JP6844666B2 - Information processing system, information processing method, service utilization device, and program - Google Patents

Description

The present application relates to an information processing system, an information processing method, a service utilization device, and a program.

In recent years, there has been an increase in service provision forms in which users use only necessary functions when they need them. For example, SaaS (Software as a Service), which is a software usage form in which users can freely select only the functions they want and use services, a combination of computing resources on the Internet, and high-value-added services for end users. Cloud computing, etc. that provides

In order to provide a customized screen to the user of the above-mentioned service, there is known a method of generating a screen using unique screen definition data associated with a client identifier (see, for example, Patent Document 1). ..

However, the method of Patent Document 1 described above does not relate to the user logging in to the cloud service. For example, when logging in to a cloud service, the user must enter the authentication information required for login on the screen. Therefore, there is a problem that it takes time and effort to input the authentication information on a small screen such as an operation panel.

In one aspect, the present invention aims to simplify the input of information used for authentication.

In one aspect, an information processing system including a service utilization device and one or more information processing devices that provide services to the service utilization device, wherein the service utilization device receives input of user-specific information. a first authentication screen display means for displaying an authentication screen, the authentication requesting means for performing the authentication request to the thus the information processing apparatus the user identification information inputted to said first authentication screen before SL user identification information A storage control means for storing the corresponding related information in the storage unit, and when the related information is stored in the storage unit when the display request of the authentication screen is received, the related information is specified from the related information on the input screen. By selecting a user from the user list display means for displaying the user list screen including the user list and the user list displayed by the user list display means , input of information in which a part of the user specific information is omitted is input. It has a second authentication screen display means for displaying a second authentication screen for accepting .

It is possible to simplify the input of information used for authentication.

It is a block diagram of an example of an information processing system which concerns on this embodiment. It is a hardware block diagram of an example of the computer which concerns on this embodiment. It is a hardware block diagram of an example of the image forming apparatus which concerns on this embodiment. It is a processing block diagram of an example of a service platform providing system. It is a processing block diagram of an example of the image forming apparatus which concerns on this embodiment. It is a figure which shows an example of the tenant data in this embodiment. It is a figure which shows an example of the user data in this embodiment. It is a figure which shows an example of the service data in this embodiment. It is a figure which shows an example of the login sequence which concerns on this embodiment. It is a figure which shows an example of the application list screen. It is a figure which shows an example of the login screen which inputs an e-mail address. It is a figure which shows an example of the login screen using a user list. It is a figure which shows the data example of the user list stored in the data storage part. It is a figure which shows an example of the sequence of logging in with an e-mail address. It is a figure which shows an example of the sequence of logging in using a user list. It is a figure which shows an example of the screen which sets the user list useability. It is a figure which shows an example of the sequence which sets the user list useability. It is a figure which shows an example of the user list acquisition sequence based on the user list availability. It is a figure which shows an example of the sequence which sets the user list useability in the main body. It is a figure which shows an example of the user list acquisition sequence based on the user list useability of the main body. It is a figure which shows an example of the sequence which cooperates with the main body authentication. It is a figure which shows an example of the sequence of logging in regardless of a tenant ID.

Hereinafter, embodiments will be described in detail.

<System configuration>
FIG. 1 is a configuration diagram of an example of an information processing system according to the present embodiment. The information processing system 1 shown in FIG. 1 includes a user system 10, an application market providing system 20, a service providing system 30, a service platform providing system 40, and a business platform providing system 50.

The user system 10, the application market providing system 20, the service providing system 30, and the service platform providing system 40 are connected via a network N1 such as the Internet. Further, the service platform providing system 40 and the business platform providing system 50 are connected by a dedicated line or the like.

The network N2 of the user system 10 is a private network inside the firewall FW. The firewall FW detects and blocks unauthorized access. An image forming device 12 such as a user terminal 11 or a multifunction device is connected to the network N2. The image forming apparatus 12 is an example of an electronic device in which a user tries or uses a service.

The user terminal 11 can be realized by an information processing device equipped with a general OS (Operating System) or the like. The user terminal 11 has a means of wireless communication or a means of wired communication. The user terminal 11 is a terminal that can be operated by a user such as a smartphone, a mobile phone, a tablet terminal, or a PC (Personal Computer).

The image forming apparatus 12 is an apparatus having an image forming function such as a multifunction device. The image forming apparatus 12 has a means for wireless communication or a means for wired communication. The image forming apparatus 12 is an apparatus that performs processing related to image forming, such as a multifunction device equipped with a browser, a copier, a scanner, a printer, a laser printer, a projector, and an electronic whiteboard. In the example of FIG. 1, an example in which the user terminal 11 and the image forming apparatus 12 are each one is shown as an example, but a plurality of user terminals 11 may be used.

Further, the application market providing server 21 of the application market providing system 20 is connected to the network N1 via the firewall FW. The application market providing server 21 can be realized by one or more information processing devices equipped with a general OS or the like.

The application market providing system 20 may be provided for each sales area, sales company, or the like. The application market providing server 21 provides an application market screen such as a service list screen or an application screen to the user terminal 11 or the image forming apparatus 12.

The service providing system 30 is connected to the network N1 via the firewall FW. The service providing system 30 provides various services to the user terminal 11 and the image forming apparatus 12. The service providing system 30 can be realized by one or more information processing devices equipped with a general OS or the like.

The service provided by the service providing system 30 may be a service provided by an operator of the service platform providing system 40, or a service provided by an external service provider or the like. The service provided by the service providing system 30 is, for example, a translation service or the like. When using the translation service, the image forming apparatus 12 performs OCR (optical character recognition) of image data or the like scanned from the original, transmits the image data to the service providing system 30, and accesses the service providing system 30 from the user terminal 11. By doing so, the translation result may be viewed, or the translation result may be received by e-mail or the like.

The service platform providing system 40 is connected to the network N1 via the firewall FW. The service platform providing system 40 can be realized by one or more information processing devices equipped with a general OS or the like.

The service platform providing system 40 has functions such as authentication / authorization, tenant / user management, license management, and account registration. The service platform providing system 40 receives requests for account registration and login from the user terminal 11 and the image forming apparatus 12. In addition, the service platform providing system 40 receives an authentication ticket confirmation request and a user information acquisition request from the service providing system 30.

The network N3 of the business platform providing system 50 is a private network inside the firewall FW. A business terminal 51 and a license management server 52 are connected to the network N3. The business terminal 51 and the license management server 52 can be realized by one or more information processing devices equipped with a general OS or the like.

The business terminal 51 has a means of wireless communication or a means of wired communication. The business terminal 51 is a terminal that can be operated by a person in charge of business such as a smartphone, a mobile phone, a tablet terminal, or a PC. The business person can request the license management server 52 to issue a license from the business terminal 51.

