JP2005011322A - Information processor and authentication function control method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processor and an authentication function control method capable of realizing compatibility between safety of the authentication function and facilitation of handling, and adding easily a new authentication function. <P>SOLUTION: This information processor 1 wherein utilization restriction imposed on a program is removed by a user and the user removing the utilization restriction is allowed to utilize the program has a setting function for setting correlatively one or more programs 42 on which the utilization restriction is imposed in one or more authentication means 70 for removing the utilization restriction of the programs 42, and a utilization function for allowing the user utilizing the programs 42 to remove the utilization restriction imposed on the programs 42 by the authentication means 70 associated with the programs 42 and to utilize the programs 42 whose utilization restriction is removed. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an information processing apparatus and an authentication function control method, and more particularly to an information processing apparatus and an authentication function control method that provide one or more authentication functions to one or more programs.

  2. Description of the Related Art In recent years, an image processing apparatus (hereinafter referred to as a multi-function apparatus) has become known as an example of an information processing apparatus in which functions of apparatuses such as a printer, a copy, a facsimile, and a scanner are housed in a single casing. This multi-function apparatus is provided with a display unit, a printing unit, an imaging unit, and the like in one casing, and four types of software corresponding to a printer, a copy, a facsimile, and a scanner, respectively. Operates as a copy, facsimile and scanner. Patent Document 1 describes an example of a fusion machine as described above.

In such a fusion machine, when operating as a printer, copy, facsimile or scanner, the user is authorized to use the printer, copy, facsimile or scanner using an authentication function, and Billing was done using the billing function. Patent Document 2 describes an example of an image processing system that can be executed by a user when a card is set in a card reader.
JP 2002-84383 A JP 2002-288737 A

  In the conventional multi-function apparatus, it is necessary to set the authentication function and billing function to be used for each multi-function apparatus. Therefore, the conventional multi-function apparatus has a problem that it is difficult to achieve both the security of the authentication function and the charging function and the ease of handling of the authentication function and the charging function.

  In addition, the security of the authentication function and the billing function is usually higher as a new method or a new version. However, the conventional multi-function apparatus has a problem that a program change is required to use the new authentication function and billing function, and the new authentication function and billing function cannot be easily added.

  The present invention has been made in view of the above points, and is an information processing apparatus and an authentication function that can achieve both the safety of the authentication function and the ease of handling, and can easily add a new authentication function. An object is to provide a control method.

  Therefore, in order to solve the above-described problem, the present invention is an information processing apparatus that allows a user to release a usage restriction imposed on a program and causes the user who has released the usage restriction to use the program. A setting function for associating and setting one or more programs to which the use restriction is applied to one or more authentication means for releasing the use restriction, and a user who uses the program are associated with the program. And a use function that allows the use restriction applied to the program to be released by the authenticating means and to use the program for which the use restriction has been removed.

  The present invention also provides an authentication function control method for an information processing apparatus that causes a user to release a usage restriction imposed on a program and causes the user who has released the usage restriction to use the program, wherein the program usage restriction A setting step of associating and setting one or more programs that are restricted in use to one or more authentication means for canceling the password, and a program that is associated with a user who uses the program A use step of releasing a use restriction applied to the program by an authentication unit and using the program for which the use restriction has been removed.

  In the present invention, one or more authentication means for canceling the use restriction of a program can be set in association with one or more programs to which the use restriction is applied, so that different security strengths can be realized for each program. In addition, since the authentication means and the program can be set in association with each other, it is easy to add and manage the authentication function.

  According to the present invention, the security of the authentication function and the ease of handling can be compatible, and a new authentication function can be easily added.

  Next, the best mode for carrying out the present invention will be described based on the following embodiments with reference to the drawings. In the present embodiment, a multifunction peripheral as an example of an information processing apparatus will be described as an example. However, any information processing apparatus that provides an authentication function to one or more programs may be used.

  FIG. 1 shows a block diagram of an embodiment of a compound machine according to the present invention. The compound machine 1 of FIG. 1 is configured to include a hardware resource 10, a compound machine starting unit 20, and a software group 30. The hardware resource 10 includes a plotter 11, a scanner 12, and other hardware resources 13 such as a facsimile. The software group 30 includes an application 40 and a platform 50 that are executed on an operating system (hereinafter referred to as OS) such as UNIX (registered trademark). The multi-function apparatus activation unit 20 is executed first when the multi-function apparatus 1 is powered on, and activates the application 40 and the platform 50 on the OS.

  The application 40 has various applications such as a printer application 41, a copy application 42, a fax application 43, a scanner application 44, and a WSF (WEB service sharing function) 45. The platform 50 includes a control service 51, an SRM (system resource manager) 52, and a handler layer 53.

  The control service 51 includes an NCS (network control service) 61, a DCS (delivery control service) 62, an OCS (operation panel control service) 63, an FCS (fax control service) 64, an ECS (engine control service) 65, and an MCS (memory control). Service) 66, UCS (User Information Control Service) 67, CCS (Authentication Control Service) 68, SCS (System Control Service) 69, etc. The platform 50 is configured to have an API (Application Program Interface) 54.

  The CCS 68 provides an authentication service to the application 40. Further, the CCS 68 includes one or more authentication modules (authentication M in FIG. 1) 70 and a charging module (charging M in FIG. 1) 71.

  The handler layer 53 includes an FCUH (fax control unit handler) 81 and an IMH (image memory handler) 82. The SRM 52 and the FCUH 81 use the engine I / F 55 to make a processing request for the hardware resource 10. Details of the compound machine 1 shown in FIG. 1 are described in, for example, Japanese Patent Application Laid-Open No. 2002-84383. Next, the hardware configuration of the compound machine 1 according to the present invention will be described.

  FIG. 2 is a hardware configuration diagram of an embodiment of the compound machine according to the present invention. 2 includes a controller 100, an operation panel 120, an FCU 121, and an engine unit 122.

  The controller 100 includes a CPU 101, a system memory 102, an NB (North Bridge) 103, an SB (South Bridge) 104, an AGP (Accelerated Graphics Port) 105, an ASIC 106, a local memory 107, an HDD 108, an NIC (Network Interface Card) 109, and a USB device. 110, an IEEE 1394 device 111, a Centronics 112, an SD card reader 113, and an IC card reader 114. Details of the compound machine 1 in FIG. 2 are described in, for example, Japanese Patent Application Laid-Open No. 2002-84383.

  Hereinafter, an authentication function control method realized by the multifunction machine 1 will be described with reference to the drawings. FIG. 3 is an explanatory diagram for explaining an example of the authentication function control method according to the present invention. Note that the illustration of FIG. 3 omits the configuration of the compound machine 1 that is not necessary for the description.

