS used for the user authentication function according to the present plan. A part of the network service 37 is provided with a LAN controller 38.
The network service 37 is software that controls a procedure for transferring data to the network and performs processing according to the protocol, and the LAN controller 38 is software that performs hardware control of data transfer to the network.
The authentication service 36 is software for requesting authentication of a user account to the authentication server 200 on the network via the network service 37 and obtaining an authentication result. , 11, 13) is provided.

Here, the user authentication function according to the present plan will be described in more detail.
When a user requests a process and logs in, the normal user authentication is user account authentication. The user name (ID) and password entered by the user are paired, and this combination is registered in the SAM database. Whether the authentication is successful or not is determined based on the result.
In the processing system shown in FIG. 1, when performing the above-described user authentication, the MFP 100 itself can perform authentication by using the authentication servers 200a and 200b via the network without having a SAM database. . However, in the case of a system that can use a plurality of authentication servers 200a and 200b, conventionally, a setting operation for instructing the server by the user has been required. The task of this plan is to eliminate this operation procedure.
In response to this problem, in the present plan, an authentication server that can perform user authentication from a plurality of authentication servers 200a and 200b by simply inputting a user ID or the like without performing input for designating an authentication server on the MFP side. The MFP 100 is provided with a selection function for this purpose so that it can be selected.

FIG. 4 shows an example of a user authentication input screen displayed on the LCD of the operation display panel 20 of the MFP. As shown in the figure, a user name input box 10n, a password input box 10p, a cancel key 10c, and a setting key 10s are provided in the display screen 10w.
Account information is input by the user's operation on this input screen, and the user can be authenticated by this account information to avoid unauthorized use.
The MFP 100 displays this screen at the time of login of the processing request, and after the account information is input to the screen, the MFP 100 requests the authentication server for user authentication in response to pressing of the setting key 10s.
At this time, the MFP 100 designates one authentication server and requests user authentication. Here, since the configuration is a system in which a plurality of authentication servers are connected to the network, one authentication server is selected and designated from among the configurations.
When specifying a server, the history information of the authentication request is referred to in order to select a server that can quickly respond to the request. That is, based on the user authentication history information requested to each server, it is possible to select an authentication server that has been successfully authenticated so far, and a server that is not used or has no record is avoided. For example, a server that takes time to obtain an authentication result depending on the server's capability, usage status, or the like, or is not used so much is not selected.
However, as described above, there is no guarantee that the specified authentication server selected based on the history information will always succeed in the authentication, so if the authentication is not successful, an operation to request another server is performed. Like that. For this reason, when selecting a server that can be requested, priorities are assigned in order from the server that is likely to succeed based on the history information, and in the event of a failure, the requesting operation is performed according to this order.
Alternatively, by building a system that backs up the authentication servers that can perform the same user authentication in a master-slave relationship, select one server and cover it with the server that backs up even if authentication fails, The system may be kept at high performance.

As a premise for making the selection as described above, the MFP 100 first needs to register an authentication server that can be requested.
The registration of the authentication server is performed by using other attached information so that identification information unique to each server can be used for, for example, a selection process of a requested server as in an authentication server table (see FIG. 5) described later. It is associated with information and managed in a predetermined format. The registered authentication server information is stored in the non-volatile memory 15 where data is not lost even when the power is turned off.
The identification information of the authentication server to be registered can use a device ID, a domain used in the network, or the like. As a registration method, it is possible to input by a user (administrator) operation or to automatically register a domain obtained by a network communication procedure.
In addition, the MFP 100 stores user authentication history information in contents and format that can be used to select an authentication server to request. This history information is also stored in the nonvolatile memory 15 in the same manner as the authentication server registration information described above.
As described above, the contents of the history information are information indicating the usage status of each authentication server, and are based on the request date and user name of the log that has been successfully authenticated.
As a format for storing history information, for example, statistics of the number of successful requests as shown in an authentication server table (see FIG. 7) to be described later are taken, and the usage status for each authentication server is represented by a numerical value. This history information is referred to at the time of request, and based on the numerical value obtained, it is possible to select a server that has been successful so far as a request destination server, and to determine the priority when selecting a server To.
As for the history information acquisition method, every time a response to a job requested from the authentication server is returned, the response content is analyzed, and at least the authentication date and time, user name, etc. of the job that has been successfully authenticated are acquired. Are reflected in the history information expressed in a format suitable for use.

