JP2002202945A - Peripheral equipment, information processor, copying device, peripheral equipment control system, management method, management software, and storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a peripheral equipment allowing an integrated access control in a job management to be performed within a network environment. SOLUTION: This peripheral equipment managed by a directory server connected through a network deciphers an access ticket included in a job, when managing the job inputted through a network or console according to a job management command inputted through the network or console, deciphers an access ticket included in the job management command, and manages the job according to the deciphered contents of the access ticket included in the job and the access ticket included in the job management command.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a peripheral device for controlling peripheral devices such as a printer, a scanner, a copying machine, a facsimile, etc., setting a corresponding directory server, managing user information of peripheral devices, and managing the number of prints. , An information processing apparatus, a copying apparatus, a peripheral device control system, a management method, management software, and a storage medium.

[0002]

2. Description of the Related Art Conventionally, in peripheral devices such as a printer, a copying machine, and a facsimile (FAX), management of a job whose operation or execution is suspended in the peripheral device (display of a job list, cancellation of a designated job, etc.) is performed. This can be performed from a computer connected to the peripheral device via a console of the peripheral device or a network.

Conventionally, in a peripheral device which can include an access ticket issued from a directory server in a job or a control command, it is necessary to decrypt the access ticket using a secret encryption key. Since the encryption method and the format of the access ticket to be used differ depending on the type of the corresponding directory server, it is necessary to set in advance which directory server the peripheral device corresponds to.

Conventionally, peripheral devices such as a copying machine and a facsimile display a dialog for performing user authentication on a console to manage user information, and input user information to the dialog to allow the user to input user information. Had been certified. The user information obtained here is collated with a database of user information managed in the device, and when the user information matches, the use permission of the user is issued.
In addition, when any printing is performed as a result of a user operation, the number of printed sheets is recorded in a log together with the user information obtained at the time of login, or accumulated in a counter for each user to manage the number of printed sheets for each user. I was going.

Conventionally, in peripheral devices such as printers and copiers, management of the cumulative number of prints for each user and management of the number of prints such as a limit on the maximum number of prints have been performed by the device alone.
In this case, a counter that indicates cumulative printing is provided in the device, and when this value reaches a preset value, printing is terminated or job acceptance is refused.

[0006]

However, if the device that issued the job is different from the device that manages the job, for example, the computer issues a print job to the copier, and cancels this on the copier. If you try to do so from the console, the information used to log in to the computer is different from the information used to log in to the copier, so it is not clear whether the job is managed by the job issuer. It was a problem from the point of view of management access control. Further, in the present invention, in order to perform unified access control, means for including user information in a management command is used. However, in general, the data size of user information becomes large, and a management command including this is also required. Due to the large data size, there was a problem in network traffic and performance.

However, when the type of the corresponding directory server is to be set from the peripheral device control software operating on a computer connected via a network or the like, the target peripheral device is previously set to which directory server. Since it is necessary to store information on whether or not the peripheral device can be supported in the peripheral device control software, it has been difficult to prepare general-purpose peripheral device control software that can support any peripheral device.

However, since user information management has been performed on a single device, it is difficult to unify the user information managed by each device in an environment using a plurality of devices. However, there is a problem that the user ID does not always specify the same user. Further, even if the maximum number of printable sheets for each user is set for one device, the other devices are not affected at all, and it is difficult to manage the maximum number of printable sheets in such an environment.

Further, since the management of the number of prints has been performed by a single device, it is difficult to unify the user information managed by each device in an environment in which a plurality of devices are used. There is a problem that the user ID does not always specify the same user. In addition, setting the maximum number of printable sheets for one device does not affect another device at all, so it has been difficult to manage the maximum number of printable sheets in such an environment.

Accordingly, the present invention relates to job management in a network environment, and relates to a peripheral device, a copying device, an information processing device, a peripheral device control system, a management method, a management software, and a storage medium that enable unified access control. The purpose is to provide.

Another object of the present invention relates to job management in a network environment, a peripheral device, an information processing device, a copying device, and a peripheral device control capable of performing unified access control without deteriorating performance. It is to provide a system, a management method, management software, and a storage medium.

Further, according to the present invention, the peripheral device control software does not require the target peripheral device to have information on the type of the corresponding directory server, and can be used for general-purpose peripheral devices, information processing devices, copying devices, and peripheral device control devices. It is another object to provide a system, a management method, management software, and a storage medium.

[0013] Further, the present invention provides a method for unifying management of user information in an environment in which a plurality of devices connected to a network or the like are used, and a peripheral device and information capable of using the same user information in a plurality of devices. It is another object to provide a processing device, a copying device, a peripheral device control system, a management method, management software, and a storage medium.

Another object of the present invention is to provide a peripheral device capable of centrally managing the cumulative number of printed sheets and the maximum number of printable sheets for each user in an environment using a plurality of devices connected via a network or the like. It is another object to provide an information processing apparatus, a copying apparatus, a peripheral device control system, a management method, management software, and a storage medium.

Still another object of the present invention is to provide a peripheral device, an information processing device, a copying device, a peripheral device control system, a management method, a management software, and a storage device that can temporarily use a peripheral device when a network failure occurs. It is another object to provide a medium.

[0016]

In order to achieve the above object, the peripheral device according to the first aspect of the present invention is managed by a directory server connected via a network, and receives a job management command according to the input job management command. Therefore, in a peripheral device that manages a job input from the outside, a first decryption unit that decrypts an access ticket included in the job and a second decryption unit that decrypts an access ticket included in the job management command And management means for managing the job according to the decrypted contents of the access ticket included in the job and the access ticket included in the job management command.

The peripheral device according to claim 2, wherein the peripheral device is managed by a directory server connected via a network, and manages a job input from the outside according to an input job management command. First decrypting means for decrypting an access ticket included in a job, second decrypting means for decrypting an access ticket included in the job management command, and storing an access ticket included in the decrypted job management command Storing means for issuing a session key for the stored access ticket, obtaining means for obtaining the stored access ticket based on the session key included in the job management command, The access ticket included in the job and the acquired According decrypted contents of the access ticket, characterized by comprising a management unit for managing the job.

Comparing means for comparing the user identification information in the access ticket included in the job with the user identification information in the access ticket included in the job management command; And an instructing operation executing means for performing an operation instructed by the job management command when the conditions match.

Further, the job management command is a command for canceling a designated job.

The job management command is a command for obtaining job information in the peripheral device, and includes a user identification information in an access ticket included in the job and a user information in an access ticket included in the job management command. A comparison unit that compares the identification information with the identification information, and if the user identification information in the access ticket matches, returns all the information about the job; if the user identification information in the access ticket does not match, Reply means for returning only part of the information is provided.

Further, the job and the job management command are input via a console attached to the peripheral device or a network.

The peripheral device described in claim 7 is managed by a directory server connected via a network, and is a peripheral device that performs device management in accordance with the input device management command, and is included in the device management command. A decryption means for decrypting an access ticket and a management means for managing the device in accordance with the decrypted content of the access ticket included in the device management command are provided.

The peripheral device described in claim 8 is managed by a directory server connected via a network, and is a peripheral device that performs device management according to the input device management command, and is included in the device management command. Decryption means for decrypting an access ticket, storage means for storing an access ticket included in the decrypted device management command, issuing means for issuing a session key for the stored access ticket, An acquisition unit for acquiring the stored access ticket based on the included session key, and a management unit for managing the device according to the decrypted content of the acquired access ticket. Features.

According to a ninth aspect of the present invention, in the information processing apparatus which is connected to a peripheral device and a directory server via a network and performs job management for the peripheral device, the information processing device accesses the directory server. Issuance requesting means for requesting issuance of a ticket, command generating means for generating a job management command including the issued access ticket, and command issuing means for issuing the generated job management command to the peripheral device. It is characterized by having.

Also, in an information processing apparatus connected to a peripheral device and a directory server via a network and performing job management for the peripheral device, an issuance requesting means for requesting the directory server to issue an access ticket. First command issuing means for setting the issued access ticket, generating a management command for obtaining a session key, and issuing the management command to the peripheral device; and job management including the obtained session key. A second command for generating a command and issuing the command to the peripheral device
And a command issuing means.

Further, the job management command is a command for canceling a designated job.

Further, the job management command is a command for obtaining job information in the peripheral device.

According to a thirteenth aspect of the present invention, in the information processing apparatus connected to a peripheral device and a directory server via a network to perform device management on the peripheral device, the information processing device accesses the directory server. Issue requesting means for requesting issuance of a ticket, command generating means for generating a device management command including the issued access ticket, and command issuing means for issuing the generated device management command to the peripheral device. It is characterized by having.

An information processing apparatus according to claim 14 is connected to a peripheral device and a directory server via a network, and controls the peripheral device to perform device management. Issue request means for requesting issuance of a ticket, first command issue means for setting the issued access ticket, generating a management command for acquiring a session key, and issuing the management command to the peripheral device; Second command issuing means for generating a device management command including the acquired session key and issuing the command to the peripheral device.

A peripheral device control system according to claim 15, wherein the information processing device, the directory server, and the peripheral device are connected via a network, and the peripheral device is a job transmitted from the information processing device via the network. In the peripheral device control system, the information processing apparatus includes: an issuance request unit that requests the directory server to issue an access ticket; and a command generation unit that generates a job management command including the issued access ticket. And command issuing means for issuing the generated job management command to the peripheral device, wherein the peripheral device decodes an access ticket included in the job, Second decryption means for decrypting the access ticket included in the command; According to the content access ticket is decrypted included in the access ticket and the job management commands included in the job, characterized by comprising a management unit for managing the job.

In the peripheral device control system according to the present invention, an information processing device, a directory server, and a peripheral device are connected via a communication line, and the peripheral device is transmitted from the information processing device via the network. In the peripheral device control system for managing a job, the information processing apparatus sets an issued access ticket to the directory server to issue an access ticket, and obtains a session key by setting the issued access ticket. First command issuing means for generating a management command for the peripheral device and issuing the command to the peripheral device; and second command issuing means for generating a job management command including the acquired session key and issuing the job management command to the peripheral device. A first decryption device that decrypts an access ticket included in the job. A stage, and a second decoding means for decoding an access ticket included in the job management command,
Storage means for storing an access ticket included in the decrypted job management command, issuing means for issuing a session key for the stored access ticket, and, based on the session key included in the job management command, Acquiring means for acquiring the stored access ticket, and managing means for managing the job in accordance with the access ticket included in the job and the decrypted content of the acquired access ticket. And

The management method according to claim 17, wherein the peripheral device manages the job input from the outside in accordance with the input job management command, wherein the access ticket included in the job is decoded. Decoding the access ticket included in the job management command, and managing the job according to the access ticket included in the job and the decoded content of the access ticket included in the job management command. It is characterized by having.

The management method according to claim 18, wherein the peripheral device manages the job input from the outside in accordance with the input job management command, wherein the access ticket included in the job is decoded. Decrypting an access ticket included in the job management command, storing the access ticket included in the decrypted job management command, and issuing a session key for the stored access ticket. Obtaining the stored access ticket based on the session key included in the job management command, and decoding the access ticket included in the job and the decrypted content of the obtained access ticket. Managing the job. And butterflies.

In a management method according to a nineteenth aspect, in a management method in which a peripheral device performs device management in accordance with an input device management command, a step of decoding an access ticket included in the device management command; Managing the device in accordance with the content of the decrypted access ticket included in the management command.

According to a twentieth aspect of the present invention, there is provided a management method in which a peripheral device performs device management in accordance with an input device management command, wherein a step of decrypting an access ticket included in the device management command is provided. Storing an access ticket included in the stored device management command, issuing a session key for the stored access ticket, and storing the stored access ticket based on the session key included in the device management command. And acquiring the access ticket and managing the device according to the decrypted content of the acquired access ticket.

A management method according to claim 21, wherein an information processing apparatus connected to a peripheral device and a directory server via a network performs job management for the peripheral device, wherein the directory server Requesting the issuance of an access ticket, generating a job management command including the issued access ticket, and issuing the generated job management command to the peripheral device. It is characterized by the following.

A management method according to claim 22, wherein the information processing apparatus connected to the peripheral device and the directory server via a network performs job management for the peripheral device, wherein the directory server Requesting the issuance of an access ticket to the client, setting the issued access ticket, generating a management command for acquiring a session key, and issuing the management command to the peripheral device, Generating a job management command including a session key and issuing it to the peripheral device. The job management command is a command for canceling a specified job. .

Further, the job management command is a job information acquisition command in the peripheral device.

26. The management method according to claim 25, wherein the information processing apparatus connected to the peripheral device and the directory server via a network causes the peripheral device to perform device management. Requesting the access device to issue an access ticket, generating a device management command including the issued access ticket, and issuing the generated device management command to the peripheral device. It is characterized by the following.

A management method according to a twenty-sixth aspect is a management method in which an information processing device connected to a peripheral device and a directory server via a communication line performs device management on the peripheral device. Requesting a server to issue an access ticket, setting the issued access ticket, generating a management command for acquiring a session key, and issuing the management command to the peripheral device; Generating a device management command including the obtained session key and issuing the command to the peripheral device.

The management software according to claim 27,
Management software including a program executed by a computer in a peripheral device and for managing a job input from the outside in accordance with an input job management command, wherein the program includes an access ticket included in the job. And the step of decoding the access ticket included in the job management command, and managing the job according to the decoded contents of the access ticket included in the job and the access ticket included in the job management command. And a step of performing

[0042] The management software according to claim 28 is
Management software including a program executed by a computer in a peripheral device and for managing a job input from the outside in accordance with an input job management command, wherein the program includes an access ticket included in the job. Decoding the access ticket included in the job management command, storing the access ticket included in the decrypted job management command, and setting the session key for the stored access ticket. Issuing the access ticket stored on the basis of the session key included in the job management command, and decrypting the access ticket included in the job and the obtained access ticket. According to the contents, before Characterized in that it comprises a procedure of managing jobs.

The management software according to claim 29,
A management software that is executed by a computer in a peripheral device and includes a program for performing device management according to an input device management command, wherein the program is a procedure for decoding an access ticket included in the device management command. And a procedure for managing the device in accordance with the decrypted content of the access ticket included in the device management command.

The management software according to claim 30 is:
A management software that is executed by a computer in a peripheral device and includes a program for performing device management according to an input device management command, wherein the program is a procedure for decoding an access ticket included in the device management command. And a procedure for storing an access ticket included in the decrypted device management command, a procedure for issuing a session key for the stored access ticket, and based on the session key included in the device management command. The method includes a step of acquiring the stored access ticket, and a step of managing the device according to the decrypted content of the acquired access ticket.