  The multi-function apparatus 1 is connected to one or more computers 210 via a network 220 such as Ethernet (registered trademark). A user can remotely operate the compound machine 1 by using the computer 210. The multifunction device 1 is connected to an authentication device and a billing device via a device driver 200. Further, the multifunction device 1 is connected to an SD card reader 113 via a device driver 200.

  The IC card reader 114, the key card 206, and the coin rack 207 are examples of an authentication device or a billing device. The IC card reader 114 can insert and remove the IC card 205. One or more authentication modules 70 and billing modules 71 included in the CCS 68 correspond to an authentication device or billing device connected to the multi-function apparatus 1, respectively.

  The SD card reader 113 can insert and remove the SD card 204. The authentication module 70 and the billing module 71 included in the CCS 68 include those added from the SD card 204. Note that the authentication module 70 and the billing module 71 included in the CCS 68 may include one or more authentication modules and billing modules therein.

  The SCS 69 manages an authentication device and an accounting device connected via the device driver 200, and an authentication module 70 and an accounting module 71 included in the CCS 68, using an authentication / accounting setting table 201 as shown in FIG. FIG. 4 is a configuration diagram of an example of the authentication / billing setting table.

  The authentication / accounting setting table 201 has an application, an authentication unit, and an accounting unit as data items. The authentication means corresponds to the authentication module 70. The charging means corresponds to the charging module 71. In other words, the authentication / billing setting table 201 can set the authentication module 70 and the billing module 70 for each application.

  For example, in the authentication / billing setting table 201 of FIG. 4, the authentication module A is set as the authentication means of the copy application 42, and the charging module I is set as the charging means. In the authentication / billing setting table 201 of FIG. 4, the authentication module B or C is set as the authentication means of the fax application 43, and the charging module III is set as the charging means. Further, in the authentication / billing setting table 201 of FIG. 4, the authentication modules A and C are set as the authentication means of the scanner application 44, and the charging module II is set as the charging means.

  As described above, in the authentication / billing setting table 201, a logical product (AND) or a logical sum (OR) of a plurality of authentication modules 70 can be set as an authentication unit. Although not shown in the authentication / accounting setting table 201 of FIG. 4, a logical product (AND) or a logical sum (OR) of a plurality of charging modules 71 can be set as a charging unit.

  The MCS 66 manages the accumulated document DB 203. The UCS 67 manages the address book table 202. The address book table 202 has user entry information as shown in FIG. FIG. 5 is a configuration diagram of an example of entry information.

  The entry information 230 represents information of one user who uses the multi-function apparatus 1. The entry information 230 is classified into entry information 230a to 230d. The entry information 230a includes a serial number and an owner ID as items. The entry information 230b includes items such as a registration number, name, mail address, fax number, SMB / FTP name, and user list 231a. The entry information 230c includes items such as a password, an SMB / FTP password, and a user list 231b. The entry information 230d includes items such as a user name, usage restriction information, billing data, and a user list 231c.

  In the user list 231a, users who have operation authority for the entry information 230b are set. In the user list 231b, users who have operation authority for the entry information 230c are set. In the user list 231c, users who have operation authority for the entry information 230d are set.

  In the user lists 231a to 231c, viewing authority (R), editing authority (W), deletion authority (D), and owner authority (O) are set as operation authorities for the entry information 230b to 230d.

  The usage restriction information included in the entry information 230 includes, for example, permission or disapproval of monochrome copying, permission or disapproval of two-color copying, permission or disapproval of full-color copying, permission or disapproval of monochrome printing, and monochrome printing. Permit or disallow, Permit or disallow two-color printing, Permit or disallow full-color printing, Permit or disallow fax transmission, Permit or disallow scanner scanning, Permit or disallow document box printing, Network access Permitted or not permitted.

  Next, a procedure for adding the authentication module 70 and the billing module 71 from the SD card 204 will be described. For example, when there is a display request for a user authentication management screen for registering the authentication module 70 and the billing module 71 from the user, the multi-function device 1 displays the user authentication management screen 250 or 260 on the operation panel 120. FIG. 6 is an image diagram of an example of a user authentication management screen.

  The user authentication management screen 250 is an image diagram when the authentication module 70 and the accounting module 71 are not stored in the SD card 204. Therefore, the additional authentication button 251 for using the authentication module 70 and the charging module 71 added from the SD card 204 cannot be selected (half luminance).

  On the other hand, the user authentication management screen 260 is an image diagram when the authentication module 70 and the accounting module 71 are stored in the SD card 204. When the CCS 68 detects the authentication module 70 and the charging module 71 from the directory (for example, root / ccs / option) of the SD card 204 at the time of activation, the CCS 68 adds the authentication module 70 and the charging module 71 from the SD card 204. Therefore, the additional authentication button 261 for using the authentication module 70 and the charging module 71 added from the SD card 204 can be selected.

  When the user selects the additional authentication button 261, an authentication method and a charging method corresponding to the authentication module 70 and the charging module 71 added from the SD card 204 are displayed on the user authentication management screen 260. For example, on the user authentication management screen 260 of FIG. 6, IC card authentication and fingerprint authentication as examples of authentication methods are displayed. On the user authentication management screen 260, an authentication device and a charging device corresponding to the authentication module 70 and the charging module 71 added from the SD card 204 may be displayed. The user can select an authentication method and a billing method using the user authentication management screen 260.

  When the user presses the next button 262, a user authentication management screen 270 is displayed on the operation panel 120. The user authentication management screen 270 displays various functions (management contents) for selecting an authentication method and an accounting method. The user can use the user authentication management screen 270 to select various functions for selecting an authentication method and a billing method.

  Next, a procedure for creating the authentication / billing setting table 201 in FIG. 4 will be described. For example, after starting the application 40 and the platform 50, the multi-function apparatus 1 displays a screen 300 for performing copying as shown in FIG.

  7 and 8 are transition diagrams of examples of screens displayed on the operation panel. When the user presses the initial setting button 301 on the screen 300, the multi-function apparatus 1 displays a screen 310 for performing initial setting on the operation panel 120. When the user presses the system initial setting button 311 on the screen 310, the multi-function apparatus 1 displays a screen 320 for performing system initial setting on the operation panel 120.

  When the user presses the administrator setting button 321 on the screen 320, the multi-function apparatus 1 displays a screen 330 as shown in FIG. The user can create the authentication / billing setting table 201 using the screens 340, 350, or 360 that can transition from the screen 330.

  When the user presses the user code management button 331 on the screen 330, the multi-function apparatus 1 displays a screen 340 for setting management based on the user code as an authentication unit and a billing unit of the application 40 on the operation panel 120. When the user presses the key counter management button 332 on the screen 330, the multi-function apparatus 1 displays on the operation panel 120 a screen 350 for setting management by the key counter as an authentication unit and a billing unit of the application 40. When the user presses the external charging device management button 333 on the screen 330, the multi-function apparatus 1 displays on the operation panel 120 a screen 360 for setting management by the external charging device as the authentication means and charging means of the application 40.

