JP2017062808A - Information processing system, image forming apparatus, management device, and control method and program thereof - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a mechanism for allowing an image forming apparatus to be used with higher security authority than preset authority, according to a use history of the image forming apparatus.SOLUTION: An information processing device (200) includes storage means (1901) for storing function lock information and authority information, receiving means (1902) for receiving an authentication request, and transmission means (1903) transmitting function restriction information. An image forming apparatus (300) includes transmission means (1904) for transmitting the authentication request, receiving means (1905) for receiving the function restriction information, and display control means (1906) for displaying a function list in which use functions are restricted. The display control means displays a function whose designation to be permitted is performed so that an operation from a user can be received to execute the function, displays a function whose destination not to be permitted is performed such that an operation from the user is not be received, and displays a function with locking designated so as to show that locking is performed in authentication in a storage medium.SELECTED DRAWING: Figure 19

Description

  The present invention relates to an information processing system, an image forming apparatus, an information processing apparatus, a method thereof, and a program for limiting the functions of the image forming apparatus.

  In recent years, as security awareness in offices has increased, security related to multifunction devices (hereinafter referred to as “image forming devices”), which is an information input / output unit, has been required. The concept of “authentication” came to apply. Here, the multifunction peripheral according to the present invention means a device in which functions such as a copying machine, a printer, an image scanner, and a facsimile are integrated. Here, for authentication, an authentication method using an IC card is preferred in the market because of its high usability. Generally, this system uses an IC card authentication server that manages the association between a card number and user information. Also, for users who have forgotten or do not have an IC card, they often have a user name / password authentication method.

  Conventionally, this IC card authentication server holds not only personal information such as a user name but also authority information for using the multifunction device, and the user can only use the multifunction device within the range of authority permitted to the user. It is a mechanism that cannot be used.

JP 2006-235757 A

  As described in the background art, recent authentication servers also hold authority information of multifunction peripherals. From the viewpoint of security, it is preferable that this authority information is as strict as possible. In addition, since there is a difference in functions required for each individual, it is preferable to set authority for each individual.

  However, in order to perform strict authority setting for each individual, a great deal of labor is required for setting and operation, which is not realistic. Therefore, the authority is actually set and operated in units of groups such as departments and roles. In this case, the authority setting must be set to a fixed value for each department, so the market demands a means to build a high security authority setting for each individual without increasing the labor of the administrator. It was.

In addition, it is authentication using an IC card that requires strict authority setting. This is because an authentication method using an IC card can be easily impersonated as compared with an authentication method using a user name / password.
In the above-mentioned patent document 1, a user with a high usage authority is allowed to use a user with a low usage authority, so that even a user with a low usage authority can temporarily use the MFP with a high usage authority. It is a mechanism that can be done.

  If this idea is applied, it may be possible to answer a desired request by setting a low authority in advance for a general user. However, in this idea, the operation of the permitting user is also required instead of not involving the administrator's hand, and the permitting user's load is high and may not be suitable for operation.

  The present invention has been made in view of the above-described problems, and an object of the present invention is to use an image forming apparatus with an authority having higher security than a preset authority in accordance with a use history of the image forming apparatus. It is to provide a mechanism that can make it happen. Another object of the present invention is to provide a mechanism that can reduce the burden on the administrator and allow the image forming apparatus to be used when the user is used with a preset authority.

  In order to achieve the above-described object, a first invention is an information processing system including an information processing apparatus for managing user authority and an image forming apparatus, wherein the information processing apparatus has functions usable by a user. Among them, function lock information for locking functions that are less used or unused, storage means for storing authority information for restricting the use of the image forming apparatus by the user to use, and authentication from the image forming apparatus A first receiving unit configured to receive a request; and a first transmitting unit configured to transmit function restriction information including the authority information and the function lock information of a user who has been authenticated in response to the authentication request. A second transmission unit that transmits an authentication request in response to reading of the storage medium; a second reception unit that receives the function restriction information in response to the authentication request; and Display control means for displaying a list of functions whose use functions in the image forming apparatus are restricted based on the function restriction information received by the communication means, wherein the display control means specifies that the function restriction information permits Functions that have been displayed are displayed so that the functions can be executed by accepting operations from the user, and operations that are specified not to be permitted by the function restriction information are not accepted. The information processing system is characterized in that the function for which the lock is specified by the function restriction information is displayed so as to indicate that the lock is applied by the authentication on the storage medium.

The storage unit stores function lock information for locking a function with few or no operations among functions available to the user, and authority information for restricting the use of the image forming apparatus by the user who uses the function. The first receiving unit receives an authentication request from the image forming apparatus. The first transmission means transmits function restriction information including authority information and lock information of the user who has been authenticated in response to the authentication request. The second transmission means transmits an authentication request in response to the storage medium being read. The second receiving means receives the function restriction information in response to the authentication request. The display control means displays a function list in which the functions used in the image forming apparatus are restricted based on the received function restriction information. The display control means displays a function that is specified to be permitted by the function restriction information so that the function can be executed by accepting an operation from the user, and a function that is not permitted by the function restriction information. Is displayed so that the operation from the user cannot be accepted, and the function for which the lock is specified by the function restriction information is displayed to indicate that the lock is applied by the authentication on the storage medium.
According to the first aspect of the invention, the image forming apparatus can be used with an authority having higher security than a preset authority according to the use history of the image forming apparatus. Further, when using with a preset authority, it is possible to reduce the burden on the administrator and use the image forming apparatus.

  In addition, when the image forming apparatus receives an instruction of a function for which the lock is specified, the image forming apparatus receives input of user information according to a user operation, and the display control unit is configured to receive the user information from the information processing apparatus. When the information is authenticated, it is desirable to display a function list in which the functions used in the image forming apparatus are restricted and the function for which the lock is designated is unlocked based on the user authority information. .

  Typically, when the image forming apparatus accepts an instruction for a function for which lock is designated, for example, an unlock keyboard authentication screen is displayed, and input of user information is accepted according to a user operation. Thereby, for example, when a storage medium such as an IC card is picked up, it is possible to prevent unnecessary functions from being used in an image forming apparatus that is not normally used. Here, when the user name and password of a legitimate user are input and the legitimate user information is authenticated, it can be determined that a storage medium such as an IC card is not used illegally. Based on the set authority information that is normally used, it is possible to display a function list with limited functions in the image forming apparatus.

The authority information of the user is preferably authority information received from the information processing apparatus when the user information is authenticated by the information processing apparatus.
Thereby, it is possible to centrally manage user authority information in the information processing apparatus.

Further, the image forming apparatus transmits usage history information related to a user's usage history, the information processing apparatus receives the usage history information, and the information processing apparatus is less used by the user according to the usage history information Alternatively, it is desirable to specify a function that is not used and store the specified function as function lock information.
Thereby, according to the transmitted / received usage history information, it is possible to appropriately identify functions that are less used or unused by the user, and to appropriately store the identified functions as function lock information.

Further, it is desirable that the information processing apparatus controls the storage unit so that the function lock information is not applied for a predetermined time when the user information is authenticated.
Thereby, once the user information is authenticated, for example, the image forming apparatus is used with the function restriction information of the initial value. Accordingly, even when the user logs out and authenticates the storage medium again, the function lock information is not applied, and a user-friendly mechanism can be realized.

The information processing apparatus preferably stores identification information of an image forming apparatus that has received an input of user information in association with function lock information.
Thereby, for example, identification information such as an IP address is stored in association with the function lock information. Accordingly, it is possible to appropriately exclude the image forming apparatus from the application target of the function lock information based on the identification information.

  In order to achieve the above-described object, a second invention is an information processing apparatus for managing user authority used in an information processing system including an image forming apparatus, and has a low usage among functions available to a user. Alternatively, a function lock information for locking a function that is not used, a storage unit that stores authority information for restricting the use of the image forming apparatus by a user, and an authentication request from the image forming apparatus are received. An information processing apparatus comprising: a first receiving unit; and a first transmitting unit configured to transmit function restriction information including user authority information authenticated in response to the authentication request and the function lock information.

  In order to achieve the above-described object, a third invention is an information processing method in an information processing apparatus for managing a user's authority used in an information processing system including an image forming apparatus. A storage step for storing function lock information for locking functions that are less used or not used, authority information for restricting use of the image forming apparatus by a user to use, and authentication from the image forming apparatus A first receiving step of receiving the request; and a first transmitting step of transmitting function restriction information including the authority information of the user authenticated in response to the authentication request and the function lock information.

