JP2010147633A - Image processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve a problem wherein there exist disadvantage and inconvenience for a user, since he/she cannot transmit an image file to an image processor at his/her branch office using an image processor at his/her head office, even if he/she belongs to the branch office, for example. <P>SOLUTION: The image processor (for example, multifunction device) 10 is connected to a LAN (Local Area Network) 21, and includes a scanner 11, a communication unit 13, a set value memory 18, a utilization authority determiner 16, a function controller 15, and an authentication processor 17. The communication unit 13 transmits an image file stored by the scanner 11 to other image processors. The set value memory 18 stores network setup information containing authentication information. The utilization authority determiner 16 determines utilization authority for a function, based on identification information inputted by a user 23. The function controller 15 restricts a function to be offered to the user 23 according to the utilization authority determined by the determiner 16. The authentication processor 17 performs authentication processing for connection with other image processors upon transmission of the image file. When the user 23 is determined as a guest user by the determiner 16, the processor 17 performs authentication processing for connection with other image processors using the inputted identification information. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an image processing apparatus such as a multifunction peripheral having a function of limiting functions to be provided in accordance with a user's authority.

  Conventional image processing apparatuses such as a copier, a printer, a facsimile machine (hereinafter referred to as “FAX”), a scanner, and the like that are combined into a single function are described in, for example, Patent Document 1 below. As described above, there is a function that authenticates identification information including a user ID (identifier), a password, and the like input by a user and restricts a function provided to the user according to the authentication result.

JP 2008-44264 A

  However, conventional image processing apparatuses often do not allow unregistered guest users to use the apparatus, or allow only limited functions to be used. A business traveler who is registered as a user is not registered as a user in the multifunction device at the head office, and therefore cannot use the multifunction device at the head office to send image files to the multifunction device at his branch office. There was a problem of being inconvenient and inconvenient.

  An image processing apparatus of the present invention is connected to a network and an image input unit having a function of inputting an image and storing an image file, and transmits the image file stored by the image input unit to another image processing device. A transmission unit having a function to perform authentication, a setting value storage unit for storing network setting information including authentication information, an identification information input unit for a user to input identification information, and authority to use the function based on the identification information A use authority determining unit to determine; a function control unit for restricting a function provided to the user according to the use authority determined by the use authority determining unit; and connecting to the other image processing apparatus when transmitting the image file An authentication processing unit that performs an authentication process for the user, and when the use authority determining unit determines that the user is a guest user, the authentication processing unit The connection and performs the authentication process using the identification information input by the user.

  According to the present invention, even if a guest user whose identification information is not registered in the image processing apparatus is used, if the other image processing apparatus of the image file is authenticated by the input identification information, the image is processed in the image processing apparatus. The file transmission function can be used. In addition, since the destination image processing apparatus authenticates this user, a certain security level is maintained. That is, there is a menu item that can be set to enable / disable inquiries to other image processing apparatuses, and the setting can be accessed only by, for example, a user at the administrator level.

  The best mode for carrying out the invention will become apparent from the following description of the preferred embodiments when read in conjunction with the accompanying drawings. However, the drawings are only for explanation and do not limit the scope of the present invention.

(Configuration of Example 1)
FIG. 2 is a configuration diagram when the image processing apparatus (for example, a multi-function peripheral having a copy and image file transmission function) according to the first embodiment of the present invention is connected to the network.

  The multifunction machine 10 according to the first embodiment is an image processing apparatus having a copy and image file transmission function. For example, a local area network (hereinafter referred to as “LAN”) 21 provided on the same floor in the Tokyo head office. It is connected to the. For example, two servers 30-1 and 30-2 are connected to the LAN 21. The LAN 21 is connected to, for example, a LAN 22 provided in the Gunma branch office via the communication network 25. The LAN 22 is connected with an external server 40 of the Gunma branch office.

  The servers 30-1 and 30-2 and the external server 40 are general file servers having a function of receiving and storing image data from the LANs 21 and 22, for example, and have the same functional configuration. The setting value storage unit (not shown) in the multifunction machine 10 holds addresses and authentication information for connecting to the servers 30-1 and 30-2, but addresses and authentication for connecting to the external server 40. Information is not stored. Of the multifunction machine 10 and the external server 40, for example, the same company, the multifunction machine 10 is provided at the Tokyo head office, and the external server 40 is provided at the Gunma branch office.

FIG. 1 is a functional configuration diagram showing the multifunction machine 10 in FIG. 2 according to the first embodiment of the present invention.
The multifunction machine 10 includes an image input unit (for example, a scanner unit) 11, a printer unit 12, a communication unit (for example, a network communication unit) 13, an identification information input unit (for example, an operation unit) 14, a function control unit 15, and a use An authority determination unit 16, an authentication processing unit 17, and a set value storage unit 18 are connected to each other via an internal bus 19.