The license management server 52 has functions such as license management. The license management server 52 receives a request for issuing a license or the like from the service platform providing system 40 or the business terminal 51. The configuration of the information processing system 1 shown in FIG. 1 is an example and may be another configuration.

<Computer hardware configuration>
The user terminal 11, the application market providing server 21, the business terminal 51, and the license management server 52 shown in FIG. 1 are realized by, for example, a computer having a hardware configuration as shown in FIG. Further, the information processing device that realizes the service providing system 30 and the service platform providing system 40 shown in FIG. 1 is realized by, for example, a computer having a hardware configuration shown in FIG. FIG. 2 is a hardware configuration diagram of an example of a computer according to the present embodiment.

The computer 500 shown in FIG. 2 includes an input device 501, a display device 502, an external I / F 503, a RAM (Random Access Memory) 504, a ROM (Read Only Memory) 505, a CPU (Central Processing Unit) 506, and a communication I / F 507. And HDD (Hard Disk Drive) 508 and the like are provided, and each is connected to each other by a bus B. The input device 501 and the display device 502 may be connected and used when necessary.

The input device 501 includes a keyboard, a mouse, and the like, and is used by the user to input each operation signal. The display device 502 includes a display and the like, and displays the processing result by the computer 500.

The external I / F 503 is an interface with an external device. The external device includes a recording medium 503a and the like. As a result, the computer 500 can read and / or write to the recording medium 503a via the external I / F 503. The recording medium 503a includes a flexible disk, a CD (Compact Disk), a DVD (Digital Versaille Disk), an SD memory card (SD Memory card), a USB memory (Universal Serial Bus memory), and the like.

The RAM 504 is a volatile semiconductor memory (storage device) that temporarily holds programs and data. The ROM 505 is a non-volatile semiconductor memory (storage device) capable of holding programs and data even when the power is turned off. The ROM 505 stores programs and data such as BIOS (Basic Input / Output System), OS settings, and network settings that are executed when the computer 500 is started.

The CPU 506 is an arithmetic unit that realizes control and functions of the entire computer 500 by reading a program or data from a storage device such as a ROM 505 or an HDD 508 onto the RAM 504 and executing processing.

The communication I / F 507 is an interface that connects the computer 500 to the networks N1, N2, and N3. As a result, the computer 500 can perform data communication via the communication I / F 507.

The HDD 508 is a non-volatile storage device that stores programs and data. The stored programs and data are, for example, an OS that is basic software that controls the entire computer 500, application software that provides various functions on the OS, and the like. The computer 500 may be provided with an SSD (Solid State Drive) instead of the HDD 55.

The user terminal 11, the application market providing server 21, the business terminal 51, and the license management server 52 according to the present embodiment can realize various processes described later by the hardware configuration of the computer 500. Further, the information processing device that realizes the service providing system 30 and the service platform providing system 40 according to the present embodiment can realize various processes described later by the hardware configuration of the computer 500.

<Hardware configuration of image forming device>
The image forming apparatus 12 shown in FIG. 1 is realized by, for example, a computer having a hardware configuration as shown in FIG. FIG. 3 is a hardware configuration diagram of an example of the image forming apparatus according to the present embodiment. The image forming apparatus 12 shown in FIG. 3 includes a controller 601, an operation panel 602, an external I / F 603, a communication I / F 604, a printer 605, a scanner 606, and the like.

The controller 601 includes a CPU 611, a RAM 612, a ROM 613, an NVRAM 614, an HDD 615, and the like. The ROM 613 stores various programs and data. The RAM 612 temporarily holds programs and data. NVRAM 614 stores, for example, setting information and the like. Further, the HDD 615 stores various programs and data.

The CPU 611 reads a program, data, setting information, etc. from the ROM 613, NVRAM 614, HDD 615, etc. onto the RAM 612, executes processing, and realizes control and functions of the entire image forming apparatus 12.

The operation panel 602 includes an input unit for receiving input from the user and a display unit for displaying. The external I / F 603 is an interface with an external device. The external device includes a recording medium 603a and the like. As a result, the image forming apparatus 12 can read and / or write to the recording medium 603a via the external I / F 603. The recording medium 603a includes an IC card, a flexible disk, a CD, a DVD, an SD memory card, a USB memory, and the like.

The communication I / F 604 is an interface for connecting the image forming apparatus 12 to the network N2. As a result, the image forming apparatus 12 can perform data communication via the communication I / F 604. The printer 605 is a printing device that prints print data on paper. The scanner 606 is a reading device that reads image data (electronic data) from a document. The description of the hardware configuration of the firewall FW shown in FIG. 1 will be omitted.

<Service platform provision system>
The service platform providing system 40 according to the present embodiment is realized by, for example, the processing block shown in FIG. FIG. 4 is a processing block diagram of an example of the service platform providing system according to the present embodiment. The service platform providing system 40 realizes a processing block as shown in FIG. 4 by executing a program.

The service platform providing system 40 shown in FIG. 4 realizes an application 101, a common service 102, a database (DB) 103, and a platform API 104.

The application 101 includes a portal service application 111, a scan service application 112, a print service application 113, and an account registration application 114 as examples.

The portal service application 111 is an application that provides a portal service. The portal service provides a service that serves as an entrance for using the information processing system 1. The scan service application 112 is a UI (user interface) of an application that provides a scan service.

Further, the print service application 113 is a UI of an application that provides a print service. The account registration application 114 is a UI of an application that provides an account registration service. The application 101 may include other service applications.

The UI of the scan service application 112, the print service application 113, and the account registration application 114 includes Native application and HTML / JavaScript (registered trademark) data displayed or executed on the user terminal 11 or the image forming apparatus 12. Is also good. The Native application is a type of application in which the main processing is performed by the user terminal 11 or the image forming apparatus 12 in comparison with the Web application. The Web application is a type of application in which the main processing is performed by the service platform providing system 40.

The platform API (Application Programming Interface) 104 is an interface for an application 101 such as a portal service application 111 to use a common service 102.

The platform API 104 is a predefined interface provided for the common service 102 to receive a request from the application 101, and is composed of, for example, a function or a class. When the service platform providing system 40 is composed of a plurality of information processing devices, the platform API 104 can be realized by, for example, a Web API that can be used via a network.

The common service 102 includes a scan service unit 121, a print service unit 122, an account registration unit 123, an authentication / authorization unit 131, a tenant management unit 132, a user management unit 133, a license management unit 134, a device management unit 135, and a temporary image storage unit. It has 136, a data storage unit 137, an image processing workflow control unit 138, and a log collection unit 139. Further, the image processing workflow control unit 138 has a message queue 141 and one or more workers 142. The worker 142 realizes functions such as image conversion and image transmission.

The scan service unit 121 functions as a logic (API) of the scan service application 112. The print service unit 122 functions as a logic (API) of the print service application 113. Further, the account registration unit 123 functions as a logic (API) of the account registration application 114.