In order to achieve the above-described object, a fourth invention is a program for an information processing apparatus for managing user authority used in an information processing system including an image forming apparatus, wherein the user uses the information processing apparatus. Storage means for storing function lock information for locking functions that are rarely used or unused among possible functions, authority information for restricting use of the image forming apparatus by a user to use, and the image formation A first receiving unit configured to receive an authentication request from the apparatus; and a first transmitting unit configured to transmit function restriction information including authority information of the user authenticated in response to the authentication request and the function lock information. It is a program.
In order to achieve the above-described object, a fifth invention is an image forming apparatus used in an information processing system including an information processing apparatus that manages user authority, and authentication is performed in response to reading of a storage medium. Second transmission means for transmitting a request; second reception means for receiving function restriction information including authority information and function lock information of an authenticated user in response to the authentication request; and function received by the reception means Display control means for displaying a list of functions whose use functions in the image forming apparatus are restricted based on restriction information, and the display control means is configured to specify a function permitted in the function restriction information. Is displayed so that it can accept the operation from the user and execute the function, and for the function that is not permitted in the function restriction information, the operation from the user can be accepted. In the image forming apparatus, the function for which the lock is specified by the function restriction information is displayed to indicate that the lock is applied in the authentication on the storage medium. is there.

In order to achieve the above-described object, a sixth invention is an image forming method in an image forming apparatus used in an information processing system including an information processing apparatus for managing user authority, wherein a storage medium is read. In response, a second transmission step of transmitting an authentication request, a second reception step of receiving function restriction information including authority information and function lock information of the authenticated user in response to the authentication request, and the receiving means And a display control step for displaying a list of functions whose use functions in the image forming apparatus are restricted based on the function restriction information received in step (i), wherein the display control step is designated to be permitted by the function restriction information. The functions that are displayed so that the functions can be executed by accepting user operations, and the functions that are not permitted in the function restriction information are displayed. Displays that the operation from the user is not accepted, and the function for which the lock is specified in the function restriction information is displayed to indicate that the lock is applied in the authentication on the storage medium. This is an image forming method.
In order to achieve the above-described object, a seventh invention is a program for an image forming apparatus used in an information processing system including an information processing apparatus for managing user authority, wherein the image forming apparatus is stored on a storage medium. Second transmitting means for transmitting an authentication request in response to being read; and second receiving means for receiving function restriction information including authority information and function lock information of the authenticated user in response to the authentication request; , Based on the function restriction information received by the receiving means, to function as a display control means for displaying a list of functions whose use functions in the image forming apparatus are restricted, and the display control means is permitted by the function restriction information. Functions that are designated to be displayed are displayed so that they can be executed by accepting user operations, and functions that are not permitted in the function restriction information are displayed. Is displayed so that the operation from the user cannot be accepted, and the function for which the lock is specified in the function restriction information is displayed to indicate that the lock is applied in the authentication on the storage medium. It is a program characterized by doing.

  According to the information processing system of the present invention, the image forming apparatus can be used with an authority having higher security than a predetermined authority in accordance with the use history of the image forming apparatus. Further, when using with a preset authority, it is possible to reduce the burden on the administrator and use the image forming apparatus.

The figure which shows the structure of the system of embodiment of this invention. The figure which shows the hardware constitutions of various terminals other than the multifunctional device of embodiment of this invention The figure which shows the hardware constitutions of the multifunctional device of embodiment of this invention Functional block diagram showing a configuration of a system according to an embodiment of the present invention The flowchart which shows an example of operation | movement of IC card authentication in embodiment of this invention The flowchart which shows an example of the operation | movement of keyboard authentication in embodiment of this invention. The flowchart which shows an example of the operation | movement at the time of pushing down of the function button in embodiment of this invention. The flowchart which shows an example of the operation | movement of transmission of usage history information in embodiment of this invention. The flowchart which shows an example of the operation | movement of a function lock process in embodiment of this invention. In the present invention, an example of an authentication table used for authentication managed by the ROM 2003 on the IC card authentication server 200 In the present invention, an example of function restriction information associated with an authentication table used for authentication managed by the ROM 2003 on the IC card authentication server 200 In the present invention, an example of function lock information associated with an authentication table used for authentication managed by the ROM 2003 on the IC card authentication server 200 In the present invention, an example of a setting file used for determining the lock processing of the IC card authentication server managed by the ROM 2003 on the IC card authentication server 200 In the present invention, an example of usage history information managed by the ROM 2003 on the IC card authentication server 200 In the present invention, an example of an IC card authentication screen and a keyboard authentication screen In the present invention, an example of an IC card authentication error and keyboard authentication error screen In the present invention, examples of a screen after successful login (IC card authentication) and a screen after successful login (keyboard authentication) In the present invention, an example of an unlock keyboard authentication screen and an unlock keyboard authentication error screen Another functional block diagram showing the configuration of the system according to the embodiment of the present invention

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
FIG. 1 is a system configuration diagram showing an example of the configuration of the information processing system using the multifunction machine 300, the IC card reader 500, the IC card authentication server 200, and the client PC 100 of the present invention. The IC card authentication server 200 constitutes an example of an information processing apparatus according to the present invention that manages user authority. The multifunction machine 300 constitutes an example of an image forming apparatus according to the present invention.

  By the user holding the IC card over an IC card reader 500 (which may be incorporated in the multifunction device) connected to the multifunction device 300, the IC card (ie, an example of the storage medium according to the present invention) The read card information (card ID or identification information arbitrarily stored in the IC card) is transmitted from the multi-function device 300 to the IC card authentication server 200 to perform authentication. When the authentication is successful, the authority information is transmitted to the multifunction device 300, and the multifunction device 300 performs security according to the authority information and sets the multifunction device in a usable state (login).

  In addition to authentication using an IC card, the multifunction device 300 has a keyboard authentication function that allows the multifunction device 300 to input a user name and password. When the keyboard authentication function is used, the user name is sent to the IC card authentication server 200. Send the password and execute authentication.

  After login, the multifunction device 300 can execute printing by designating a print job transmitted from the client PC 100 and stored in the multifunction device 300, for example, according to the authority.

  The client PC 100 is an information processing apparatus that includes a printer driver and an application, and is an information processing apparatus that transmits a print job to the multifunction peripheral 300.

  The IC card authentication server 200 is an information processing apparatus that stores an authentication table and authority information, and performs authentication in response to an authentication request from the multifunction device 300. Note that not only authentication from the multifunction device 300 but also an authentication request from the client PC 100 may be accepted.

  Hereinafter, the hardware configuration of the information processing apparatus applicable to the client PC 100 and the IC card authentication server 200 shown in FIG. 1 will be described with reference to FIG.

  In FIG. 2, the CPU 2001 comprehensively controls each device and controller connected to the system bus 2004 (hereinafter, referred to as “control unit 2001” as appropriate). Further, the ROM 2003 or the external memory 2011 is necessary to realize a BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as an OS) which is a control program of the CPU 2001, and a function executed by each server or each PC. Various programs are stored.

  A RAM 2002 functions as a main memory, work area, and the like for the CPU 2001. The CPU 2001 implements various operations by loading a program or the like necessary for execution of processing from the ROM 2003 or the external memory 2011 to the RAM 2002 and executing the loaded program.

  An input controller 2005 controls input from a keyboard (KB) 2009 or a pointing device such as a mouse (not shown). The video controller 2006 controls display on a display such as a CRT display (CRT) 2010. In FIG. 2, although described as CRT2010, the display may be not only a CRT but also other display such as a liquid crystal display. These are used by clients as needed.

  The memory controller 2007 is connected via an adapter to a hard disk (HD), a flexible disk (FD), or a PCMCIA card slot that stores a boot program, various applications, font data, user files, editing files, various data, and the like. Controls access to an external memory 2011 such as a CompactFlash (registered trademark) memory.

  The communication I / F controller 2008 is connected to or communicates with an external device via a network (for example, the LAN 400 shown in FIG. 1), and executes communication control processing in the network. For example, communication using TCP / IP is possible.

  Note that the CPU 2001 enables display on the CRT 2010 by executing outline font rasterization processing on a display information area in the RAM 2002, for example. Further, the CPU 2001 enables a user instruction with a mouse cursor (not shown) on the CRT 2010.

  Various programs that operate on the hardware are recorded in the external memory 2011, and are executed by the CPU 2001 by being loaded into the RAM 2002 as necessary.