In the following “Embodiment 1” to “Embodiment 5”, processing examples using the user authentication function of the present plan are shown.
“Embodiment 1” shows an embodiment relating to the basic operation of the selection processing of the requested authentication server.
“Embodiment 2” to “Embodiment 5” show variations based on “Embodiment 1”.
“Embodiment 2” is an example in which a server to be requested is selected in the descending order of the number of requests that have been successfully authenticated. “Embodiment 3” gives priority to the server specified by the user over selection by the MFP. For example, “Embodiment 4” is an example in which the user's input operation is facilitated in “Embodiment 3”, and “Embodiment 5” selects the server shown in the user table. This is an example of giving top priority.
“Embodiment 1”
This embodiment shows a basic operation example when requesting user authentication to one server selected from a plurality of registered authentication servers.
FIG. 5 shows an authentication server table used for the operation of this embodiment.
The authentication server table shown in the figure is a table in which a server registered as an authentication server capable of requesting user authentication and a priority order when requesting are assigned to each registered server. Thus, it is stored in advance in the nonvolatile memory 15.
In this table, each server is identified by device-specific information such as a device ID and a domain used in the network. The registration of the server name is performed by a method of automatically taking in information used for a user (administrator) input operation or a network communication procedure.
In the illustrated table, the priority order is indicated by a number corresponding to each server, and the order of requesting user authentication is instructed in the order of 1 → 2 → 3. Here, in order to explain a basic operation example, the priority order is expressed by a general method.
By setting this order based on the history information indicating the usage status of each authentication server, the embodiment of the present invention is achieved. For example, a method of determining by time based on the execution time of this process may be adopted. In other words, in the illustrated example, “Zzz.xxx.yyy.com” is a server that has succeeded in authentication at the nearest point, and this server can be given priority as a rank 1 and can be implemented. If the priority order numbers in the illustrated table can be changed by an operation input, the priority order can be changed by the user (administrator).

FIG. 6 shows a control flow of processing by the user authentication function of this embodiment.
This control flow is executed in response to a login to MFP 100 by a user who requests processing. That is, when a user presses an operation button or receives a connection request via a network in order to use each application such as a copy operation, a scanner reading operation, a printing operation, a fax transmission operation, and an initial setting operation. It is executed by the activated authentication service 36 (FIG. 3).
Hereinafter, the user authentication process will be described with reference to the flow of FIG. Here, an operation corresponding to a case where login to MFP 100 by a user operation is performed will be described.
First, the user presses a button of a function used from various functions such as copy and printer on the operation panel 20 (step S101). This button operation is detected as a user processing request, and a procedure for accepting a login request is advanced.
At the beginning of this procedure, it is checked whether or not the setting for using the user authentication function is ON (step S102). This check assumes that it is necessary to disable the user authentication function depending on the usage status of the MFP. In order to deal with such a situation, for example, the user (administrator) can set the user authentication function. The authentication function can be set to ON / OFF, and a procedure for executing processing according to this setting is provided.
Accordingly, in the control flow, when the setting for using the user authentication function is OFF (step S102-NO), the normal state displayed on the LCD of the operation panel 20 when the operation button is pressed in step S101. Continue to display the display screen as it is, and exit this flow.

On the other hand, when the setting for using the user authentication function is ON (enabled) (YES in step S102), the LCD display of the operation panel 20 is displayed from the normal status display screen to the user authentication input screen (FIG. 4). Is switched. After the user name and password are input on this screen, the input of user account information is confirmed by pressing the setting key 10s (step S103).
After the user account information as the authentication information is input, the authentication server 200 that requests user authentication is selected from the registered servers (step S104). In this selection process, one server is selected according to the priority order instructed corresponding to each authentication server registered in the authentication server table (FIG. 5) stored in the non-volatile memory 15. Select a server.
Next, user authentication information 200 is attached to the selected rank n authentication server 200 to request user authentication and login (step S105). At this time, the authentication service 36 transmits an authentication request to the authentication server 200 via the network via the network service 37 and the LAN controller 38 (see FIG. 3).

Thereafter, it receives a reply from the logged-in authentication server 200, logs in from the reply content, and confirms that the authentication has been established (step S106-YES), the LCD display on the operation panel 20 shifts to the next operation state screen. Then, it waits for an input operation (step S109).
On the other hand, if the login fails due to the reply content and it is not confirmed that the authentication has been established (step S106-NO), the next server n + 1 is selected in accordance with the priority order designated for each registered authentication server. (Step S108).
However, if there is no next server (step S107-NO), it is determined that the request cannot be made and the authentication has finally failed. In this case, the LCD display of the operation panel 20 is displayed on the error message display screen. Then, the user is notified of the failure of authentication (step S111). Thereafter, the user confirms this error notification, returns to the normal status display screen, and exits this flow.
The process of selecting the authentication server to be requested in accordance with this priority order is repeated for the number of authentication servers (steps S105 to 108), and the LCD display on the operation panel 20 is led to one of the above-described screens depending on whether authentication is established or not established.
The above processing flow shows a case where login to the MFP 100 is performed by a user operation. However, when using a device from a remote location, the event trigger in step S101 “operation button press” in FIG. If changed to access, the subsequent flow is the same.