  If the user selects a plurality of authentication means and billing means for the same application 40 using the screens 340, 350 and 360, the logical product (AND) or logical sum (AND) in the authentication / billing setting table 201 of FIG. OR) can be set.

  The creation procedure of the authentication / billing setting table 201 has been described based on the example of the screen displayed on the operation panel 120. However, the screens 300 to 360 are displayed on the operation panel 120 by the OCS 63. Note that the SCS 69 makes a drawing request for the screens 300 to 360 to the OCS 63.

  When the application 40 in which the authentication unit and the accounting unit are set in the authentication / accounting setting table 201 is activated, an authentication screen as described later is displayed on the operation panel 120. Here, an example of starting the copy application 42 will be described.

  FIG. 9 is an image diagram of an example of an authentication screen when management by a user code is set as an authentication unit and a billing unit of a copy application. The authentication screen 400 in FIG. 9 includes an input field 401 for inputting a user code and a message for inputting the user code. When the user inputs a user code in the input field 401 and presses the # button 402, the multi-function device 1 performs an authentication process as described later. When the authentication process ends normally, a screen 300 for performing copying is displayed on the operation panel 120 of the multi-function apparatus 1.

  FIG. 10 is an image diagram of an example of an authentication screen when management by a coin rack is set as an authentication unit and a billing unit of a copy application. The authentication screen 410 in FIG. 10 includes a message indicating that the coin rack 207 is to be charged. When the user inserts a predetermined amount into the coin rack 207, the multi-function apparatus 1 performs an authentication process as described later. When the authentication process ends normally, a screen 300 for performing copying is displayed on the operation panel 120 of the multi-function apparatus 1.

  FIG. 11 is an image diagram of an example of an authentication screen when management by a plurality of means is set as a copy application authentication means and a billing means. The screen 420 and the screen 430 are for selecting a key counter, key card, user code, user authentication, IC card 205, and fingerprint authentication set in the authentication / billing setting table 201 as a copy application authentication unit and billing unit. Includes buttons.

  When the screen 420 is displayed on the operation panel 120 and the user presses the next page button 421, the multi-function device 1 displays the screen 430 on the operation panel 120. On the other hand, when the user presses the previous page button 431 while the screen 430 is displayed on the operation panel 120, the multi-function device 1 displays the screen 420 on the operation panel 120.

  For example, when the user presses a button for selecting a user code included in the screen 420, an authentication screen 440 in the case where management by the user code is set is displayed on the operation panel 120 of the multi-function apparatus 1. When the user presses a button for selecting a key counter included in the screen 420, an authentication screen 450 when management by the key counter is set is displayed on the operation panel 120 of the multi-function apparatus 1.

  As described above, when the authentication process ends normally, the operation panel 120 of the multi-function apparatus 1 displays a screen 300 for performing copying. In the authentication screen of FIG. 11, if the authentication processing of one of a plurality of means set in the authentication / billing setting table 201 as the authentication means and the charging means is completed normally, the operation panel 120 is copied. A screen 300 is displayed. In this case, an OR of a plurality of authentication modules 70 is set in the authentication / billing setting table 201 as an authentication means.

  FIG. 12 is an image diagram of another example of the authentication screen when management by a plurality of means is set as the authentication means and billing means of the copy application. Screens 460 and 470 include buttons for selecting a user code, a key counter, a key card, and fingerprint authentication set in authentication / billing setting table 201 as a copy application authentication unit and a billing unit.

  In the case of the screen 460 and the screen 470, the user performs a copy to the operation panel 120 if the authentication process using the user code and the authentication process using any one of the key counter, the key card, and the fingerprint authentication are not completed normally. 300 cannot be displayed.

  When the screen 460 is displayed on the operation panel 120 and the user presses the next page button 461, the multi-function device 1 displays the screen 470 on the operation panel 120. On the other hand, when the screen 470 is displayed on the operation panel 120 and the user presses the previous page button 471, the multi-function device 1 displays the screen 460 on the operation panel 120.

  For example, when the user presses a button for selecting a key card included in the screen 460, an authentication screen (not shown) when management by the key card is set is displayed on the operation panel 120 of the multifunction machine 1. . When the authentication process using the key card is normally completed, a screen 480 including a button for selecting a user code or a key counter is displayed on the operation panel 120 of the MFP 1.

  When the user presses a button for selecting a user code included in the screen 480, an authentication screen 500 when management by user code is set is displayed on the operation panel 120 of the MFP 1. When the authentication process using the user code is normally completed, a screen 300 for performing copying is displayed on the operation panel 120 of the multi-function apparatus 1.

  Further, when the user presses a button for selecting a user code included in the screen 460, an authentication screen (not shown) when management by the user code is set is displayed on the operation panel 120 of the MFP 1. The When the authentication process using the user code is normally completed, a screen 490 including a button for selecting a key counter or a key card is displayed on the operation panel 120 of the MFP 1.

  When the user presses a button for selecting a key counter or key card included in the screen 490, an authentication screen (not shown) when management by the key counter or key card is set on the operation panel 120 of the multi-function apparatus 1 is displayed. ) Is displayed. When the authentication process using the key counter or the key card is normally completed, a screen 300 for copying is displayed on the operation panel 120 of the multi-function apparatus 1.

  As described above, when the authentication process using the user code and the authentication process using any one of the key counter, key card, and fingerprint authentication are normally completed, the operation panel 120 of the MFP 1 displays the screen 300 for copying. Is done. In the authentication screen of FIG. 12, when the authentication processing of a predetermined combination among a plurality of means set in the authentication / billing setting table 201 as the authentication means and the charging means is normally completed, the operation panel 120 is copied. A screen 300 is displayed. In this case, an AND of a plurality of authentication modules 70 is set in the authentication / billing setting table 201 as an authentication means.

  Next, the processing of the multi-function apparatus 1 to which the authentication module 70 and the charging module 71 are added according to the addition of the authentication unit and the charging unit will be described focusing on the processing related to the authentication module 70 and the charging module 71.

  FIG. 13 is a sequence diagram illustrating an example of processing related to the authentication module and the billing module. For example, when the application 40 and the platform 50 are activated, the authentication module 70 or the billing module 71 of the multi-function apparatus 1 proceeds to step S1. In FIG. 13, the authentication module 70 or the billing module 71 is represented by CCM-A and CCM-B.

  In step S <b> 1, the CCM-A registers the authentication module 70 or the billing module 71 (hereinafter collectively referred to as the authentication / billing module) with the CCS 68. In step S2, the CCM-A registers in the CCS 68 the type of authentication unit or charging unit (for example, coin rack 207) corresponding to the authentication / billing module as the type of authentication / billing device. In step S3, the CCM-A notifies the CCS 68 of the status of the authentication / billing module.