  Next, the hardware configuration of the controller unit that controls the multifunction peripheral 300 as the image forming apparatus of the present invention will be described with reference to FIG.

FIG. 3 is a block diagram illustrating a hardware configuration example of the multifunction machine 300.
In FIG. 3, a controller unit 5000 is connected to a scanner 5015 functioning as an image input device and a printer 5014 functioning as an image output device, and a local area network such as the LAN 400 shown in FIG. By connecting to a public line (WAN) such as ISDN, image data and device information are input and output.

  As shown in FIG. 3, the controller unit 5000 includes a CPU 5001, a RAM 5006, a ROM 5002, an external storage device (hard disk drive (HDD)) 5007, a network interface (Network I / F) 5003, a modem (Modem) 5004, an operation unit interface ( Operation unit I / F) 5005, external interface (external I / F) 5009, image bus interface (IMAGE BUS I / F) 5008, raster image processor (RIP) 5010, printer interface (printer I / F) 5011, scanner interface (Scanner I / F) 5012, an image processing unit 5013, and the like.

A CPU 5001 (hereinafter, appropriately referred to as “control unit 5001”) is a processor that controls the entire system.
A RAM 5006 is a system work memory for the CPU 5001 to operate, and is a program memory for recording a program and an image memory for temporarily storing image data.

The ROM 5002 stores a system boot program and various control programs.
An external storage device (hard disk drive HDD) 5007 stores various programs for controlling the system, image data, and the like.

  An operation unit interface (operation unit I / F) 5005 is an interface unit with the operation unit (UI) 5018, and outputs image data to be displayed on the operation unit 5018 to the operation unit 5018.

  The operation unit I / F 5005 serves to transmit information (for example, user information) input by the system user from the operation unit 5018 to the CPU 5001. Note that the operation unit 5018 includes a display unit having a touch panel, and various instructions can be given by a user pressing down (touching with a finger or the like) a button displayed on the display unit.

A network interface (Network I / F) 5003 is connected to a network (LAN) and inputs / outputs data.
A modem (MODEM) 5004 is connected to a public line and inputs / outputs data such as FAX transmission / reception.

  An external interface (external I / F) 5009 is an interface unit that accepts external inputs such as USB, IEEE 1394, printer port, and RS-232C. In the present embodiment, a card reader for reading an IC card required for authentication is used. 500 is connected.

Then, the CPU 5001 can control reading of information from the IC card by the card reader 500 via the external I / F 5009, and can acquire information read from the IC card. Note that the storage medium is not limited to an IC card, and any storage medium that can identify a user may be used. In this case, identification information for identifying the user is stored in the storage medium. This identification information may be a production number of the storage medium or a user code given by the user within the company.
The above devices are arranged on the system bus.

On the other hand, an image bus interface (IMAGE BUS I / F) 5008 is a bus bridge that connects a system bus 5016 and an image bus 5017 that transfers image data at high speed and converts a data structure.
The image bus 5017 is configured by a PCI bus or IEEE1394. The following devices are arranged on the image bus 5017.

A raster image processor (RIP) 5010 develops, for example, vector data such as a PDL code into a bitmap image.
A printer interface (printer I / F) 5011 connects the printer 5014 and the controller unit 5000, and performs synchronous / asynchronous conversion of image data.

  A scanner interface (scanner I / F) 5012 connects the scanner 5015 and the controller unit 5000, and performs synchronous / asynchronous conversion of image data.

  An image processing unit 5013 corrects, processes, and edits input image data, and performs printer correction, resolution conversion, and the like on print output image data. In addition to this, the image processing unit 5013 performs rotation of image data and compression / decompression processing such as JPEG for binary image data and JBIG, MMR, MH for binary image data.

  A scanner 5015 connected to the scanner I / F 5012 illuminates an image on paper as a document and scans it with a CCD line sensor, thereby converting it into an electrical signal as raster image data. The original paper is set on the tray of the original feeder, and when the apparatus user gives a reading start instruction from the operation unit 5018, the CPU 5001 gives an instruction to the scanner, and the feeder feeds the original paper one by one to read the original image. I do.

  A printer 5014 connected to the printer I / F 5011 is a part that converts raster image data into an image on paper. The method is an electrophotographic method using a photosensitive drum or a photosensitive belt, and ink is supplied from a micro nozzle array. There is an ink jet method for ejecting and printing an image directly on a sheet, but any method may be used. The printing operation is started in response to an instruction from the CPU 5001. Note that the printer unit 5014 has a plurality of paper feed stages so that different paper sizes or different paper orientations can be selected, and has a paper cassette corresponding thereto.

  An operation unit 5018 connected to the operation unit I / F 5005 includes a liquid crystal display (LCD) display unit. A touch panel sheet is affixed on the LCD and displays a system operation screen. When a displayed key is pressed, the position information is transmitted to the CPU 5001 via the operation unit I / F 5005. The operation unit 5018 includes, for example, a start key, a stop key, an ID key, a reset key, and the like as various operation keys.

  Here, the start key of the operation unit 5018 is used when starting a document image reading operation. There are green and red LEDs in the center of the start key, and indicates whether or not the start key can be used depending on the color. The stop key of the operation unit 5018 serves to stop the operation being performed. The ID key of the operation unit 5018 is used when inputting the user ID of the user. The reset key is used when initializing settings from the operation unit 5018.

  The card reader 500 connected to the external I / F 5009 reads information stored in the IC card (for example, Sony FeliCa (registered trademark)) under the control of the CPU 5001, and reads the read information to the external I / F 5009. The CPU 5001 is notified via F5009.

Next, functions of the client PC 100, the IC card authentication server 200, and the MFP 300 according to the present invention will be described with reference to FIG.
FIG. 4 is a functional block diagram of the system according to the embodiment of the present invention. Since detailed processing of each function will be described later, processing of each function will be described here.

<Client PC 100>
The print data generation unit 150 on the client PC 100 can generate print data (job) based on the data received from the application program, and can transmit the print data to the MFP 300 or the like.

<IC card authentication server 200>
The MFP communication unit 250 on the IC card authentication server 200 transmits / receives an authentication request to / from the MFP 300 and receives usage history information.

The authentication table management unit 251 on the IC card authentication server 200 accesses an authentication table managed in the IC card authentication server, searches for user information associated with the card number or user name and password requested for authentication, and performs authentication. Returns the result.
The function lock setting unit 252 on the IC card authentication server 200 has a function of temporarily disabling a function that has not been used for a certain period of time based on the usage history information sent from the multifunction device.

<Multifunction device 300>
The card reader control unit 350 on the multifunction device 300 acquires card information (for example, a serial number) held over the card reader 500.
The authentication server communication unit 351 on the multifunction device 300 transmits and receives an authentication request with the IC card authentication server 200 and transmits usage history information.
It is assumed that the authentication unit 352 on the multifunction device 300 permits the use of the multifunction device using the user information when the overall authentication system is successfully controlled and authenticated.

After successful login, the display control unit 353 on the multifunction device 300 generates a multifunction device menu screen based on the user authority information. The display control unit 353 constitutes an example of display control means according to the present invention.
A usage history information acquisition unit 354 on the MFP 300 acquires user usage history information from the MFP body at an arbitrary timing.

  Detailed description of the processing in the present embodiment will be described with reference to the flowcharts of FIGS. Note that each step in each flowchart is executed by the CPU of each device.

  FIG. 5 is a flowchart showing an example of the IC card authentication process in the embodiment of the present invention.

  In step S100, the control unit 5001 of the MFP 300 causes the authentication unit 352 to display an IC card authentication screen (1500).

  In step S101, the control unit 5001 of the MFP 300 determines whether the authentication unit 352 has pressed the keyboard authentication button displayed on the IC card authentication screen (1500). If the keyboard authentication button has been pressed, the process proceeds to step S200 (FIG. 6). If not, the process proceeds to step S102.

  In step S <b> 102, the control unit 5001 of the multifunction peripheral 300 transmits a card reading start command to the card reader (card R / W) 500 by the card reader control unit 350. That is, the control unit 5001 sends a polling start instruction command for reading the IC card to the card reader 500.

  In step S103, when the card reader 500 receives the card reader reading start command transmitted from the multifunction device in step S102, the IC card reading state is set.

  In step S104, the card reader 500 detects that the IC card is held over and reads a card number (hereinafter referred to as “card information” as appropriate) from the IC card. Then, the card reader transmits a card event to the multifunction device. This card event stores card information held over. The card information may be a card manufacturing number stored in the IC card, or any number for identifying the user, such as a number that can be arbitrarily stored in the IC card or a serial card name. May be.