[0045] The management software according to claim 31 is
Management software that is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network and includes a program for performing job management on the peripheral device; Requesting the directory server to issue an access ticket, generating a job management command including the issued access ticket, and issuing the generated job management command to the peripheral device. It is characterized by including.

The management software according to claim 32,
Management software that is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network and includes a program for performing job management on the peripheral device; Requesting the directory server to issue an access ticket, setting the issued access ticket, generating a management command for acquiring a session key, and issuing the management command to the peripheral device; Generating a job management command including the obtained session key and issuing the job management command to the peripheral device.

Further, the job management command is a command for canceling a specified job.

Further, the job management command is a job information acquisition command in the peripheral device.

The management software according to claim 35,
Management software that is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network, and includes a program for causing the peripheral device to perform device management. Requesting the directory server to issue an access ticket, generating a device management command including the issued access ticket, and issuing the generated device management command to the peripheral device. It is characterized by including.

The management software according to claim 36,
Management software that is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network, and includes a program for causing the peripheral device to perform device management. Requesting the directory server to issue an access ticket, setting the issued access ticket, generating a management command for acquiring a session key, and issuing the management command to the peripheral device; Generating a device management command including the acquired session key and issuing the command to the peripheral device.

A storage medium according to claim 37, wherein the storage medium is executed by a computer in a peripheral device and stores a program for managing a job input from the outside according to an input job management command. Wherein the program includes a step of decoding an access ticket included in the job, a step of decoding an access ticket included in the job management command, and a step of decoding an access ticket included in the job and the job management command included in the job management command. And managing the job in accordance with the decrypted contents of the access ticket to be accessed.

A storage medium according to claim 38 is a storage medium that is executed by a computer in a peripheral device and includes a program for managing a job input from the outside according to an input job management command. The program stores a procedure for decrypting the access ticket included in the job, a procedure for decrypting the access ticket included in the job management command, and stores the access ticket included in the decrypted job management command. A step of issuing a session key for the stored access ticket; a step of obtaining the stored access ticket based on the session key included in the job management command; Access ticket and the acquired access ticket In accordance with the decrypted contents of the,
And a step of managing the job.

A storage medium according to a thirty-ninth aspect is a storage medium that is executed by a computer in a peripheral device and includes a program for performing device management according to an input device management command. The method includes a step of decrypting an access ticket included in the device management command, and a step of managing the device according to the decrypted content of the access ticket included in the device management command.

A storage medium according to claim 40 is a storage medium that is executed by a computer in a peripheral device and includes a program for performing device management in accordance with an input device management command. Decrypting an access ticket included in the device management command, storing the access ticket included in the decrypted device management command, issuing a session key for the stored access ticket, A step of acquiring the stored access ticket based on the session key included in the apparatus management command, and a step of managing the apparatus according to the decrypted contents of the acquired access ticket. It is characterized by.

A storage medium according to claim 41, wherein the storage medium is executed by a computer in an information processing apparatus connected to a peripheral device and a directory server via a network, and causes the peripheral device to perform job management. A program for requesting the directory server to issue an access ticket; a procedure for generating a job management command including the issued access ticket; Issuing a management command to the peripheral device.

A storage medium according to claim 42, which is executed by a computer in an information processing apparatus connected to a peripheral device and a directory server via a network, and causes the peripheral device to perform job management. A program for generating a management command for requesting the directory server to issue an access ticket, setting the issued access ticket, and acquiring a session key. Issuing to the peripheral device by
Generating a job management command including the obtained session key and issuing the job management command to the peripheral device.

Further, the job management command is a command for canceling a designated job.

Further, the job management command is a command for obtaining job information in the peripheral device.

A storage medium according to claim 45, which is executed by a computer in an information processing apparatus connected to a peripheral device and a directory server via a network, and causes the peripheral device to perform device management. Wherein the program comprises:
A procedure for requesting the directory server to issue an access ticket, a procedure for generating a device management command including the issued access ticket, and a procedure for issuing the generated device management command to the peripheral device And characterized in that:

A storage medium according to claim 46, which is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network, and causes the peripheral device to perform device management. Wherein the program comprises:
Requesting the directory server to issue an access ticket, setting the issued access ticket, generating a management command for acquiring a session key, and issuing the management command to the peripheral device; Generating a device management command including the acquired session key and issuing the command to the peripheral device.

The peripheral device according to claim 47, wherein the storage means for storing attribute information indicating the function of the device, the status of the device, the job status, and the like, and the instruction provided by the information processing device connected to the network. An acquisition setting execution unit for acquiring and setting the stored attribute information, wherein the attribute information includes a list of types of the directory server that can be supported.

Further, storage means for storing attribute information indicating the function of the device, the status of the device, the job status, and the like, and obtaining and storing the stored attribute information in accordance with an instruction from an information processing apparatus connected to the network. Acquisition setting execution means for setting, wherein the attribute information includes a type of a directory server which is currently supported.

Further, the information processing apparatus has a step of acquiring the attribute information from the peripheral device, and a step of transmitting a control command in accordance with the acquired attribute information. The directory server includes a list of types of the directory servers.

Further, the information processing apparatus has a step of acquiring the attribute information from the peripheral device, and a step of transmitting a control command according to the acquired attribute information. The type of directory server is included.

Further, the program includes a step of acquiring the attribute information from the peripheral device, and a step of transmitting a control command in accordance with the acquired attribute information. It is characterized by including a list of server types.

The program has a step of acquiring the attribute information from the peripheral device, and a step of transmitting a control command according to the acquired attribute information. The type of directory server is included.

Further, the program includes a step of acquiring the attribute information from the peripheral device, and a step of transmitting a control command in accordance with the acquired attribute information. It is characterized by including a list of server types.

Further, the program has a step of acquiring the attribute information from the peripheral device, and a step of transmitting a control command according to the acquired attribute information. The type of directory server is included.

Further, the program includes a step of acquiring the attribute information from the peripheral device, and a step of transmitting a control command in accordance with the acquired attribute information. It is characterized by including a list of server types.

Further, the program has a step of acquiring the attribute information from the peripheral device, and a step of transmitting a control command in accordance with the acquired attribute information. The type of directory server is included.

Further, there is provided a console operated by a user, and an acquisition means for connecting to the directory server using user information input from the console and acquiring an access ticket for a peripheral device of the user. It is characterized by having.

Further, the present invention is characterized in that it decodes an access ticket included in a job received via the network and operates according to the contents of the decoded access ticket.

Further, the access ticket includes user information and recording means for recording the user information and the number of prints based on the job as a log.

Further, the access ticket includes user information, and transmission means for transmitting the user information and the number of prints based on the job to the directory server connected via the network is provided. Features.

Further, the access ticket includes a maximum number of printable sheets. Based on the maximum number of printable sheets, determining means for determining whether or not to accept a job. Ending means for ending the operation.

The access ticket includes user information, and immediately before execution of a job, using the user information, obtains the maximum number of printable sheets of the user stored in the directory server. Based on the acquired maximum printable number, determining means for determining whether or not to accept the job, and when the maximum printable number is exceeded,
Ending means for ending the job.

Further, the attribute information includes a list of operation modes that can be taken when the connection to the directory server cannot be established, and a current operation mode to be taken when the connection to the directory server cannot be established. According to the instructions of the connected information processing device,
An acquisition setting execution unit for acquiring and setting the attribute information is provided.

Further, there is provided a comparing means for comparing the temporarily stored user information with the user information inputted from the console, and an operation mode which can be taken when the connection to the directory server cannot be established is performed by the temporarily stored user mode. When the user information entered matches the user information input from the console, the operation mode is performed.

Further, a comparison means for comparing the temporarily stored user information with the user information input from the console is provided, and the operation mode that can be taken when the connection to the directory server cannot be established is set in the temporarily stored user mode. When the user information entered and the user information input from the console match, the mode is such that the operation is performed only for a predetermined time after the access ticket is normally acquired.

Further, there is provided a comparing means for comparing the temporarily stored user information with the user information inputted from the console, and the operation mode which can be taken when the connection to the directory server cannot be established is determined by the temporarily stored user mode. If the user information entered matches the user information input from the console, the access ticket is normally acquired, and only for a predetermined time, and only for the maximum number of printable sheets stored in the device in advance. It is a mode for performing an operation.

Further, there is provided a comparing means for comparing the temporarily stored user information with the user information inputted from the console, and the operation mode which can be taken when the connection to the directory server cannot be established is set in the temporarily stored user information. If the user information entered matches the user information input from the console, the maximum number of prints of the user in the temporarily stored user information can be performed only for a predetermined time after the access ticket is normally acquired. It is a mode in which the operation is performed only for the number of sheets.

Further, there is provided a comparing means for comparing the temporarily stored user information with the user information inputted from the console, and the operation mode which can be taken when the connection to the directory server cannot be established is determined by the temporarily stored user mode. When the user information entered matches the user information input from the console, the operation is limited to the maximum number of printable sheets stored in the device in advance.

Further, a comparison means for comparing the temporarily stored user information with the user information inputted from the console is provided, and the operation mode that can be taken when the connection to the directory server cannot be established is determined by the temporarily stored user mode. When the user information entered and the user information input from the console match, the operation is limited to the maximum number of printable sheets of the user in the temporarily stored user information.

Further, there is provided a comparing means for comparing the temporarily stored user information with the user information inputted from the console, and the operation mode that can be taken when the connection to the directory server cannot be established is determined by the temporarily stored user mode. When the user information entered matches the user information input from the console, the operation is limited to the maximum number of printable sheets for each user session stored in the device in advance.

Further, there is provided a comparing means for comparing the temporarily stored user information with the user information inputted from the console, and an operation mode which can be taken when the connection to the directory server cannot be established, is provided to the user. Is an operation mode in which is not used.

Further, the maximum printable number stored in the device in advance is reduced in proportion to the time since the access ticket was normally acquired.

Further, the present invention is characterized in that the method further comprises a step of connecting to the directory server using user information input from a console, and obtaining an access ticket for a peripheral device of the user.

Further, the method further comprises a step of decrypting an access ticket included in the job received via the network, and operating according to the content of the decrypted access ticket.

Further, the program includes a step of connecting to the directory server using user information input from a console, and acquiring an access ticket for a peripheral device of the corresponding user.

The program is characterized in that it includes a procedure for decrypting an access ticket included in a job received via the network and operating in accordance with the content of the decrypted access ticket.

Further, the program includes a step of connecting to the directory server using user information input from a console, and acquiring an access ticket for a peripheral device of the corresponding user.

[0092] The program is characterized in that the program includes a procedure for decrypting an access ticket included in the job received via the network and operating in accordance with the content of the decrypted access ticket.

A copying apparatus according to claim 79 of the present invention
In a copying apparatus connected to a network and managed by a directory server on the network, operation means for inputting user information for logging in to the directory server and instructing start of a copy job, and for logging in to the directory server Thereafter, an acquisition unit for acquiring management information corresponding to the user information from the directory server, and a control unit for restricting execution of the copy job based on the management information are provided.

Further, the user information is input to the client computer when logging in to the directory server from the client computer on the network.

Further, the management information includes a printable number and / or a cumulative number of prints.

[0096] Further, an update means for updating management information managed by the directory server in accordance with the user information in accordance with the execution result of the copy job is provided.

[0097] Further, there is provided an input means for inputting biometric information, and a generating means for generating the user information based on the biometric information input by the input means.

[0098] The management method according to claim 84 of the present invention comprises:
In a management method for managing a copying apparatus connected to a network by a directory server on the network, a step of inputting user information for logging in to the directory server and instructing a start of a copy job; After logging in, the method includes a step of acquiring management information corresponding to the user information from the directory server, and a step of restricting execution of the copy job based on the management information.

Further, the user information is input to the client computer when logging in to the directory server from the client computer on the network.

Further, the management information includes a printable number and / or a cumulative number of prints.

Further, the method further comprises a step of updating management information managed by the directory server in accordance with the user information in accordance with a result of the execution of the copy job.

Further, the method further comprises a step of inputting biological information and a step of generating the user information based on the input biological information.

[0103]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of a peripheral device, an information processing device, a copying device, a peripheral device control system, a management method, management software and a storage medium according to the present invention will be described with reference to the drawings.

[First Embodiment] FIG. 1 is a block diagram showing a configuration of a peripheral device control system according to a first embodiment. In the figure, reference numerals 1 and 5 indicate peripheral device MFPs, respectively.
1. MFP2. 2, 3 and 4 are personal computers PC (1), PC (2) and PC
(3). PC (1) 2, PC (2) 3, PC
(3) 4 is the MFP 1 (1) and MFP 2 via the network 10 or the local interface.
It is connected to (5). On the PC (1), PC (2) or PC (3), peripheral device control software related to the present invention operates, and the MFP 1 is connected to the MFP 1 via the network 10.
Request for job processing such as print, scan, copy, or FAX transmission / reception,
Then, an inquiry about the attribute information of the MFP 2 (5) is made.

Reference numeral 6 denotes a directory server having a unified management function of user information and device information, and is constituted by a personal computer or the like. This directory server 6 uses the Kerberos protocol (RFC15).
10) KDC (Key Distributive)
on Server), and Kerbe
In accordance with the rules of the ros protocol, a TGT (ticket generation ticket) is issued and an access ticket required to access a specified resource is issued.

Further, in this directory server 6,
It is assumed that MFP1 (1) and MFP2 (5) have already been registered. Referencing and updating this data is done by LD
By using the AP protocol (RFC1777), it can be performed from PC (1) 2 and PC (2) 3. Each user information managed by the directory server 6 includes a user name, a password, the number of printable sheets of the user, and the accumulated number of print sheets of the user. Each device information managed by the directory server 6 includes a device name and a secret encryption key of the device.

FIG. 2 is a block diagram showing the configuration of the peripheral devices (MFP1, MFP2). In the figure, reference numeral 11 denotes a controller for controlling peripheral devices. Reference numeral 12 denotes a communication interface for the controller 11 to communicate with the outside of the peripheral device, such as an Ethernet (registered trademark) interface, an IEEE 1284 interface, or another communication interface.

A scanner engine 13 is controlled by the controller 11. A printer engine 14 is controlled by the controller 11, and is, for example, a laser beam printer, an ink jet printer, or another printer.