  In step S <b> 4, the CCM-B registers the authentication / billing module with the CCS 68. In step S5, the CCM-B registers, in the CCS 68, the type of authentication unit or charging unit corresponding to the authentication / billing module as the type of authentication / billing device. In step S6, the CCM-B notifies the CCS 68 of the status of the authentication / billing module. The processes of steps S1 to S3 and S4 to S6 are performed for all authentication modules 70 and accounting modules 71 included in the CCS 68.

  In step S 7, the copy application 42 performs application registration with the SCS 69. In step S8, the SCS 69 notifies the copy application 42 of a system setting indicating that the copy application 42 has usage restrictions. If there is a usage restriction due to the system setting notification in step S8, the copy application 42 proceeds to step S9 and performs authentication registration with the CCS 68. In step S 10, the CCS 68 requests the SCS 69 to obtain the authentication / billing setting table 201. In step S 11, the SCS 69 supplies the authentication / billing setting table 201 to the CCS 68.

  In step S12, the CCS 68 refers to the authentication / billing setting table 201 to identify the authentication / billing module set as the authentication means or billing means of the copy application 42, and sends the contents to the copy application 42 as an authentication setting notification. Supply. For example, in the case of the authentication / billing setting table 201 of FIG. 4, the CCS 68 specifies the authentication means A and charging means I set as the authentication means or charging means of the copy application 42, and the contents are used as the authentication setting notification. To supply.

  In step S13, the CCS 68 notifies the copy application 42 of an authentication state. The authentication status notification is a notification of the authentication status (for example, during use restriction) of the authentication / billing module identified in step S12.

  For example, when displaying the screen 300 for performing a copy on the operation panel 120, the copy application 42 proceeds to step S 14 and makes an authentication screen display request to the CCS 68. In step S 15, the CCS 68 performs an authentication screen display notification corresponding to the authentication unit of the copy application 42. For example, the CCS 68 notifies the authentication screen display of the authentication means A set as the authentication means of the copy application 42.

  In step S 16, the SCS 69 sends an operation unit owner transfer request to the copy application 42. Proceeding to step S17 following step S16, the copy application 42 sends an operation unit owner transfer response to the SCS 69. Through the processing in steps S16 and S17, the owner of the operation unit of the multifunction machine 1 is transferred to the copy application 42.

  In step S 18, the SCS 69 sends an authentication screen display preparation request to the CCS 68. In step S 19, the CCS 68 sends an authentication / billing module screen preparation request to the authentication means of the copy application 42. For example, the CCS 68 makes an authentication / billing module screen preparation request to the CCM-A set as the authentication unit of the copy application 42.

  In step S20, the CCM-A set as the authentication means of the copy application 42 constructs an authentication / billing module screen such as the screens 400 and 410. In step S21, the CCM-A notifies the CCS 68 that the authentication / billing module screen is ready.

  In step S22, the CCS 68 notifies the SCS 69 that the authentication screen display preparation is complete. Proceeding to step S23, the SCS 69 displays the authentication / accounting module screen on the operation panel 120 by making a screen rendering request for the authentication / accounting module screen constructed in step S20 to the OCS 63.

  In the multi-function device 1, the authentication / billing module screen is managed by the authentication module 70 or the billing module 71, and the screen for selecting the authentication / billing module screen (for example, screens 420 and 430) is managed by the SCS 69.

  In the sequence diagram of FIG. 13, since the authentication module 70 performs screen construction of the authentication / billing module screen displayed on the operation panel 120, there is no program change of the SCS 69 due to the addition of the authentication / billing module. In the sequence diagram of FIG. 13, since the authentication / billing module registers with the CCS 68 as in steps S1 to S6, there is no program change in the SCS 69 due to the addition of the authentication / billing module. Thus, in the multi-function apparatus 1 according to the present invention, it is easy to add a new authentication function and charging function.

  Next, processing for canceling the use restriction of the application 40 using the authentication screen will be described. FIG. 14 is a sequence diagram of the first embodiment of the usage restriction release process. In the sequence diagram of FIG. 14, the processes of steps S1 to S13 of FIG. 13 performed before the process of step S31 are omitted.

  In step S <b> 31, the copy application 42 issues an authentication screen display request to the CCS 68. In step S32, the CCS 68 causes the authentication module 70 to construct an authentication screen corresponding to the authentication means of the copy application 42. In step S33, the CCS 68 notifies the usage restriction screen. Proceeding to step S 34, the SCS 69 displays the authentication screen on the operation panel 120 by making a screen drawing request for the authentication screen constructed in step S 32 to the OCS 63.

  Here, an example in which user authentication is set as the authentication means of the copy application 42 will be described. In response to the screen rendering request in step S34, the operation panel 120 displays an authentication screen for performing user authentication.

  When the user inputs the user name and password on the authentication screen for user authentication, the OCS 63 proceeds to step S35 and notifies the SCS 69 of the key event. In step S36, the SCS 69 notifies the CCS 68 of the key event.

  In step S37, the CCS 68 converts the notified key event into a user name and a password. In step S 38, the CCS 68 sends a request for user name and password authentication to the UCS 67. In step S 39, the UCS 67 performs authentication of the user name and password supplied from the CCS 68 by checking with the address book table 202.

  In step S40, the UCS 67 notifies the CCS 68 of the authentication result performed in step S39 as an authentication result response. In step S 41, the CCS 68 checks the usage restrictions set in the authentication / billing setting table 201.

  Here, an example in which the use restriction of the copy application 42 is canceled based on the collation result in step S41 will be described. Proceeding to step S42, the CCS 68 notifies the copy application 42 of cancellation of the use restriction by an authentication state notification. In step S43, the CCS 68 supplies the copy application 42 with a ticket indicating that it has been authenticated.

  Note that the ticket includes an expiration date of the ticket, an acquisition date and time, an encryption key used for encrypting the ticket, user information, a digest message (DM) of the entire ticket, and the like. The user information includes, for example, a user name, password, entry ID, usage restriction information, local / remote operation identification information, and the like.

  The copy application 42 supplied with the ticket can receive various services provided by each process. In addition, the digest message of the entire ticket is used to detect falsification of the ticket.

  Note that the CCS 68 proceeds to step S44 and supplies login user information to the SCS 69. The reason why the login information is supplied to the SCS 69 instead of the ticket is that authentication is required again depending on the system initial setting item.

  When the ticket is supplied, the copy application 42 proceeds to step S45, and issues an authentication screen display request for deleting the authentication screen to the CCS 68. In step S46, the CCS 68 makes an authentication screen display request for deleting the authentication screen to the SCS 69.

  In step S 47, the SCS 69 displays the screen 300 on the operation panel 120 by making a screen drawing request for the screen 300 for copying to the OCS 63.