“Embodiment 2”
This embodiment shows an operation example in which the priority when selecting one server from a plurality of registered authentication servers is set in descending order of the number of requests that have been successfully authenticated.
FIG. 7 shows an authentication server table used for the operation of this embodiment.
The authentication server table shown in the figure is a table in which a server registered as an authentication server capable of requesting user authentication, and the number of successful authentications requested are assigned to each registered server, and a non-volatile memory 15 is stored as a history.
In this table, the server name registers device-specific information such as the device ID and domain used in the network by a method such as automatically importing information used for user (administrator) input operations and network communication procedures. Keep it.
In the illustrated table, the number of successful authentications is represented by a numerical value corresponding to each server, and the order of requesting user authentication can be performed in the order of the highest number of successes.
In order to manage the number of successful authentications as history information, the authentication server 200 is requested to authenticate, the reply from the logged-in server is received, and the authentication in the table shown in FIG. It is necessary to count up the number of successes.
In this way, since the priority order is determined based on the history of the number of successful authentications and the server to be requested is selected, if the server response for some reason deteriorates, the use of this server is reduced, and the responsiveness is reduced. Since the order is changed so that a good server is prioritized, it is possible to maintain good performance.

FIG. 8 shows a control flow of processing by the user authentication function of this embodiment.
This control flow is executed in response to a login to MFP 100 by a user who requests processing. That is, when a user presses an operation button or receives a connection request via a network in order to use each application such as a copy operation, a scanner reading operation, a printing operation, a fax transmission operation, and an initial setting operation. It is executed by the activated authentication service 36 (FIG. 3).
Hereinafter, the user authentication process will be described with reference to the flow of FIG. Here, an operation corresponding to a case where login to MFP 100 by a user operation is performed will be described.
First, the user presses a button of a function used from various functions such as copy and printer on the operation panel 20 (step S201). This button operation is detected as a user processing request, and a procedure for accepting a login request is advanced.
At the beginning of this procedure, it is checked whether or not the setting for using the user authentication function is ON (step S102). This check assumes that it is necessary to disable the user authentication function depending on the usage status of the MFP. In order to deal with such a situation, for example, the user (administrator) can set the user authentication function. The authentication function can be set to ON / OFF, and a procedure for executing processing according to this setting is provided.
Therefore, in the control flow, when the setting for using the user authentication function is OFF (step S202-NO), the normal state displayed on the LCD of the operation panel 20 when the operation button is pressed in step S101. Continue to display the display screen as it is, and exit this flow.

On the other hand, when the setting for using the user authentication function is ON (enabled) (YES in step S202), the LCD display of the operation panel 20 is displayed from the normal status display screen to the user authentication input screen (FIG. 4). Is switched. After the user name and password are input on this screen, the input of user account information is confirmed by pressing the setting key 10s (step S203).
After the user account information as the authentication information is input, the authentication server 200 that requests user authentication is selected from the registered servers (step S205).
This selection process is performed in accordance with the number of successful authentications recorded in correspondence with each authentication server registered in the authentication server table (FIG. 7) stored in the non-volatile memory 15 in the order of the highest number of successes. Is selected. Therefore, in order to perform this selection process, the data of the authentication server table stored in the nonvolatile memory 15 is copied to the RAM 13 (step S204).
Thereafter, the server corresponding to the highest number of successful authentications is searched in the authentication server table on the RAM 13, and the authentication server 200 obtained as a search result is selected as a request destination (step S205).
Next, user authentication information is added to the selected authentication server 200 to request user authentication and login (step S206). At this time, the authentication service 36 transmits an authentication request to the authentication server 200 via the network via the network service 37 and the LAN controller 38 (see FIG. 3).

Thereafter, it receives a reply from the logged-in authentication server 200, logs in from the reply contents, and confirms that authentication has been established (YES in step S207), reflects the history of the authentication performed in the authentication server table on the RAM 13. The number of successful authentications in the authentication server table (FIG. 7) stored in the nonvolatile memory 15 is counted up and the data is updated (step S210).
Next, the LCD display on the operation panel 20 shifts to a screen in the next operation state and waits for an input operation (step S211).
On the other hand, if the login fails due to the reply content and it cannot be confirmed that the authentication has been established (step S207-NO), it is confirmed that there is an incomplete server among the registered authentication servers (step S208). In order to select the server, the process returns to the loop of step S205. However, in the process of selecting the next server from the authentication server table, a process of deleting the failed server from the table is performed so as not to select the server that failed to log in (step S209), and then the next server is selected. Move on to processing.
If there is no unfinished server in step S208, it is determined that the request cannot be made and the authentication has finally failed. In this case, the LCD display on the operation panel 20 is used as the error message display screen. The user is notified of the failure of authentication (step S213). Thereafter, the user confirms this error notification, returns to the normal status display screen, and exits this flow.
The process of selecting authentication servers to be requested in descending order of the number of successful authentications is repeated for the number of authentication servers (steps S205 to S209). Lead to.
The above processing flow shows a case where login to the MFP 100 is performed by a user operation. However, when the device is used remotely, the event trigger in step S201 “operation button press” in FIG. If changed to access, the subsequent flow is the same.