Reference numeral 15 denotes a facsimile board for realizing a facsimile function for performing communication control such as image transmission / reception, which is controlled by the controller 11. Reference numeral 16 denotes a user interface, which is composed of an LCD display and a keyboard, displays information from the controller 11, and receives instructions from a user.
Tell

The peripheral device having such a configuration selects the printer engine 14 and makes it possible to issue a print job. Further, the printer engine 14 and the scanner engine 13 are selected, and a copy job can be issued. Further, the printer engine 14 and the scanner engine 1
3. Select the FAX board 15 to enable the issuance of a FAX reception job and a FAX transmission job.

FIG. 3 is a block diagram showing a hardware configuration of the controller 11. In the controller 11, C
PU21, RAM22, LCD23, keyboard 24,
The ROM 25, the communication interface 26, the scanner engine 27, the printer engine 28, the FAX board 29, and the DISK 30 are mutually connected via the system bus 20.

A program for controlling the controller 11 is stored in the ROM 25 or the disk 30 and is read out to the RAM 22 as needed, and
Performed by ROM 25 or DIS
The K30 stores, in addition to the control program, peripheral devices, attribute information indicating functions and states of jobs processed by the peripheral devices, job data to be output, and the like. Further, the CPU 21 performs display on the LCD 23 and receives a user instruction from the keyboard 24. Also, CPU
21 communicates with the outside through the communication interface 26.

In this embodiment, unless otherwise specified, in the peripheral device (FIG. 2), the CPU 21 receives a user's input from the keyboard 24 via the system bus 20, and stores the RAM 22, the LCD 23, the ROM 25, the communication interface 26, The scanner engine 27, the printer engine 28, the FAX board 29, and the DISK 30 are controlled.

FIG. 4 is a diagram showing the Ps constituting the network system.
3 is a block diagram illustrating a hardware configuration of C. FIG. In the PC, CPU 31, RAM 32, CRT 33, keyboard 34, pointing device 35, ROM 36, DI
The SK 37 and the communication interface 38 are mutually connected via a system bus 40. The program for controlling the PC is stored in the ROM 36 or DISK 37, read out to the RAM 32 as needed, and
This is executed by the PU 31. In addition, the CPU 31
Display is performed through T33, and a user's instruction is received from the keyboard 34 and the pointing device 35. The CPU 31 communicates with the outside through the communication interface 38.

In the present embodiment, unless otherwise specified, PC
Then, the CPU 31 receives the user's input from the keyboard 34 or the pointing device 35 via the system bus 40, and receives the RAM 32, the CRT 33, the ROM 3
6, the disk 37 and the communication interface 38 are controlled. Further, the user's instruction to the peripheral device and the information display to the user are performed by a local user interface
6 may be performed, or may be performed through a device serving as a client connected to the network 10, such as the PC (1), the PC (2), or the PC (3).

FIG. 5 is a diagram showing attribute information held in the peripheral device 1. As shown in FIG. The peripheral device 2 (5) has the same data structure as the peripheral device 1, but the stored values are different. These pieces of information are stored in the ROM 25, the RAM 22, or the DISK 30, and individual attribute information can be obtained or set from the PC (1) 2, PC (2) 3, and PC (3) 4 by processing described later. .

In the figure, reference numeral 301 denotes a “list of supported user management modes” attribute, which includes “no user management”, “password”, “user ID”, and “user ID”.
And multiple values of "password" and "join security domain" are stored as a list.

Reference numeral 302 denotes a “current user management mode” attribute, which holds “join security domain” as a value. Reference numeral 303 denotes a “list of compatible directory server types” attribute, whose value is ““ standard L ”
DAP server "," Active Directory
(MS) "," NDS (Novel) "," Open L
A plurality of values of DAP "" are held as a list.

Reference numeral 304 denotes a "type of directory server currently supported" attribute, which is "Active Di".
repository (MS) "" as a value.
305 is “I of the currently supported directory server.
P address "attribute, and" 123.6.56.54.2 ".
"1" is held as a value. Reference numeral 306 denotes a “device secret encryption key” attribute, which is “0x34q4bffcdca”.
001 ”is held as a value. This value is valid when the “current user management mode” attribute is “join a security domain”, and is used to interpret an access ticket issued from the directory server 6.

Reference numeral 307 denotes an attribute “whether or not to permit use when directory server connection is not possible”, and “TRUE”.
Is stored as a value. Reference numeral 308 denotes “a list of types of restrictions when using when the directory server cannot be connected”.
Attributes are "unlimited", "time limit", "time limit & fixed maximum number of sheets", "time limit & maximum number of sheets", "fixed maximum number of sheets", "maximum number of sheets", Multiple values of "limit for each login" are stored as a list.

Reference numeral 309 denotes a “kind of restriction when the current directory server cannot be connected” attribute.
"Time limit" is stored as a value. Reference numeral 310 denotes a “time limit length” attribute, which holds “48 hours” as a value. Reference numeral 311 denotes a “reduction ratio of the maximum number of sheets per day”.
It is an attribute and holds “30” as a value. 312
Is a “maximum number” attribute, and holds “100” as a value. Reference numeral 313 denotes a “maximum number per login” attribute, which holds “20” as a value.

FIG. 6 shows that the user management mode of the peripheral device 1 is set to P.
It is a flowchart which shows the processing procedure at the time of displaying / changing from C (1) 2, PC (2) 3, PC (3) 4. This processing program includes PC (1) 2, PC (2) 3, PC
(3) Operate on 4. First, attribute information 3 of peripheral device 1
01 (step S1701). The acquisition of the attribute information is performed by PC (1) 2, PC (2) 3, PC (3) 4
Transmits an attribute acquisition command to the peripheral device 1 from the
This is performed by the peripheral device 1 processing this command. Then, the obtained attribute information is displayed on the CRT 33 (step S1702). Further, the “current user management mode” attribute 302 as the attribute information is obtained (step S1703) and displayed on the CRT 33 (step S1704).

Waiting for user input (step S170)
5) According to the input from the user, the “current user management mode” attribute 302 which is the attribute information is set (step S1706), and the process ends. To set the attribute information, the PC (1) 2, PC (2) 3, and PC (3) 4 send an attribute setting command to the peripheral device 1, and the peripheral device 1 processes the command. It is performed by

FIG. 7 is a view showing a user interface screen displayed on the CRT 33 in a state of waiting for a user input in step S1705. In the figure, reference numeral 101 denotes a list of user management modes that can be selected by the user (attribute 301). The attribute 302 of the currently set user management mode is highlighted by 102 in the figure. The user selects the desired user management mode, highlights it, and then presses the OK button 103 to execute the processing of step S1706 to set the user management mode.

Note that the processing procedure of FIG. 6 is performed by the controller 11 of the peripheral device 1 itself whose user management mode is to be changed, instead of the PC, and the display of FIG. 7 is also provided in the peripheral device. May be performed on the user interface 16. Also, other peripheral devices 2
(5) It may be executed and displayed on the above.

FIG. 8 is a flowchart showing an operation processing procedure when a directory server corresponding to the peripheral device 1 is displayed / changed from the PC (1) 2, PC (2) 3, and PC (3) 4. This processing procedure is performed by the PC (1) 2, PC
(2) 3, performed on the PC (3) 4.

First, the attribute information 303 is obtained (step S1801). Acquisition of this attribute information is performed by the PC (1).
2. An attribute acquisition command is transmitted from the PC (2) 3 and the PC (3) 4 to the peripheral device 1, and in the peripheral device 1,
This is performed by processing this command according to the processing procedure described later. The obtained attribute information is displayed on the CRT 33 (step S1802).

Further, the attribute information 304 is obtained (step S1803), and the obtained attribute information 304 is stored in the CRT 33.
(Step S1804). The attribute information 305 is obtained (step S1805), and the obtained attribute information 30
5 is displayed on the CRT 33 (step S1806).

Waiting for user input (step S180)
7) According to the input from the user, the attribute information 30
4 and 305 are set (step S1808). The setting of this attribute information includes PC (1) 2, PC (2) 3, PC
(3) An attribute setting command is transmitted from 4 to the peripheral device 1, and the peripheral device 1 processes the command according to a processing procedure described later.

FIG. 9 is a view showing a user interface screen displayed on the CRT 33 in a state of waiting for a user input in step S1807. In the drawing, reference numeral 201 denotes a list of directory server types (attributes 303) that can be selected by the user. The type (attribute 304) of the currently set directory server is highlighted at 202 in the figure. Further, the IP address 3 of the currently set directory server is stored in the address section 203.
05 is displayed. The user selects a desired directory server type, highlights it, inputs a desired IP address into the address section 203, and then presses an OK button 2
By pressing “04”, the process of step S1808 is executed, and the corresponding directory server is set.

The processing shown in FIG. 8 is performed in place of the PC.
The display may be performed by the controller 11 of the peripheral device 1 itself that is to change the corresponding directory server, and the display illustrated in FIG. 9 may be performed by the user interface 16 provided in the peripheral device. Further, it may be executed and displayed on another peripheral device 2 (5).

FIG. 10 shows, from the PC (1) 2, the PC (2) 3, and the PC (3) 4, how to permit login when the peripheral device 1 cannot connect to the directory server 6. It is a flowchart which shows the processing procedure in the case. This processing procedure is performed by PC (1) 2, PC (2) 3, PC
(3) Performed on 4.

First, the attribute information “list of types of restriction when used when the directory server cannot be connected” attribute 308 is obtained (step S 2201). Acquisition of attribute information is performed by PC (1) 2, PC (2) 3, PC (3) 4
Transmits an attribute acquisition command to the peripheral device 1 from the
This is performed by the peripheral device 1 processing this command according to a processing procedure described later. The obtained attribute information is displayed on the CRT 33 (Step S220)
2).

“Type of restriction when used when directory server cannot be connected at present” attribute 309 which is attribute information
Is acquired (step S2203), and the obtained attribute information is displayed on the CRT 33 (step S2204). Further, the attribute information 307 "whether to permit use when directory server connection is not possible" attribute 307 is obtained (step S2205). The obtained attribute information is displayed on the CRT 33 (step S2206).

Then, the system waits for a user input (step S
2207), attribute information 3 according to the input from the user
09 and 307 are set (step S2208), and the process ends. The setting of the attribute information is PC (1) 2, PC
(2) 3, the attribute setting command is transmitted from the PC (3) 4 to the peripheral device 1, and the peripheral device 1 processes the command according to a processing procedure described later.

FIG. 11 is a view showing a user interface screen displayed on the CRT 33 in a state of waiting for a user input in step S2207. In the figure, reference numeral 2102 denotes “Di
The contents of the "List of types of restrictions when using when Directory Server connection is not possible" attribute 308 are displayed, and the value of the "Type of restrictions when using when the current Directory Server cannot be connected" attribute 309 is shown in FIG. 2103 is highlighted. further,
A check box 2101 displays the value of the “whether or not to allow use when Directory Server connection is not allowed” attribute 307. The user performs desired processing and then presses an OK button 2104 to execute the process of step S2208 to set attribute information.

Note that the processing shown in FIG. 10 is performed by the controller 11 of the peripheral device 1 whose setting is to be changed, instead of the PC, and the display shown in FIG. 16 may be performed. Further, it may be executed and displayed on another peripheral device 2 (5).

FIGS. 12 and 13 show a processing procedure for issuing a print job, a scanner job, a fax transmission job or a copy job from the PC (1) 2, PC (2) 3, and PC (3) 4 to the peripheral device 1. It is a flowchart which shows. This processing is performed for PC (1) 2, PC (2) 3,
This is performed on the PC (3) 4.

First, the “current user management mode” attribute 302, which is attribute information held by the peripheral device 1, is acquired (step S401). It is determined whether or not the value of the attribute information 302 is “no user management” (step S40)
2). If the result of the determination is “no user management”, the job is issued to the peripheral device 1 after setting other information necessary for the job in the job (step S403). Thereafter, the process ends.

On the other hand, if “user management is performed” in step S402, it is determined whether or not the value of the attribute information 302 is “password” (step S404). If the result of determination is that it is a password, a user interface screen prompting for password input is displayed on the CRT 33 (step S405). Then, in step S403, the job is issued to the peripheral device 1 after the input password and other information necessary for the job are set in the job.

On the other hand, if it is determined in step S404 that the password is not a password, the value of the attribute information
D ”is determined (step S406). If the result of the determination is that the user ID is a user ID, a user interface screen is displayed on the CRT 33 to prompt the user to enter the user ID (step S407). In step S403, the job is issued to the peripheral device 1 after the input user ID and other information necessary for the job are set in the job.

On the other hand, if the result of determination in step S 406 is that the user ID is not the user ID, the value of the attribute information 302 is “user I
D and password ”(step S
408). If the result of the determination is that the user ID and password are present, a user interface screen prompting the user to enter the user ID and password is displayed on the CRT 33 (step S4).
09). In step S403, the job is issued to the peripheral device 1 after the input user ID, password, and other information necessary for the job are set in the job.

On the other hand, if the result of determination in step S408 is that the password is not a user ID and password, it is determined whether or not the user has already logged in to the security domain managed by directory server 6 on the PC being used (step S410). ). This determination is made by inquiring of the operating system of the PC being used. If the result of determination is that the user has not logged in, a user interface screen prompting the user to enter a user ID and password is displayed on the CRT 33 (step S
411), these information are stored in the directory server 6 by Ke.
rberos protocol, so that T
GT (ticket generation ticket) information is acquired (step S413).

On the other hand, if the result of determination in step S410 is that the user has logged in, the user has already logged in, so the operating system is requested to acquire the TGT used in the current session (step S41).
2).

Using the TGT obtained in step S412 or S413, the user name held by the operating system or the
Information on the number of printable pages of the user corresponding to the user name input in step 411 is entered in the Kerberos protocol and the LDA.
It is obtained from the directory server 6 by the P protocol (step S414).

Thereafter, it is determined whether or not the number of printable sheets is one or more (step S415).
If the printing cannot be performed without more than the number of sheets, a user interface screen indicating that the job cannot be issued is displayed on the CRT 33 (step S416), and the process ends.

On the other hand, if the result of determination in step S415 is that printing is possible with one or more printable sheets, step S415
The TGT acquired in step 412 or S413 and the parameter of the identifier for identifying the peripheral device 1 to which the job is issued are transmitted to the directory server 6 by the Kerberos protocol, and an access ticket for the peripheral device 1 is acquired (step S417). The access ticket acquired here is obtained by encrypting information on the user name, the user ID, the number of printable sheets of the user, and the expiration date of the access ticket by the attribute information 306 of the secret encryption key of the peripheral device 1. The data format inside the access ticket and the encryption method (algorithm) to be used are uniquely determined in advance by the type of the directory server (attribute information 304) currently supported.