  That is, when the use restriction on the copy application 42 is released, a screen 300 for performing copying is displayed on the operation panel 120, so that the user can use the function provided by the copy application 42.

  FIG. 15 is a sequence diagram of a second example of the usage restriction cancellation process. In the sequence diagram of FIG. 15, similarly to FIG. 14, the processing of steps S <b> 1 to S <b> 13 of FIG. 13 performed before the processing of step S <b> 51 is omitted. Further, the processing in steps S51 to S57 in FIG. 15 is the same as the processing in steps S31 to S37 in FIG.

  Progressing to step S58 following step S57, the CCS 68 makes an entry ID acquisition request using the user name converted in step S57. In step S59, the UCS 67 searches the address book table 202 using the user ID supplied from the CCS 68 as key information, and reads the entry ID corresponding to the user ID. The CCS 68 acquires the entry ID read from the address book table 202 from the UCS 67.

  In step S60, the CCS 68 makes a password acquisition request using the entry ID acquired from the UCS 67. In step S61, the UCS 67 searches the address book table 202 using the entry ID supplied from the CCS 68 as key information, and reads the password corresponding to the entry ID. The read password is supplied from the UCS 67 to the CCS 68.

  In step S62, the CCS 68 performs authentication by comparing the password converted in step S57 with the password supplied from the UCS 67. When the authentication ends normally, the CCS 68 proceeds to step S63 and makes a restriction information acquisition request using the entry ID acquired from the UCS 67.

  In step S64, the UCS 67 searches the address book table 202 using the entry ID supplied from the CCS 68 as key information, and reads the restriction information corresponding to the entry ID.

  In step S65, the UCS 67 notifies the restriction information read in step S64 to the CCS 68 as an authentication result response. For example, the use restriction of the copy application 42 is released by the authentication result response in step S65. The processes in steps S66 to S71 in FIG. 15 are the same as the processes in steps S42 to S47 in FIG.

  As described above, when the use restriction on the copy application 42 is released, the screen 300 for performing the copy is displayed on the operation panel 120, so that the user can use the function provided by the copy application 42.

  FIG. 16 is a sequence diagram of a third example of the usage restriction cancellation process. In the sequence diagram of FIG. 16, similarly to FIG. 14, the processes of steps S <b> 1 to S <b> 13 of FIG. 13 performed before the process of step S <b> 81 are omitted. Moreover, since the process of step S81-S83 of FIG. 16 is the same as the process of step S31-S33 of FIG. 14, description is abbreviate | omitted.

  Progressing to step S84 following step S83, the SCS 69 displays the authentication screen on the operation panel 120 by making a screen drawing request for the authentication screen constructed in step S82 to the OCS 63.

  Here, an example in which the IC card 205 is set as an authentication unit of the copy application 42 will be described. In response to the screen rendering request in step S84, the operation panel 120 displays an authentication screen for performing IC card authentication. When the user inserts the IC card 205 into the card reader 204, the card reader 204 as an example of the external authentication apparatus proceeds to step S85, where the information recorded in the IC card 205 and the address book of the card reader 204 are recorded. Authentication is performed by collating with existing information.

  In step S86, the card reader 204 notifies the SCS 69 of the authentication result performed in step S85 as an authentication status notification. In step S87, the SCS 69 notifies the CCS 68 of an external charging status notification based on the authentication status notification notified in step S86. Note that the processing in steps S88 to S94 in FIG. 16 is the same as the processing in steps S41 to S47 in FIG.

  As described above, when the use restriction on the copy application 42 is released, the screen 300 for performing the copy is displayed on the operation panel 120, so that the user can use the function provided by the copy application 42.

  FIG. 17 is a sequence diagram of a fourth example of the usage restriction release process. Note that, in the sequence diagram of FIG. 17, similarly to FIG. 14, the processing of steps S <b> 1 to S <b> 13 of FIG. 13 performed before the processing of step S <b> 100 is omitted. Moreover, since the process of step S100-S106 of FIG. 17 is the same as the process of step S81-S87 of FIG. 16, description is abbreviate | omitted.

  Proceeding to step S107 following step S106, the CCS 68 acquires information necessary for searching the address book table 202 from the external billing state notification notified from the SCS 69 in step S106. In step S108, the CCS 68 issues a search start request to the UCS 67.

  In step S109, the UCS 67 searches the address book table 202 using information supplied from the CCS 68 together with the search start request as key information, and reads user information corresponding to the information. The UCS 67 notifies the read user information to the CCS 68 as a search completion notification.

  In step S111, the CCS 68 checks the usage restrictions set in the authentication / billing setting table 201 based on the search completion notification notified in step S110. Note that the processing in steps S112 to S117 in FIG. 17 is the same as the processing in steps S89 to S94 in FIG.

  As described above, when the use restriction on the copy application 42 is released, the screen 300 for performing the copy is displayed on the operation panel 120, so that the user can use the function provided by the copy application 42.

  Next, an explanation will be given focusing on the billing process after the screen 300 for copying is displayed on the operation panel 120 of the MFP 1. FIG. 18 is a sequence diagram of the first embodiment of the accounting process.

  In step S120, the OCS 63 notifies the SCS 69 of the start key input by the user. In step S121, the SCS 69 notifies the copy application 42 that the start key has been pressed. When notified of the pressing of the start key, the copy application 42 proceeds to step S122 and makes an application billing count request to the CCS 68.

  In step S123, the copy application 42 makes a copy job start request with a ticket attached to the ECS 65. In step S124, the ECS 65 inquires of the CCS 68 whether or not the job including the paper size can be executed. In step S125, the CCS 68 inquires of the SCS 69 whether or not the job including the paper size can be executed.

  In step S126, the SCS 69 sends an execution request including the paper size to the external billing authentication device such as the coin rack 207. The external billing authentication apparatus proceeds to step S127, determines whether or not execution is possible based on the paper size and the remaining degree, and notifies the SCS 69 of an execution permission response according to the determination result.

  In step S128, the SCS 69 notifies the CCS 68 of the execution propriety response notified in step S127. In step S129, the CCS 68 notifies the ECS 65 of a job execution availability result notification based on the execution availability response notified in step S128.

  If the content of the job execution result notification is job execution permission, the ECS 65 proceeds to step S130 and notifies the engine unit 122 of the process start. In step S131, the CCS 68 is notified of the plotter process status from the engine unit 122.

  In step S132, the CCS 68 makes a charge count request to the SCS 69 based on the plotter process status notified from the SCS 69. In step S133, the SCS 69 issues a charging count request to the external charging authentication apparatus set in the authentication / charging setting table 201 as the charging means of the copy application 42. That is, the billing count process is performed by the external billing authentication device.

  In step S134, the engine unit 122 notifies the CCS 68 of a plotter process state notification. In step S136, the engine unit 122 notifies the ECS 65 of a plotter process state notification. In step S135, the engine unit 122 notifies the ECS 65 of the process end.