  The scanner unit 11 has a function of reading an image of a document as image data, converting it into print data that can be printed by the printer unit 12 and an image file that can be transmitted by the network communication unit 13, and storing it. The printer unit 12 has a function of printing print data received by the network communication unit 13 and image data input from the scanner unit 11 on printing paper. The network communication unit 13 is connected to the LAN 21, and has a function of performing network connection with the other servers 30-1 and 30-1, the external server 40, and the like via the LAN 21 to execute transmission / reception of image files. Have. For the transmission of the image file in the first embodiment, for example, a file transfer protocol (hereinafter referred to as “FTP”), which is a communication protocol (protocol) for file transfer, is used.

  The operation unit 14 includes a display device such as a liquid crystal panel and an input device such as a touch panel and keys, and has a function of accepting an operation by the user 23 and an input of identification information. The function control unit 15 controls the entire MFP 10 and controls functions such as copying, image file transmission, and network printing, and restricts the functions provided to the user 23 according to the usage authority determined by the usage authority determination unit 16. Has function. The usage authority determination unit 16 has a function of determining a function permitted to the user 23 based on the identification information input by the user 23 using the operation unit 14.

  The authentication processing unit 17 has a function of executing authentication processing when the network communication unit 13 performs network connection with other servers 30-1 and 30-1 and the external server 40. The set value storage unit 18 has a function of storing various set values for operating the multifunction machine 10.

FIG. 3 is a functional configuration diagram showing the external server 40 in FIG.
The external server 40 has, for example, the same functional configuration as the servers 30-1 and 30-2 in FIG. 2, and includes an image file storage unit 41, a function control unit 42, a network communication unit 43, a setting value storage unit 44, An authentication processing unit 45 and a use authority determining unit 46 are provided, and these are connected to each other via an internal bus 47.

  The image file storage unit 41 has a function of storing an image file received via the network communication unit 43. The function control unit 42 has a function of controlling the entire external server 40 and limiting functions provided to the MFP 10 and the like that are connected to the network in accordance with the use authority determined by the use authority determining unit 46. The network communication unit 43 is connected to the LAN 22, and has a function of performing network connection with the other multifunction device 10 or the like via the LAN 22 and transmitting / receiving image files.

  The set value storage unit 44 stores various set values for operating the external server 40. The authentication processing unit 45 has a function of performing an authentication process based on identification information received from another multifunction device 10 or the like via the network communication unit 43. The use authority determining unit 46 has a function of determining a function to be provided to another multifunction device 10 or the like connected to the network via the network communication unit 43.

  FIG. 4 is a diagram showing an example of the usage authority table 16a provided in the usage authority determining unit 16 in FIG.

  This usage authority table 16a is a table showing the correspondence between identification information and usage authority. In the first embodiment, for example, a user name and a password are used as identification information, and usage authority is defined for each function of copying, image file transmission to an internal server, and image file transmission to an external server. Here, the internal server refers to, for example, a server registered in the transmission destination table of the setting value storage unit 18. The usage authority table 16a is given editing authority only to the administrator of the multifunction machine 10 (for example, the administrator of the Tokyo head office and the user 23 belonging to the Gunma branch office). For this reason, a general user or a mere guest user cannot freely transmit an image file to the external server 40 by editing the usage authority table 16a. The administrator of the multifunction device 10 prohibits the multifunction device 10 from performing any communication with the external server 40 by “prohibiting” all the “image file transmission to external server” columns in the usage authority table 16a. It is possible to set.

  FIG. 5 is a diagram showing an example of the transmission destination table 18a provided in the set value storage unit 18 in FIG.

  For example, the server name, address, and authentication information of the image file transmission destination are registered in the transmission destination table 18a.

  FIG. 6 is a diagram illustrating an example of the usage authority table 36a stored in the usage authority determination unit provided in the server 30-1 in FIG.

  FIG. 7 is a diagram showing an example of the usage authority table 46a stored in the usage authority determination unit 46 provided in the external server 40 in FIG.

  This usage authority table 16a is a table showing the correspondence between identification information and usage authority. In the first embodiment, for example, a user name and a password are used as identification information, and authority for image file reception and image file transmission is defined as usage authority. The user name and password, which are identification information, are referred to when the authentication processing unit 45 performs authentication processing.

(Operation of Example 1)
FIGS. 8-1 to 8-5 are diagrams illustrating screen examples on the operation unit 14 in FIG. Further, FIGS. 9A and 9B are diagrams illustrating an operation flow of the multifunction machine 10 illustrated in FIGS.

  Hereinafter, the operations (A) and (B) of the multifunction machine 10 according to the first embodiment will be described with reference to FIGS. 8-1 to 8-5 according to the operation flow of FIGS. .

  (A) For example, the operation when the user 23 belonging to the Tokyo head office transmits an image file from the multifunction machine 10 provided in the Tokyo head office to the server 30-1.

  In the MFP 10 of the first embodiment, in the standby state, an input screen for user identification information as shown in FIG. The operation of the first embodiment is started when the user 23 inputs identification information to the operation unit 14 in the operation flow of FIG. 9-1 (step S1). Here, for example, the user 23 uses usrl @ abc. The operation when “com” is entered and the password also matches the usage authority table will be described below.