  In step S <b> 105, the control unit 5001 of the multifunction machine 300 receives the card event transmitted from the card reader by the card reader control unit 350.

  In step S106, the control unit 5001 of the multi-function device 300 acquires card information from the card event acquired in step S105 by the authentication unit 352.

  In step S <b> 107, the control unit 5001 of the MFP 300 transmits an authentication request to the IC card authentication server 200 through the authentication server communication unit 351. Card information is included in the authentication request. Note that this transmission process (step S107) constitutes an example of the operation of the second transmission means according to the present invention.

  In step S108, the control unit 2001 of the IC card authentication server 200 receives the authentication request transmitted in step S107 by the multi-function device communication unit 250. Note that this reception process (step S108) constitutes an example of the operation of the first receiving means according to the present invention.

  In step S109, the control unit 2001 of the IC card authentication server 200 acquires a setting file (FIG. 13) managed in the IC card authentication server by the authentication table management unit 251. One setting file may exist for each user.

  In step S110, the control unit 2001 of the IC card authentication server 200 acquires “function lock range” information from the setting file acquired in step S109 by the authentication table management unit 251. This specifies a range of processing for temporarily disabling functions that are not used, which will be described later. According to this value, it can be determined whether to assign different authority for each unit, for each series (product model), or for all units at once.

  In step S111, the control unit 2001 of the IC card authentication server 200 acquires an authentication table (FIG. 10) managed in the IC card authentication server by the authentication table management unit 251. One authentication table may exist for each user. This authentication table is associated with function restriction information (FIG. 11) and function lock information (FIG. 12) described later.

  In step S112, the control unit 2001 of the IC card authentication server 200 determines whether or not the card information of the user acquired in step S108 is registered in the authentication table acquired in step S111 by the authentication table management unit 251. To do. If the card information is registered, the process proceeds to step S113, and if not registered, the process proceeds to step S119.

  In step S113, the control unit 2001 of the IC card authentication server 200 acquires the user information searched in step S112 by the authentication table management unit 251.

  In step S114, the control unit 2001 of the IC card authentication server 200 uses the authentication table management unit 251 to obtain the “function lock range” value obtained in step S110 from the IP address or model information of the MFP 300 that has requested authentication. It is determined whether it is included in. The IP address and model information are included in the authentication request received in step S108. The IP address may be acquired through TCP / IP communication. The model information may be determined from the acquired IP address or from a model specification table (not shown) held in the IC card authentication server.

  When included in the function lock range, that is, when the IP address or the series name (model name) of the multifunction device matches the value of the setting file (FIG. 13), the control unit 2001 includes the user information acquired in step S113. Then, it is determined whether there is function lock information (FIG. 12) suitable for the function lock range. When it exists, it progresses to step S115, and when it does not exist, it progresses to step S117.

  The function lock information is created for each user and stored and managed by the IC card authentication server. The creation of the function lock information will be described later with reference to FIGS.

  In step S115, the control unit 2001 of the IC card authentication server 200 acquires the function lock information in step S114 by the authentication table management unit 251.

  In step S116, the control unit 2001 of the IC card authentication server 200 uses the authentication table management unit 251 to store the function restriction information (preset initial setting) in FIG. 11 associated with the user information acquired in step S113, The function lock information (FIG. 12) acquired in S115 is merged to generate authority information (function restriction information) used for login of the user. Note that the function restriction information may be generated for each user in advance.

  For example, in the case of FIGS. 11 and 12, the generated function restriction information includes function restriction information such as “Locked” for copying, “not permitted” for fax, “permitted” for printing, and “permitted” for scanning. Generated.

  In step S117, the control unit 2001 of the IC card authentication server 200 uses the authentication table management unit 251 to use the function restriction information (initial setting) associated with the user information acquired in step S113 for login of the user. Obtain as information. If the multifunction device is not included in the function lock range (for example, if the multifunction device on the floor where the normal user is located is not subject to the function lock and is an authentication request from a normal multifunction device), or the function lock range If it is a multi-function device but does not have function lock information (if it is a multi-function device that releases the function lock once with keyboard authentication and applies the function restriction information of the initial value in S316 described later), the function restriction information (initial Get settings).

  In step S118, the control unit 2001 of the IC card authentication server 200 generates authentication OK data including the authority information generated in step S116 or acquired in step S117 and the user information acquired in S113 by the authentication table management unit 251. To do.

  In step S119, the control unit 2001 of the IC card authentication server 200 generates authentication NG data because the card information is not registered in the IC card authentication server by the authentication table management unit 251.

  In step S120, the control unit 2001 of the IC card authentication server 200 returns the authentication result created in step S118 or step S119 to the multifunction device 300 by the multifunction device communication unit 250. The returning process (step S120) constitutes an example of the operation of the first transmission means according to the present invention.

In step S121, the control unit 5001 of the MFP 300 receives the authentication result transmitted from the IC card authentication server in step S120 by the authentication server communication unit 351. Note that this receiving process (step S121) constitutes an example of the operation of the second receiving means according to the present invention.
In step S122, the control unit 5001 of the MFP 300 determines whether the authentication result received in step S121 is successful by the authentication unit 352. If the authentication has succeeded, the process proceeds to step S123. If the authentication has failed, the process proceeds to step S125.

In step S123, the control unit 5001 of the MFP 300 acquires user information necessary for login of the MFP from the authentication result received in step S121 by the authentication unit 352.
In step S124, the control unit 5001 of the multifunction device 300 logs in to the multifunction device by using the user information acquired in step S123 by the authentication unit 352. The operation after login proceeds to step S300. Specifically, in the login process, the acquired user information is set in the login information of the multifunction device, so that the main body of the multifunction device 300 is regarded as a login and the multifunction device can be used.

  Needless to say, after logging in, the user information is deleted and authentication is awaited when each function is executed or when the logout button is pressed.

  The logout process is not explicitly shown in this flowchart because the logout process is executed when the user arbitrarily operates the user or when the user does not operate the multifunction device 300 for a predetermined time. Needless to say, when the logout process is executed, the process of this flowchart is terminated.

  In step S125, the control unit 5001 of the multi-function apparatus 300 displays an IC card authentication error screen (1600) because the authentication unit 352 has not authenticated.

  FIG. 6 is a flowchart showing an example of the keyboard authentication process in the embodiment of the present invention.

  In step S200, the control unit 5001 of the multifunction machine 300 causes the authentication unit 352 to display a keyboard authentication screen (1510).

  In step S201, the control unit 5001 of the MFP 300 determines whether the authentication unit 352 has pressed the IC card authentication button displayed on the keyboard authentication screen. If the IC card authentication button is pressed, the process proceeds to step S100, and if not, the process proceeds to step S202.

  In step S202, the control unit 5001 of the MFP 300 determines whether the authentication unit 352 has pressed the login button displayed on the keyboard authentication screen. If the login button is pressed, the process proceeds to step S203, and if not, the process proceeds to step S201.

In step S <b> 203, the control unit 5001 of the MFP 300 acquires the user name input on the keyboard authentication screen by the authentication unit 352.
In step S <b> 204, the control unit 5001 of the MFP 300 acquires the password input on the keyboard authentication screen by the authentication unit 352.

  In step S205, the control unit 5001 of the MFP 300 transmits an authentication request to the IC card authentication server 200 using the user name and password acquired in steps S203 and S204 by the authentication server communication unit 351. The user name and password are included in the authentication request.

  In step S206, the control unit 2001 of the IC card authentication server 200 receives the authentication request transmitted in step S205 by the multi-function device communication unit 250.

  In step S207, the control unit 2001 of the IC card authentication server 200 acquires an authentication table (FIG. 10) managed in the IC card authentication server by the authentication table management unit 251.

  In step S208, the control unit 2001 of the IC card authentication server 200 registers the user name information included in the authentication request acquired in step S206 in the authentication table acquired in step S207 by the authentication table management unit 251. Determine whether or not. If the user information is registered, the process proceeds to step S209, and if not registered, the process proceeds to step S213.

  In step S209, the control unit 2001 of the IC card authentication server 200 receives the password registered in the user information retrieved in step S208 by the authentication table management unit 251 and the password included in the authentication request acquired in step S206. Determine whether they match. If they match, the process proceeds to step S210, and if they do not match, the process proceeds to step S213.