The authentication / authorization unit 131 executes authentication / authorization based on a login request from an office device such as a user terminal 11 or an image forming apparatus 12. Office equipment is a general term for user terminals 11, image forming devices 12, and the like.

The authentication / authorization unit 131 accesses, for example, the user information storage unit 153, the license information storage unit 154, and the like to authenticate / authorize the user. Further, the authentication / authorization unit 131 accesses, for example, the tenant information storage unit 152, the license information storage unit 154, the device information storage unit 155, and the like to authenticate the image forming apparatus 12 and the like as a client.

The tenant management unit 132 manages the tenant information stored in the tenant information storage unit 152. The user management unit 133 manages the user information stored in the user information storage unit 153.

The license management unit 134 manages the license information stored in the license information storage unit 154. The device management unit 135 manages the device information stored in the device information storage unit 155. The temporary image storage unit 136 stores the temporary image in the temporary image storage unit 156 and acquires the temporary image from the temporary image storage unit 156. The data storage unit 137 stores data in the job information storage unit 157 and the like.

The image processing workflow control unit 138 controls the workflow related to image processing based on the request from the application 101. The message queue 141 has a queue corresponding to the type of processing. The image processing workflow control unit 138 puts the message of the request related to the processing (job) into the queue corresponding to the type of the job.

Worker 142 is monitoring the corresponding queue. Then, when the message is input to the queue, the worker 142 performs processing such as image conversion and image transmission according to the corresponding job type. The message put into the queue may be read by the worker 142 independently (Pull), or may be provided from the queue to the worker 142 (Push). The log collection unit 139 stores, for example, the log information storage unit 151 collects the collected log information.

The database 103 is unique to the log information storage unit 151, the tenant information storage unit 152, the user information storage unit 153, the license information storage unit 154, the device information storage unit 155, the temporary image storage unit 156, the job information storage unit 157, and the application. It has a setting information storage unit 158.

The log information storage unit 151 stores log information. The tenant information storage unit 152 stores tenant information. The user information storage unit 153 stores user information. The license information storage unit 154 stores license information. The device information storage unit 155 stores device information. The temporary image storage unit 156 stores a temporary image. The temporary image is, for example, a file or data such as a scanned image processed by the worker 142.

The job information storage unit 157 stores request information (job information) related to processing (job). The application-specific setting information storage unit 158 stores the setting information unique to the application 101.

The service platform providing system 40 functions as a service group that provides common services such as workflows related to authentication / authorization and image processing, and an application service such as a scan service and a print service by using the functions of the integrated platform. To do.

The integrated platform is composed of, for example, a common service 102, a database 103, and a platform API 104. The service group is composed of, for example, the application 101. As described above, the service platform providing system 40 shown in FIG. 4 has a configuration in which the service group and the integrated platform are separated.

The service platform providing system 40 shown in FIG. 4 has a configuration in which the service group and the integrated platform are separated, so that the application 101 using the platform API 104 can be easily developed. Further, the service platform providing system 40 shown in FIG. 4 makes it possible to easily develop a service providing system 30 using the platform API 104.

The classification form of the processing block of the service platform providing system 40 shown in FIG. 4 is an example, and it is not essential that the application 101, the common service 102, and the database 103 are classified in the hierarchy shown in FIG. For example, as long as the processing of the service platform providing system 40 can be performed, the hierarchical relationship shown in FIG. 4 is not limited to a specific one.

<Processing block of image forming apparatus 12>
The image forming apparatus 12 described above is realized by, for example, the functional configuration shown in FIG. FIG. 5 is a processing block diagram of an example of the image forming apparatus according to the present embodiment. The browser of the image forming apparatus 12 shown in FIG. 5 includes, for example, a display / input unit 201, a screen generation unit 202, a script analysis unit 203, a data storage unit 204, and a communication unit 205.

The display / input unit 201 receives an input instruction by a user's operation from an operation panel or the like, and displays a login screen or the like generated by the screen generation unit 202 on the operation panel.

The screen generation unit 202 performs rendering processing of an HTML file or the like acquired from the service platform providing system 40 via the communication unit 205. The screen generation unit 202 generates a login screen or the like based on the Javascript data analyzed by the script analysis unit 203.

The script analysis unit 203 analyzes JavaScript or the like acquired from the service platform providing system 40 via, for example, the communication unit 205. The data storage unit 204 is composed of, for example, local storage, session storage, or the like, and stores HTML / Javascript data or the like acquired from the service platform providing system 40 via the communication unit 205.

The communication unit 205 sends a login request to the service platform providing system 40, and acquires various files from the service platform providing system 40.

<Example of tenant data>
Next, an example of tenant information stored in the tenant information storage unit 152 or the like of the service platform providing system 40 described above will be described. FIG. 6 is a diagram showing an example of tenant data in the present embodiment.

The tenant data shown in FIG. 6 has data items such as “tenant ID” and “license”, but is not limited thereto. The "tenant ID" represents information that identifies a group (organization) such as a company or department. The "tenant ID" is not limited to the language of the tenant, and may be, for example, tenant information that identifies the contract. The "tenant ID" is unique.

"License" represents information on a service for which a license has been issued. In the example of FIG. 6, it shows whether or not a license is issued for services such as "translate (translation service)" and "signage".

For example, in the example of FIG. 6, a license for the “translate” service is issued for the tenant ID “600000000”, but a license for the “signage” service is not issued.

<Example of user data>
Next, an example of user information stored in the user information storage unit 153 or the like of the service platform providing system 40 described above will be described. FIG. 7 is a diagram showing an example of user data in the present embodiment.

The user data shown in FIG. 7 has, for example, data items such as "email address", "tenant ID", "user name", and "service use authority", but is not limited thereto. The "e-mail address" represents, for example, information on a login e-mail address set corresponding to a user name. The “tenant ID” corresponds to the tenant ID shown in FIG. The "user name" represents the name of the user. The "service use authority" represents, for example, information on a service for which the user has a use authority.

In the example of FIG. 7, the user name "Taro Yamada" belongs to the tenant ID [600000000] and can be logged in by the e-mail address "taro_yamada@example.com". In addition, the user name "Taro Yamada" has the authority to use the service of "translate".

<Example of service class>
Next, an example of a service class set in association with the tenant data and user data described above will be described. FIG. 8 is a diagram showing an example of service data in the present embodiment.

The service data shown in FIG. 8 has data items such as “service class”, but is not limited thereto. The "service class" represents information that identifies a service, such as "translate (translation service)" or "signage".

<Login sequence>
In the above-mentioned information processing system 1, for example, the image forming apparatus 12 logs in to the service platform providing system 40 when using the service provided by the service providing system 30. FIG. 9 is a diagram showing an example of a login sequence according to the present embodiment.