  When the process end is notified, the ECS 65 proceeds to step S137 and notifies the copy application 42 of job execution completion. In step S138, the copy application 42 sends an application charging count stop request to the CCS 68.

  In the billing process of FIG. 18, even if the copy fee varies depending on the paper size, by making an inquiry about whether or not the job including the paper size can be executed, the fee for executing the copy of the paper size is exceeded. Jobs can be executed when there is a lot of residuals.

  FIG. 19 is a sequence diagram of the second embodiment of the accounting process. Note that the processing in steps S140 to S144 in FIG. 19 is the same as the processing in steps S120 to S124 in FIG.

  Proceeding to step S145 following step S144, the CCS 68 makes a remaining frequency request to the SCS 69. In step S146, the SCS 69 notifies the CCS 68 of the remaining frequency. The CCS 68 determines whether or not the job can be executed based on the remaining frequency notified in step S146.

  In step S147, the CCS 68 notifies the ECS 65 of a job execution availability notification based on the job execution availability determination result. In addition, since the process of step S148-S150 is the same as the process of step S130-S132 of FIG. 18, description is abbreviate | omitted.

  Proceeding to step S151, the SCS 69 performs counting based on the billing count request of step S150. That is, the billing count process is performed by the SCS 69 instead of the external billing authentication device. In addition, since the process of step S152-S156 is the same as the process of step S134-S138 of FIG. 18, description is abbreviate | omitted. In the billing process of FIG. 19, a job can be executed when there is a residual by making an inquiry about whether or not the job can be executed.

  FIG. 20 is a sequence diagram of a third embodiment of the accounting process. Note that the processing in steps S160 to S170 in FIG. 20 is the same as the processing in steps S140 to S150 in FIG.

  Proceeding to step S171 following step S170, the SCS 69 issues a charging count request to the external charging authentication apparatus set in the authentication / charging setting table 201 as the charging means of the copy application 42. That is, the billing count process is performed by the external billing authentication device.

  Proceeding to step S172, the CCS 68 performs a remaining degree check based on the remaining degree number notified from the SCS 69 at step S166. If the remaining degree is 0, the CCS 68 proceeds to step S173 and makes a job stop request to the ECS 65. In step S174, the ECS 65 notifies the engine unit 122 of process cancellation based on the job stop request. Note that the processing in steps S175 to S179 is the same as the processing in steps S153 to S156 in FIG. In the billing process of FIG. 20, by causing the CCS 68 to check the remaining degree, the CCS 68 can stop the job when the remaining degree is exhausted.

  FIG. 21 is a sequence diagram of the fourth embodiment of the accounting process. Note that the processing in steps S180 to S193 in FIG. 21 is the same as the processing in steps S120 to S133 in FIG.

  Progressing to step S194 following step S193, the external billing authentication apparatus notifies the engine unit 122 of process cancellation if the remaining degree is zero. That is, the external billing authentication apparatus stops the process of the engine unit 122. In addition, since the process of step S195-S199 is the same as the process of step S134-S138 of FIG. 18, description is abbreviate | omitted. In the billing process of FIG. 21, the external billing authentication apparatus can stop the job when the remaining charge runs out by causing the external billing authentication apparatus to perform the remaining degree check.

  FIG. 22 is a sequence diagram of the fifth embodiment of the accounting process. Note that the processing in steps S200 to S211 in FIG. 22 is the same as the processing in steps S140 to S151 in FIG.

  Progressing to step S212 following step S211, the SCS 69 notifies the engine unit 122 of process cancellation if the remaining degree is zero. That is, the SCS 69 stops the process of the engine unit 122. In step S153, the engine unit 122 notifies the ECS 65 of a process stop.

  In step S214, the engine unit 122 notifies the CCS 68 of a plotter process state notification. In step S215, the engine unit 122 notifies the ECS 65 of a plotter process state notification. In addition, since the process of step S216-S217 is the same as the process of step S155-S156 of FIG. 19, description is abbreviate | omitted. In the charging process of FIG. 22, the SCS 69 can stop the job when there is no remaining power.

  14 to 17, the example in which the use restriction of the application 40 is released has been described. However, the use restriction may not be released. Next, an example in which usage restrictions on the application 40 are not lifted will be described.

  FIG. 23 is a sequence diagram illustrating an example of usage restriction release processing when usage restrictions are not released. In the sequence diagram of FIG. 23, as in the sequence diagram of FIG. 14, the processing of steps S1 to S13 of FIG. 13 performed before the processing of step S220 is omitted.

  In step S220, the fax application 43 makes an authentication screen display request to the CCS 68. In step S221, the CCS 68 causes the authentication module 70 to construct an authentication screen corresponding to the authentication means of the fax application 43. In step S222, the CCS 68 notifies the usage restriction screen. Proceeding to step S223, the SCS 69 causes the operation panel 120 to display an authentication screen by making a screen drawing request for the authentication screen constructed in step S221 to the OCS 63.

  Here, an example in which user authentication is set as an authentication unit of the fax application 43 will be described. In response to the screen rendering request in step S223, the operation panel 120 displays an authentication screen for performing user authentication. In addition, since the process of step S224-S229 is the same as the process of step S35-S40 of FIG. 14, description is abbreviate | omitted.

  In step S230, the CCS 68 checks the usage restrictions set in the authentication / billing setting table 201. Here, an example will be described in which the use restriction of the fax application 43 is not released based on the collation result in step S230. In step S231, the CCS 68 determines from the collation result in step S230 that the use restriction is not removed, and notifies the login user information to the fax application 43. In step S232, the CCS 68 notifies the SCS 69 of login user information.

  When the login user information is notified, the fax application 43 proceeds to step S233, and makes an authentication screen display request for displaying the usage restriction screen 510 as shown in FIG. FIG. 24 is an image diagram of an example of a usage restriction screen. The usage restriction screen 510 includes a message indicating that the use of the function is restricted. In step S234, the CCS 234 constructs the usage restriction screen 510.

  In step S235, the CCS 68 sends a usage restriction screen notification to the SCS 69. In step S 236, the SCS 69 sends a screen rendering request for the usage restriction screen 510 to the OCS 63 to display the usage restriction screen 510 on the operation panel 120.

  That is, since the use restriction screen 510 is displayed on the operation panel 120 unless the use restriction of the fax application 43 is released, the user cannot use the function provided by the fax application 43.

  FIG. 25 is a sequence diagram of another example for explaining the use restriction release processing when the use restriction is not released. Note that, in the sequence diagram of FIG. 25, the processes of steps S1 to S13 of FIG. 13 performed before the process of step S240 are omitted. 25 is the same as the process in steps S220 to S232 in FIG. 23, and thus the description thereof is omitted.