“Embodiment 3”
This embodiment shows an operation example in which when a user authentication is requested to one server selected from a plurality of registered authentication servers, a server designated by the user is given priority over selection by the MFP.
This user designation employs a method of instructing an authentication server requested by the user in a form attached to account information necessary for user authentication. Specifically, when the user enters account information, the MFP can understand the instructions by entering information specific to the authentication server such as a device ID and a domain used in the network after the account information. To do.
By enabling the selection of the authentication server based on the user's instruction in preference to the selection by the MFP, it is possible to move to the execution when the quicker selection can be made by the knowledge of the user. Can be improved.
Hereinafter, the control flow exemplified as the present embodiment shows an operation example based on the first embodiment. Therefore, the control flow described later (FIG. 9) includes the same selection operation (see FIG. 6) as in the first embodiment using the authentication server table shown in FIG.

FIG. 9 shows a control flow of processing by the user authentication function of this embodiment.
This control flow is executed in response to a login to MFP 100 by a user who requests processing. That is, when a user presses an operation button or receives a connection request via a network in order to use each application such as a copy operation, a scanner reading operation, a printing operation, a fax transmission operation, and an initial setting operation. It is executed by the activated authentication service 36 (FIG. 3).
Hereinafter, user authentication processing will be described with reference to the flowchart of FIG. Here, an operation corresponding to the case of using from a remote machine such as PC 300a, 300b (see FIG. 1) connected to MFP 100 via a network will be described.
First, a connection request from a PC via a network is received via a LAN controller 38 and a network service 37 that perform processing corresponding to the request, and processing for accepting a login request including an authentication processing procedure is started. (Step S301).
At the beginning of this processing procedure, it is checked whether or not the setting for using the user authentication function is ON (step S302). This check assumes that it is necessary to disable the user authentication function depending on the usage status of the MFP. In order to deal with such a situation, for example, the user (administrator) can set the user authentication function. The authentication function can be set to ON / OFF, and a procedure for executing processing according to this setting is provided.
Therefore, in the control flow, when the setting for using the user authentication function is OFF (step S302-NO), the process proceeds to the LCD of the operation panel 20 when starting the process for accepting the login request in step S301. The normal status display screen that is being displayed continues to be displayed as it is, and this flow is exited.

On the other hand, if the setting for using the user authentication function is ON (valid) (step S302-YES), the LCD display of the operation panel 20 is displayed from the normal status display screen to the user authentication input screen (FIG. 4). Is switched. After the user name and password are input on this screen, the input of user account information is confirmed by pressing the setting key 10s (step S303).
After the user account information as the authentication information is input, the authentication server 200 that requests user authentication is selected from the registered servers (step S305).
However, if information specific to the authentication server such as the device ID or domain used in the network is appended to the account information entered when the user logs in, this is understood as an instruction from the authentication server. The server is designated preferentially according to Therefore, as a processing procedure, it is checked whether or not there is a server designated by the user (step S304).
As a result of this check, if there is a server designated by the user (step S304-YES), user authentication information is added to the authentication server 200 that is unconditionally designated, user authentication is requested, and login is performed (step S304). S310). At this time, the authentication service 36 transmits an authentication request to the authentication server 200 via the network via the network service 37 and the LAN controller 38 (see FIG. 3).
Thereafter, it receives a reply from the logged-in authentication server 200, logs in from the reply content, and confirms that the authentication has been established (step S311—YES), the LCD display on the operation panel 20 shifts to the next operation state screen. Then, it waits for an input operation (step S312).
On the other hand, if the login fails due to the reply content and it cannot be confirmed that the authentication has been established (NO in step S311), the LCD display on the operation panel 20 is used as the error message display screen to notify the user that the authentication has not been established ( Step S314). Thereafter, the user confirms this error notification, returns to the normal status display screen, and exits this flow.