In the example of FIG. 9, the image forming apparatus 12 stores, for example, the tenant ID of the tenant to which the user who has successfully logged in belongs, and when the login screen is displayed, depending on the presence or absence of the saved tenant ID, the login screen is displayed. Control the display. If the tenant ID is saved, it means that the login has already been successful, so the login screen displaying the list of users belonging to the tenant is displayed. If the tenant ID is not saved, the login has not been successful yet, so a login screen for entering user-specific information (for example, email address and password) is displayed.

Specifically, the sequence shown in FIG. 9 includes a display / input unit 201, a screen generation unit 202, a script analysis unit 203, a data storage unit 204, a communication unit 205, and a service platform in the image forming apparatus 12. It is executed by the system 40.

As shown in FIG. 9, the display / input unit 201 of the image forming apparatus 12 receives, for example, a service selection (S10) from the application list screen of the application market and a display request of the login screen of the selected service by the user. (S11). When the screen generation unit 202 receives the login screen generation request from the display / input unit 201 (S12), the screen generation unit 202 requests the communication unit 205 to acquire the login screen (S13).

When the service platform providing system 40 receives the acquisition request of the login screen for resource acquisition via the communication unit 205 of the image forming apparatus 12 (S14), the service platform providing system 40 transmits the HTML data generated to the image forming apparatus 12. The image forming apparatus 12 makes a script execution request to the script analysis unit 203 by the screen generation unit 202 based on the HTML data acquired from the service platform providing system 40 (S15).

The script analysis unit 203 acquires the service class of the service selected in the process of S10 (S16). In the process of S16, the script analysis unit 203 identifies the service set as a query in the URL of the service selected in the process of S10 (for example, http: //example.com/login?service_class=translate). (In the case of "translation service", get the service class from "translate").

Further, the script analysis unit 203 requests the data storage unit 204 to acquire the tenant ID (S17). When the tenant ID is not stored in the data storage unit 204, the script analysis unit 203 generates an e-mail address / password input screen as the first input screen (S18).

On the other hand, when the tenant ID is stored in the data storage unit 204, the script analysis unit 203 specifies the service class acquired in the process of S16 to the data storage unit 204 to acquire the user list. Make a request (S19). In the process of S19, the script analysis unit 203 can acquire only the user who has the authority to use the specified service by specifying the service class when acquiring the user list.

If the data storage unit 204 does not have a user list or the number of users is less than one, the script analysis unit 203 requests the communication unit 205 to acquire the user list by designating the tenant ID and the service class. S20).

The service platform providing system 40 receives a request for acquiring a list of users who have specified a tenant ID and a service class as resource acquisition via the communication unit 205 of the image forming apparatus 12 (S21). In the process of S21, the service platform providing system 40 refers to the user data shown in FIG. 7 described above, and transmits a user list of users belonging to the designated tenant ID and service class to the image forming apparatus 12.

The image forming apparatus 12 saves the user list acquired from the service platform providing system 40 in the data storage unit 204 by the script analysis unit 203 (S22), and selects a user from the user list as the second input screen (S22). User list screen) is generated (S23).

According to the above sequence, since the user list is not saved in the data storage unit 204 at the first login, the user list belonging to the specified tenant ID and having the authority to use the specified service is acquired. .. In the second and subsequent logins, a login screen is generated using the user list saved in the data storage unit 204. As a result, it is possible to reduce the number of requests to the service platform providing system 40 and improve the screen display performance.

<App list screen>
Next, the application list screen displayed on the operation panel 602 of the image forming apparatus 12 described above will be described. FIG. 10 is a diagram showing an example of the application list screen. The application list screen 210 shown in FIG. 10 shows an example of a screen that allows the user to select a service to be used. The application list screen 210 has a button 211 for the user to select a service to be used.

<Example of login screen for entering an email address>
When the button 211 of the "XXX service" to be used is selected from the application list screen 210 shown in FIG. 10 described above, the image forming apparatus 12 has the following two patterns of login screens depending on the presence or absence of the stored tenant ID. Is displayed. The first pattern is a login screen (first input screen) for inputting an e-mail address when the tenant ID is not saved. FIG. 11 is a diagram showing an example of a login screen for inputting an e-mail address.

The login screen 220 shown in FIG. 11 is displayed on the operation panel 602 of the image forming apparatus 12. The login screen 220 shown in FIG. 11 has an e-mail address and password input field 221 and a “login” button 222. When the email address and password are entered in the input field 221 of the login screen 220 and the "login" button 222 is selected, the image forming apparatus 12 specifies the entered email address and password as user identification information. A login request is made to the service platform providing system 40.

<Example of login screen using user list>
Next, as the second pattern, the image forming apparatus 12 displays a login screen (second input screen) using the user list when the tenant ID is saved. FIG. 12 is a diagram showing an example of a login screen using a user list. The login screens 230 to 232 shown in FIGS. 12A to 12C are displayed on the operation panel 602 of the image forming apparatus 12.

The login screen 230 shown in FIG. 12A displays a user list, and has a button 233 for selecting a user from the user list, a "login with e-mail address and password" button 234, and a "refresh list" button. It has 235 and. In the user list displayed on the login screen 230, for example, the user names of users who belong to the stored tenant ID and have the service usage authority of the specified service class are displayed.

When the image forming apparatus 12 acquires the user list from the service platform providing system 40, the image forming apparatus 12 acquires the related information associated with the user specific information of the user who has successfully logged in among the user data shown in FIG. .. The image forming apparatus 12 acquires, for example, the tenant ID, the service class, the tenant ID of the user who has successfully logged in, the user name of the user belonging to the service class, the e-mail address, and the like as related information.

When the button 233 for selecting a user is selected from the user list on the login screen 230, the image forming apparatus 12 transitions to the login screen 231 shown in FIG. 12B. Further, when the "Login with e-mail address and password" button 234 on the login screen 230 is selected, the image forming apparatus 12 transitions to the login screen 232 shown in FIG. 12 (C). Further, when the "update list" button 235 on the login screen 230 is selected, the image forming apparatus 12 requests the service platform providing system 40 to acquire the user list, and the user list shown in FIG. 12 (B). To update.

The login screen 231 shown in FIG. 12B has a display field 236 for displaying the user name of the user selected from the user list, a password input field 237, and a “login” button 238.

When the password is entered in the input field 237 of the login screen 231 and the "login" button 238 is selected, the image forming apparatus 12 reads the user's email address displayed in the display field 236 from the data storage unit 204. Specifying the read e-mail address and the entered password, a login request is made to the service platform providing system 40.

As described above, by selecting a user from the user list and entering the password, the user logs in to the service platform providing system 40 using the same user identification information (user's email address and password) as in the first pattern. It becomes possible to make a request. In addition, since it is sufficient to omit the input of some information (user's e-mail address) among the user-specific information required for login and enter only the password, for example, the time and effort for inputting the information used for the user's login is reduced. It becomes possible.