  In step S210, the control unit 2001 of the IC card authentication server 200 acquires the user information retrieved in step S208 from the authentication table by the authentication table management unit 251.

  In step S211, the control unit 2001 of the IC card authentication server 200 uses the authentication table management unit 251 to use the function restriction information (initial setting) associated with the user information acquired in step S210 for login of the user. Obtain as information. In this step, the initial value is used because the risk of impersonation is low in the keyboard authentication process unlike the IC card.

  In step S212, the control unit 2001 of the IC card authentication server 200 generates authentication OK data including the authority information and user information acquired in step S211 by the authentication table management unit 251.

In step S213, the control unit 2001 of the IC card authentication server 200 generates authentication NG data because the user information is not registered in the IC card authentication server by the authentication table management unit 251.
In step S214, the control unit 2001 of the IC card authentication server 200 returns the authentication result created in step S212 or step S213 to the multifunction device by the multifunction device communication unit 250.

  In step S215, the control unit 5001 of the MFP 300 receives the authentication result transmitted from the IC card authentication server in step S214 by the authentication server communication unit 351.

  In step S216, the control unit 5001 of the MFP 300 determines whether the authentication result received in step S215 is successful by the authentication unit 352. If the authentication has succeeded, the process proceeds to step S217. If the authentication has failed, the process proceeds to step S219 (see 1610 in FIG. 16).

  In step S217, the control unit 5001 of the multifunction device 300 acquires user information and authority information necessary for login of the multifunction device from the authentication result received in step S215 by the authentication unit 352.

  In step S218, the control unit 5001 of the multifunction device 300 logs in to the multifunction device by using the user information acquired in step S215 by the authentication unit 352. The operation after login proceeds to step S300 in FIG. The login process is realized by the same process as the login at the time of IC card authentication (see step S124). Needless to say, after logging in, the user information is deleted and authentication is awaited when each function is executed or when the logout button is pressed.

  The logout process is not explicitly shown in this flowchart because the logout process is executed when the user arbitrarily operates the user or when the user does not operate the multifunction device 300 for a predetermined time. Needless to say, when the logout process is executed, the process of this flowchart is terminated.

  In step S219, the control unit 5001 of the MFP 300 causes the authentication unit 352 to display a keyboard authentication error screen (1610 in FIG. 16).

FIG. 7 is a flowchart showing an example of processing when the function button is pressed after login of the multifunction machine according to the embodiment of the present invention.
In step S300, the control unit 5001 of the multi-function peripheral acquires authority information of the user who has logged in by the display control section 353, and generates and displays a menu screen of the multi-function peripheral based on the authority information (see 1700 in FIG. 17). reference). Specifically, the functions that are not permitted are grayed out and cannot be pressed down (see, for example, the “fax” button in the shaded area in 1700 of FIG. 17). For locked functions, a key mark or the like is provided on the function button to indicate that it is temporarily unavailable (see, for example, the “Copy” button with the key mark in 1700 in FIG. 17). .

  In step S301, the control unit 5001 of the multifunction machine waits until the function button displayed on the screen is pressed by the display control unit 353. If the function button is pressed, the process proceeds to step S302.

  In step S302, the control unit 5001 of the multifunction peripheral determines whether or not the logged-in user can use the function pressed in step S301 by the display control unit 353. If it is available (not unavailable), the process proceeds to step S303, and if unavailable, the process proceeds to step S323. That is, when it is not usable, the button cannot be pushed down. A function that is simply locked is judged to be usable.

  Here, step S323 will be described. In step S323, the control unit 5001 of the multifunction device 300 acquires the use history until logout by the display control unit 353, and stores it in the HDD 5007 of the multifunction device 300. As the usage history, the value of an item corresponding to the usage history information in FIG. 14 is acquired and stored.

  In this embodiment, for convenience, the usage history is acquired and stored in step S323. However, the usage history is acquired and stored in the memory each time the function is executed, and the HDD 5007 is logged out when logged out. You may make it save to.

  In step S303, the control unit 5001 of the multi-function peripheral determines whether the display controller 353 is locked by the logged-in user for the function pushed down in step S301. If it is locked, the process proceeds to step S304, and if not locked (that is, available), the process proceeds to step S305.

In step S304, the control unit 5001 of the MFP 300 displays the unlock keyboard authentication screen by the authentication unit 352 (see 1800 in FIG. 18). Note that step S304 constitutes an example of “the image forming apparatus accepts input of user information in response to a user operation when accepting an instruction of a function for which locking is designated”.
The reason for displaying the unlock keyboard authentication screen here is to prevent unnecessary functions from being used in multifunction devices that are not normally used, such as when an IC card is picked up. If the user name and password of a legitimate user are entered here, it can be determined that the IC card has not been used illegally, so the MFP can be unlocked and the MFP can be used with the normally used authority information set in advance. Can be used.

  In step S <b> 305, the control unit 5001 of the multi-function peripheral causes the display control unit 353 to display a detailed screen of the pressed function. For example, when the scan is depressed, a setting input screen for scanning is displayed. Thereafter, the user can freely use the depressed function. However, the authority information has more detailed information, and the setting input screen is also locked or can be used. Also good.

  In step S306, the control unit 5001 of the MFP 300 determines whether the authentication unit 352 has pressed the login button displayed on the unlock keyboard authentication screen (1800 in FIG. 18). If the login button is pressed, the process proceeds to step S308, and if not, the process proceeds to step S307.

  In step S307, the control unit 5001 of the MFP 300 determines whether the authentication unit 352 has pressed the cancel button displayed on the unlock keyboard authentication screen. If the cancel button is pressed, the process proceeds to step S300, and if not, the process proceeds to step S306.

In step S <b> 308, the control unit 5001 of the MFP 300 acquires the user name input on the unlock keyboard authentication screen by the authentication unit 352.
In step S <b> 309, the control unit 5001 of the MFP 300 acquires the password input on the unlock keyboard authentication screen by the authentication unit 352.

  In step S310, the control unit 5001 of the MFP 300 transmits an authentication request to the IC card authentication server 200 by using the user name and password acquired in steps S308 and S309 by the authentication server communication unit 351. The user name and password are included in the authentication request.

In step S311, the control unit 2001 of the IC card authentication server 200 receives the authentication request transmitted in step S310 by the multi-function device communication unit 250.
In step S312, the authentication table management unit 251 of the IC card authentication server 200 acquires an authentication table (FIG. 10) managed in the IC card authentication server.

  In step S313, the control unit 2001 of the IC card authentication server 200 determines whether or not the user name information acquired in step S311 is registered in the authentication table acquired in step S312 by the authentication table management unit 251. To do. If the user information is registered, the process proceeds to step S314. If not registered, the process proceeds to step S318.

  In step S314, the control unit 2001 of the IC card authentication server 200 determines whether or not the password registered in the user information searched in step S313 by the authentication table management unit 251 matches the password acquired in step S311. Judging. If they match, the process proceeds to step S315, and if they do not match, the process proceeds to step S318.

  In step S315, the control unit 2001 of the IC card authentication server 200 acquires the user information retrieved in step S313 from the authentication table by the authentication table management unit 251.

  In step S316, the control unit 2001 of the IC card authentication server 200 uses the function restriction information (initial setting) associated with the user information acquired in step S315 by the authentication table management unit 251 to log in the user. Permission information. As another form, in this case, since the user name and the password match, when there is an authentication request again from the currently used multifunction device, the function restriction information of the initial value is used. Information (non-target information) indicating that this function lock information is not used is registered in the lock information (FIG. 12). If the function lock range is series or batch, specify the IP address so that the MFP does not lock the function. Note that an example of identification information according to the present invention is configured by this IP address. This IP address is configured to be deleted after a predetermined period such as 3 hours (that is, an example of the predetermined time according to the present invention). As a result, once the keyboard is authenticated and the MFP is used with the default function restriction information, the function lock information will not be applied even if you log out and authenticate the IC card again. A user-friendly mechanism can be realized.

  In this embodiment, the function restriction information is transmitted in S316. However, in addition to the authority information (function restriction information) obtained by merging the function restriction information and the function lock information in S116 (FIG. 5), the user function When the restriction information (FIG. 11) is transmitted, it may be configured not to transmit in S316.

  In step S317, the control unit 2001 of the IC card authentication server 200 generates authentication OK data including the authority information and user information created in step S316 by the authentication table management unit 251.

  In step S318, the control unit 2001 of the IC card authentication server 200 generates authentication NG data because the user information is not registered in the IC card authentication server by the authentication table management unit 251.