If there is no server designated by the user as a check result in step S304, the authentication server prepared on the MFP side is selected.
In this selection process, one server is selected according to the priority order instructed corresponding to each authentication server registered in the authentication server table (FIG. 5) stored in the non-volatile memory 15. Server is selected (step S305).
Next, user authentication information is added to the selected rank n authentication server 200, user authentication is requested, and login is performed (step S306).
Thereafter, it receives a reply from the logged-in authentication server 200, logs in from the reply content, and confirms that the authentication has been established (step S307-YES), the LCD display on the operation panel 20 shifts to the next operation state screen. Then, it waits for an input operation (step S312).
On the other hand, if login fails due to the reply content and it cannot be confirmed that authentication has been established (NO in step S307), the next server n + 1 is selected according to the priority order designated for each registered authentication server. (Step S309).
However, if there is no next server (step S308-NO), it is determined that the request cannot be made and the authentication has finally failed. In this case, the LCD display on the operation panel 20 is displayed as an error message. As a display screen, the user is notified of the failure of authentication (step S314). Thereafter, the user confirms this error notification, returns to the normal status display screen, and exits this flow.
The process of selecting authentication servers to be requested in accordance with the priority set in the authentication server table (FIG. 5) is repeated for the authentication servers (steps S306 to S309), and the LCD display on the operation panel 20 is displayed depending on whether authentication is established or not. To one of the above screens.
Note that the above processing flow shows a case of using from a remote device such as the PC 300a, 300b (see FIG. 1) connected to the MFP 100 via a network, but in the case of corresponding to login from the operation panel 20 of the MFP 100, When step S301 “Start network connection” in FIG. 9 is changed to the trigger of the “operation button pressed” event, the subsequent flow is the same.
The authentication server selection process using the authentication server table performed on the MFP side may be replaced with the process according to the priority order based on the number of successful authentications shown in FIG.

“Embodiment 4”
This embodiment shows an example in which an improvement for facilitating a user input operation in “Embodiment 3” is performed.
In “Embodiment 3” in which a user designates a server prior to selection using an authentication server table prepared by the MFP, the user inputs information unique to the authentication server such as a device ID and a domain used in the network. , Requiring cumbersome input work.
Therefore, in this embodiment, information unique to the authentication server is expressed by a simple keyword to facilitate an input operation.
FIG. 10 shows an authentication server table used in this embodiment.
The authentication server table shown in the figure is a table that is registered as an authentication server capable of requesting user authentication, and a table in which priority is given in association with each registered server (see FIG. 5). In this embodiment, keywords are further defined in association with each server, and this table is stored in the nonvolatile memory 15 in advance.
The selection operation other than the introduction of a keyword, that is, the selection of an authentication server according to a user instruction in preference to the selection by the MFP is basically the same as that of the “third embodiment”. Therefore, similarly to “Embodiment 3”, the control flow (FIG. 11) described later includes the same selection operation (see FIG. 6) as in “Embodiment 1”.

FIG. 11 shows a control flow of processing by the user authentication function of this embodiment.
This control flow is executed in response to a login to MFP 100 by a user who requests processing. That is, when a user presses an operation button or receives a connection request via a network in order to use each application such as a copy operation, a scanner reading operation, a printing operation, a fax transmission operation, and an initial setting operation. It is executed by the activated authentication service 36 (FIG. 3).
Hereinafter, the user authentication process will be described with reference to the flow of FIG. Here, an operation corresponding to the case of using from a remote machine such as PC 300a, 300b (see FIG. 1) connected to MFP 100 via a network will be described.
First, a connection request from a PC via a network is received via a LAN controller 38 and a network service 37 that perform processing corresponding to the request, and processing for accepting a login request including an authentication processing procedure is started. (Step S401).
At the beginning of this processing procedure, it is checked whether or not the setting for using the user authentication function is ON (step S402). This check assumes that it is necessary to disable the user authentication function depending on the usage status of the MFP. In order to deal with such a situation, for example, the user (administrator) can set the user authentication function. The authentication function can be set to ON / OFF, and a procedure for executing processing according to this setting is provided.
Accordingly, in the control flow, when the setting for using the user authentication function is OFF (step S402-NO), the process of accepting the login request in step S401 is started on the LCD of the operation panel 20. The normal status display screen that is being displayed continues to be displayed as it is, and this flow is exited.

On the other hand, if the setting for using the user authentication function is ON (valid) (step S402-YES), the LCD display of the operation panel 20 is displayed from the normal status display screen to the user authentication input screen (FIG. 4). Is switched. After the user name and password are input on this screen, the user account information input is confirmed by pressing the setting key 10s (step S403).
After the user account information as the authentication information is input, the authentication server 200 that requests user authentication is selected from the registered servers (step S405).
However, if a keyword corresponding to each authentication server that can be used is added after the account information entered by the user when logging in, it is understood that the authentication server is instructed. Specify with priority. Therefore, as a processing procedure, it is checked whether there is a server designated by the user (step S404).
If there is a server designated by the user as a result of this check (step S404-YES), user authentication information is added to the unconditionally designated authentication server 200, requesting user authentication, and logging in (step S404). S411).