The login screen 232 shown in FIG. 12C has an e-mail address and password input field 240, a “login” button 241 and an “add account” button 242. When the e-mail address and password are entered in the input field 240 of the login screen 232 and the "login" button 241 is selected, the image forming apparatus 12 specifies the e-mail address, password, and stored tenant ID to provide the service. Request login to the platform providing system 40. Here, since the tenant ID is specified, even if the e-mail address and password simply match, login from a user with another tenant ID will fail.

When the e-mail address and password are input to the login screen 232 and the "Add account" button 243 is selected, the image forming apparatus 12 specifies the e-mail address, password, service class, and tenant ID to provide a service platform. Make an account addition request to the providing system 40. The service platform providing system 40 receives an account addition request from the image forming apparatus 12 and registers an account based on the designated user identification information or the like. As a result, when the "Refresh list" button 235 shown in FIG. 12 (A) described above is selected, the user registered as an account is added to the user list shown in FIG. 12 (B). Become.

<List of users saved in data storage unit 204>
FIG. 13 is a diagram showing an example of data of a user list stored in the data storage unit. The user list data shown in FIG. 13 has items such as a "user name" and an "email address".

The data of the user list shown in FIG. 13 is the user name of the user who matches the tenant ID and the service usage authority (service class) of the user who has successfully logged in from the user data shown in FIG. 7 from the service platform providing system 40. It is generated by getting the email address. The user list data shown in FIG. 13 is generated for each service class, for example.

Of the user list data shown in FIG. 13, the "user name" is displayed on the login screen shown in FIG. 12 (A) described above. Further, the "email address" corresponds to the user's name displayed in the display field 236 of FIG. 12 (B) when the "login" button 238 of the login screen 231 shown in FIG. 12 (B) is selected. Read as an email address.

<Sequence to log in with email address>
Next, the sequence of entering the above-mentioned e-mail address to log in will be described. FIG. 14 is a diagram showing an example of a sequence of logging in with an e-mail address. In the example of FIG. 14, the user logs in using the e-mail address and password (user-specific information) entered in the login screen or the like generated in the process of S18 of FIG. 9 described above.

The sequence shown in FIG. 14 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 in the image forming apparatus 12. Will be done.

As shown in FIG. 14, the display / input unit 201 of the image forming apparatus 12 accepts, for example, input of an e-mail address and password (S30) for the login screen shown in FIG. 11 and pressing of the login button by the user (S31). .. When the screen generation unit 202 receives the press of the login button from the display / input unit 201 (S32), the screen generation unit 202 requests the script analysis unit 203 to execute the script (S33).

The script analysis unit 203 makes a login request to the communication unit 205 by designating an e-mail address and a password (S34). In the process of S34, when the tenant ID is stored in the data storage unit 204, for example, when the e-mail address and password are input from the login screen shown in FIG. 12C, the tenant ID is also used as a parameter. Send.

The service platform providing system 40 receives a request for login to an e-mail address in which an e-mail address and a password are specified as resource generation via the communication unit 205 of the image forming apparatus 12 (S35).

Here, the service platform providing system 40 authenticates the user by referring to the user data shown in FIG. 7 described above using the e-mail address and password received in the process of S35, and sends the authentication result to the image forming apparatus 12. Notice. When the user authentication is successful, the service platform providing system 40 transmits the tenant ID to which the user specified by the e-mail address and the password belongs together with the notification of the authentication OK. Further, the service platform providing system 40 transmits a notification of authentication NG (error) when the user authentication fails.

When the service platform providing system 40 accepts the tenant ID together with the e-mail address and password, if the tenant ID of the user specified by the e-mail address and password is different from the accepted tenant ID, an authentication error occurs. Send a notification.

The image forming apparatus 12 stores the tenant ID in the data storage unit 204 in the case of authentication OK based on the authentication result notified from the service platform providing system 40 (S36). Further, the image forming apparatus 12 redirects to the application (service) selected by the user from the application list screen in the process of S10 of FIG. 9 described above (S37).

After the tenant ID is saved in the process of S36 described above, even if the newly accepted email address and password are correct, if the user does not belong to the tenant with the set tenant ID, the service platform providing system An authentication error is sent from 40. In this way, once the tenant ID is saved, users belonging to other tenants can be controlled so that they cannot log in and use the application.

<Example of login sequence from user list>
Next, a sequence for logging in from the login screen using the above-mentioned user list will be described. FIG. 15 is a diagram showing an example of a sequence of logging in from the user list. The sequence shown in FIG. 15 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, and the data storage unit 204 in the image forming apparatus 12.

As shown in FIG. 15, in the display / input unit 201 of the image forming apparatus 12, the user name to log in is selected by the user from the user list displayed on the login screen shown in FIG. 12A, for example (S40). .. When the screen generation unit 202 receives the user name selected from the display / input unit 201 (S41), the screen generation unit 202 requests the script analysis unit 203 to execute the script (S42).

When the script analysis unit 203 acquires the e-mail address corresponding to the user name selected from the user list from the data storage unit 204 and internally retains it (S43), the script analysis unit 203 inputs the password shown in FIG. 12 (B) described above. A login screen (password input screen) is generated and displayed (S44).

The display / input unit 201 accepts the user to input the password to the login screen displayed in the process of S44 and press the login button (S45). When the screen generation unit 202 receives the press of the login button from the display / input unit 201 (S46), the screen generation unit 202 requests the script analysis unit 203 to execute the script (S47).

When the script analysis unit 203 acquires the tenant ID stored in the data storage unit 204 (S48), the script analysis unit 203 specifies the e-mail address held in the process of S43, the password entered by the user, and the tenant ID, and specifies the communication unit 205. A login request is made to the service platform providing system 40 via the above. Since the subsequent processing is the same as the processing after S35 shown in FIG. 14, the description here will be omitted.

Since the login process shown in FIG. 15 uses an e-mail address and password for the service platform providing system 40, it is the same process as the login process shown in FIG. 14, but the user does not have to enter the e-mail address. It is possible to simplify the time and effort.

<Screen for setting user list availability>
The login process from the user list described above uses the login screen 232 of FIG. 12 (C) by selecting the "Login with e-mail address and password" button 234 shown on the login screen 230 of FIG. 12 (A). You may log in with your email address and password. In the login process using the user list, information about users belonging to the tenant, service usage authority, etc. are known to the user who is trying to log in, so control is performed so that the login process from the user list is not executed. You may.

FIG. 16 is a diagram showing an example of a screen for setting the availability of the user list. The setting screen 250 shown in FIG. 16 has, for example, a check box 251 corresponding to "allow login from the user list" and an "OK" button 252. For example, by changing whether or not the check box 251 is checked and selecting the "OK" button 252, it is possible to set whether or not the user list can be used.

<Sequence to set user list availability>
Next, a sequence for executing the above-mentioned user list availability setting for the service platform providing system 40 will be described. FIG. 17 is a diagram showing an example of a sequence for setting the availability of the user list.