  In step S319, the control unit 2001 of the IC card authentication server 200 returns the authentication result created in step S317 or step S318 to the multifunction device by the multifunction device communication unit 250.

  In step S320, the control unit 5001 of the MFP 300 receives the authentication result transmitted from the IC card authentication server in step S319 by the authentication server communication unit 351.

  In step S321, the control unit 5001 of the MFP 300 determines whether the authentication result received in step S320 is successful by the authentication unit 352. If the authentication has succeeded, the process proceeds to step S300. If the authentication has failed, the process proceeds to step S322. If the authentication is successful, the process proceeds to step S300 to switch from the locked screen to a screen controlled using preset function restriction information (see 1710 of FIG. 17). Note that, by moving the processing from step S321 to step S300 and 1710 of FIG. 17, according to the present invention, “when the user information is authenticated by the information processing apparatus, based on the user authority information, An example of “displaying a list of functions with limited use functions in the image forming apparatus” is configured.

In step S322, the control unit 5001 of the MFP 300 causes the authentication unit 352 to display the unlock keyboard authentication error screen (1810 in FIG. 18).
FIG. 8 is a flowchart showing an example of processing for acquiring usage history information from a multifunction peripheral and transmitting it to an IC card authentication server in the embodiment of the present invention.

  FIG. 9 shows processing on the IC card authentication server side. Based on the usage history file transmitted by the flow of FIG. 8, functions that have not been used for a certain period for each user are temporarily unavailable (locked). It is a flowchart which shows an example of the process which produces | generates the information for making it).

  8 and 9, the usage history information accumulated in the multifunction peripheral is acquired at an arbitrary timing (such as once a day) and transmitted to the IC card authentication server. The IC card authentication server is described in such a form that the processing is performed at an arbitrary timing (once a day, etc.), but if you want more real-time performance, for example, use that was performed while logging in when logging out The history information may be transmitted to the IC card authentication server, and the IC card authentication server may take a method of reflecting the usage history file in the authentication table when it is received.

  In order to simplify the explanation, the range of function restriction information and function lock information is described at the “function” level, but it is actually subdivided into color copy / monochrome copy, print 2in1 / 4in1, etc. Such a level of detail may be determined.

  In step S400, the control unit 5001 of the multi-function device 300 acquires the use history information stored in the multi-function device by the use history information acquisition unit 354. As the usage history information, information corresponding to each item of the usage history information of FIG. 14 stored in the IC card authentication server 200 is acquired.

In step S401, the control unit 5001 of the MFP 300 transmits the usage history information acquired in step S400 to the IC card authentication server by the authentication server communication unit 351.
In step S402, the control unit 2001 of the IC card authentication server 200 receives the usage history information transmitted in step S401 by the multi-function device communication unit 250.

  In step S403, the control unit 2001 of the IC card authentication server stores the usage history information received in step S402 in the external memory managed in the IC card authentication server by the multifunction device communication unit.

9, in step S500, the control unit 2001 of the IC card authentication server 200 acquires a setting file (FIG. 13) managed in the IC card authentication server by the function lock setting unit 252.
In step S <b> 501, the control unit 2001 of the IC card authentication server 200 acquires “function limit time limit” information from the setting file acquired in step S <b> 500 by the function lock setting unit 252. For example, a function limit time limit of 10 days, that is, 10 days is acquired.

  In step S502, the control unit 2001 of the IC card authentication server 200 acquires “function lock range” information from the setting file acquired in step S500 by the function lock setting unit 252.

  In step S503, the control unit 2001 of the IC card authentication server 200 acquires the use history information stored in step S403 by the function lock setting unit 252. Since this usage history information is sent from each multifunction device and stored, a plurality of data exists for each multifunction device.

  In step S504, the control unit 2001 of the IC card authentication server 200 causes the function lock setting unit 252 to merge the plurality of usage history information acquired in step S503 as one data.

  In step S505, the control unit 2001 of the IC card authentication server 200 uses the function lock setting unit 252 to manage the usage history information merged in step S504 by the IC card authentication server 200 for the number of days acquired in step S501. Based on the current system time and the time of usage history information.

  In step S506, the control unit 2001 of the IC card authentication server 200 causes the function lock setting unit 252 to merge the usage history information extracted in step S505 with the user name and the function lock range information.

In step S507, a function not used by the user is identified from the usage history information, and Locked and a value are input in the function item in order to lock the identified function. In this way, function lock information (FIG. 12) specifying the function to be locked is generated. The function lock information is created in different units depending on the function lock range. Note that one example of “the information processing apparatus identifies functions that are less used or not used by the user according to the usage history information and stores the identified functions as function lock information” according to the present invention by step S507. Is configured.
Thereby, according to the transmitted / received usage history information, it is possible to appropriately identify functions that are less used or unused by the user, and to appropriately store the identified functions as function lock information.

FIG. 12 is an example in which function lock information is generated for each device by USER001.
The function lock information generation method is an example, and need not be limited to the above.

  In the present embodiment, functions that have not been used for a certain period are locked. However, functions that are not frequently used within a certain period can also be locked.

Next, another functional block diagram applicable to the present embodiment will be described with reference to FIG.
The functional blocks of the IC card authentication server 200 and the multifunction machine 300 will be described.
The IC card authentication server 200 is replaced with an information processing apparatus that manages user authority, and the multifunction peripheral 300 is replaced with an image forming apparatus.

  The information processing apparatus includes a storage unit 1901, an information processing apparatus reception unit 1902, and an information processing apparatus transmission unit 1903, and the image forming apparatus includes an image forming apparatus transmission unit 1904, an image forming apparatus reception unit 1905, and a display control unit 1906. Have. The storage unit 1901 constitutes an example of a storage unit according to the present invention. The information processing device receiving unit 1902 constitutes an example of a first receiving unit according to the present invention. The information processing apparatus transmission unit 1903 constitutes an example of a first transmission unit according to the present invention. The image forming apparatus transmission unit 1904 constitutes an example of the second transmission unit according to the present invention. The image forming apparatus receiving unit 1905 constitutes an example of the second receiving unit according to the present invention. The display control unit 1906 constitutes an example of display control means according to the present invention.

  The storage unit 1901 stores lock information for locking a function with few or no operations among functions available to the user, and authority information for restricting the use of the image forming apparatus by the user who uses the function. Part.

The information processing apparatus receiving unit 1902 is a functional unit that receives an authentication request from the image forming apparatus.
The information processing device transmission unit 1903 is a functional unit that transmits function restriction information including authority information and lock information of a user who has been authenticated in response to an authentication request.

The image forming apparatus transmission unit 1904 is a functional unit that transmits an authentication request when the storage medium is read.
The image forming apparatus receiving unit 1905 is a functional unit that receives function restriction information in response to an authentication request.

  The display control unit 1906 is a functional unit that displays a function list in which functions used in the image forming apparatus are restricted based on the received function restriction information. In addition, the display control unit 1906 displays a function that is specified to be permitted by the function restriction information so that the function can be executed by accepting an operation from the user, and is designated not to be permitted by the function restriction information. The function is displayed so that the operation from the user cannot be accepted, and the function for which the lock is specified is displayed to indicate that the lock is applied in the authentication on the storage medium. .

  In the present embodiment, the IC card authentication server 200 and the multifunction device 300 are described as separate units. However, the multifunction device 300 may have an IC card authentication server function, and the multifunction device 300 performs an authentication process. Is also possible. That is, the embodiment can be paraphrased as an authentication system or an image forming apparatus control system that stores a use history.

  As described above, according to the present embodiment, the MFP can be used with a higher security authority than a preset authority in accordance with the usage history of the MFP. Further, when using with a preset authority, it is possible to reduce the burden on the administrator and use the multifunction machine.

  Conventionally, in order to change the authority or use a different authority, it takes time to ask the administrator to respond, but by making keyboard authentication, the administrator's trouble is saved. Flexible operation and high security operation can be realized.

  Even if the IC card is lost, even if it is used by a malicious user, if it is a multifunction machine that is not normally used, the use is limited and security can be improved.

  It should be noted that the configuration and contents of the various data described above are not limited to this, and it goes without saying that the various data and configurations are configured according to the application and purpose.

  Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and specifically includes a plurality of devices. The present invention may be applied to a system including a single device.

  The program according to the present invention is a program that allows a computer to execute the processing methods of the flowcharts shown in FIGS. 5 to 9, and the storage medium according to the present invention is a program that allows the computer to execute the processing methods of FIGS. Is remembered. The program in the present invention may be a program for each processing method of each apparatus in FIGS.