  When the login user information is notified, the fax application 43 proceeds to step S253 and constructs a usage restriction screen 510 as shown in FIG. In step S254, the fax application 43 sends a usage restriction screen notification to the SCS 69. In step S255, the SCS 69 sends a screen rendering request for the usage restriction screen 510 to the OCS 63, thereby causing the operation panel 120 to display the usage restriction screen 510.

  That is, since the use restriction screen 510 is displayed on the operation panel 120 unless the use restriction of the fax application 43 is released, the user cannot use the function provided by the fax application 43. In the sequence diagram of FIG. 25, the fax application 43 constructs the usage restriction screen 510.

  14 to 17, the example of the application 40 using the operation unit such as the operation panel 120 of the multi-function apparatus 1 has been described. However, the application 40 remotely operated from the computer 210 connected via the network 220 is also used. is there.

  FIG. 26 is a sequence diagram illustrating an example of usage restriction cancellation processing by remote operation. FIG. 26 shows an example of authentication at the network protocol level.

  In step S260, the external computer 210 issues a connection request to the NCS 61. This connection request includes a user name and a password. In step S261, the NCS 61 makes an authentication request with the user name and password as arguments to the CCS 68. In step S262, the CCS 68 converts the authentication request into a user name and a password.

  In step S263, the CCS 68 makes a request for user name and password authentication to the UCS 67. In step S 264, the UCS 67 performs authentication of the user name and password supplied from the CCS 68 by collating with the address book table 202.

  In step S265, the UCS 67 notifies the CCS 68 of the authentication result performed in step S39 as an authentication result response. In step S266, the CCS 68 checks the usage restrictions set in the authentication / billing setting table 201.

  Here, an example in which the usage restriction is canceled based on the collation result in step S266 will be described. In step S267, the CCS 68 supplies the NCS 61 with a ticket indicating that it has been authenticated. Note that the ticket can be made different between the application 40 using the operation unit such as the operation panel 120 of the multifunction machine 1 and the application 40 remotely operated from the computer 210 connected via the network 220.

  In step S268, the NCS 61 notifies the external computer 210 of connection permission for the connection request in step S260. In step S269, the CCS 68 supplies the login user information to the SCS 69. The reason why the login information is supplied to the SCS 69 instead of the ticket is that authentication is required again depending on the system initial setting item. Further, the CCS 68 proceeds to step S270 to supply the login user information to the copy application 42. That is, in the sequence diagram of FIG. 26, the use restriction release processing by remote operation is possible.

  Note that the sequence diagram of FIG. 26 can also take measures against a DoS attack. FIG. 27 is a sequence diagram illustrating an example of usage restriction release processing by remote control that takes measures against a DoS attack.

  In the sequence diagram of FIG. 27, by using the user name and password converted from the authentication request, it is determined whether or not the authentication request is from the same user as the previous time, and the authentication request from the same user is received. When a specified limit (for example, the number of times or time) is exceeded, authentication is failed.

  For example, after repeatedly performing steps S260 to S270, the user proceeds to step S271 and issues a connection request to the NCS 61 from the external computer 210. In step S272, the NCS 61 makes an authentication request with the user name and password as arguments to the CCS 68. In step S273, the CCS 68 converts the authentication request into a user name and a password.

  In step S274, the CCS 68 uses the user name and password converted in step S273 to determine whether or not the authentication request is the same as the previous user. If it is determined that the authentication request is from the same user as the previous time (YES in S274), the CCS 68 proceeds to step S275 to determine whether or not the authentication request from the same user has exceeded the specified limit.

  If it is determined that the authentication request from the same user exceeds the specified limit (YES in S275), the CCS 68 proceeds to step S276 to notify the NCS 61 of the authentication failure. Proceeding to step S277, the NCS 61 notifies the external computer 210 of connection disapproval for the connection request at step S271.

  When it is determined that the authentication request is not from the same user as the previous time (NO in S274) and when it is determined that the authentication request from the same user does not exceed the specified limit (NO in S275), the CCS 68 performs step S263. Processing corresponding to ~ S270 is performed. That is, in the sequence diagram of FIG. 27, a countermeasure against a DoS attack can be taken in the use restriction release processing by remote operation.

  FIG. 28 is a sequence diagram of another example for explaining the use restriction release processing by remote operation. FIG. 28 shows an example of authentication at the application level for controlling the network protocol.

  In step S280, the external computer 210 establishes an http connection with the NCS 61. The NCS 61 is supplied with the user name and password from the external computer 210. In step S281, the NCS 61 issues a capability acquisition request to the WSF 45. The capability acquisition request in step S281 includes a user name and a password.

  In step S282, the WSF 45 makes an authentication request with the user name and password as arguments to the CCS 68. In addition, since the process of step S283-S287 is the same as the process of step S262-S266 of FIG. 26, description is abbreviate | omitted.

  In step S288, the CCS 68 supplies the WSF 45 with a ticket indicating that it has been authenticated. Note that the ticket can be made different between the application 40 using the operation unit such as the operation panel 120 of the multifunction machine 1 and the application 40 remotely operated from the computer 210 connected via the network 220.

  In step S289, the WSF 45 acquires data based on the ticket. In step S290, the WSF 45 supplies the data acquired in step S289 to the NCS 61 as capabilities. In step S291, the NCS 61 supplies the acquired capability to the external computer 210 as an http response.

  In step S292, the CCS 68 supplies the login user information to the SCS 69. The reason why the login information is supplied to the SCS 69 instead of the ticket is that authentication is required again depending on the system initial setting item. In step S293, the CCS 68 supplies login user information to the copy application 42. That is, in the sequence diagram of FIG. 25, the use restriction release processing by remote operation is possible.

  Next, logout processing will be described. FIG. 29 is a sequence diagram illustrating an example of the logout process. For example, when the user inputs a key for logout, the OCS 63 notifies the SCS 69 of the key information input to the SCS 69.

  In step S301, the SCS 69 determines that it is a logout request from the key information notified from the OCS 63 in step S300, and notifies the copy application 42 of the logout request. In step S302, the copy application 42 issues a ticket discard request to the CCS 68.

  In step S303, the CCS 68 searches the issued ticket table and discards the corresponding ticket. In step S304, the CCS 68 notifies the copy application 42 of the completion of ticket destruction.

  In step S 306, the copy application 42 makes a usage restriction screen display request for displaying the authentication screen on the operation panel to the CCS 68. In step S307, the CCS 68 constructs an authentication screen. In step S308, the CCS 68 makes an authentication screen display request for displaying the authentication screen to the SCS 69.

  In step S309, the SCS 69 makes a screen drawing request for the authentication screen to the OCS 63, thereby causing the operation panel 120 to display the authentication screen. That is, in the sequence diagram of FIG. 29, the ticket can be discarded at the time of logout.