The sequence shown in FIG. 17 is executed by the display / input unit 201 of the image forming apparatus 12, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40. Will be done.

As shown in FIG. 17, the display / input unit 201 of the image forming apparatus 12 receives, for example, a display request of the setting screen 250 shown in FIG. 16 by the user (S50). When the screen generation unit 202 receives the generation request of the setting screen 250 from the display / input unit 201 (S51), the screen generation unit 202 requests the communication unit 205 to acquire the setting screen 250 (S52).

When the service platform providing system 40 receives the acquisition request of the setting screen 250 for resource acquisition via the communication unit 205 of the image forming apparatus 12 (S53), the service platform providing system 40 transmits the HTML data generated to the image forming apparatus 12. The image forming apparatus 12 makes a script execution request to the script analysis unit 203 by the screen generation unit 202 based on the HTML data acquired from the service platform providing system 40 (S54).

The script analysis unit 203 acquires the tenant ID from the data storage unit 204, specifies the tenant ID to the communication unit 205, and requests the communication unit 205 to acquire the user list availability (S55). When the service platform providing system 40 receives the acquisition request of the user list availability for resource acquisition via the communication unit 205 of the image forming apparatus 12 (S56), the service platform providing system 40 notifies the image forming apparatus 12 of the user list availability.

The image forming apparatus 12 updates the setting screen 250 by the script analysis unit 203 based on the user list availability information notified from the service platform providing system 40 (S57). Based on the user list availability information notified from the service platform providing system 40, the script analysis unit 203 checks the check box 251 of the setting screen 250 when it is available, and checks the check box 251 when it is not available. Uncheck 251.

The display / input unit 201 of the image forming apparatus 12 is set by the user whether or not to check the check box 251 from the setting screen 250 (S58), and accepts the pressing of the OK button 252 (S59). When the screen generation unit 202 receives the pressing of the OK button 252 from the display / input unit 201 (S60), the screen generation unit 202 makes a script execution request to the script analysis unit 203 (S61).

When the script analysis unit 203 acquires the state of the check box 251 of the setting screen 250 (S62), the script analysis unit 203 specifies the tenant ID and the availability set by the user to the communication unit 205, and makes a user list availability update request. (S63). When the service platform providing system 40 receives the resource update request via the communication unit 205 of the image forming apparatus 12 (S64), the service platform providing system 40 updates the user list availability corresponding to the tenant ID.

<User list acquisition sequence based on user list availability>
Next, in the sequence shown in FIG. 17 described above, a sequence for acquiring a user list based on the availability of the user list set in the service platform providing system 40 will be described.

FIG. 18 is a diagram showing an example of a user list acquisition sequence based on the availability of the user list. The sequence shown in FIG. 18 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 in the image forming apparatus 12. Will be done. Since the processes of S70 to S77 shown in FIG. 18 are the same as the processes of S10 to S17 shown in FIG. 9 described above, the description thereof will be omitted here.

In the example of FIG. 18, in response to the user's request to display the login screen, the script analysis unit 203 of the image forming apparatus 12 determines the e-mail address when the tenant ID is not stored in the data storage unit 204 in the process of S77. Generate a password input screen (S78).

On the other hand, when the tenant ID is stored in the data storage unit 204, the script analysis unit 203 specifies the tenant ID to the communication unit 205 and requests the communication unit 205 to acquire whether or not the user list can be used (S79). ). When the service platform providing system 40 receives the user list availability acquisition request as resource acquisition via the communication unit 205 of the image forming apparatus 12 (S80), the service platform providing system 40 notifies the image forming apparatus 12 of the user list availability acquisition.

Based on the user list availability notified from the service platform providing system 40, the script analysis unit 203 specifies the service class acquired in the process of S76 to the data storage unit 204 in the case of user list use permission. , Request to acquire the user list (S81). When the user list cannot be used, the script analysis unit 203 generates the e-mail address / password input screen shown in FIG. 11 described above (S82). In the process of S82, for example, control is performed so that the switching link with the login screen on which the user list shown in FIG. 12 is displayed is not displayed.

In the sequence shown in FIGS. 18 and 19 described above, since the user list availability is set in the service platform providing system 40, it is possible to manage the user list availability setting for each tenant ID, for example.

<Sequence to set user list availability on the main unit>
Next, a sequence for executing the above-mentioned user list availability setting in the main body of the image forming apparatus 12 will be described. FIG. 19 is a diagram showing an example of a sequence for setting the availability of the user list on the main body.

The sequence shown in FIG. 19 is executed by the display / input unit 201 of the image forming apparatus 12, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40. Will be done. Since the processes of S90 to S94 shown in FIG. 19 are the same as the processes of S50 to S54 shown in FIG. 17, the description thereof is omitted here.

In the example of FIG. 19, the script analysis unit 203 of the image forming apparatus 12 requests the data storage unit 204 to acquire the user list availability in response to the display request of the user list availability setting screen 250 (S95). ). The script analysis unit 203 updates the setting screen 250 based on the user list availability information notified from the data storage unit 204 (S96). In the process of S96, since the information on whether or not the user list can be used is not saved in the data storage unit 204 at the first time, the check box on the setting screen 250 is checked as "usable" or "unusable". Put in.

The display / input unit 201 of the image forming apparatus 12 is set by the user whether or not to check the check box 251 from the setting screen 250 (S97), and accepts the pressing of the OK button 252 (S98). When the screen generation unit 202 receives the press of the OK button 252 from the display / input unit 201 (S99), the screen generation unit 202 makes a script execution request to the script analysis unit 203 (S100).

When the script analysis unit 203 acquires the state of the check box 251 of the setting screen 250 described above (S101), the script analysis unit 203 specifies the availability set by the user to the data storage unit 204, and requests the setting of the user list availability. (S102).

<User list acquisition sequence based on user list availability set in the main unit>
Next, in the sequence shown in FIG. 19 described above, a sequence for acquiring a user list based on the availability of the user list set in the main body of the image forming apparatus 12 will be described. FIG. 20 is a diagram showing an example of a user list acquisition sequence based on the availability of the user list of the main body.

The sequence shown in FIG. 20 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 in the image forming apparatus 12. Will be done. Since the processing of S110 to FIG. 117 shown in FIG. 20 is the same as the processing of S10 to S17 shown in FIG. 9 described above, the description thereof will be omitted here.

In the example of FIG. 20, in response to the user's request to display the login screen, the script analysis unit 203 of the image forming apparatus 12 determines the e-mail address when the tenant ID is not stored in the data storage unit 204 in the process of S117. Generate a password input screen (S118).

On the other hand, when the tenant ID is stored in the data storage unit 204, the script analysis unit 203 requests the data storage unit 204 to acquire whether or not the user list can be used (S119).