  As described above, a recording medium that records a program that implements the functions of the above-described embodiments is supplied to a system or apparatus, and a computer (or CPU or MPU) of the system or apparatus stores the program stored in the recording medium. It goes without saying that the object of the present invention can also be achieved by executing the reading.

  In this case, the program itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program constitutes the present invention.

  As a recording medium for supplying the program, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, nonvolatile memory card, ROM, EEPROM, silicon A disk, solid state drive, or the like can be used.

  Further, by executing the program read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) operating on the computer based on an instruction of the program is actually It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the processing and the processing is included.

  Furthermore, after the program read from the recording medium is written to the memory provided in the function expansion board inserted into the computer or the function expansion unit connected to the computer, the function expansion board is based on the instructions of the program code. It goes without saying that the case where the CPU or the like provided in the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  Further, the present invention may be applied to a system composed of a plurality of devices or an apparatus composed of a single device. Needless to say, the present invention can be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

Furthermore, by downloading and reading a program for achieving the present invention from a server, database, etc. on a network using a communication program, the system or apparatus can enjoy the effects of the present invention.
In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

  The preferred embodiments of the information processing system and the like according to the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to such examples. It will be apparent to those skilled in the art that various changes or modifications can be conceived within the scope of the technical idea disclosed in the present application, and these naturally belong to the technical scope of the present invention. Understood.

100 client PC
150 Print Data Unit 200 IC Card Authentication Server 250 Multifunction Device Communication Unit 251 Authentication Table Management Unit 252 Function Lock Setting Unit 300 Multifunction Device 350 Card Reader Control Unit 351 Authentication Server Communication Unit 352 Authentication Unit 353 Display Control Unit 354 Usage History Information Acquisition Unit 400 LAN
500 IC card reader 1901 Storage unit 1902 Information processing device receiving unit 1903 Information processing device transmitting unit 1904 Image forming device transmitting unit 1905 Image forming device receiving unit 1906 Display control unit

The present invention has been made in view of the above-described problems, and the object of the present invention is to provide functional information obtained as a result of an authentication request by reading an authentication medium or an authentication request by inputting user identification information. based controls the function is to provide a specification set for use of the image forming apparatus to enhance security.

In order to achieve the above-described object, a first invention is an information processing system including a management device that manages a usage history of functions of a user's image forming device, and the image forming device, wherein the management device includes the image Accepting means for accepting an authentication request using an authentication medium from the forming apparatus or an authentication request using user identification information input by the image forming apparatus, and an authentication request using an authentication medium from the image forming apparatus In this case, the image forming apparatus is notified of function information for restricting a use function that is less frequently used by the user, determined according to the use history of the function of the image forming apparatus in the user identification information corresponding to the authentication medium, or The image forming apparatus specified from the user identification information when an authentication request using the user identification information input by the image forming apparatus is received Notification means for notifying the image forming apparatus of function information preset for use, and the image forming apparatus issues an authentication request by reading an authentication medium or an authentication request by inputting user identification information. An information processing system comprising: output means for outputting to the management apparatus; and control means for controlling functions of the image forming apparatus based on the function information obtained as a result of the authentication request.
According to the first invention, the function is controlled based on the function information obtained as a result of the authentication request by reading the authentication medium or the authentication request by inputting the user identification information, and the image forming apparatus is used with improved security. Can be made.

In addition, an operation accepting unit that accepts an operation to a function restricted by the control unit is further provided, and the output unit issues an authentication request by inputting the user identification information so as to release the restriction of the restricted function. It is desirable to output.
Accordingly, when an operation to a function restricted by the control unit is received, a request for releasing the restriction on the function can be output.

The function information obtained as a result of the authentication request by reading the authentication medium includes function information set in advance for using the image forming apparatus specified from the user identification information corresponding to the authentication medium. The control means, when displaying a list of functions based on the function information obtained as a result of the authentication request by reading the authentication medium, the functions restricted based on the preset function information, and the usage frequency Function information set in advance when displaying a list of functions based on the function information obtained as a result of the authentication request by inputting the user identification information. It is desirable to display the restricted functions in an identifiable manner based on the above.
Thereby, based on the authentication information, it is possible to display a restricted function or a use function with a low use frequency in an identifiable manner.

In addition, it is desirable that the usage function with a low usage frequency is a function with a low usage frequency or a low usage frequency.
As a result, a function list of functions whose use by the user is restricted can be displayed based on the function information of the used functions that are used less frequently or are not used.

The management apparatus is an authentication server, and is preferably a separate housing from the image forming apparatus.
Thus, the management apparatus can be an authentication server and can be realized in a separate housing from the image forming apparatus.

In order to achieve the above-described object, a second invention is a control method of an information processing system including a management device that manages a function usage history of a user's image forming device and the image forming device, and the management device includes: A reception step of receiving an authentication request using an authentication medium from the image forming apparatus or an authentication request using user identification information input by the image forming apparatus, and an authentication request using an authentication medium from the image forming apparatus Is received according to the function use history of the function of the image forming apparatus in the user identification information corresponding to the authentication medium, the function information for restricting the function used less frequently by the user is notified to the image forming apparatus. Or when an authentication request using the user identification information input by the image forming apparatus is received, before being identified from the user identification information. A notification step of notifying the image forming apparatus of function information set in advance for using the image forming apparatus, wherein the image forming apparatus inputs an authentication request by reading an authentication medium or user identification information An output step of outputting an authentication request to the management apparatus, and a control step of controlling the function of the image forming apparatus based on the function information obtained as a result of the authentication request. This is a system control method.

In order to achieve the above-described object, a third invention is a program for an information processing system including a management device for managing a function usage history of a user's image forming device and the image forming device, and is the management device. An accepting unit that receives an authentication request using an authentication medium from the image forming apparatus or an authentication request using user identification information input from the image forming apparatus, and an authentication using an authentication medium from the image forming apparatus When the request is accepted, function information for restricting a use function that is less frequently used by the user, determined according to the use history of the function of the image forming apparatus in the user identification information corresponding to the authentication medium, is stored in the image forming apparatus. Notification or when an authentication request using the user identification information input by the image forming apparatus is received, the user identification information Functioning as a notification means for notifying the image forming apparatus of function information preset in order to use the specified image forming apparatus, and requesting the computer as the image forming apparatus to perform an authentication request by reading an authentication medium; Or an output means for outputting an authentication request by inputting user identification information to the management apparatus, and a function for controlling the function of the image forming apparatus based on the function information obtained as a result of the authentication request. It is a program.

In order to achieve the above object, the fourth invention is obtained as a result of the authentication request by outputting the authentication request by reading the authentication medium or the authentication request by inputting the user identification information to the management apparatus, and the authentication request. A management apparatus that manages a function usage history of a user's function of the image forming apparatus and that can communicate with the image forming apparatus including a control unit that controls a function of the image forming apparatus based on function information. A receiving unit that receives an authentication request using an authentication medium from the apparatus or an authentication request using user identification information input by the image forming apparatus, and an authentication request using an authentication medium received from the image forming apparatus In addition, the use function that is determined according to the use history of the function of the image forming apparatus in the user identification information corresponding to the authentication medium and is less frequently used by the user is restricted. The image forming apparatus identified from the user identification information when an authentication request using the user identification information input by the image forming apparatus is received. And a notification unit configured to notify the image forming apparatus of function information set in advance for use.

In order to achieve the above-mentioned object, the fifth invention is obtained as a result of the authentication request by outputting the authentication request by reading the authentication medium or the authentication request by inputting the user identification information to the management apparatus. A control method of a management apparatus that manages a function usage history of the image forming apparatus of a user, which can communicate with an image forming apparatus including a control unit that controls the function of the image forming apparatus based on function information, An accepting step of accepting an authentication request using an authentication medium from the image forming apparatus or an authentication request using user identification information input by the image forming apparatus; and an authentication request using an authentication medium from the image forming apparatus. Usage that is determined by the user identification information corresponding to the authentication medium in accordance with the usage history of the function of the image forming apparatus and is less frequently used by the user The function information for restricting the function is notified to the image forming apparatus, or when the authentication request using the user identification information input by the image forming apparatus is received, the user identification information is specified. And a notifying step of notifying the image forming apparatus of function information set in advance for using the image forming apparatus.