However, since the designated authentication server can cope with the case where it is specified by the keyword, since conversion is required as preprocessing, whether the keyword exists in the authentication server table (FIG. 10) or not. A check is performed (step S410).
Here, if the keyword input to specify the server at the time of login is not in the table (step S410-NO), the LCD display on the operation panel 20 is used as the error message display screen to notify the user that authentication has not been established ( Step S414). Thereafter, the user confirms this error notification, returns to the normal status display screen, and exits this flow.
On the other hand, if the input keyword is in the table (step S410-YES), the authentication server table (FIG. 10) is referred to, and information unique to the authentication server such as a device ID corresponding to this keyword and a domain used in the network is stored. Convert.
In this embodiment, the user's input operation is simplified by the keyword method. However, instead of this method, a search method such as forward matching or partial matching may be employed.
Next, conversion is performed using a table, user account information is added to the obtained server name authentication server 200, user authentication is requested, and login is performed (step S411). At this time, the authentication service 36 transmits an authentication request to the authentication server 200 via the network via the network service 37 and the LAN controller 38 (see FIG. 3).
Thereafter, it receives a reply from the logged-in authentication server 200, logs in from the reply content, and confirms that the authentication has been established (step S412—YES), the LCD display on the operation panel 20 shifts to the next operation state screen. And it waits for input operation to be performed (step S413).
On the other hand, if login fails due to the content of the reply and it cannot be confirmed that authentication has been established (step S412—NO), the LCD display on the operation panel 20 is used as the error message display screen to notify the user that authentication has not been established ( Step S414). Thereafter, the user confirms this error notification, returns to the normal status display screen, and exits this flow.

If there is no server designated by the user as the check result in step S404, the authentication server prepared on the MFP side is selected.
In this selection process, one server is selected according to the priority order instructed corresponding to each authentication server registered in the authentication server table (FIG. 10) stored in the non-volatile memory 15. Server is selected (step S405).
Next, user authentication information is added to the selected rank n authentication server 200, user authentication is requested, and login is performed (step S406).
Thereafter, it receives a reply from the logged-in authentication server 200, logs in from the reply content, and confirms that the authentication has been established (step S407-YES), the LCD display on the operation panel 20 shifts to the next operation state screen. And it waits for input operation to be performed (step S413).
On the other hand, if the login fails due to the reply content and it cannot be confirmed that the authentication has been established (step S407-NO), the next server n + 1 is selected according to the priority order designated for each registered authentication server. (Step S409).
However, if there is no next server (step S408-NO), it is determined that the request cannot be made and authentication has finally failed. In this case, the LCD display on the operation panel 20 is displayed as an error message. As a display screen, the user is notified of the failure of authentication (step S414). Thereafter, the user confirms this error notification, returns to the normal status display screen, and exits this flow.
The process of selecting authentication servers to be requested in accordance with the priority set in the authentication server table (FIG. 10) is repeated for the authentication servers (steps S406 to S409). To one of the above screens.
Note that the above processing flow shows a case of using from a remote device such as the PC 300a, 300b (see FIG. 1) connected to the MFP 100 via a network, but in the case of corresponding to login from the operation panel 20 of the MFP 100, When step S301 “Start network connection” in FIG. 9 is changed to the trigger of the “operation button pressed” event, the subsequent flow is the same.
The authentication server selection process using the authentication server table performed on the MFP side may be replaced with the process according to the priority order based on the number of successful authentications shown in FIG.

“Embodiment 5”
This embodiment shows an example in which selection is made based on a user table when requesting user authentication to one server selected from a plurality of registered authentication servers.
FIG. 12 shows a user table used for the operation of this embodiment.
The user table shown in the figure is a table that stores the latest authentication server that the user has logged in and successfully authenticated for each user as log-in history information to the MFP. The server is stored.
In this table, the authentication server corresponding to the server name is acquired by a method such as automatically taking in the information used for the authentication procedure every time the user logs in and succeeds in the authentication. The acquired user name such as the user ID and the authentication server information such as the device ID and the domain used in the network are used for updating the data in the user table.
In the first to fourth embodiments, an example of a method of setting a priority order in the authentication server table or a method of specifying an authentication server by user input in order to select one server from registered servers has been described. In the example, the server selection operation stored in the user table for each user can be performed prior to the selection in each of the above embodiments.
In this way, by giving priority to the operation of selecting the latest authentication server that has been successfully authenticated by the user, it is possible to reliably maintain a good response to the authentication request.
Hereinafter, the control flow exemplified as the present embodiment shows an operation example based on the first embodiment. Therefore, the control flow (FIG. 13) described later includes a selection operation (see FIG. 6) similar to that in the first embodiment using the authentication server table shown in FIG.

FIG. 13 shows a control flow of processing by the user authentication function of this embodiment.
This control flow is executed in response to a login to MFP 100 by a user who requests processing. That is, when a user presses an operation button or receives a connection request via a network in order to use each application such as a copy operation, a scanner reading operation, a printing operation, a fax transmission operation, and an initial setting operation. It is executed by the activated authentication service 36 (FIG. 3).
Hereinafter, the user authentication process will be described with reference to the flow of FIG. Here, an operation corresponding to the case of using from a remote machine such as PC 300a, 300b (see FIG. 1) connected to MFP 100 via a network will be described.
First, a connection request from a PC via a network is received via a LAN controller 38 and a network service 37 that perform processing corresponding to the request, and processing for accepting a login request including an authentication processing procedure is started. (Step S501).
At the beginning of this processing procedure, it is checked whether or not the setting for using the user authentication function is ON (step S502). This check assumes that it is necessary to disable the user authentication function depending on the usage status of the MFP. In order to deal with such a situation, for example, the user (administrator) can set the user authentication function. The authentication function can be set to ON / OFF, and a procedure for executing processing according to this setting is provided.
Therefore, in the control flow, when the setting for using the user authentication function is OFF (step S502-NO), the process of accepting the login request in step S501 is started on the LCD of the operation panel 20. The normal status display screen that is being displayed continues to be displayed as it is, and this flow is exited.