Based on the availability of the user list acquired from the data storage unit 204, the script analysis unit 203 specifies the service class acquired in the process of S116 to the data storage unit 204 when the user list can be used, and the user Request to acquire the list (S121). When the user list cannot be used, the script analysis unit 203 generates the e-mail address / password input screen shown in FIG. 11 described above (S122). In the process of S122, it is controlled not to display the switching link with the login screen on which the user list is displayed.

In the sequences shown in FIGS. 20 and 21 described above, since the user list availability is set in the main body of the image forming apparatus 12, it is possible to manage the user list availability setting for each image forming apparatus 12. ..

<Example of sequence linked with main unit authentication>
Next, a sequence when linked with the main body authentication of the image forming apparatus 12 will be described. When linked with the main body authentication, the user logged in to the image forming apparatus 12 can use the above-mentioned application without performing the login process again. FIG. 21 is a diagram showing an example of a sequence linked with the main body authentication.

The sequence shown in FIG. 21 is executed by the display / input unit 201 of the image forming apparatus 12, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40. Will be done.

In the sequence shown in FIG. 21, for example, an on-premises ID or the like is added to the data item of the user data shown in FIG. 7, and user information (for example, user ID) used for main body authentication of the image forming apparatus 12 is registered in the data item. deep. When the service platform providing system 40 makes a login request using the on-premises ID from the image forming apparatus 12, it is preferable that the service platform providing system 40 authenticates the user by referring to the user information of the user data shown in FIG.

Since the processes of S130 to S135 shown in FIG. 21 are the same as the processes of S10 to S15 shown in FIG. 9, the description thereof is omitted here. In the example of FIG. 21, the script analysis unit 203 of the image forming apparatus 12 requests the data storage unit 204 to acquire the tenant ID in response to the user's request to display the login screen (S136). The script analysis unit 203 generates an e-mail address / password input screen when the tenant ID is not stored in the data storage unit 204 (S137). On the other hand, when the tenant ID is stored in the data storage unit 204, the script analysis unit 203 acquires the user information (main unit authentication information) for which the main unit is authenticated (S138).

When the main body authentication information is acquired in the processing of S138 (there is the main body authentication information), the script analysis unit 203 performs the main body authentication acquired in the processing of S138 and the tenant ID acquired in the processing of S136 to the communication unit 205. Specifying the user information (user ID), a login request is made using the on-premises ID (S139).

The service platform providing system 40 specifies a tenant ID and a user ID for authenticating the main body as resource generation via the communication unit 205 of the image forming apparatus 12, and accepts a login request for the on-premises ID (S140). The service platform providing system 40 authenticates the user using the tenant ID received in the process of S140 and the user ID that is authenticated by the main body, and notifies the image forming apparatus 12 of the authentication result.

If the authentication result notified from the service platform providing system 40 is authentication OK (success), the script analysis unit 203 of the image forming apparatus 12 redirects to the application (service) selected from the application list screen (S141). .. In the case of authentication NG (failure), the script analysis unit 203 generates an e-mail address / password input screen (S142). Further, when the script analysis unit 203 cannot acquire the main body authentication information (no main body authentication information), the script analysis unit 203 generates the user list screen shown in FIG. 12 (S143).

In the case of the user authentication failure with the above-mentioned on-premises ID, the case where the user ID for authenticating the main body is not set in the data item of the on-premises ID of the user data shown in FIG. 7 is also included. Therefore, if the user authentication using the e-mail address and password is successful after the processing of S142, the script analysis unit 203 specifies the user ID for which the main body is authenticated to the communication unit 205. A personal information setting request is made (S144).

When the service platform providing system 40 receives the resource update request via the communication unit 205 of the image forming apparatus 12 (S145), the user ID that authenticates the main body to the data item of the on-premises ID of the user data shown in FIG. 7 described above. It is good to set.

As described above, when the image forming apparatus 12 is logged in, the application (service) can be used without performing the login process for the service platform providing system 40 again.

<Device certification>
In each of the above sequences, the user list is acquired using the tenant ID. That is, it is possible to acquire information about the user belonging to the tenant based on the tenant ID. Therefore, the service platform providing system 40 may perform device authentication so as to limit the use from the preset image forming apparatus 12 in response to the user list acquisition request.

As device authentication, for example, SSL (Secure Sockets Layer) client authentication can be used, or authentication can be performed by embedding a preset password in a browser or the like.

Further, the script analysis unit 203 or the like of the image forming apparatus 12 generates a device authentication password, and the authentication / authorization unit 131 or the like of the service platform providing system 40 uses the device authentication password obtained from the image forming apparatus 12 to generate a device authentication ticket. Is generated and transmitted to the image forming apparatus 12. When the service platform providing system 40 receives a user list acquisition request from the image forming apparatus 12, the service platform providing system 40 may restrict access for acquiring the user list depending on the presence or absence of the device authentication ticket.

<When the tenant ID is not specified>
Next, a sequence for logging in without using the tenant ID described above will be described. For example, using the setting screen 250 shown in FIG. 16 described above, it is possible to set whether or not to log in by designating the tenant ID, and to control the login without using the tenant ID by setting.

FIG. 22 is a diagram showing an example of a sequence of logging in regardless of the tenant ID. The sequence shown in FIG. 22 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 in the image forming apparatus 12. Will be done.

As shown in FIG. 22, the display / input unit 201 of the image forming apparatus 12 accepts, for example, input of an e-mail address and password (S150) and pressing of a login button for the login screen shown in FIG. 11 by the user (S151). When the screen generation unit 202 receives the press of the login button from the display / input unit 201 (S152), the screen generation unit 202 requests the script analysis unit 203 to execute the script (S153).

The script analysis unit 203 makes a login request to the communication unit 205 by designating an e-mail address and a password (S154). The service platform providing system 40 receives a request for login to an e-mail address in which an e-mail address and a password are specified as resource generation via the communication unit 205 of the image forming apparatus 12 (S155).

The service platform providing system 40 authenticates the user using the e-mail address and password received in the process of S155, and notifies the image forming apparatus 12 of the authentication result. When the user authentication is successful, the service platform providing system 40 transmits the tenant ID to which the user specified by the e-mail address and the password belongs together with the notification of the authentication OK. Further, the service platform providing system 40 transmits a notification of authentication NG (error) when the user authentication fails.

The image forming apparatus 12 stores the tenant ID notified from the service platform providing system 40 in the data storage unit 204 (S156). Further, the image forming apparatus 12 redirects to the application (service) selected by the user from the application list screen in the process of S10 in FIG. 9 described above (S157).

In the above sequence, since the tenant ID is not specified when making a login request, authentication is successful if the e-mail address and password are correct in the next and subsequent login requests. In this case, when a user of a tenant different from the tenant of the tenant ID stored in the image forming apparatus 12 logs in, a new tenant ID is saved.

<List of users saved in data storage unit 204>
In the present embodiment, the user list stored in the data storage unit 204 described above may be deleted, for example, periodically or explicitly. In this way, by deleting the user list that is stored regularly, the latest user list is acquired, so it is possible to respond to the increase / decrease / change of the users registered in the service platform providing system 40. It will be possible.