After setting the access ticket acquired in step S417 and other information necessary for the job in the job, the job is issued to the peripheral device 1 (step S418), and the process ends.

FIG. 14 is a flowchart showing the job issuing processing procedure in step S403. First, the parameters of the attribute setting command are set for the attributes required for the job (step S502). This parameter is composed of an attribute name to be set and a value corresponding thereto. The attribute setting command created in step S502 is transmitted to the peripheral device 1 (step S503). It is determined whether the setting of the required job attribute is completed (step S504). If the setting is not completed, the process proceeds to step S50.
Step 2 is repeated.

On the other hand, if the setting of the necessary job attributes is completed in step S504, data to be subjected to job processing, such as image data created by an application or the like, is transmitted to this peripheral device by a job data transmission command (step S504). S505). A job submission completion notification command indicating the completion of transmission of the job submission command is transmitted (step 506), and the process ends.

FIGS. 15 and 16 show the peripheral device 1 in FIG.
9 is a flowchart showing a job submission command reception processing procedure when a job issued by the processing of FIG. This process is executed by the peripheral device 1 each time a command constituting a job is received.

The received command and its parameters are analyzed (step 601). As a result of this analysis, it is determined whether or not the received command is an attribute setting command (step 602). If the received command is an attribute setting command, it is determined whether the attribute can be interpreted by the peripheral device 1 (step S603).

If interpretable, the specified attribute name / attribute value pair is stored as job data in the RAM 22 or DISK 30 in accordance with the analysis result obtained in step S601 (step S604), and the process ends. . On the other hand, if it cannot be interpreted in step S603,
The attribute specified by the received attribute setting command cannot be set, and a message that the attribute could not be set is returned (step S616), and the process ends.

On the other hand, if it is determined in step S602 that the received command is not an attribute setting command, step S601
It is determined whether or not the received command is a job data transmission command from the analysis result obtained in (Step S61)
1). If the command is a job data transmission command, the job data received following the command is stored in RAM 22 or D
The information is stored in the ISK 30 (step 612), and the process ends.

On the other hand, if it is determined in step S611 that the received command is not a job data transmission command, it is determined from the analysis result obtained in step S601 whether the received command is a job submission end notification command (step S613). If the command is a job submission end notification command, processing of the job data stored in the RAM 22 or the disk 30 is started (step S614). On the other hand, if the received command is not a job submission end notification command, the received command is another command, and a process depending on the other command is performed (step 615), and the process ends.

FIG. 17 is a diagram showing a data structure of a job held in the peripheral device 1 by the processing of FIGS. 15 and 16. This job is composed of an attribute list 701 representing job functions / attributes and job data 702 representing data to be processed by the job. Job data 7
02 may not be required depending on the type of job. The attribute list 701 is a list of pairs of attribute names 711 and corresponding attribute values 712.

In the figure, reference numeral 721 indicates that the job is a print job. Reference numeral 722 indicates that the start mode of the job is suspended. Reference numeral 723 indicates that the user management mode is “participate in the security domain”, and indicates that the access ticket 726 is used as the user information of the job. Reference numeral 724 denotes an attribute in which a user ID is set when the user management mode is “user ID” or “user ID and password”. 725 indicates that the user management mode is “password” or “user ID”.
And "password" are attributes for which a password is set. Reference numeral 726 denotes an attribute in which an access ticket is set when the user management mode is “join security domain”. As the attributes 724, 725, and 726, only necessary attributes may be set in the job data according to the contents of the attribute 723.

FIGS. 18 and 19 are flowcharts showing the processing procedure of the job data held in the peripheral device 1 shown in FIG. This processing is performed on the peripheral device 1. First, attribute information (current user management mode) 302
Is acquired (step S801). It is determined whether the value of the attribute information 302 is “no user management” (step S802).

If the result of the determination is “no user management”,
Processing of the attributes except for the attributes 723, 724, 725, and 726 is performed (step S803), and based on these attributes,
Job data processing is performed (step S810). The processing result of the job is recorded in a log (step S811), and the processing ends. This log is stored in RAM22 or DISK3
0 is stored.

On the other hand, if the result of determination in step S802 is that there is user management, it is determined whether the value of attribute information 302 is "password" (step S804). If the result of the determination is that the password is a password, the password value stored in the RAM 22 or DISK 30 is compared with the attribute information 725 (step S805). If they match, the job processing is continued in step S803. On the other hand, if they do not match, the job processing is stopped.

On the other hand, if the result of determination in step S 804 is that the password is not a password, the value of the attribute information 302 is “user I
D ”is determined (step S806). If the result of the determination is that the user ID is the user ID, the user ID value stored in the RAM 22 or DISK 30 is compared with the attribute information 724 (step S807). If they match, the job processing is continued in step S803. I do. On the other hand, if they do not match, the job processing is stopped.

The result of the determination in step S806 indicates that the user ID
If not, it is determined whether or not the value of the attribute information 302 is “user ID and password” (Step S80)
8). If the result of the determination is “user ID and password”, the user ID and password values stored in the RAM 22 or DISK 30 in advance and the attribute information 72
4 and 725 (step S80).
9) If both match, job processing is continued in step S803. If they do not match, the job processing is stopped.

On the other hand, if the result of determination in step S808 is not “user ID and password”, access ticket value 726 is decrypted using the secret encryption key that is attribute information 306 (step S812). Then, it is determined whether or not the access ticket is valid (step S
813). If the value of the access ticket cannot be decrypted, or if the number of printable sheets held in the access ticket is 0, it is determined in step S813 that the access ticket is invalid, and the job data is discarded (step S814). ), And terminate the process.

On the other hand, if it is determined in step S813 that the access ticket is valid, the number of printable sheets of the user corresponding to the user ID in the access ticket is obtained from the directory server 6 using the Kerberos protocol and the LDAP protocol ( Step S815).

It is determined whether the number of printable sheets is one or more and printing is possible (step S816). If printing is not possible, the job data is discarded (step S817).
The process ends. On the other hand, as a result of the determination in step S816,
If printing is possible, attribute values 723, 724, 725,
Processing of attributes except for 726 is performed (step S818),
The job data is processed based on these attributes (step S819). In this process, step S
Monitoring is performed so as not to exceed the number of printable sheets obtained from the processing of step 815, and if the number exceeds the maximum number of printable sheets, the job data processing is abnormally terminated. Regardless of whether the job ends normally or abnormally, the processing result of the job is recorded in a log (step S820), and the process ends. The log records the user ID and the number of sheets printed by the job, and is stored in the RAM 22 or the DISK 30.

In the present embodiment, FIGS.
In the processing of (1), once the job data is constructed in the peripheral device 1, the processing of the job data is performed again in the processing of FIGS. 18 and 19, but as another embodiment, FIG. 18 and FIG. 19, the job processing may be performed simultaneously with the job analysis.

In the present embodiment, step S813
Is used to determine the number of printable sheets in the access ticket, and in steps S815 and S816, the number of printable sheets of the user held in the directory server 6 is determined. As another embodiment, the access ticket in step S813 is used. Either of the determination of the number of printable sheets of the user or the determination of the number of printable sheets of the user held in the directory server 6 in steps S815 and S816 may be omitted.

In this embodiment, the record of the job result is used as a log, and the peripheral device 1 is registered in step S820.
However, the number of printable sheets and the accumulated number of printed sheets of the user stored in the directory server 6 may be updated with the number of sheets printed by the job. To update the printable number, the printable number and the cumulative print number of the user indicated by the user ID held in the directory server 6 are acquired by the LDAP protocol, and the printable number is subtracted from the printable number. Add the number of prints in the job to the cumulative number of prints,
This is performed by setting these obtained values in the directory server 6 using the LDAP protocol.

FIGS. 20 and 21 show the LCD of the peripheral device 1.
24 is a flowchart illustrating a processing procedure of a login screen displayed on a display 23. This processing is performed on the peripheral device 1.
First, the attribute information (current user management mode) 302 is acquired (step S901). It is determined whether the value of the attribute information 302 is “no user management” (step S902).

If the result of determination is that there is no user management,
The login information is stored in the RAM 22 (step S90)
3). The login information holds a user management mode, a user ID, and the number of printable sheets at the time of login. The number of printable sheets is sequentially updated according to the number of print sheets used in jobs involving printing, such as a print job and a copy job, issued from the console during the login period, and the job ends when the number of printable sheets reaches the value 0. In step S903, the number of printable sheets is set to infinity. The user ID in the login information is recorded in a log together with the number of prints used in the job. After the processing in step S903, the processing of the print hold job is performed (step S92).
4), end the process.

On the other hand, if the result of determination in step S902 is that there is user management, it is determined whether the value of the attribute information 302 is “password” (step S904). If the result of the determination is that there is a password, a user interface screen prompting for the password is displayed on the LCD 23,
Input password and RAM22 or DISK in advance
30 is compared with the password value held in step 30 (step S905).
In step 3, the login process is continued. If they do not match,
Cancels the process as unable to log in.

On the other hand, if the result of determination in step S 904 is that there is no password, the value of the attribute information 302 is “user I
D ”is determined (step S906). If it is a user ID, a user interface screen prompting the user to input a user ID is displayed on the LCD 23, and the input user ID is compared with a user ID value stored in the RAM 22 or the DISK 30 in advance (step S90).
7) If they match, the login process is continued in step S903. If they do not match, the process is canceled and the login is disabled.

On the other hand, if the result of determination in step S 906 is that the user ID is not a user ID, the value of the attribute information 302 is “user ID
And password ”(step S9).
08). If the result of the determination is that the user ID and password are entered, a user interface screen prompting the user to enter the user ID and password is displayed on the LCD 23, and the entered user ID and password are stored in the RAM 22 or DISK 30
Is compared with the user ID value and the password value held in (step S909), and if they match, the login process is continued in step S903. If they do not match, the process is canceled and the login is disabled.

As a result of the determination in step S908, the user ID
If the password is not the password, an attempt is made to access the directory server indicated by the attribute information 305, and it is determined whether or not connection is possible (step S910).

If the user is accessible, a user interface screen prompting the user to input a user name and password is displayed on the LCD 23 (step S912), and an access ticket is issued from the directory server 6 by the Kerberos protocol using the input user name and password. It is acquired (step S914).

On the other hand, if the directory server 6 returns an error indicating that the user name or the password is incorrect, such as when the user name and the password are incorrect, in step S912, the user is required to input the user name and the password again. Display a prompting user interface screen.

Then, the access ticket acquired from the directory server is decrypted using the secret encryption key 306 (step S915). The validity of the access ticket is determined (step S916). This determination is made by checking whether the ticket is within the expiration date and whether the number of printable sheets is one or more. If the access ticket is not valid as a result of the determination in step S916, the user interface screen indicating that the device cannot be currently used with this user name is displayed on the LC.
D23 is displayed (step S917), and the process ends.

On the other hand, if the result of determination in step S 916 is that the access ticket is valid, the login information is saved and the user information cache is updated (step S 916).
925). As for the printable number in the login information, the number held in the access ticket is set.

FIG. 22 shows the data structure of the user information cache. This user information cache is
M22 or DISK30. The updating of the user information cache is performed by adding the user name and password used when acquiring the access ticket, the user ID and the number of printable sheets in the access ticket, and the date and time of login as data. If the same user name already exists in the user information cache, the existing information is updated. Then, after the processing of step S925,
The process of the print hold job is performed (step S922), and the process ends.

On the other hand, if it is determined in step S910 that the directory server 6 cannot be accessed, the attribute information (whether or not use is permitted when the directory server cannot be connected) 3
07 is obtained, and it is determined whether the server can be used even if the server cannot be connected (step S911). If the use is not permitted, a user interface screen indicating that the user cannot log in is displayed on the LCD 23 (step S920), and the process ends.

On the other hand, if the use is not permitted in step S911, a user interface screen for prompting the user to input a user name and a password is displayed on the LCD 23 (step S91).
8) The set of the input user name and password is stored in the RAM 2
2 or whether it exists in the user information cache held in the DISK 30 (step S91).
9). If the result of this determination is that the device does not exist in the user information cache, the user interface screen indicating that the device cannot be currently used with this user name is displayed on the L.
The message is displayed on the CD 23 (step S921), and the process ends.

On the other hand, if the result of determination in step S 919 is that there is a set of user name and password in the user information cache, the number of printable sheets is calculated by processing described later, and this value and user ID are used as login information. It is stored (step S923). In the user management mode in the login information, a value of “join a security domain (cannot connect to a directory server)” is set. After the processing in step S923, the processing of the print hold job is performed (step S922), and the processing ends.

The login information stored in this login process is used for job restriction in the login session and for restricting and recording operations. That is, if printing is performed beyond the number of printable prints in the login information, the job is stopped. Also, the number of prints printed in the job is subtracted from the number of printables in the login information.

Further, when the user management mode in the login information is “join the security domain (cannot connect to the directory server)”, the attribute information stored in the device “restriction when using when the directory server cannot be connected” The value is updated by subtracting the number of sheets printed in the job from the value of the maximum number of prints 312 or the number of printable sheets 1013 of the user information cache according to the contents of the “type list” 308. The user ID in the login information is recorded in the log along with the number of prints of the job issued in the login session. Then, when the user logs off, the login information is discarded.

In this embodiment, even if the directory server can be connected, in step S925, the login information holds the number of printable sheets at the time of login, and is limited only by a job issued from the console during the login period. The number of printable pages is updated, but if it is possible to connect to the directory server, the number of printable pages for this user, which is stored in the directory server immediately before the job is issued, can be obtained, and the number of printable pages can be limited accordingly. It is possible. In this case, TGT is included in the login information held in step S925, whereby the printable number of users held in the directory server 6 is acquired by the Kerberos protocol and the LDAP protocol immediately before the job is issued.

The data in the user information cache updated in the processing of FIGS. 20 and 21 is stored in the RAM as described above.
22 or DISK 30. Data is 1
Each row is represented as a set of one record. One record is composed of a user name 1010, a password 1011 and a user ID.
1012, number of printable pages 1013 and login date and time 1
014.

FIG. 23 shows steps S924 and S922.
9 is a flowchart illustrating a processing procedure of a print hold job in FIG. This processing is performed on the peripheral device 1. First,
A list of jobs for which execution of printing is suspended in the peripheral device 1 is acquired (step S1101).