In order to achieve the above-described object, the sixth invention is obtained as a result of the authentication request by outputting the authentication request by reading the authentication medium or the authentication request by inputting the user identification information to the management apparatus, and the authentication request. Based on the function information, for causing the computer to function as a management apparatus that manages a function usage history of the image forming apparatus of a user, which can communicate with the image forming apparatus including a control unit that controls the function of the image forming apparatus. A program that accepts an authentication request using an authentication medium from the image forming apparatus or an authentication request using user identification information input by the image forming apparatus, and uses an authentication medium from the image forming apparatus. When the authentication request received is received, the user is determined according to the function usage history of the image forming apparatus in the user identification information corresponding to the authentication medium. When the function information for restricting the use function that is less frequently used by the user is notified to the image forming apparatus or when an authentication request using the user identification information input by the image forming apparatus is received, the user It is a program for functioning as a notification means for notifying the image forming apparatus of function information preset in order to use the image forming apparatus specified from identification information.

In order to achieve the above-described object, a seventh invention is an image forming apparatus that displays a function list, and in the case of authentication using an authentication medium, the authentication according to the function usage history of the image forming apparatus. In the case of authentication using the first acquisition means for acquiring function information including a use function that is less frequently used in the user identification information corresponding to the medium, and the user identification information input by the image forming apparatus, the user identification Based on the second acquisition unit that acquires preset function information for using the image forming apparatus in the information and the function information acquired by the first acquisition unit or the second acquisition unit An image forming apparatus comprising: display control means for controlling display of a function list of the image forming apparatus.

In order to achieve the above-described object, an eighth invention is a control method of an image forming apparatus that displays a function list, and in the case of authentication using an authentication medium, the function usage history of the image forming apparatus is followed. In the first acquisition step of acquiring function information including a use function with a low use frequency in the user identification information corresponding to the authentication medium, and authentication using the user identification information input by the image forming apparatus, A second acquisition step of acquiring function information set in advance for using the image forming apparatus in the user identification information, and the function acquired in the first acquisition step or the second acquisition step. And a display control step for controlling display of a function list of the image forming apparatus based on the information.
In order to achieve the above-described object, a ninth invention is a program for causing a computer to function as an image forming apparatus for displaying a function list, and in the case of authentication using an authentication medium, the function of the image forming apparatus is First acquisition means for acquiring function information including a use function with a low use frequency in the user identification information corresponding to the authentication medium according to the use history, authentication using the user identification information input by the image forming apparatus In this case, it is acquired by the second acquisition unit, the first acquisition unit, or the second acquisition unit that acquires function information set in advance for using the image forming apparatus in the user identification information. This is a program for functioning as display control means for controlling display of a function list of the image forming apparatus based on the function information.

Using the information processing system of the present invention, the function is controlled based on the function information obtained as a result of the authentication request by reading the authentication medium or the authentication request by inputting the user identification information, and the security is enhanced and the image forming apparatus is used. Can be made .

Claims (12)

An information processing system including an information processing apparatus for managing user authority and an image forming apparatus,
The information processing apparatus includes:
Storage means for storing function lock information for locking functions that are less used or not used among functions available to the user, and authority information for restricting the use of the image forming apparatus by the user to use;
First receiving means for receiving an authentication request from the image forming apparatus;
First transmission means for transmitting function restriction information including the authority information of the user who has been authenticated in response to the authentication request and the function lock information;
The image forming apparatus includes:
Second transmitting means for transmitting an authentication request in response to the storage medium being read;
Second receiving means for receiving the function restriction information in response to the authentication request;
Display control means for displaying a list of functions whose use functions in the image forming apparatus are restricted based on the function restriction information received by the second receiving means;
The display control means displays the function that is specified to be permitted in the function restriction information so that the function can be executed by accepting an operation from the user, and is specified not to be permitted in the function restriction information. The function is displayed so that the operation from the user cannot be accepted, and the function for which the lock is specified by the function restriction information indicates that the lock is applied by the authentication on the storage medium. An information processing system characterized by displaying. The image forming apparatus receives an input of user information in response to a user operation when receiving an instruction of a function for which the lock is specified,
When the user information is authenticated by the information processing apparatus, the display control unit is configured to restrict a use function in the image forming apparatus based on user authority information and to specify the lock. The information processing system according to claim 1, wherein a list of unlocked functions is displayed.   The information processing system according to claim 1, wherein the user authority information is authority information received from the information processing apparatus when the user information is authenticated by the information processing apparatus. The image forming apparatus transmits usage history information related to a user's usage history,
The information processing apparatus receives usage history information,
4. The information processing apparatus according to claim 1, wherein the information processing apparatus identifies a function that is less used or unused by a user according to the usage history information, and stores the identified function as function lock information. The information processing system according to claim 1.   5. The information processing apparatus according to claim 1, wherein when the user information is authenticated, the information processing apparatus controls the storage unit so that the function lock information is not applied for a predetermined time. The information processing system described.   The information processing apparatus according to claim 1, wherein the information processing apparatus stores identification information of an image forming apparatus that has received an input of user information in association with function lock information. system. An information processing apparatus for managing user authority used in an information processing system including an image forming apparatus,
Storage means for storing function lock information for locking functions that are less used or not used among functions available to the user, and authority information for restricting the use of the image forming apparatus by the user to use;
First receiving means for receiving an authentication request from the image forming apparatus;
An information processing apparatus, comprising: first transmission means for transmitting user restriction information authenticated in response to the authentication request and function restriction information including the function lock information. An information processing method in an information processing apparatus for managing authority of a user used in an information processing system including an image forming apparatus,
A storage step of storing function lock information for locking a function that is less used or not used among functions available to the user, and authority information for restricting the use of the image forming apparatus by the user to use;
A first receiving step of receiving an authentication request from the image forming apparatus;
An information processing method comprising: a first transmission step of transmitting authority restriction information of a user authenticated in response to the authentication request and function restriction information including the function lock information. An information processing apparatus program for managing user authority used in an information processing system including an image forming apparatus,
The information processing apparatus;
Storage means for storing function lock information for locking functions that are less used or not used among functions available to the user, and authority information for restricting the use of the image forming apparatus by the user to use;
First receiving means for receiving an authentication request from the image forming apparatus;
A program that functions as first transmission means for transmitting function restriction information including authority information of a user authenticated in response to the authentication request and the function lock information. An image forming apparatus used in an information processing system including an information processing apparatus for managing user authority,
Second transmitting means for transmitting an authentication request in response to the storage medium being read;
Second receiving means for receiving function restriction information including authorized user authority information and function lock information in response to the authentication request;
Display control means for displaying a list of functions whose use functions in the image forming apparatus are restricted based on the function restriction information received by the receiving means,
The display control means displays the function that is specified to be permitted in the function restriction information so that the function can be executed by accepting an operation from the user, and is specified not to be permitted in the function restriction information. The function is displayed so that the operation from the user cannot be accepted, and the function for which the lock is specified in the function restriction information is displayed to indicate that the lock is applied in the authentication on the storage medium. An image forming apparatus. An image forming method in an image forming apparatus used in an information processing system including an information processing apparatus that manages user authority,
A second transmission step of transmitting an authentication request in response to the storage medium being read;
A second receiving step of receiving function restriction information including authorized user authority information and function lock information in response to the authentication request;
A display control step for displaying a list of functions whose use functions in the image forming apparatus are restricted based on the function restriction information received by the receiving unit, and
In the display control step, the function that is specified to be permitted in the function restriction information is displayed so that the function can be executed by accepting an operation from the user, and the function that is not permitted in the function restriction information is specified. The function is displayed so that an operation from the user cannot be accepted, and the function for which the lock is specified in the function restriction information indicates that the lock is applied in the authentication on the storage medium. An image forming method characterized by displaying. A program for an image forming apparatus used in an information processing system including an information processing apparatus for managing user authority,
The image forming apparatus;
Second transmitting means for transmitting an authentication request in response to the storage medium being read;
Second receiving means for receiving function restriction information including authorized user authority information and function lock information in response to the authentication request;
Based on the function restriction information received by the receiving means, function as a display control means for displaying a list of functions whose use functions in the image forming apparatus are restricted,
The display control means displays the function that is specified to be permitted in the function restriction information so that the function can be executed by accepting an operation from the user, and is specified not to be permitted in the function restriction information. The function is displayed so that an operation from the user cannot be accepted, and the function for which the lock is specified in the function restriction information indicates that the lock is applied in the authentication on the storage medium. A program characterized by displaying.

Images