  The usage authority determination unit 16 determines to provide the user 23 with a copy function and an image file transmission function to the file server 30-1 based on the usage authority table 16a shown in FIG. 4 (step S2). Here, if the input identification information does not match the usage authority table 16a, the process proceeds to step S18. The list of functions provided to the user 23 determined in step S2 is sent to the function control unit 15, and the function control unit 15 thereafter limits the functions of the MFP 10 according to the list of provided functions. Is started (step S3). Specifically, the operation unit 14 is instructed to restrict key operations related to functions other than the provided functions. An example of this screen display is shown in FIG. In FIG. 8B, the copy 14-2a and the image fill transmission 14-2 are displayed, and the image file transmission 14-2c to the outside is not displayed.

  Subsequently, the user 23 sets a document on the scanner unit 11 (step S4). Then, the operation unit 14 is instructed to transmit the image file to the file server 30-1 (step S5). As shown in FIG. 8C, the operation unit 14 includes a list of machine names (for example, “server 30-1” 14-3a and “server 30-” in the transmission destination table 18a stored in the setting value storage unit 18. 2 ”14-3b) is displayed (step S6). The user 23 selects a destination server (step S7). Here, for example, “server 30-1” 14-3a is selected as the transmission destination. The function control unit 15 controls the scanner unit 11 and the network communication unit 13 to perform the following operations.

  The scanner unit 11 reads the image and stores the image file converted into a format that can be transmitted over the network (step S8). The network communication unit 13 acquires the address information of the server 30-1 from the transmission destination table 18a shown in FIG. 5, and starts connection with the server 30-1 (step S9). When the network connection with the server 30-1 is established, the authentication processing unit 17 executes an authentication process with the server 30-1 (step S10). Specifically, authentication information for authentication with the server 30-1 stored in the set value storage unit 18 is acquired (step S11) and transmitted to the server 30-1 via the network communication unit 13. (Step S12).

  Here, as shown in FIG. 6, the usage authority table 36a in the server 30-1 matches the authentication information transmitted from the multi-function device 10 in step S12. Send back. When the result of successful authentication is received from the server 30-1, the authentication process ends (step S13).

  If the authentication with the server 30-1 is successful, the network communication unit 13 takes out the image file stored in step S8 from the scanner unit 11 (step S14). Then, the image file is transmitted to the server 30-1 (step S15). When the transmission of the image file ends, the network communication unit 13 disconnects the network connection with the server 30-1 (step S16). Thereafter, the function control unit 15 instructs the operation unit 14 to display the identification information input screen shown in FIG. 8A as a standby screen (step S17), and the multifunction device 10 returns to the standby state.

  (B) For example, an operation when a user 23 belonging to the Gunma branch who travels from the Gunma branch to the Tokyo head office transmits an image file from the multifunction machine 10 of the Tokyo head office to the external server 40 of the Gunma branch.

  In step S1 of FIG. 9A, for example, the user 23 uses usrx @ ddd. When “com” is input, the usage authority determination unit 16 determines that the user 23 is a guest user because there is no corresponding user name in the usage authority table 16a illustrated in FIG. 4 (step S2). In the flow of FIG. 9-2, the function control unit 15 thereafter permits only the image file transmission function to the external server 40 of the Gunma branch office for the user 23 who is a guest user according to the usage authority table 16a. The restriction is started (step S18). Specifically, the operation unit 14 is instructed to restrict key operations other than the image file transmission function to the external server 40. An example of this screen display is shown in FIG. In FIG. 8-4, the copy 14-4a and the image file transmission 14-4b are not displayed, and only the image file transmission 14-4c to the outside is displayed.

  The user 23 sets a document on the scanner unit 11 (step S19). Then, the operation unit 14 is instructed to transmit the image file to the external server 40 (step S20). As illustrated in FIG. 8-5, the operation unit 14 displays a screen for inputting a destination server name (step S21). When the user 23 inputs the IP address or host name of the external server 40, the operation unit 14 transmits the address to the network communication unit 13 (step S22). The function control unit 15 controls the scanner unit 11 and the network communication unit 13 to perform the following operations.

  The scanner unit 11 reads the image and stores the image file converted into a format that can be transmitted over the network (step S23). The network communication unit 13 starts connection with the external server 40 based on the address given in step S22 (step S24).

  When the network connection with the external server 40 is established, the authentication processing unit 17 executes an authentication process with the external server 40. First, the authentication processing unit 17 acquires the identification information (user name (usrx@ddd.com) and password) input by the user 23 from the usage authority determining unit 16 (step S25). Subsequently, the authentication information is transmitted to the external server 40 via the network communication unit 13 (step S26). At this time, the authentication processing unit 17 does not use the authentication information stored in the set value storage unit 18 for the authentication process with the external server 40, but uses only the identification information input by the user 23.

  The external server 40 of the Gunma branch office stores a use authority table 46a as shown in FIG. Therefore, the authentication information (user name (usrx@ddd.com) and password) received from the MFP 10 at the Tokyo head office matches the identification information (user name (usrx@ddd.com) and password) in the usage authority table 46a. Therefore, the external server 40 returns a response of authentication success, and the image file reception from the multifunction device 10 is permitted. When the result of successful authentication is received from the external server 40, the authentication process ends (step S27). When the authentication with the external server 40 is successful, the use authority determining unit 16 of the multifunction machine 10 determines that the user 23 has the authority to transmit the image file to the external server 40 (step S28).