The user ID in the login information held in FIG. 20 and FIG. 21 is compared with the user ID in which each job acquired in step S1101 is included as an attribute.
Create a list of jobs that match both (step S
1102). When the access ticket 726 exists in the job, the user ID of the job to be compared is acquired and used by decrypting the access ticket.
Otherwise, the user ID 724 included in the job
Is used.

As a result of the processing in step S1102, it is determined whether or not the list is empty (step S1103). If the list is not empty, the processing is terminated.

On the other hand, if the job is empty in step S1103, a list of jobs matching the user ID is displayed on the LCD 23 as a user interface screen (step S1104). FIG. 24 shows the LCD 2 in step S1104.
FIG. 7 is a diagram showing a user interface screen displayed on the screen 3. In the figure, reference numeral 1202 denotes a list of the jobs created in step S1102. Reference numeral 1203 denotes an OK button for executing the job, and reference numeral 1204 denotes a cancel button for closing the user interface screen without executing the job.

Then, it is determined which of the OK button 1203 and the cancel button 1204 has been pressed (step S1105). If the cancel button has been pressed, the user interface screen is closed and the process ends. On the other hand, O
When the K button is pressed, the job in the list generated in step S1102 is executed (step S110).
6), end the process.

FIGS. 25 and 26 show the case where the peripheral device 1 is a PC.
9 is a flowchart showing a processing procedure when an access command for acquiring or setting individual attribute information is received from (1) 2, PC (2) 3, and PC (3) 4.
First, the received command and its parameters are analyzed (step S1301).

From the result of this analysis, it is determined whether or not the received command is an attribute acquisition command (step S130).
2). If the command is an attribute acquisition command, it is determined whether or not the attribute specified by the attribute acquisition command can be acquired (step S1303). If the attribute can be acquired, the value of the attribute held in the peripheral device is acquired (step S1304), the acquired attribute value is set in the parameter of the reply command, and the reply command for the attribute acquisition command is transmitted to the driver software. (Step S130
5), end the processing.

On the other hand, if the attribute cannot be acquired in step 1303, a process for notifying the driver software that the attribute acquisition has failed is performed (step S131).
7), the process ends.

On the other hand, if it is not an attribute acquisition command in step S1302, it is determined whether or not the received command is an attribute value change command based on the result of the analysis in step 1301 (step S1311). If the command is an attribute value change command, it is determined whether the attribute specified by the attribute value change command can be changed (step S13).
12).

If the attribute value can be changed, the specified attribute is changed to the specified attribute value in accordance with the specified command parameter (step S1313), and the driver software is notified that the attribute value has been successfully changed. Is performed (step S1314), and the process ends. On the other hand, if the change is not possible, a process of notifying the driver software that the change of the attribute value has failed is performed (step S1315), and the process ends. On the other hand, step S
If the received command is not the attribute change command in step 1311, the received command is another command, and a process depending on the other command is performed (step S <b> 1316), and the process ends.

FIGS. 27 and 28 are flowcharts showing a processing procedure for issuing management commands such as device management and job management from the PC (1) 2, PC (2) 3, and PC (3) 4 to the peripheral device 1. It is. This processing is performed by the PC (1).
2, executed on PC (2) 3 and PC (3) 4. First, the attribute information (current user management mode) 302 held by the peripheral device 1 is acquired (step S1401).

When the value of the attribute information 302 is “no user management”
Is determined (step S1402). If the result of determination is that there is no user management, a management command shown in FIG. 29 is generated and transmitted to the peripheral device 1 (step S1403). FIG. 29 shows the data structure of the management command. In the figure, reference numeral 1501 denotes a user management mode, in which a user ID 1502, a password 1
503 and access ticket 1504 indicate which information is valid. Reference numeral 1505 denotes a command type. Further, 1506 represents the length of the parameter 1507 required for the command.

Peripheral device 1 processes the received management command according to the processing procedures shown in FIGS. 30 and 31.
Send the result. The reply sent from the peripheral device 1 is processed (step S1417). This processing differs depending on the processing of the management command sent in step S1403. In particular, the management command is a command "L" for acquiring a list of jobs held in the peripheral device.
If istJobs, a list of jobs included in the reply is displayed on the CRT 33 as a user interface screen. Thereafter, the present process ends.

On the other hand, if the result of determination in step S1402 is that there is user management, it is determined whether the value of attribute information 302 is "password" (step S1404).
If the result of the determination is that there is a password, a user interface screen prompting the CRT 33 to enter a password is displayed (step S1405). Then, step S1403
A management command in which the input password is set is generated and transmitted to the peripheral device 1.

On the other hand, if the result of determination in step S1404 is that there is no password, the value of the attribute information 302 is “user I
D "is determined (step S1406).
If the result of the determination is that the user ID is a user ID, a user interface screen prompting the user ID input is displayed on the CRT 33 (step S1407). Then, step S14
In step 03, a management command in which the input user ID is set is generated and transmitted to the peripheral device 1. .

On the other hand, as a result of the determination in step S1406,
If it is not the user ID, it is determined whether or not the value of the attribute information 302 is “user ID and password” (step S1408). If the result of the determination is that it is a user ID and password, a user interface screen prompting the user to enter the user ID and password is displayed on the CRT 33 (step S1409). Then, in step S1403,
A management command in which the input user ID and password are set is generated and transmitted to the peripheral device 1.

On the other hand, if the result of determination in step S1408 is that it is not a user ID and password, it is determined whether or not the user has already logged in to the security domain managed by directory server 6 on the PC being used (step S1410). . This determination is made by inquiring of the operating system of the PC being used.

If the result of determination is that the user has not logged in, C
A user interface screen for prompting the user to input the user ID and the password is displayed on the RT 33 (step S1411),
This information is stored in the directory server 6 as Kerberos.
The transmission is performed using the s protocol, thereby obtaining TGT (ticket generation ticket) information (step S141).
3).

On the other hand, if the result of determination in step S1410 is that the user has logged in, he or she has already logged in, and requests and obtains the TGT used in the current session from the operating system (step S141).
2).

The TGT acquired in step S1412 or S1413 and the identifier (parameter) for specifying the peripheral device 1 to which the job is issued are stored in the directory server 6.
To the peripheral device 1 by using the Keberos protocol (step S1414). The access ticket obtained here is
Information on the user name, the user ID, the number of printable sheets of the user, and the expiration date of the access ticket is encrypted by the secret encryption key 306 of the peripheral device 1. The data format inside the access ticket and the encryption method (algorithm) to be used are uniquely determined in advance by the type 304 of the directory server currently supported.

A management command in which the access ticket acquired in step S1414 is set is generated and transmitted to the peripheral device 1 (step S1415). Thereafter, the same reply process as in step S1417 is performed (step S1).
416). Thereafter, the process ends.

FIGS. 30 and 31 correspond to FIGS. 27 and 28, respectively.
5 is a flowchart showing a procedure in which the peripheral device 1 processes a management command generated by the above process and transmitted to the peripheral device 1. This processing is executed on the peripheral device 1.

First, attribute information (current user management mode) 302 is obtained (step S1601). It is determined whether the value of the attribute information 302 is “no user management” (step S1602). If the result of determination is that there is no user management, the value 0 is set to the user ID 150 in the management command.
2 (step S1603) and step S161
Processing is performed according to the type of the third and subsequent commands.

On the other hand, if the result of determination in step S1602 is that there is user management, it is determined whether the value of the attribute information 302 is "password" (step S1604).
If the result of the determination is that the password is a password, the password 1503 is compared with the password value stored in the RAM 22 or DISK 30 in advance, and if they match, the value 0 is set to the user ID 1502 in the management command (step S1605) ). Thereafter, step S1613
The process according to the type of the subsequent command is performed. If they do not match, an error is returned and the processing of the management command is stopped.

On the other hand, if the result of determination in step S1604 is that the password is not a password, the value of the attribute information 302 is “user I
D "is determined (step S1606).
If the result of the determination is that the user ID is a user ID, the user ID 1502 is compared with the user ID value stored in the RAM 22 or DISK 30 in advance (step S160).
7). If they match, processing is performed according to the command type from step S1613. If they do not match, an error is returned and the processing of the management command is stopped.

On the other hand, if the result of determination in step S1606 is that the user ID is not the user ID, the attribute information 302
D and password ”(step S
1608). If the result of the determination is that the user ID and the password are the same, the user ID value and the password value stored in the RAM 22 or the disk 30 in advance and the user ID
A comparison is made between the command 1502 and the password 1503 (step S1607). If the two match, processing is performed according to the command type from step S1613. If they do not match, an error is returned and the processing of the management command is stopped.

On the other hand, in step S1608, the user ID
If not, the value of the access ticket 1504 is decrypted using the secret encryption key 306 (step S1610). As a result of the decryption, the validity and expiration date of the access ticket are determined (step S1611). If the result of the determination is that the access ticket is valid, the user ID in the access ticket is replaced with the user ID in the management command.
In step S1613, the process is performed according to the type of the command. On the other hand, step S16
If the result of determination in step 11 is that the access ticket is not valid,
An error is returned (step S1612), and the processing of the management command ends.

In the processing after step S1613, first, the command type 1505 is set to “ListJobs”.
It is determined whether or not (obtain a list of jobs) (step S1613). If the result of the determination is that the command type 1505 is “ListJobs”, a list of jobs held in the peripheral device 1 is acquired (step S1614). At this time, if the “current user management mode” 302 is “join a security domain”,
The access ticket 726 of each job is stored in the secret encryption key 30
6, and the obtained user ID is set in the user ID 724 of the job.

Then, the user ID 724 of the job acquired in step S1614 is compared with the user ID 1502 included in the management command, and the job name of the job whose both do not match is converted to a blank (step S16).
15). On the other hand, the job name of the job that matches both is not converted to a blank. The job list obtained in step S1615 is returned (step S1616), and the process ends.

On the other hand, as a result of the determination in step S1613, it is determined whether or not the command type 1505 is “CancelJob” (cancel the specified job) (step S1617). If the result of the determination is that the command type 1505 is not “CancelJob”, the device management command is processed (step S1619), and the process ends. In the processing of the device management command in step S1619, processing of a plurality of device management commands may be performed by dividing the cases according to the command type 1505.

As a result of the determination in step S1617, information on the designated job is obtained (step S1618). At this time, if the “current user management mode” 302 is “join the security domain”, the access ticket 726 of the job is decrypted with the secret encryption key 306,
The obtained user ID is set in the user ID 724 of the job.

Then, the user ID 724 of the job is compared with the user ID 1502 included in the management command (step S1620).
The management command execution failure is returned (step S162).
3), end the process. On the other hand, if both match in step S1620, the specified job is canceled (step S1621), the execution success of the management command is returned (step S1622), and the process ends.

By changing the processing in step S1621, job management other than the job case to which the job access control function is added (for example, suspending, resuming, interrupting the job, improving the priority, and improving the priority) Lowering etc.) can be performed.

FIG. 32 is a flowchart showing a processing procedure for totalizing logs of the peripheral device 1 and the peripheral device 5 and updating the printable number and the cumulative number of prints of each user of the directory server 6. This process is executed by the directory server 6. First, a log is acquired from the target peripheral device (step S1901).

The number of printed sheets for each user ID is added from the log information (step S1902). The printable number and the cumulative print number for each user are obtained from the directory server 6 by the LDAP protocol, the obtained number is subtracted from the printable number, and the result is added to the cumulative print number. Is set in the directory server 6 (step S1903). As a result, the printable number and the cumulative number of prints for each user of the directory server 6 are updated.

As described above, the processing in FIG.
By performing the process on the peripheral devices 5, the number of printable sheets and the cumulative number of printed sheets for two peripheral devices are centrally managed by the directory server 6.

As another embodiment, when the data of the directory server 6 is updated by connecting to the directory server 6 every time the job is completed without storing the number of prints used in the job in the log, as shown in FIG. It is not necessary to execute the processing of.

FIGS. 33 and 34 correspond to FIGS.
13 is a flowchart showing a calculation processing procedure for calculating the number of printable sheets when connection to the directory server is not possible in step S923 of FIG. This processing is executed on the peripheral device 1. First, the type 309 of the current printable number limit
Is acquired (step S2001).

It is determined whether or not the type of restriction 309 is "unlimited" (step S2002). If the result of determination is that there is no limit, the number of printable sheets is set to be unlimited (step S2003), and the process ends. On the other hand, step S
If the result of determination in 2002 is not unlimited, it is determined whether the type of restriction 309 is “time restriction”, “time restriction & restriction with fixed maximum number”, or “time restriction & restriction with maximum number”. (Step S2004). If the result of the determination is any, the last login date and time 1014 of the user in the user information cache is acquired (step S2).
005) It is determined whether or not the time difference between this date and time and the current date and time is equal to or less than the value specified by the time limit length 310 (step S2006).

If the number is equal to or less than the specified value, the number of printable sheets is set to the value 0 (step S2007), and the process is terminated. On the other hand, as a result of the determination in step S2004,
If neither “time limit”, “time limit & limited by maximum number of sheets” or “time limit & limit by maximum number of sheets”, or if it is within the time limit of step S2006, the type of limit 309 is “fixed maximum”. It is determined whether the condition is “limit by number” or “time limit & limit by fixed maximum number” (step S2008).

In the case of either “limited by the fixed maximum number” or “time limit & limited by the fixed maximum number”, the value of the maximum number 312 is set as the printable number (step S201).
0), the process ends. On the other hand, if the result of determination in step S2008 is neither “limit by fixed maximum number” nor “time limit & limit by fixed maximum number”, the type of limit 309 is “limit by maximum number” or “time limit & maximum number of sheets”. Is determined (step S2009). "Limit by maximum number" or "Time limit &
In this case, the number is calculated by the following equation (1), set as the printable number (step S2011), and the process ends.

Printable number = printable number 1013 in user information cache−maximum number of reductions per day × time since last login (number of days) (1)
Here, the time (number of days) since the last login is a value obtained by subtracting the current date and time from the login date and time 1014 of the user information cache, dividing the value by 24, and rounding down decimal places.

On the other hand, as a result of the determination in step S2009,
If neither "limit by maximum number" nor "time limit & limit by maximum number", the maximum number of copies per login 31
3 is set as the number of printable sheets (step S2012), and the process ends.

In this embodiment, FIGS. 6, 8, 10
According to the processing procedure shown in the flowchart of FIG. 7, a “list of supported user management modes”, “a list of compatible Directory Server types”, and “a list of types of restrictions when the Directory Server is used when connection is not possible” are stored in the PC. (1)
2, the PC (2) 3 and the PC (3) 4 are directly obtained from the peripheral device 1, but as other embodiments, a "list of supported user management modes", a "supported Dir"
Entity Server type list "," Dir
and a list of types of restrictions to be used when the connection is unavailable when the connection is unavailable from the peripheral server 1 and temporarily stored in the directory server 6 as device information.
C (1) 2, PC (2) 3, PC (3) 4 may be obtained from the directory server 6.