On the other hand, when the setting for using the user authentication function is ON (enabled) (step S502-YES), the LCD display of the operation panel 20 is displayed from the normal status display screen to the user authentication input screen (FIG. 4). Is switched. After the user name and password are input on this screen, the input of user account information is confirmed by pressing the setting key 10s (step S503).
After the user account information as the authentication information is input, the authentication server 200 that requests user authentication is selected from the registered servers (step S505).
However, since priority is given to the selection of the latest authentication server that has been successfully authenticated by the user, it is checked as a processing procedure whether there is a user table (FIG. 12) that allows this selection (step S504).
As a result of this check, if there is a user table (FIG. 12) (step S504-YES), user authentication information 200 unconditionally registered in the user table is added with user account information, and user authentication is requested. Log in (step S511). At this time, the authentication service 36 transmits an authentication request to the authentication server 200 via the network via the network service 37 and the LAN controller 38 (see FIG. 3).
Thereafter, a reply from the logged-in authentication server 200 is received, the login is made from the reply contents, and if it is confirmed that the authentication has been established (step S512—YES), the LCD display on the operation panel 20 is shifted to the next operation state screen. Then, it waits for an input operation (step S513).

On the other hand, if the login fails due to the reply content and it cannot be confirmed that the authentication has been established (step S512—NO), the process proceeds to a selection process performed using the authentication server table (FIG. 5). This selection process is also a process performed when there is no user table in the check in step S504.
In this selection process, one server is selected according to the priority order instructed corresponding to each authentication server registered in the authentication server table (FIG. 5) stored in the non-volatile memory 15. Server is selected (step S505).
Next, user authentication information is added to the selected rank n authentication server 200, user authentication is requested, and login is performed (step S506).
Thereafter, it receives a reply from the logged-in authentication server 200, logs in from the reply content, and confirms that authentication has been established (step S507-YES), reflects the history of the authentication performed in the user table (FIG. 12). (Step S510). That is, the user logs in now and stores the authentication server in the user table (FIG. 12) as the latest data in association with the user name for which authentication has been established.
Thereafter, the LCD display on the operation panel 20 is shifted to the next operation state screen, and the input operation is awaited (step S513).

On the other hand, if the login fails due to the reply content and it cannot be confirmed that the authentication has been established (step S507-NO), the next server n + 1 is selected according to the priority order designated for each registered authentication server. (Step S509).
However, if there is no next server (step S508-NO), it is determined that the request cannot be made and the authentication has finally failed. In this case, the LCD display on the operation panel 20 is displayed as an error message. As a display screen, the user is notified of the failure of authentication (step S514). Thereafter, the user confirms this error notification, returns to the normal status display screen, and exits this flow.
The process of selecting authentication servers to be requested in accordance with the priority set in the authentication server table (FIG. 5) is repeated for the authentication servers (steps S506 to S509). To one of the above screens.
Note that the above processing flow shows a case of using from a remote device such as the PC 300a, 300b (see FIG. 1) connected to the MFP 100 via a network, but in the case of corresponding to login from the operation panel 20 of the MFP 100, When step S301 “Start network connection” in FIG. 9 is changed to the trigger of the “operation button pressed” event, the subsequent flow is the same.
The authentication server selection process using the authentication server table performed on the MFP side may be replaced with the process according to the priority order based on the number of successful authentications shown in FIG.

By the way, in this embodiment, as described above, in order to preferentially select the latest authentication server that has been successfully authenticated in correspondence with the user, the data in the user table is updated every time authentication is successful.
For this reason, when operating in a system that allows multiple authentication servers to be used for master / backup, for example, when a server with a higher capability is selected, the lower capability becomes a backup and the desired operation continues. However, if the server with the higher ability currently used does not respond for some reason and cannot log in, the server is switched to the server with the lower ability to back up.
Once the server is switched, the server selection operation of the present plan continues to use a server with a low capability as described above.
In order to avoid such a problem, here, setting information for selecting a server with higher ability as an initial state is stored in the nonvolatile memory 15 in advance, and the user table (FIG. 12) at a predetermined timing. By initializing, it becomes possible to select a high-capacity server used in the initial setting.
The user table (FIG. 12) can be initialized at a predetermined time, or when the power is turned ON / OFF or the system is reset. Also, by creating an initial setting table in the RAM 13 at the time of system startup, initialization can be easily performed each time the power is turned on / off.