  Here, if the connection with the external server 40 cannot be made in step S24 (for example, if the address input in step S22 is incorrect), or there is a response of an authentication error from the external server 40 in step S27. If the image file is stored, the image file stored in step S24 is discarded (step S33). Thereafter, an error is displayed on the operation unit 14 (step S34), and the multifunction machine 10 returns to the standby state.

  In step S27, the authentication succeeds. After step S28, the network communication unit 13 in the MFP 10 in the Tokyo head office takes out the image file stored in step S24 from the scanner unit 11 (step S29). It transmits to the external server 40 of Gunma branch office (step S30). When the transmission of the image file is completed, the network communication unit 13 disconnects the network connection with the external server 40 (step S31). Thereafter, the function control unit 15 instructs the operation unit 14 to display an identification information input screen as shown in FIG. 8A as a standby screen (step S32), and the multifunction device 10 returns to the standby state.

(Effect of Example 1)
According to the first embodiment, even if the guest user (for example, the user 23 belonging to the Gunma branch) whose identification information is not registered in the multifunction device (for example, the multifunction device 10 at the Tokyo head office), the transmission destination of the image file If the server (for example, the external server 40 of the Gunma branch) is authenticated by the input identification information, the multifunction peripheral 10 can use the image file transmission function.

  Moreover, since the destination server (for example, the Gunma branch external server 40) authenticates this user (for example, the manager of the Tokyo head office or the user 23 belonging to the Gunma branch), a certain security level is maintained. . That is, it has a menu item (for example, the input screen shown in FIG. 8-5) that can set the inquiry to the external server 40 to be valid / invalid. Since it can only be accessed, the security level is high.

(Configuration of Example 2)
FIG. 10 is a configuration diagram in a case where an image processing apparatus (for example, a multifunction peripheral) according to the second embodiment of the present invention is connected to a network.

  The multi-function device 50 according to the second embodiment is an image processing apparatus installed at the Tokyo head office and having a copy and image file transmission function, for example, as in the multi-function device 10 according to the first embodiment shown in FIG. It is connected to a LAN 61 provided on the same floor in the company. For example, an authentication server 70 and an image processing apparatus 80 are connected to the LAN 61. A LAN 62 in the Gunma branch is connected to the LAN 61 via a communication network 65, and an external image processing device 90 and the like are connected to the LAN 62.

  The authentication server 70 has a function of performing user authentication in response to a request from the multi-function device 50 or the image processing apparatus 80. For example, a user on the network is authenticated by a kerberos authentication method which is one of network authentication methods. It consists of a Kerberos server for authentication. The image processing device 80 and the external image processing device 90 are configured by a general image processing device having a function of receiving image data from the LAN 61 and printing it.

  Here, the authentication server 70 and the image processing device 80 are connected to a LAN 61 that is the same network as the multi-function device 50, and the multi-function device 50 holds an address for connection to the image processing device 80. The external image processing device 90 is connected to a LAN 62 which is a network different from the multi-function device 50, and the multi-function device 50 does not store an address, authentication information, or the like for connecting to the external image processing device 90.

FIG. 11 is a functional configuration diagram showing the multi-function device 50 in FIG.
The multi-function device 50 includes an image input unit (for example, a scanner unit) 51, a printer 52, a communication unit (for example, a network communication unit) 53, and an identification information input unit that are substantially the same as those of the multi-function device 10 of the first embodiment shown in FIG. (For example, an operation unit) 54, a function control unit 55, a use authority determination unit 56, a first authentication processing unit 57-1, and a set value storage unit 58, and a second authentication newly added to the first embodiment. And a processing unit 57-2, which are connected to each other via an internal bus 59.

  The scanner unit 51 has a function of reading an image of a document as image data, converting the image data into print data that can be printed by the printer unit 52 or an image file that can be transmitted by the network communication unit 53, and storing it. The printer unit 52 has a function of printing print data received by the network communication unit 53 and image data input from the scanner unit 51 on printing paper. The network communication unit 53 is connected to the LAN 61, and has a function of performing network connection with other image processing apparatuses 80 and 90, the authentication server 70, and the like via the LAN 61 and executing transmission / reception of image files. In the second embodiment, for example, the FTP protocol similar to that in the first embodiment is used for transmitting an image file.

  The operation unit 54 includes a display device such as a liquid crystal panel and an input device such as a touch panel and keys, and has a function of accepting an operation by the user 63 and input of identification information. The function control unit 55 controls the entire multi-function device 50, controls functions such as copying, image file transmission, and network printing, and restricts the functions provided to the user 63 according to the use authority determined by the use authority determining unit 56. Has function. The usage authority determining unit 56 has a function of determining a function permitted to the user 63 based on identification information input by the user 63 using the operation unit 54.