[Second Embodiment] In the first embodiment, in FIG. 29, the access command is included in the management command. However, the data size of the access ticket is generally different from that of the management command. Since the size is larger than the size, there may be a problem in performance or the like. A peripheral device control system for solving this problem will be described below as a second embodiment.

FIG. 35 is a diagram showing a data structure of a management command generated by a management command generation process described later and transmitted to the peripheral device 1. In the figure, reference numeral 2301 denotes a user management mode, which indicates which information among the user ID 2302, the password 2303, and the session key 2304 is valid.

[0233] The session key 2304 is issued by the peripheral device 1, and the access ticket in the peripheral device 1 is associated with the access ticket on a one-to-one basis. In the figure, reference numeral 2305 denotes a command type. 2306 is a parameter 2307 required for the command.
Represents the length of

FIG. 36 is a diagram showing a data structure of an access ticket cache held in the RAM 22 of the peripheral device 1 by processing of an access ticket setting command described later. The access ticket cache is composed of a plurality of records, with a pair of the session key 2401 and the access ticket 2402 as one record. The access ticket held here is the one after decryption using the secret encryption key 306.

FIGS. 37 and 38 are flowcharts showing a procedure in which the peripheral device 1 processes a management command generated by a management command generation process described later and transmitted to the peripheral device 1. This processing is executed on the peripheral device 1. In this processing procedure, since the step processing up to step S1608 in FIGS. 30 and 31 is the same, the step processing is omitted, and when the determination processing in step S1608 is NO (false), that is, in the user management mode Is "join the security domain".

First, it is determined whether or not the value of the session key 2304 is 0 (step S2501). If the result of the determination in step S2501 is that the session key 2304 has the value 0, it is determined whether or not the management command type 2305 is “access ticket setting command” (step S2502). "Access ticket setting command"
If not, an error is returned (step S2507),
The process ends.

On the other hand, as a result of the determination in step S2502,
In the case of the “access ticket setting command”, the value of the access ticket included in the management command parameter 2307 is decrypted using the secret encryption key 306 (step S2519). As a result of the decryption, the validity and the expiration date of the access ticket are determined (step S252).
0).

If the access ticket is not valid, an error is returned (step S2521), and the processing of the management command ends. On the other hand, if the result of determination in step S2520 is that the access ticket is valid, the contents of the decrypted access ticket are generated in a one-to-one correspondence with the access ticket, and are stored in the access ticket cache together with the session key. (Step S2503). The generated session key is returned (step S2504), and the process ends.

On the other hand, if the session key has a value other than 0 in step S2501, the session key is searched in the access ticket cache (step S2505).
It is determined whether a session key exists (step S2506). As a result of the determination, an error is returned (step S2507), and the process ends.

On the other hand, as a result of the determination in step S2506,
If the session key exists, the access ticket corresponding to the session key is acquired from the access ticket cache, and the user ID in the access ticket is set to the user ID 2302 in the management command (step S25).
22), perform processing according to the type of command from step S2508.

In the processing after step S2508, first, the command type 2305 is "ListJobs".
It is determined whether or not (obtain a list of jobs) (step S2508). If the command type 2305 is “ListJobs” as a result of the determination, a list of jobs held in the peripheral device 1 is obtained (step S2509). At this time, if the “current user management mode” 302 is “join the security domain”, the access ticket 726 of each job is decrypted with the secret encryption key 306, and the obtained user ID is set in the user ID 724 of the job. Keep it.

The user ID 724 of the job acquired in step S2509 is compared with the user ID 2302 included in the management command, and the job name of the job whose both do not match is converted to a blank (step S2510).
The obtained job list is returned (step S251).
1), end the process.

On the other hand, as a result of the determination in step S2508,
It is determined whether or not the command type 1505 is “CancelJob” (cancel the specified job) (step S2512). Command type 2305
If is not “CancelJob”, the device management command is processed (step S2517), and the process ends. In the processing of the device management command in step S2517, processing of a plurality of device management commands may be performed by dividing the cases according to the command type 2305.

On the other hand, as a result of the determination in step S2512,
If the command type 1505 is “CancelJob”, information on the specified job is acquired (step S2513). At this time, "Current user management mode"
If 302 is "join security domain",
The job access ticket 726 is converted to the secret encryption key 306
And the obtained user ID is set in the user ID 724 of the job.

The user ID 724 of the job is compared with the user ID 2302 included in the management command (step S2514). If the two do not match, a failure to execute the management command is returned (step S2518), and the process ends. .

On the other hand, if they match in step S2514, the specified job is canceled (step S2515), a success of execution of the management command is returned (step S2516), and the process ends.

By applying the processing procedure of the management command shown in FIG. 37 and FIG. 38 also at the time of job processing, an access ticket may be included in a job as shown in FIG. 17, FIG. 18 and FIG. Instead, it is also possible to include a session key in the job.

FIG. 39 shows the PC (1) 2 and PC (2) for the peripheral device 1 executing the processing of FIGS. 37 and 38.
3 is a flowchart showing a processing procedure for issuing management commands such as device management and job management from the PC (3) 4. This processing is performed on PC (1) 2, PC (2) 3, PC
(3) Executed on 4. This processing procedure is shown in FIG.
7 and steps S1412 and S1413 in FIG.
Up to this point, the TGT is shown after the acquisition of TGT is completed in step S1412 or S1413.

That is, step S1412 or S1
The TGT acquired in 413 and the identifier (parameter) for specifying the peripheral device 1 to which the job is issued are transmitted to the directory server 6 by the Kerberos protocol, and an access ticket for the peripheral device 1 is acquired (step S2601). The access ticket acquired here is obtained by encrypting information relating to the user name, the user ID, the number of printable sheets of the user, and the expiration date of the access ticket by the secret encryption key 306 of the peripheral device 1. The data format inside the access ticket and the encryption method (algorithm) to be used are uniquely determined in advance by the type 304 of the directory server currently supported.

An access ticket setting command in which the access ticket acquired in step S2601 is set in the command parameter 2307 is generated and transmitted to the peripheral device 1 (step S2602). In the management command transmitted here, the session key 2304 has a value of 0, and the command type 2305 has an “access ticket setting command”.

It is determined whether the reply from the peripheral device 1 is an error (step S2603). If the reply is an error, the process ends. On the other hand, if the result of determination in step S2603 is that there is no error, the session key acquired in step S2602 is replaced with the session key 230 of the management command.
4 and the management command type 2 of the management command data
305, a command parameter length 2306, and an appropriate value for the command parameter 2307 are set and transmitted to the peripheral device 1 (step S2604). The reply from the peripheral device 1 is processed (step S2605), and the process ends.

When the same user issues a job management command or a device management command to the same peripheral device, a necessary access ticket is already held in the peripheral device and a session key for the access ticket has already been acquired. , The steps from steps S2601 to S2603 can be omitted. This makes it possible to perform job management and device management of peripheral devices with good performance.

As described above, according to the above embodiment, it is possible to perform unified job management with respect to access rights in a network environment. Further, it is possible to perform unified job management regarding access rights in a network environment. Further, only the user who issued the job can cancel the job.

Also, only the user who issued the job can know all the information of the job, and other users can know only a part of the information of the job. Further, under the network environment, it is possible to perform job information with uniform access rights with good performance. Also, only the user who issued the job can cancel the job with good performance. Further, only the user who issued the job can know all the information of the job with good performance, and other users can know only a part of the information of the job.

[0255] In a network environment, unified device management regarding access rights can be performed. Further, under a network environment, unified device management regarding access rights can be performed with good performance. Also, a job management command can be issued to a peripheral device. Further, a job cancel command can be issued to the peripheral device. In addition, a job can be displayed on a peripheral device. Further, a device management command can be issued to a peripheral device.

According to the present embodiment, a list of types of directory servers that can be supported by peripheral devices can be acquired from outside via a network or the like. In addition, the type of directory server currently supported by the peripheral device can be obtained and set from outside via a network or the like. Further, a list of types of directory servers that can be supported can be obtained and displayed on the user interface. In addition, a currently supported directory server can be acquired and displayed on the user interface, and settings can be changed.

According to this embodiment, unified user information can be used by a plurality of peripheral devices. In an environment where a plurality of peripheral devices are used, the cumulative number of prints and the maximum number of printable sheets can be centrally managed. Further, in an environment where a plurality of peripheral devices are used, printing can be restricted for each user based on the maximum number of printable sheets.

Also, the setting of the operation mode to be taken when the connection to the directory server cannot be established can be made from outside through a network or the like. Further, when the connection to the directory server cannot be established, the peripheral device can be used. If the connection to the directory server cannot be established, the peripheral device can be used within a certain period of time after the last successful login. Furthermore, if the connection to the directory server cannot be established, the peripheral device can be used within a certain period of time after the last normal login, within a range not exceeding the maximum number of prints stored in the device. If the connection to the directory server cannot be established, the peripheral device can be used within a certain period of time after the last normal login and up to the maximum printable number at the time of the last normal login. Further, when the connection to the directory server cannot be established, the peripheral device can be used within a range not exceeding the maximum number of prints stored in the device.

When the connection to the directory server cannot be established, the peripheral device can be used up to the maximum printable number at the time of the last normal login. Further, when the connection to the directory server cannot be established, the peripheral devices can be used within a range not exceeding the maximum number of printable sheets for each login. Further, when the connection to the directory server cannot be established, the user can be prohibited from using the peripheral device in order to perform accurate user management.
Further, peripheral devices can be used up to the maximum printable number in consideration of the expected print number after connection to the directory server normally. In addition, a job can be issued to a peripheral device.

Next, the copying operation of the peripheral device in the above embodiment will be described. FIG. 40 is a flowchart showing a copy processing procedure in the peripheral device 1. This processing program is stored in the ROM 25 in the controller 11 and is executed by the CPU 21 when a copy start button provided on the keyboard 24 of the peripheral device 1 is pressed. The peripheral device 1 has a function of printing an image of a paper document placed on the scanner engine 27 by the printer 28 when the copy start button is pressed. The event that the copy start button has been pressed is sent from the keyboard 24 to the CPU 21 and interpreted as a copy job issuing instruction.

However, the steps S920 and S920 in FIG.
In 921 and S917, when a display indicating that the currently logged-in user cannot be used is performed or when the user is not logged in, the event that the copy start button is pressed is set not to be sent to the CPU 21. Therefore, the processing shown in the flowchart of FIG. 40 is not executed.

The event from the copy start button is set to C
When the PU 21 receives the information, it starts this processing.
The login information stored in any one of the steps S903, S923, and S925 is acquired (step S4001). It is determined whether or not the current user management mode is participating in the security domain (step S4002). As a result of the determination, if the user does not participate in the security domain, the image of the paper document placed on the scanner engine 27 is printed by the printer engine 28, and the number of printed pages is logged together with the user name or user ID included in the login information. (Step S40)
03), this process ends.

On the other hand, as a result of the determination in step S4002,
If the user has joined the security domain, the number of printable pages held in the login information is acquired (step S).
4004). Further, the image of the paper document placed on the scanner engine 27 is printed by the printer engine 28, and the number of printed sheets is recorded in a log together with the user name or user ID included in the login information (step S40).
05), this process ends. At this time, step S4
If the number of printable sheets acquired in step 004 is exceeded, printing is forcibly terminated, and the fact is displayed on the LCD 23. Then, based on the result of the copy job, the log information on the directory server 6 of the user who executed the copy job is updated.

That is, the number of printable sheets and the cumulative number of print sheets corresponding to the user who executed the copy job are obtained from the directory server 6 by the LDAP protocol, the number of copy sheets used in the copy job is subtracted from the number of printable sheets, and the cumulative print number is further obtained. These results obtained in addition to the number are set in the directory server 6 by the LDAP protocol. As a result, the number of printable sheets and the cumulative number of printed sheets for each user managed by the directory server 6 are updated.

Although the embodiments of the present invention have been described above, the present invention is not limited to the configurations of these embodiments, but includes the functions described in the claims or the functions of the embodiments. Any configuration that can achieve the function of the configuration is applicable.

For example, in login (user authentication) in the peripheral device 1 (or 2), information stored in an IC card inserted by a user via an IC card reader connected to the system bus 20 of the peripheral device 1 Alternatively, biometric information such as a fingerprint, iris (iris), and voiceprint presented by a user is used as user information via a biometric information reader such as a fingerprint reader, an iris (iris) reader, and a voiceprint reader connected to the system bus 20. It is also possible.

In this case, in step S912 in FIG. 21, the user is urged to present appropriate user information, and the user information obtained from each reader is stored in step S912 in FIG.
At 914, it is sent to the directory server 6. Then, as a result of the verification of the user information in the directory server 6,
When the user authentication is obtained, the peripheral device 1 acquires an access ticket or TGT that is session information for the user.

It is needless to say that the present invention can also be applied to a case where the present invention is achieved by supplying a program to a system or an apparatus by using a recording medium storing program codes of software for realizing the functions of the above-described embodiments. Nor. In this case, the program code itself read from the storage medium implements the novel function of the present invention, and the storage medium storing the program constitutes the present invention.

In the above embodiment, the program code shown in each flowchart is stored in the storage medium. As a storage medium for supplying the program code, for example, R
OM, flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DV
D, a magnetic tape, a nonvolatile memory card, or the like can be used.

[0270]

According to the present invention, unified access control can be performed for job management in a network environment. Further, regarding job management in a network environment, unified access control can be performed so that performance is not deteriorated.

Also, the peripheral device control software does not require the target peripheral device to have information on the type of the corresponding directory server, and can provide a general-purpose peripheral device control system.

Further, in an environment where a plurality of devices connected to a network or the like are used, unified management of user information can be performed, and the same user information can be used by a plurality of devices. Further, in an environment where a plurality of devices connected via a network or the like are used, it is possible to centrally manage the cumulative number of prints and the maximum number of printable prints for each user. Further, when there is a network failure, peripheral devices can be used temporarily.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a configuration of a peripheral device control system according to a first embodiment.

FIG. 2 is a block diagram illustrating a configuration of peripheral devices (MFP1, MFP2).

FIG. 3 is a block diagram showing a hardware configuration of a controller 11;

FIG. 4 is a block diagram showing a hardware configuration of a PC constituting the network system.