According to the above-described embodiment, it is possible to simplify the input of information used for authentication.

The present invention is not limited to the above-described embodiment disclosed specifically, and various modifications and modifications can be made without departing from the scope of claims. The image forming apparatus 12 is an example of a service utilization apparatus. The script analysis unit 203 is an example of an authentication request means, an acquisition means, a setting means, a password generation means, and an authentication means. The display / input unit 201 is an example of a receiving means or a switching means. The service platform providing system 40 is an example of one or more information processing devices. The authentication / authorization unit 131 is an example of a ticket generation means and an access restriction means.

1 Information processing system 10 User system 11 User terminal 12 Image forming device 20 App market providing system 21 App market providing server 30 Service providing system 40 Service platform providing system 50 Business platform providing system 51 Business terminal 52 License management server 101 Application 102 Common service 103 database (DB)
104 Platform API
111 Portal Service App 112 Scan Service App 113 Print Service App 114 Account Registration App 121 Scan Service Department 122 Print Service Department 123 Account Registration Department 131 Authentication / Authorization Department 132 Tenant Management Department 133 User Management Department 134 License Management Department 135 Equipment Management Department 136 Temporary image storage unit 137 Data storage unit 138 Image processing workflow control unit 139 Log collection unit 141 Message queue 142 Worker 151 Log information storage unit 152 Tenant information storage unit 153 User information storage unit 154 License information storage unit 155 Device information storage unit 156 Temporary Image storage unit 157 Job information storage unit 158 Application-specific setting information storage unit 201 Display / input unit 202 Screen generation unit 203 Script analysis unit 204 Data storage unit 205 Communication unit 500 Computer 501 Input device 502 Display device 503 External I / F
503a Recording medium 504 RAM
505 ROM
506 CPU
507 Communication I / F
508 HDD
601 Controller 602 Operation panel 603 External I / F
603a Recording medium 604 Communication I / F
605 Printer 606 Scanner 611 CPU
612 RAM
613 ROM
614 NVRAM
615 HDD
FW Firewall N1-N3 Network

JP-A-2010-186264

Claims (10)

An information processing system including a service utilization device and one or more information processing devices that provide services to the service utilization device.
The service utilization device is
A first authentication screen display means for displaying a first authentication screen that accepts input of user-specific information, and
An authentication requesting means for performing the authentication request to Thus the information processing apparatus to the user identification information inputted to said first authentication screen,
And storage control means for storing the related information corresponding to the previous SL user specific information in the storage unit,
User list display means for displaying a user list screen including a user list specified from the related information on the input screen when the related information is stored in the storage unit when a display request for the authentication screen is received. When,
A second authentication screen display for displaying a second authentication screen for accepting input of information in which a part of the user specific information is omitted by selecting a user from the user list displayed by the user list display means. Means and
An information processing system characterized by having. The service utilization device is
A setting means for setting the availability of the user list,
The information processing system according to claim 1, wherein the user list if it is set to be unusable, characterized in that it uses only the first authentication screen by the pre-Symbol setting means. The service utilization device is
Has a reception means for accepting an account addition request from said first authentication screen,
The information processing device
The information processing system according to claim 1 which registers the user identification information, and updates the user list corresponding to the account addition request obtained by the receiving unit. The service utilization device is
It has a password generation means to generate a device authentication password,
The information processing device
A ticket generation means for generating a device authentication ticket from a device authentication password generated by the password generation means, and
Any of claims 1 to 3 , wherein the device authentication ticket generated by the ticket generation means is used to have an access restricting means for restricting access for acquiring the user list by the service utilization device. The information processing system described in item 1. The service utilization device is
It has an authentication means that accepts an authentication request from the user and authenticates the user.
The information processing device
The information processing system according to any one of claims 1 to 4 , wherein a service is provided to the service utilization device based on the user information of a user whose authentication is permitted by the authentication means. The service utilization device is
The information processing system according to any one of claims 1 to 5 , wherein the saved user list is deleted periodically or by instruction. An information processing system including a service utilization device and one or more information processing devices that provide services to the service utilization device.
The service utilization device is
A first authentication screen display means for displaying a first authentication screen that accepts input of address information and password information, and
An authentication requesting means for performing the authentication request to Thus the information processing apparatus to said first of said address information and the password information entered in the authentication screen,
As related information corresponding to the previous SL address information and password information, and the tenant information, the user name of the users belonging to the tenant of the tenant information, and storage control means for storing the address information of the user in the storage unit,
A user list display means for displaying a user list screen including a user list using the user name on the input screen when the related information is stored in the storage unit when a display request for the authentication screen is received. ,
A second authentication screen for accepting the input of the password information omitting the input of the address information among the address information and the password information by selecting the user name from the user list displayed by the user list display means. Second authentication screen display means to display
An information processing system characterized by having. An information processing method executed by an information processing system including a service-using device and one or more information processing devices that provide services to the service-using device.
The service utilization device
The first authentication screen display step that displays the first authentication screen that accepts the input of user specific information, and
An authentication requesting step of performing an authentication request to Thus the information processing apparatus to the user identification information inputted to said first authentication screen,
A storage control step of storing the related information corresponding to the previous SL user specific information in the storage unit,
When the related information is stored in the storage unit when the display request of the authentication screen is received, the user list display step of displaying the user list screen including the user list specified from the related information on the input screen. When,
A second authentication screen display for displaying a second authentication screen for accepting input of information in which a part of the user specific information is omitted by selecting a user from the user list displayed in the user list display step. Steps and
An information processing method characterized by executing. A first authentication screen display means for displaying a first authentication screen that accepts input of user-specific information, and
An authentication requesting means for performing the authentication request to the result one or more information processing apparatus to the user identification information inputted to said first authentication screen,
And storage control means for storing the related information corresponding to the previous SL user specific information in the storage unit,
User list display means for displaying a user list screen including a user list specified from the related information on the input screen when the related information is stored in the storage unit when a display request for the authentication screen is received. When,
A second authentication screen display for displaying a second authentication screen for accepting input of information in which a part of the user specific information is omitted by selecting a user from the user list displayed by the user list display means. Means and
A service utilization device characterized by having. Computer,
A first authentication screen display means for displaying a first authentication screen that accepts input of user-specific information,
Authentication request means for performing the authentication request to the result one or more information processing apparatus to the user identification information inputted to said first authentication screen,
Storage control means for storing the related information corresponding to the previous SL user specific information in the storage unit,
User list display means for displaying a user list screen including a user list specified from the related information on the input screen when the related information is stored in the storage unit when a display request for the authentication screen is received. ,as well as
A second authentication screen display for displaying a second authentication screen for accepting input of information in which a part of the user specific information is omitted by selecting a user from the user list displayed by the user list display means. means,
A program to function as.

Images