  The first authentication processing unit 57-1 has a function of executing authentication processing when the network communication unit 53 performs network connection with other image processing apparatuses 80 and 90, the authentication server 70, and the like. The second authentication processing unit 57-2 has a function of performing communication for authentication with the authentication server 70 via the network communication unit 53, and the operation unit 54 receives the instruction from the use authority determining unit 56. It has a function of transmitting the input identification information to the authentication server 70 and performing authentication processing. The setting value storage unit 58 has a function of storing various setting values for operating the multi-function device 50.

FIG. 12 is a functional configuration showing the image processing apparatus 80 in FIG.
The image processing apparatus 80 includes, for example, a function control unit 81, a printer unit 82, a network communication unit 83, a setting value storage unit 84, a use authority determination unit 85, and an authentication unit 86, which are connected via an internal bus 87. Are connected to each other.

  The function control unit 81 has a function of controlling the entire image processing apparatus 80 and limiting functions provided to the image processing apparatus 80 and the like connected via the network in accordance with the usage authority determined by the usage authority determination unit 85. The printer unit 82 has a function of printing the image file received by the network communication unit 83 on paper. The network communication unit 83 is connected to the LAN 61, and has a function of performing network connection with another image processing apparatus 80 or the like via the LAN 61 and executing transmission / reception of image files. In the third embodiment, for example, an FTP protocol is used for transmitting an image file.

  The set value storage unit 84 stores various set values for operating the image processing apparatus 80. The authentication processing unit 86 has a function of authenticating identification information received from another image processing apparatus 80 or the like via the network communication unit 83 using the authentication server 70. The usage authority determination unit 85 has a function of determining a function to be provided to another image processing device 80 or the like connected via the network communication unit 83.

FIG. 13 is a functional configuration diagram showing the external image processing apparatus 90 in FIG.
The external image processing device 90 is, for example, a function control unit 91, a printer unit 92, a network communication unit 93, and a set value storage unit 94 similar to those of the image processing device 80, and a use authority determination having a configuration different from that of the image processing device 80. A unit 95 and an authentication unit 96, which are connected to each other via an internal bus 97.

  The function control unit 91 controls the entire external image processing apparatus 90 and has a function of limiting functions provided to the MFP 50, the image processing apparatus 80, and the like that are connected to the network according to the use authority determined by the use authority determining unit 95. Have. The printer unit 92 has a function of printing the image file received by the network communication unit 93 on paper. The network communication unit 93 is connected to the LAN 62, and has a function of performing network connection with the other multi-function device 50, the image processing apparatus 80, and the like via the LAN 62 and executing transmission / reception of image files. In the second embodiment, for example, an FTP protocol is used for transmitting an image file.

  The setting value storage unit 94 stores various setting values for operating the external image processing apparatus 90. The authentication processing unit 96 has a function of performing an authentication process based on identification information received from another multifunction device 50, the image processing device 80, or the like via the network communication unit 93. The use authority determining unit 95 has a function of determining a function to be provided to another multifunction device 50, the image processing apparatus 80, and the like that are connected to the network via the network communication unit 93.

  FIG. 14 is a diagram showing an example of the usage authority table 56a provided in the usage authority determination unit 56 in FIG.

  This usage authority table 56a is a table showing the correspondence with the usage authority for each user type. In the second embodiment, for example, usage authority is defined for each function of copying, image file transmission to the internal image processing apparatus, and image file transmission to the external image processing apparatus 90. Here, the internal image processing apparatus refers to, for example, a server whose address is stored in the setting value storage unit 58 and is under the management of the authentication server 70. That is, access is permitted if the user is authenticated by the authentication server 70.

  FIG. 15 is a diagram illustrating an example of the transmission destination table 58a provided in the set value storage unit 58 in FIG.

  In the transmission table 58a, the server name and address of the image file transmission destination and the machine name at the time of connection are registered.

  FIG. 16 is a diagram showing an example of the usage authority table 85a provided in the usage authority determining unit 85 in FIG.

  This usage authority table 85a is a table showing correspondence between identification information and usage authority. In the second embodiment, the machine name of the transmission source is used as identification information, and the authority for image file reception printing (monochrome) and image file reception printing (color) is defined as usage authority. The machine name as identification information is referred to when the authentication processing unit 86 performs authentication processing.

  FIG. 17 is a diagram showing an example of a usage authority table 95a provided in the usage authority determination unit 95 in FIG.

  This usage authority table 95a is a table showing the correspondence between identification information and usage authority. In the second embodiment, a user name and a password are used as identification information, and authority is set for image file reception printing (monochrome) and image file reception printing (color) as usage authority. The user name and password, which are identification information, are referred to when the authentication processing unit 96 performs authentication processing.

(Operation of Example 2)
18-1 to 18-5 are diagrams illustrating screen examples of the operation unit 54 in FIG. Further, FIGS. 19A and 19B are diagrams illustrating the operation of the multi-function device 50 of FIGS.

  Hereinafter, the operations (A) and (B) of the multi-function device 50 according to the second embodiment will be described with reference to FIGS. 18-1 to 18-5 according to the operation flow of FIGS. 19-1 and 19-2. .