FIG. 5 is a diagram showing attribute information held in the peripheral device 1.

FIG. 6 shows the user management mode of the peripheral device 1 set to PC (1).
2 is a flowchart showing a processing procedure when displaying / changing from PC (2) 3 and PC (3) 4.

FIG. 7 is a diagram showing a user interface screen displayed on the CRT 33 in a state of waiting for user input in step S1705.

FIG. 8 shows a directory server corresponding to peripheral device 1 as P
It is a flowchart which shows the operation | movement processing procedure at the time of displaying and changing from C (1) 2, PC (2) 3, PC (3) 4.

FIG. 9 is a view showing a user interface screen displayed on the CRT 33 in a state of waiting for user input in step S1807.

FIG. 10 shows how a PC is allowed to log in when the peripheral device 1 cannot connect to the directory server 6.
It is a flowchart which shows the processing procedure at the time of displaying and changing from (1) 2, PC (2) 3, PC (3) 4.

FIG. 11 is a diagram showing a user interface screen displayed on the CRT 33 in a state of waiting for user input in step S2207.

FIG. 12 shows a PC (1) 2 and a PC for a peripheral device 1.
(2) 3 is a flowchart showing a processing procedure for issuing a print job, a scanner job, a fax transmission job or a copy job from the PC (3) 4.

FIG. 13 is a diagram illustrating a PC connected to the peripheral device 1 following FIG.
9 is a flowchart showing a processing procedure for issuing a print job, a scanner job, a fax transmission job, or a copy job from (1) 2, PC (2) 3, and PC (3) 4.

FIG. 14 is a flowchart illustrating a job issuing process procedure in step S403.

FIG. 15 is a flowchart illustrating a job input command receiving process when the peripheral device 1 receives a job issued by the process of FIG. 14;

FIG. 16 is a flowchart, following FIG. 15, illustrating a procedure for receiving a job input command when the peripheral device receives a job issued by the processing of FIG.

17 is a diagram showing a data structure of a job held in the peripheral device 1 by the processing of FIG.

18 is a flowchart illustrating a processing procedure of job data held in the peripheral device 1 illustrated in FIG.

FIG. 19 is a peripheral device 1 shown in FIG. 17 following FIG. 18;
9 is a flowchart showing a processing procedure for job data stored in the job data.

20 is a flowchart showing a processing procedure of a login screen displayed on LCD 23 of peripheral device 1. FIG.

FIG. 21 is a flowchart showing a processing procedure of a login screen displayed on the LCD of the peripheral device, following FIG.

FIG. 22 is a diagram showing a data structure of a user information cache.

FIG. 23 is a flowchart illustrating a processing procedure of a print hold job in steps S924 and S922.

FIG. 24 is a view showing a user interface screen displayed on the LCD 23 in step S1104.

FIG. 25 is a diagram showing a case where the peripheral device 1 is a PC (1) 2, a PC (2) 3,
It is a flowchart which shows the processing procedure at the time of receiving the access command for acquiring or setting each attribute information from PC (3) 4.

FIG. 26 is a diagram showing a configuration in which the peripheral device 1 is a PC (1) 2,
It is a flowchart which shows the processing procedure at the time of receiving the access command for acquiring or setting each attribute information from PC (2) 3 and PC (3) 4.

FIG. 27 shows a PC (1) 2 and a PC for a peripheral device 1;
(2) 3 is a flowchart showing a processing procedure for issuing management commands such as device management and job management from the PC (3) 4.

FIG. 28 is a diagram showing a PC connected to the peripheral device 1 following FIG. 27;
(1) Device management from 2, PC (2) 3, PC (3) 4,
9 is a flowchart illustrating a processing procedure for issuing a management command such as job management.

FIG. 29 is a diagram showing a data structure of a management command.

30 is a diagram illustrating the peripheral device 1 generated by the process of FIG.
5 is a flowchart showing a procedure in which the peripheral device 1 processes the management command transmitted to the peripheral device 1.

31 is a diagram showing a management command generated by the processing of FIG. 22 and transmitted to the peripheral device 1 following FIG. 30;
Is a flowchart showing a procedure for processing.

FIG. 32 is a flowchart showing a processing procedure for totalizing logs of the peripheral device 1 and the peripheral device 5 and updating the printable number and the cumulative number of prints for each user of the directory server 6.

FIG. 33 is a flowchart showing a calculation processing procedure for calculating the number of printable sheets when connection to the directory server is impossible in step S923 of FIG. 17;

FIG. 34 is a flowchart, following FIG. 33, showing a calculation processing procedure for calculating the number of printable sheets when connection to the directory server is impossible in step S923 of FIG. 17;

35 is a diagram illustrating a data structure of a management command generated by a management command generation process described later and transmitted to the peripheral device 1. FIG.

FIG. 36 is a diagram showing a data structure of an access ticket cache held in the RAM 22 of the peripheral device 1 by processing of an access ticket setting command described later.

FIG. 37 is a flowchart showing a procedure in which the peripheral device 1 processes a management command generated by a management command generation process described later and transmitted to the peripheral device 1.

FIG. 38 is a flowchart showing a procedure in which the peripheral device 1 processes a management command generated by a management command generation process described later and transmitted to the peripheral device 1, following FIG. 37;

39 is a process of issuing management commands such as device management and job management from the PC (1) 2, PC (2) 3, and PC (3) 4 to the peripheral device 1 executing the process of FIG. It is a flowchart which shows a procedure.

FIG. 40 is a flowchart showing a copy processing procedure in the peripheral device 1.

[Explanation of symbols]

 2, 3, 4 Personal computer (PC) 3, 5 Peripheral device (MFP) 6 Directory server 11 Controller 21, 31 CPU 25, 36 ROM 301, 302 Attribute information 724, 1502, 2302 User ID 726, 1504, 2402 Access ticket 2304, 2401 Session key

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 2C061 AP01 AP07 AQ05 AQ06 AS02 CL08 HJ08 HK05 HK15 HK19 HN05 HN15 HP00 HQ12 HQ22 5B014 FA05 GD05 GD22 GD37 HC05 5B076 FB05 5B085 AE01 BE03 BE07 J10 CC11 5B037 GA11 KE02 KE03 LB12

Claims (88)