  The present invention is not limited to the specifically disclosed embodiments, and various modifications and changes can be made without departing from the scope of the claims.

The block diagram of one Example of the compound machine by this invention is shown. The hardware block diagram of one Example of the compound machine by this invention is shown. An explanatory view for explaining an example of an authentication function control method by the present invention is shown. It is a block diagram of an example of an authentication / billing setting table. It is a block diagram of an example of entry information. It is an image figure of an example of a user authentication management screen. It is a transition diagram (1/2) of an example of a screen displayed on the operation panel. It is a transition diagram (2/2) of an example of a screen displayed on the operation panel. It is an image figure of an example of an authentication screen at the time of setting management by a user code as an authentication means and accounting means of a copy application. It is an image figure of an example of an authentication screen at the time of setting management by a coin rack as an authentication means and accounting means of a copy application. It is an image figure of an example of an authentication screen at the time of setting management by a plurality of means as a copy application authentication means and billing means. It is an image figure of other examples of an authentication screen at the time of setting management by a plurality of means as a copy application authentication means and billing means. It is a sequence diagram of an example of the process regarding an authentication module and an accounting module. It is a sequence diagram of 1st Example of a use restriction cancellation process. It is a sequence diagram of 2nd Example of a use restriction cancellation process. It is a sequence diagram of 3rd Example of a use restriction cancellation process. It is a sequence diagram of 4th Example of a use restriction cancellation process. It is a sequence diagram of 1st Example of an accounting process. It is a sequence diagram of 2nd Example of an accounting process. It is a sequence diagram of 3rd Example of an accounting process. It is a sequence diagram of 4th Example of an accounting process. It is a sequence diagram of 5th Example of an accounting process. FIG. 10 is a sequence diagram illustrating an example of usage restriction release processing when usage restrictions are not released. It is an image figure of an example of a use restriction screen. It is a sequence diagram of another example for explaining the use restriction release processing when the use restriction is not released. It is an example sequence diagram explaining the use restriction cancellation processing by remote operation. FIG. 10 is a sequence diagram illustrating an example of a usage restriction release process by remote control that takes measures against a DoS attack. It is a sequence diagram of the other example explaining the use restriction cancellation process by remote operation. It is a sequence diagram of an example of a logout process.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Compound machine 10 Hardware resource 20 Compound machine starting part 30 Software group 40 Application 50 Platform 51 Control service 52 System resource manager (SRM)
53 Handler Layer 61 Network Control Service (NCS)
63 Operation Panel Control Service (OCS)
65 Engine Control Service (ECS)
67 User Information Control Service (UCS)
68 Authentication Control Service (CCS)
69 System Control Service (SCS)
70 Authentication Module 71 Billing Module 100 Controller 113 SD Card Reader 114 IC Card Reader 120 Operation Panel 121 Fax Control Unit (FCU)
122 Engine Unit 201 Authentication / Billing Setting Table 202 Address Book Table 204 SD Card 205 IC Card 206 Key Card 207 Coin Rack

Claims (21)

An information processing apparatus that causes a user to release a use restriction imposed on a program and causes the user who has released the use restriction to use the program,
A setting function for associating and setting one or more programs subjected to the use restriction to one or more authentication means for releasing the use restriction of the program;
A use function for causing a user who uses the program to release a use restriction applied to the program by an authentication unit associated with the program, and to use the program for which the use restriction has been removed; Information processing apparatus.   The information processing apparatus according to claim 1, wherein the setting function sets an internal or external authentication unit and the program in association with each other.   The information processing apparatus according to claim 1, wherein the setting function sets one or more authentication units in association with each program.   When the two or more authentication means are associated with the one program, the use function uses the program if authentication by any one of the two or more authentication means ends normally. The information processing apparatus according to claim 3, wherein the restriction is released.   The use function is characterized in that, when two or more authentication means are associated with the one program, the use restriction of the program is canceled if all the authentications by the two or more authentication means are normally completed. The information processing apparatus according to claim 3.   6. The information processing apparatus according to claim 1, further comprising a management function for receiving a registration request from the authentication unit and managing the authentication unit that has received the registration request.   7. The use function according to claim 1, further comprising: causing an authentication unit associated with the program to construct a screen for canceling the use restriction of the program, and displaying the screen on the display unit. The information processing apparatus according to one item.   The authentication unit cancels the use restriction of the program by using any one of information for identifying a user, a recording medium on which the information is recorded, and a component that proves the use right of the program. Item 8. The information processing apparatus according to any one of Items 1 to 7.   In the setting function, one or more authentication means for releasing the use restriction of the program and one or more billing means for managing charge information according to the use of the program are applied with the use restriction 1 The information processing apparatus according to claim 1, wherein two or more programs are set in association with each other.   The information processing apparatus according to claim 9, wherein the setting function sets an internal or external authentication unit and billing unit in association with the program.   The information processing apparatus according to claim 9 or 10, wherein the setting function sets one or more authentication means and billing means in association with each program.   When the two or more authentication means are associated with the one program, the use function uses the program if authentication by any one of the two or more authentication means ends normally. The information processing apparatus according to claim 11, wherein the restriction is released.   The use function is characterized in that, when two or more authentication means are associated with the one program, the use restriction of the program is canceled if all the authentications by the two or more authentication means are normally completed. The information processing apparatus according to claim 11.   14. The information processing according to claim 9, further comprising a management function for receiving a registration request from the authentication unit and the billing unit and managing the authentication unit and the billing unit that have received the registration request. apparatus.   The authentication unit cancels the use restriction of the program by using any one of information for identifying a user, a recording medium on which the information is recorded, and a component that proves the use right of the program. Item 15. The information processing apparatus according to any one of Items 9 to 14.   The billing means manages the billing information by reducing the billing according to the usage amount of the program from the deposit by the user or recording the usage amount of the program by the user. 15. The information processing apparatus according to any one of 15.   2. The information processing apparatus according to claim 1, wherein the setting function sets an internal or external authentication unit and billing unit in association with the function of the program.   The information processing apparatus according to claim 1, wherein the information processing apparatus is an image processing apparatus. An authentication function control method for an information processing apparatus that causes a user to release a usage restriction imposed on a program and causes the user who has released the usage restriction to use the program,
A setting step of associating and setting one or more programs subjected to the use restriction to one or more authentication means for releasing the use restriction of the program;
A utilization step of allowing a user who uses the program to release a usage restriction imposed on the program by an authentication unit associated with the program and to use the program for which the usage restriction has been removed. Authentication function control method.   In the setting step, one or more authentication means for releasing the use restriction of the program and one or more billing means for managing charge information corresponding to the use of the program are applied with the use restriction 1 20. The authentication function control method according to claim 19, wherein two or more programs are set in association with each other.   21. The authentication function control method according to claim 19, wherein in the setting step, internal or external authentication means and billing means are set in association with the program.

Images