  (A) For example, an operation when the user 63 belonging to the Tokyo head office transmits an image file from the multi-function device 50 provided in the Tokyo head office to the image processing apparatus 80.

  In the MFP 50 according to the second embodiment, in the standby state, an input screen for user identification information as shown in FIG. The operation of the second embodiment is started when the user 63 inputs identification information to the operation unit 54 in the operation flow of FIG. 19A (step S41). Here, for example, the user 63 uses the user name usrl @ abc. com and the password are entered, and the action when the password is correct is described below.

  The usage authority determining unit 56 passes the input identification information to the second authentication processing unit 57-2, and the user authentication operation is started (step S42). The second authentication processing unit 57-2 connects to the authentication server 70 via the network communication unit 53 (step S43). The second authentication processing unit 57-2 transmits the input identification information to the authentication server 70 (step S44). The authentication server 70 responds with an authentication result (S45).

  Since the authentication server 70 is constituted by, for example, a Kerberos server, the Kerberos protocol is used for the authentication operation between the authentication server 70 and the multi-function device 50, and authentication information called a ticket is returned as a result of the authentication. The When the second authentication processing unit 57-2 receives the authentication result, the second authentication processing unit 57-2 passes the result to the use authority determining unit 56, and determines a function that the use authority determining unit 56 permits the user 63 (step S46). Here, copying (monochrome) and image file transmission (monochrome) to another image processing apparatus are permitted in accordance with the usage authority table 56a shown in FIG.

  The list of functions provided to the user 63 determined in step S46 is sent to the function control unit 55, and the function control unit 55 thereafter starts limiting the functions of the multi-function device 50 according to the list of provided functions. (Step S47). Specifically, it instructs the operation unit 54 to restrict key operations related to functions other than the provided functions. A screen display example of the operation unit 54 at this time is shown in FIG. In FIG. 18-2, copy (monochrome) 54-2a and image file transmission (monochrome) 54-2b are displayed, and image file transmission 54-2c to the outside is not displayed.

  Subsequently, the user 63 sets a document on the scanner unit 51 (step S48). Then, the operation unit 54 is instructed to transmit the image file to the image processing apparatus 80 (step S49). As shown in FIG. 18C, the operation unit 54 displays a list of machine names in the transmission destination table 85a stored in the setting value storage unit 58 (step S50). The user 63 selects a transmission destination (step S51). Here, for example, the display 54-3a of “image processing apparatus 80” is selected as the transmission destination. The function control unit 55 controls the scanner unit 51 and the network communication unit 53 to perform the following action.

  The scanner unit 51 reads an image, converts it into a format that can be transmitted over the network, and stores the image file (step S52). At this time, the use authority table 56a in FIG. 14 permits only monochrome transmission of the image file to the other apparatus, so the image file is generated as monochrome image data. The network communication unit 53 starts connection with the image processing apparatus 80. (Step S53).

  The first authentication processing unit 57-1 executes authentication processing with the image processing apparatus 80 (step S54). Specifically, in step S45, the authentication information received from the authentication server 70 is acquired (step S55), and authentication processing is performed with the image processing apparatus 80 via the network communication unit 53 (step S56). In the second embodiment, for example, the authentication server 70 is configured as a Kerberos server, and FTP is used as a communication protocol for image file transmission between the multi-function device 50 and the image processing apparatus 80. Thereafter, a Kerberos FTP connection is established between the multi-function device 50 and the image processing apparatus 80.

  The image processing apparatus 80 grants the authority for image file reception printing (monochrome) to the multi-function device 50 based on the use authority table 85a shown in FIG. The network communication unit 53 takes out the image file generated in step S52 from the scanner unit 51 (step S57). Then, the image file is transmitted to the image processing apparatus 80 (step S58). The image file transmitted to the image processing apparatus 80 is printed in monochrome by the printer unit 82 in the image processing apparatus 80.

  When the transmission of the image file ends, the network communication unit 53 disconnects the network connection with the image processing apparatus 80 (step 59). Then, the function control unit 55 instructs the operation unit 54 to display the identification information input screen as a standby screen (step S60), and the multi-function device 50 returns to the standby state. The screen display of the operation unit 54 at this time is shown in FIG.

  (B) For example, an operation when a user 63 belonging to the Gunma branch who travels from the Gunma branch to the Tokyo head office transmits an image file from the multi-function device 50 of the Tokyo head office to the external image processing apparatus 90 of the Gunma branch.

  In step S41 in the flow of FIG. 19A, the user 63 uses usrx @ ddd. The operation when “com” is input will be described below.

  The use authority determining unit 56 in the multi-function device 50 passes the input identification information to the second authentication processing unit 57-2, and a user authentication operation is started (step S42). The second authentication processing unit 57-2 connects to the authentication server 70 via the network communication unit 53 (step S43). The second authentication processing unit 57-2 transmits the identification information to the authentication server 70 (step 44). The authentication server 70 responds with an authentication result (step S45). Here, for example, the authentication server 70 responds with an authentication error.