[Claims] 1. A peripheral device which is managed by a directory server connected via a network and manages a job input from the outside in accordance with an input job management command, decrypts an access ticket included in the job. First
A second decryption unit that decrypts an access ticket included in the job management command; and a decryption unit that decrypts an access ticket included in the job and an access ticket included in the job management command. Peripheral equipment comprising a management means for managing a job. 2. A peripheral device which is managed by a directory server connected via a network and manages a job input from the outside according to an input job management command, decrypts an access ticket included in the job. First
A second decryption unit that decrypts an access ticket included in the job management command; a storage unit that stores an access ticket included in the decrypted job management command; and the stored access ticket. Issuance means for issuing a session key for the job, acquisition means for acquiring the stored access ticket based on the session key included in the job management command, access ticket included in the job and the acquired A peripheral device comprising: a management unit configured to manage the job in accordance with the decrypted content of the access ticket. 3. A comparison means for comparing user identification information in an access ticket included in the job with user identification information in an access ticket included in the job management command, and user identification information in both the access tickets. 2. An instruction operation executing means for performing an operation instructed by the job management command when the conditions are satisfied.
Or the peripheral device according to 2. 4. The peripheral device according to claim 3, wherein the job management command is a command for canceling a specified job. 5. The job management command is a command for obtaining job information in the peripheral device, and user identification information in an access ticket included in the job and a user in an access ticket included in the job management command. Comparing means for comparing the identification information with the user; if the user identification information in the access ticket matches, return all information on the job; if the user identification information in the access ticket does not match, 3. The peripheral device according to claim 1, further comprising a reply unit that returns only part of the information. 6. The peripheral device according to claim 1, wherein the job and the job management command are input via a console attached to the peripheral device or a network. 7. Peripheral device managed by a directory server connected via a network and performing device management in accordance with the input device management command, wherein decoding means decodes an access ticket included in the device management command. A peripheral device comprising: a management unit configured to manage the device in accordance with the decoded content of an access ticket included in the device management command. 8. Peripheral devices managed by a directory server connected via a network and performing device management according to the input device management command, wherein decoding means decodes an access ticket included in the device management command. Storing means for storing an access ticket included in the decrypted device management command; issuing means for issuing a session key for the stored access ticket; and a session key included in the device management command. A peripheral device, comprising: an acquisition unit that acquires the stored access ticket; and a management unit that manages the device according to the decrypted content of the acquired access ticket. 9. An information processing apparatus which is connected to a peripheral device and a directory server via a network and performs job management for the peripheral device, wherein issuance request means for requesting the directory server to issue an access ticket. Command generating means for generating a job management command including the issued access ticket, and command issuing means for issuing the generated job management command to the peripheral device. Processing equipment. 10. An information processing apparatus which is connected to a peripheral device and a directory server via a network and causes the peripheral device to perform job management, wherein issuance request means for requesting the directory server to issue an access ticket. First command issuing means for setting the issued access ticket, generating a management command for acquiring a session key, and issuing the management command to the peripheral device; and job management including the acquired session key. An information processing apparatus comprising: a second command issuing unit that generates a command and issues the command to the peripheral device. 11. The information processing apparatus according to claim 9, wherein the job management command is a command for canceling a specified job. 12. The information processing apparatus according to claim 9, wherein the job management command is a job information acquisition command in the peripheral device. 13. An information processing apparatus which is connected to a peripheral device and a directory server via a network and causes the peripheral device to perform device management, wherein issuance request means for requesting the directory server to issue an access ticket. Command generating means for generating a device management command including the issued access ticket, and command issuing means for issuing the generated device management command to the peripheral device. Processing equipment. 14. An information processing apparatus which is connected to a peripheral device and a directory server via a network and causes the peripheral device to perform device management, wherein issuance request means for requesting the directory server to issue an access ticket. First command issuing means for setting the issued access ticket, generating a management command for acquiring a session key, and issuing the management command to the peripheral device; and device management including the acquired session key. An information processing apparatus comprising: a second command issuing unit that generates a command and issues the command to the peripheral device. 15. A peripheral device control system for connecting an information processing device, a directory server, and a peripheral device via a network, wherein the peripheral device manages a job transmitted from the information processing device via the network. The information processing apparatus includes: an issuance request unit that requests the directory server to issue an access ticket; a command generation unit that generates a job management command including the issued access ticket; A command issuing unit for issuing to the peripheral device, wherein the peripheral device decodes an access ticket included in the job.
A second decryption unit that decrypts an access ticket included in the job management command; and a second decryption unit that decrypts an access ticket included in the job and an access ticket included in the job management command. A peripheral device control system, comprising: a management unit for managing a job. 16. A peripheral device control system in which an information processing device, a directory server, and a peripheral device are connected via a communication line, and wherein the peripheral device manages a job transmitted from the information processing device via the network. The information processing apparatus, an issuance requesting unit for requesting the directory server to issue an access ticket, and setting the issued access ticket, generating a management command for acquiring a session key, and generating the management command. And a second command issuing unit that generates a job management command including the obtained session key and issues the job management command to the peripheral device. First to decrypt the access ticket contained in
A second decryption unit that decrypts an access ticket included in the job management command; a storage unit that stores an access ticket included in the decrypted job management command; and the stored access ticket. Issuance means for issuing a session key for the job, acquisition means for acquiring the stored access ticket based on the session key included in the job management command, access ticket included in the job and the acquired A management unit for managing the job in accordance with the decoded content of the access ticket. 17. A management method in which a peripheral device manages a job input from the outside according to an input job management command, wherein: a step of decoding an access ticket included in the job; Decrypting the access ticket included in the job and managing the job according to the decrypted content of the access ticket included in the job and the access ticket included in the job management command. . 18. A management method in which a peripheral device manages a job input from the outside in accordance with an input job management command, wherein: a step of decoding an access ticket included in the job; Decrypting the access ticket included in the job management command; storing the access ticket included in the decrypted job management command; issuing a session key for the stored access ticket; Obtaining the stored access ticket based on the session key; and managing the job according to the access ticket included in the job and the decrypted content of the obtained access ticket. A management method characterized by having. 19. A management method in which a peripheral device performs device management according to an input device management command, wherein: a step of decoding an access ticket included in the device management command; Managing the device in accordance with the decrypted content. 20. A management method in which a peripheral device performs device management in accordance with the input device management command, wherein: a step of decoding an access ticket included in the device management command; and a step of decoding an access ticket included in the decoded device management command. Storing the access ticket to be stored, issuing a session key for the stored access ticket, and obtaining the stored access ticket based on the session key included in the device management command. Managing the device according to the decrypted contents of the acquired access ticket. 21. A management method in which an information processing device connected to a peripheral device and a directory server via a network performs job management for the peripheral device, and issues an access ticket to the directory server. Requesting; generating a job management command including the issued access ticket; and issuing the generated job management command to the peripheral device. 22. A management method in which an information processing apparatus connected to a peripheral device and a directory server via a network performs job management for the peripheral device, and issues an access ticket to the directory server. Requesting; setting the issued access ticket; generating a management command for acquiring a session key; and issuing the management command to the peripheral device; and issuing a job management command including the acquired session key. Generating and issuing to the peripheral device. 23. The management method according to claim 17, wherein said job management command is a command for canceling a designated job. 24. The management method according to claim 17, wherein said job management command is a job information acquisition command in said peripheral device. 25. A management method for causing an information processing device connected to a peripheral device and a directory server via a network to perform device management on the peripheral device, and issues an access ticket to the directory server. Requesting; generating a device management command including the issued access ticket; and issuing the generated device management command to the peripheral device. 26. A management method in which an information processing device connected to a peripheral device and a directory server via a communication line performs device management for the peripheral device, and issues an access ticket to the directory server. Requesting, setting the issued access ticket, generating a management command for acquiring a session key and issuing the management command to the peripheral device, and a device management command including the acquired session key. And issuing the generated information to the peripheral device. 27. According to a job management command executed by a computer in a peripheral device and input thereto,
Management software including a program for managing a job input from outside, wherein the program decrypts an access ticket included in the job, and decrypts an access ticket included in the job management command. Management software comprising: a procedure; and a procedure for managing the job in accordance with a decrypted content of an access ticket included in the job and an access ticket included in the job management command. 28. According to a job management command executed by a computer in a peripheral device and input thereto,
Management software including a program for managing a job input from outside, wherein the program decrypts an access ticket included in the job, and decrypts an access ticket included in the job management command. A step of storing an access ticket included in the decrypted job management command; a step of issuing a session key for the stored access ticket; and a step of storing a session key included in the job management command. Acquiring the stored access ticket; and managing the job according to the access ticket included in the job and the decrypted contents of the acquired access ticket. Management software. 29. Management software that is executed by a computer in a peripheral device and includes a program for performing device management in accordance with an input device management command, wherein the program includes an access included in the device management command. Management software comprising: a procedure for decrypting a ticket; and a procedure for managing the device according to the decrypted content of an access ticket included in the device management command. 30. Management software that is executed by a computer in a peripheral device and includes a program for performing device management according to an input device management command, wherein the program includes an access included in the device management command. A step of decrypting a ticket; a step of storing an access ticket included in the decrypted device management command; a step of issuing a session key for the stored access ticket; and the session included in the device management command. Management software comprising: a step of obtaining the stored access ticket based on a key; and a step of managing the device according to the decrypted content of the obtained access ticket. 31. Management software that is executed by a computer in an information processing apparatus connected to a peripheral device and a directory server via a network, and includes a program for causing the peripheral device to perform job management, A step of requesting the directory server to issue an access ticket; a step of generating a job management command including the issued access ticket; and transmitting the generated job management command to the peripheral device. Management software, comprising: 32. Management software that is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network, and includes a program for causing the peripheral device to perform job management, A step of requesting the directory server to issue an access ticket; setting the issued access ticket; generating a management command for acquiring a session key; and issuing the management command to the peripheral device. Management software including a step of generating a job management command including the acquired session key and issuing the job management command to the peripheral device. 33. The management software according to claim 27, wherein the job management command is a command for canceling a designated job. 34. The management software according to claim 27, wherein the job management command is a job information acquisition command in the peripheral device. 35. Management software that is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network, and includes a program for causing the peripheral device to perform device management. A step of requesting the directory server to issue an access ticket; a step of generating a device management command including the issued access ticket; and transmitting the generated device management command to the peripheral device. Management software, comprising: 36. Management software that is executed by a computer in an information processing apparatus connected to a peripheral device and a directory server via a network, and includes a program for causing the peripheral device to perform device management, A step of requesting the directory server to issue an access ticket; setting the issued access ticket; generating a management command for acquiring a session key; and issuing the management command to the peripheral device. Management software including a procedure of generating a device management command including the acquired session key and issuing the command to the peripheral device. 37. Executed by a computer in the peripheral device, and according to the input job management command,
A storage medium storing a program for managing a job input from the outside, the program comprising: a procedure for decoding an access ticket included in the job; and an access ticket included in the job management command. A storage medium comprising: a decryption procedure; and a procedure for managing the job according to the decrypted contents of an access ticket included in the job and an access ticket included in the job management command. 38. According to a job management command executed by a computer in a peripheral device and input thereto,
A storage medium including a program for managing a job input from outside, wherein the program decrypts an access ticket included in the job, and decrypts an access ticket included in the job management command. A step of storing an access ticket included in the decrypted job management command; a step of issuing a session key for the stored access ticket; and a step of storing a session key included in the job management command. Acquiring the stored access ticket; and managing the job according to the access ticket included in the job and the decrypted contents of the acquired access ticket. Storage medium. 39. A storage medium that is executed by a computer in a peripheral device and includes a program for performing device management in accordance with an input device management command, wherein the program includes an access included in the device management command. A storage medium comprising: a procedure for decrypting a ticket; and a procedure for managing the device according to the decrypted content of an access ticket included in the device management command. 40. A storage medium that is executed by a computer in a peripheral device and includes a program for performing device management in accordance with an input device management command, wherein the program includes an access included in the device management command. A step of decrypting a ticket; a step of storing an access ticket included in the decrypted device management command; a step of issuing a session key for the stored access ticket; and the session included in the device management command. A storage medium, comprising: a procedure for acquiring the stored access ticket based on a key; and a procedure for managing the device in accordance with the decrypted content of the acquired access ticket. 41. A storage medium which is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network, and includes a program for causing the peripheral device to perform job management, A step of requesting the directory server to issue an access ticket; a step of generating a job management command including the issued access ticket; and transmitting the generated job management command to the peripheral device. And issuing the data. 42. A storage medium that is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network, and includes a program for causing the peripheral device to perform job management, A step of requesting the directory server to issue an access ticket; setting the issued access ticket; generating a management command for acquiring a session key; and issuing the management command to the peripheral device. And a step of generating a job management command including the obtained session key and issuing the job management command to the peripheral device. 43. The management software according to claim 37, wherein the job management command is a command for canceling a specified job. 44. The management software according to claim 37, wherein the job management command is a job information acquisition command in the peripheral device. 45. A storage medium which is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network, and includes a program for causing the peripheral device to perform device management, A step of requesting the directory server to issue an access ticket; a step of generating a device management command including the issued access ticket; and transmitting the generated device management command to the peripheral device. And issuing the data. 46. A storage medium which is executed by a computer in an information processing device connected to a peripheral device and a directory server via a network, and includes a program for causing the peripheral device to perform device management, A step of requesting the directory server to issue an access ticket; setting the issued access ticket; generating a management command for acquiring a session key; and issuing the management command to the peripheral device. And a step of generating a device management command including the obtained session key and issuing the device management command to the peripheral device. 47. A storage unit for storing attribute information indicating a function of a device, a status of a device, a job status, and the like; and obtaining and storing the stored attribute information in accordance with an instruction of an information processing device connected to the network. 3. An acquisition setting execution unit for performing setting, wherein the attribute information includes a list of types of the directory server that can be supported.
Peripherals described. 48. A storage means for storing attribute information indicating a function of a device, a status of the device, a job status, and the like; and acquiring and storing the stored attribute information in accordance with an instruction of an information processing device connected to the network. The peripheral device according to claim 1, further comprising: an acquisition setting execution unit configured to perform setting, wherein the attribute information includes a type of a directory server currently supported. 49. The information processing apparatus comprising: a step of acquiring the attribute information from the peripheral device; and a step of transmitting a control command according to the acquired attribute information. 23. The management method according to claim 21, further comprising a list of types of the directory server. 50. The information processing apparatus comprising: a step of acquiring the attribute information from the peripheral device; and a step of transmitting a control command in accordance with the acquired attribute information. 23. The management method according to claim 21, wherein a type of the directory server is included. 51. The program, comprising: a step of acquiring the attribute information from the peripheral device; and a step of transmitting a control command according to the acquired attribute information, wherein the attribute information corresponds to the directory 33. The management software according to claim 31, wherein the management software includes a list of server types. 52. The program has a step of acquiring the attribute information from the peripheral device, and a step of transmitting a control command in accordance with the acquired attribute information. 33. The management software according to claim 31, wherein a type of the directory server is included. 53. The program according to claim 53, further comprising: a step of acquiring the attribute information from the peripheral device; and a step of transmitting a control command in accordance with the acquired attribute information. 33. The management software according to claim 31, wherein the management software includes a list of server types. 54. The program has a step of acquiring the attribute information from the peripheral device, and a step of transmitting a control command according to the acquired attribute information. 33. The management software according to claim 31, wherein a type of the directory server is included. 55. The program according to claim 55, further comprising: a step of acquiring the attribute information from the peripheral device; and a step of transmitting a control command according to the acquired attribute information. 43. The storage medium according to claim 41, comprising a list of server types. 56. The program, comprising: acquiring the attribute information from the peripheral device; and transmitting a control command according to the acquired attribute information, wherein the attribute information is 43. The storage medium according to claim 41, wherein the type of directory server includes the type of the directory server. 57. An acquisition unit having a console operated by a user, connecting to the directory server using user information input from the console, and acquiring an access ticket for a peripheral device of the user. 3. The peripheral device according to claim 1, wherein: 58. The peripheral device according to claim 1, wherein an access ticket included in the job received via the network is decrypted, and the peripheral device operates according to the content of the decrypted access ticket. 59. The peripheral according to claim 57, wherein the access ticket includes user information, and recording means for recording as a log the number of sheets printed based on the user information and the job is provided. machine. 60. The apparatus according to claim 60, wherein the access ticket includes user information, and transmission means for transmitting the number of copies printed based on the user information and the job to the directory server connected via the network. The peripheral device according to claim 57 or 58. 61. The access ticket includes a maximum number of printable sheets, and a determination unit for determining whether or not to accept a job based on the maximum number of printable sheets. 58. An ending means for ending the operation.
Or the peripheral device according to 58. 62. An access unit, wherein the access ticket includes user information, and obtains the maximum number of printable sheets of the user stored in the directory server using the user information immediately before execution of a job; 58. A printer according to claim 57, further comprising: a determination unit configured to determine whether the job can be accepted based on the acquired maximum printable number, and a termination unit configured to terminate the job when the maximum printable number is exceeded.
Or the peripheral device according to 58. 63. The attribute information includes a list of operation modes that can be taken when connection to the directory server cannot be established, and a current operation mode to be taken when connection to the directory server cannot be established. 58. The peripheral device according to claim 57, further comprising: an acquisition setting execution unit configured to acquire and set the attribute information in accordance with an instruction of a connected information processing device. 64. A storage device, comprising: comparing means for comparing temporarily stored user information with user information input from the console, wherein an operation mode that can be taken when the connection to the directory server cannot be established is the temporarily stored operation mode. 58. The peripheral device according to claim 57, wherein the operation mode is a mode in which the operation is performed when the user information input and the user information input from the console match. 65. A storage system comprising: comparing means for comparing temporarily stored user information with user information input from the console, wherein the operation mode that can be taken when the connection to the directory server cannot be established is the temporarily stored operation mode. 58. The peripheral mode according to claim 57, wherein when the user information entered matches the user information input from the console, the mode is such that the operation is performed only for a predetermined time after the access ticket is normally acquired. machine. 66. A comparing device for comparing the temporarily stored user information with the user information input from the console, wherein the operation mode that can be taken when the connection to the directory server cannot be established is the temporarily stored operation mode. If the user information entered matches the user information input from the console, the access ticket is normally acquired, and only for a predetermined time, and only for the maximum number of printable sheets stored in the device in advance. 58. The peripheral device according to claim 57, wherein the peripheral device is in an operation mode. 67. A storage device, comprising: comparing means for comparing temporarily stored user information with user information input from the console, wherein the operation mode that can be taken when the connection to the directory server cannot be established is the temporarily stored operation mode. If the user information entered matches the user information input from the console, the maximum number of prints of the user in the temporarily stored user information can be performed only for a predetermined time after the access ticket is normally acquired. The peripheral device according to claim 57, wherein the operation mode is a mode in which the operation is performed only for the number of sheets. 68. A comparison means for comparing the temporarily stored user information with the user information input from the console, wherein the operation mode that can be taken when the connection to the directory server cannot be established is the temporarily stored operation mode. 58. The mode according to claim 57, wherein when the user information entered matches the user information input from the console, the operation is performed only for the maximum number of printable sheets stored in the device in advance. Peripheral equipment. 69. A storage device, comprising: comparing means for comparing temporarily stored user information with user information input from the console, wherein the operation mode that can be taken when the connection to the directory server cannot be established is the temporarily stored user mode. When the user information entered and the user information input from the console match, the operation is performed only for the maximum number of printable sheets of the user in the temporarily stored user information. Item 55. The peripheral device according to Item 57. 70. A storage device, comprising: comparing means for comparing temporarily stored user information with user information input from the console, wherein an operation mode that can be taken when the connection to the directory server cannot be established is obtained by temporarily storing the temporarily stored user information. If the user information entered and the user information input from the console match, the operation is limited to the maximum number of printable sheets for each user session stored in the device in advance. Item 55. The peripheral device according to Item 57. 71. A comparison unit for comparing temporarily stored user information with user information input from the console, wherein an operation mode that can be taken when the connection to the directory server cannot be established is determined by a user using a peripheral device. 58. The peripheral device according to claim 57, wherein the peripheral device is in an operation mode in which is not used. 72. The peripheral device according to claim 57, wherein the maximum printable number stored in the device in advance is reduced in proportion to the time since the access ticket was normally acquired. . 73. The method according to claim 17, further comprising the step of connecting to the directory server using user information input from a console and obtaining an access ticket for a peripheral device of the user. Management method. 74. The management method according to claim 17, further comprising a step of decrypting an access ticket included in the job received via the network, and operating according to the content of the decrypted access ticket. . 75. The program according to claim 26, further comprising a step of connecting to the directory server using user information input from a console and obtaining an access ticket for a peripheral device of the user. Or the management software according to 27. 76. The program according to claim 26, wherein the program includes a procedure for decrypting an access ticket included in the job received via the network and operating in accordance with the content of the decrypted access ticket. Management software as described. 77. The program according to claim 37, further comprising a step of connecting to the directory server using user information input from a console and acquiring an access ticket for a peripheral device of the user. Or the storage medium of 38. 78. The program according to claim 37, wherein the program includes a procedure for decrypting an access ticket included in the job received via the network, and operating according to the content of the decrypted access ticket. The storage medium according to the above. 79. A copying apparatus connected to a network and managed by a directory server on the network, comprising: operating means for inputting user information for logging in to the directory server and instructing start of a copy job; After logging in to the directory server, obtaining means for obtaining management information corresponding to the user information from the directory server, and control means for restricting execution of the copy job based on the management information. Copier. 80. The copying apparatus according to claim 79, wherein the user information is input to the client computer when logging in to the directory server from the client computer on the network. The management information may include a printable number and / or a cumulative number of prints.
9. The copying apparatus according to item 9. 82. An apparatus according to claim 79, further comprising updating means for updating management information managed by said directory server in accordance with said user information in accordance with an execution result of said copy job. Copying device as described. 83. The apparatus according to claim 79, further comprising: input means for inputting biological information; and generating means for generating the user information based on the biological information input by the input means. Copying equipment. 84. A management method for managing a copying apparatus connected to a network by a directory server on the network, comprising the steps of: inputting user information for logging in to the directory server; A step of acquiring management information corresponding to the user information from the directory server after logging in to the directory server; and a step of restricting execution of the copy job based on the management information. Management method. 85. The management method according to claim 84, wherein the user information is input to the client computer when logging in to the directory server from the client computer on the network. 86. The management information includes a printable number and / or a cumulative number of prints.
4. The management method according to 4. 87. The method according to claim 84, further comprising the step of updating management information managed by said directory server in accordance with said user information in accordance with a result of said execution of said copy job. Management method. 88. The management method according to claim 84, further comprising the steps of: inputting biological information; and generating the user information based on the input biological information.