The outline of the structure of the processing system which can use an authentication server is illustrated. 2 shows an outline of a hardware configuration of an MFP that constitutes the processing system of FIG. 1 shows an outline of a software configuration of a main part related to a user authentication function in a system control unit of an MFP. An example of an input screen for user authentication displayed on the operation panel of the MFP is shown. An authentication server table (embodiment 1) used when selecting one server from a plurality of registration authentication servers is shown. 6 shows a control flow of processing by the user authentication function of the MFP (first embodiment). An authentication server table (embodiment 2) used when selecting one server from a plurality of registration authentication servers is shown. 9 shows a control flow of processing by the user authentication function of the MFP (second embodiment). 10 shows a process control flow (third embodiment) by a user authentication function of an MFP. An authentication server table (embodiment 4) used when selecting one server from a plurality of registration authentication servers is shown. 10 shows a control flow of processing by a user authentication function of an MFP (Embodiment 4). An authentication server table (embodiment 5) used when one server is selected from a plurality of registered authentication servers is shown. 10 shows a control flow of processing by a user authentication function of an MFP (fifth embodiment).

Explanation of symbols

11. CPU (Central Processing Unit), 12. ROM (Read Only Memory), 13. RAM (Random Access Memory), 14. Image storage device, 15. Non-volatile memory, 16. LAN controller 20 Operation display panel 36 Authentication service 100 MFP (Multi-Function Peripherals) 200, 200a, 200b Authentication server 210a 210b Security account manager (SAM) 300a, 300b .. PC (Personal Computer).

Claims (10)

It is possible to accept a processing request to which user information is attached, and to request user authentication based on the user information to an authentication server via a network, and to output an image to be processed in response to the processing request on the condition that user authentication is established An image processing apparatus for performing
Authentication server registration means for registering the authentication server capable of requesting user authentication;
Authentication history storage means for storing the requested user authentication history information for each authentication server;
And an authentication server selection unit that selects a server that requests user authentication from the servers registered in the authentication server registration unit based on user authentication history information stored in the authentication history storage unit. An image processing apparatus. The image processing apparatus according to claim 1, wherein a statistical value of the number of requests successfully authenticated is stored as the history information of user authentication of the authentication history storage unit.
The image processing apparatus according to claim 1, wherein the authentication server selecting unit is a unit that sets the priority order of the authentication servers to be selected in descending order of the number of requests successfully authenticated. The image processing apparatus according to claim 1 or 2, wherein designation information of an authentication server is attached to the user information attached to the processing request.
The image processing apparatus according to claim 1, wherein the authentication server selection means is a means for selecting a server indicated in the designation information of the authentication server in preference to selection based on user authentication history information. The image processing apparatus according to claim 3, wherein designation information of the authentication server is indicated by a keyword corresponding to each authentication server name.
An image processing apparatus comprising: means for converting the instructed keyword into an authentication server name necessary for the selection process of the authentication server selection means. The image processing apparatus according to any one of claims 1 to 4, wherein an authentication server that has succeeded in the latest authentication is stored for each user as the history information of user authentication of the authentication history storage unit.
The image processing apparatus according to claim 1, wherein the authentication server selecting unit is a unit that gives the highest priority to an authentication server that has succeeded in the latest authentication stored for each user in the authentication history storage unit. The image processing apparatus according to claim 5,
The authentication history storage means includes means for initializing information stored for each user as an authentication server that has succeeded in the latest authentication by at least one of elapse of a predetermined time, power ON / OFF, and system reset. An image processing apparatus. It is possible to accept a processing request to which user information is attached, and to request user authentication based on the user information to an authentication server via a network, and to output an image to be processed in response to the processing request on the condition that user authentication is established An authentication server selection method in an image processing apparatus for performing
An authentication server registration process for registering an authentication server capable of requesting user authentication;
An authentication history storage step of storing the requested user authentication history information for each authentication server;
Performing an authentication server selection step of selecting an authentication server for requesting user authentication from the servers registered in the authentication server registration step based on the history information of user authentication for each authentication server stored in the authentication history saving step. An authentication server selection method characterized by: The authentication server selection method according to claim 7, wherein designation information of an authentication server is attached to the user information attached to the processing request.
The authentication server selection method is characterized in that the authentication server selection step selects the server indicated in the authentication server designation information in preference to the selection based on the user authentication history information. In the authentication server selection method according to claim 7 or 8,
The authentication history storing step stores, as user authentication history information, an authentication server that has succeeded in the latest authentication for each user,
In the authentication server selection step, the authentication server that succeeded in the latest authentication stored for each user in the authentication history storage step is selected with the highest priority and is selected.   A program for causing a computer to function as each unit of an authentication server registration unit, an authentication history storage unit, and an authentication server selection unit included in the image processing apparatus according to claim 1.

Images