  When the second authentication processing unit 57-2 receives the authentication result, the second authentication processing unit 57-2 passes the result to the use authority determining unit 56, and determines a function that the use authority determining unit 56 permits the user 63 (step S46). Here, since the authentication server 70 makes an error response, the user 63 belonging to the Gunma branch office is determined as a guest user. According to the usage authority table 56a shown in FIG. 14, image file transmission (monochrome / color) to the external image processing apparatus 90 of the Gunma branch office is permitted.

  Thereafter, the function control unit 55 starts limiting the functions of the multi-function device 50 according to the list of provided functions according to the flow of FIG. 19-2 (step S61). A screen display example of the operation unit 54 at this time is shown in FIG. In FIG. 18-4, the copy 54-4a and the image file transmission 54-4b are not displayed, and only the image file transmission 54-4c to the outside is displayed.

  The user 63 belonging to the Gunma branch office sets a document on the scanner unit 51 of the multi-function device 50 (step S62). Then, the operation unit 54 is instructed to transmit the image file to the external image processing apparatus 90 (step S63). The operation unit 54 displays a screen for inputting a destination address (step S64). A screen display example of the operation unit 54 at this time is shown in FIG. 18-5.

  When the user 63 inputs the address of the external image processing apparatus 90 (step S65), the operation unit 54 transmits the address to the use authority determining unit 56. The usage authority determination unit 56 does not have an input address that matches the address of another image processing device registered in the setting value storage unit 58, that is, is the device under the management of the authentication server 70. It is determined whether or not (step S66). Here, if the input address is a registered address, an error is displayed on the operation unit 54 (step S78), and the multi-function device 50 returns to the standby state.

  If the addresses do not match in step S66, the scanner unit 51 reads the image, converts it into a format that can be transmitted over the network, and stores the image file (step S67). Here, in the usage authority table 56a in FIG. 14, since color is permitted for image file transmission to the external image processing apparatus 90, the scanner unit 51 performs color reading. Subsequently, the network communication unit 53 starts connection with the external image processing device 90 (step S68).

  When the network connection with the external image processing apparatus 90 is established, the first authentication processing unit 57-1 executes the authentication process with the external image processing apparatus 90. First, the first authentication processing unit 57-1 acquires the identification information input by the user 63 in step S41 from the use authority determining unit 56 (step S69). Then, it transmits to the external image processing apparatus 90 via the network communication part 53 (step S70). When the authentication success result is received from the external image processing apparatus 90, the authentication process ends (step S71). When the authentication with the external image processing apparatus 90 is successful, the use authority determining unit 56 determines that the user 63 has the authority to transmit an image file to the external image processing apparatus 90 (step S72).

  Here, if the connection with the external image processing apparatus 90 cannot be made in step S68 (for example, if the address input in step S65 is incorrect) or an authentication error is received from the external image processing apparatus 90 in step S71. Is received, the image file stored in step S67 is discarded (step S77). Then, an error is displayed on the operation unit 54 (step S78), and the multi-function device 50 returns to the standby state.

  On the other hand, after step S72, the network communication unit 53 takes out the image file generated in step S67 from the scanner unit 51 (step S73). Then, the image file is transmitted to the external image processing apparatus 90 (step S74). The transmitted image file is color-printed by the external image processing device 90. When the transmission of the image file is completed, the network communication unit 53 disconnects the network connection with the external image processing apparatus 90 (step S75). Then, the function control unit 55 instructs the operation unit 54 to display the identification information input screen as a standby screen (step S76), and the multi-function device 50 returns to the standby state. At this time, the screen display of the operation unit 54 is as shown in FIG.

(Effect of Example 2)
According to the second embodiment, even if a guest user (for example, the Gunma branch office user 54) who is only given the authority to print in monochrome, the user 54 has another image processing apparatus (for example, Gunma) having authentication information. By instructing the external image processing apparatus 90) of the branch, color printing becomes possible. For this reason, it is possible to provide a more flexible and easy-to-use multifunction device 50 to the guest user.

(Modification)
The present invention is not limited to the above-described embodiments, and various usage forms and modifications are possible. For example, the following forms (a) to (f) are used as the usage form and the modified examples.

  (A) In the embodiment, the multifunction devices 10 and 50 having the scanner units 11 and 51 and the printer units 12 and 52 have been described. However, the present invention can be realized as a multifunction device having a FAX function or a network scanner device.

  (B) In the embodiment, the form in which the image file having another configuration is transmitted has been described.

  (C) In this embodiment, an example in which FTP is used as the image file transmission protocol has been described. However, a hypertext transfer protocol (HTTP), a simple mail transfer protocol (SMTP), etc. It can also be realized by using a general data transmission protocol.

  (D) In the embodiment, a Kerberos server is taken as an example of the authentication server 70, but an authentication server that provides a user authentication function such as an LDAP (Lightweight Directory Access Protocol) server or a RADIUS (Remote Authentication Dial In User Service) server is used. However, the same function can be realized.

  (E) In the embodiment, the list of authorities to be provided to the users 23 and 63 is described as having in the image processing apparatus. However, the list of users and authorities is acquired from an external server such as an LDAP server. However, the same function can be realized.

  (F) In the embodiment, the case where the image file is transmitted from the image processing apparatus to another image processing apparatus has been described as an example. However, when the image file transmission / reception direction is reversed, that is, the image processing apparatus is another image processing apparatus. Even if the image file is acquired from the same function, the same function can be realized.

FIG. 3 is a functional configuration diagram illustrating the multifunction machine 10 in FIG. 2 according to the first embodiment of the present invention. 1 is a configuration diagram when an image processing apparatus (for example, a multifunction peripheral) according to a first embodiment of the present invention is connected to a network. It is a functional block diagram which shows the external server 40 in FIG. It is a figure which shows the example of the utilization authority table 16a provided in the utilization authority determination part 16 in FIG. It is a figure which shows the example of the transmission destination table 18a provided in the setting value memory | storage part 18 in FIG. It is a figure which shows the example of the utilization authority table 36a stored in the utilization authority determination part provided in the server 30-1 in FIG. It is a figure which shows the example of the utilization authority table 46a stored in the utilization authority determination part 46 provided in the external server 40 in FIG. It is a figure which shows the example of a screen in the operation part 14 in FIG. It is a figure which shows the example of a screen in the operation part 14 in FIG. It is a figure which shows the example of a screen in the operation part 14 in FIG. It is a figure which shows the example of a screen in the operation part 14 in FIG. It is a figure which shows the example of a screen in the operation part 14 in FIG. FIG. 3 is a diagram illustrating an operation flow of the multifunction machine 10 of FIGS. 1 and 2. FIG. 3 is a diagram illustrating an operation flow of the multifunction machine 10 of FIGS. 1 and 2. FIG. 10 is a configuration diagram when an image processing apparatus (for example, a multi-function peripheral) according to a second embodiment of the invention is connected to a network. FIG. 11 is a functional configuration diagram illustrating the multi-function device 50 in FIG. 10. It is a functional structure which shows the image processing apparatus 80 in FIG. It is a functional block diagram which shows the external image processing apparatus 90 in FIG. It is a figure which shows the example of the utilization authority table 56a provided in the utilization authority determination part 56 in FIG. It is a figure which shows the example of the transmission destination table 58a provided in the setting value memory | storage part 58 in FIG. It is a figure which shows the example of the utilization authority table 85a provided in the utilization authority judgment part 85 in FIG. It is a figure which shows the example of the utilization authority table 95a provided in the utilization authority determination part 95 in FIG. It is a figure which shows the example of a screen in the operation part 54 in FIG. It is a figure which shows the example of a screen in the operation part 54 in FIG. It is a figure which shows the example of a screen in the operation part 54 in FIG. It is a figure which shows the example of a screen in the operation part 54 in FIG. It is a figure which shows the example of a screen in the operation part 54 in FIG. FIG. 12 is a diagram illustrating an operation of the multi-function device 50 of FIGS. 10 and 11. FIG. 12 is a diagram illustrating an operation of the multi-function device 50 of FIGS. 10 and 11.

Explanation of symbols

10, 50 MFP 11, 51 Scanner unit 12, 52 Printer unit 13, 53 Network communication unit 14, 54 Operation unit 15, 55 Function control unit 16, 56 Usage authority determination unit 17, 57-1, 57-2 Authentication processing Unit 18, 58 set value storage unit 21, 22, 61, 62 LAN
25, 65 Communication network 30-1, 30-2 Server 40 External server 70 Authentication server 80 Image processing device 90 External image processing device

Claims (4)

An image input unit having a function of inputting an image and storing an image file;
A transmission unit connected to a network and having a function of transmitting the image file stored by the image input unit to another image processing device;
A setting value storage unit for storing network setting information including authentication information;
An identification information input unit for the user to input identification information;
A use authority determining unit that determines a function use authority based on the identification information;
A function control unit that restricts a function provided to the user according to the usage right determined by the usage right determination unit;
An authentication processing unit that performs an authentication process for connecting to the other image processing apparatus when transmitting the image file;
When the use authority determination unit determines that the user is a guest user, the authentication processing unit performs an authentication process using the identification information input by the user for connection to the other image processing apparatus. An image processing apparatus. The usage authority determining unit has a function of communicating with an authentication server on a network via the transmitting unit,
The image processing apparatus according to claim 1, wherein the identification information input by the user is authenticated using the authentication server.   The function control unit restricts transmission of the image file with the other image processing apparatus registered in the setting value storage unit as a transmission destination when the use authority determining unit determines that the user is a guest user. The image processing apparatus according to claim 1, wherein the image processing apparatus has a function. The image processing apparatus according to any one of claims 1 to 3, further comprising:
A receiver having a function of connecting to the network and receiving the image file from the other image processing apparatus according to the operation of the user;
The function of the use authority determining unit determining the provision includes the function of the receiving unit,
The image processing apparatus according to claim 1, wherein the authentication processing unit has a function of performing the authentication process when the image file is received as in the transmission.

Images