JP2005184066A - Image processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image processor capable of realizing an access limit with a very high degree of freedom. <P>SOLUTION: It is easily understandable to which part is to be corrected when any correction (addition, deletion, change) is applied to an access limit method by dividing components for each function such as a document information management section, a user entry information storage section, and a document access information storage section. Further, since the one document access information storage section is provided for each access condition, the correction can easily be carried out when any correction (addition, deletion, change) is applied to the access limit method. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an image processing apparatus having a plurality of image processing functions.

  In general, an image processing apparatus (a so-called multi-function peripheral) having a plurality of image processing functions such as a copy apparatus function and a facsimile apparatus function is assumed to be used by an unspecified number of users, and is therefore stored. If all users can arbitrarily refer to a document in question, it may be inconvenient depending on the type of the document.

In view of this, what has been proposed to limit the users who can access the stored documents has been proposed (see Patent Documents 1 and 2).
JP 2000-353171 A JP 2001-175448 A

  However, in such a conventional apparatus, for example, information on stored documents is managed, and a document information management unit that provides the information to an appropriate user, and permission / non-permission of access input by the user are determined. A user input information storage unit that stores information; information that is a condition for permitting access; information that determines whether access is permitted / not permitted; and information that is a condition for permitting access It is constructed with a mixture of document access information storage units that collate and determine use permission / denial of stored documents. For this purpose, for example, let's modify (add / delete / change) access conditions. In this case, there are problems that the changed portions are scattered in various places and are difficult to correct.

  The present invention has been made in view of such circumstances, and an object of the present invention is to provide an image processing apparatus capable of realizing access restriction with a very high degree of freedom.

  According to the present invention, an image processing apparatus having a plurality of image processing functions is provided independently with an access restriction unit that is referred to when a user who can access an accumulated document is restricted.

  A plurality of the access restriction means are provided, and data exchange with each access restriction means is performed according to a unified interface.

  Further, only when it is determined that access is possible by all of the plurality of access restriction means, it is determined that the user can access.

  In addition, among the plurality of access restriction means, one to be applied as a system can be appropriately selected.

  Therefore, according to the present invention, the access restriction means referred to when restricting the users who can access the stored document is independently provided. For example, the access condition is corrected (added / deleted). / Change), it is sufficient to change only the access restricting means, and the effect that the maintainability is greatly improved is obtained.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

    FIG. 1 shows a network system according to an embodiment of the present invention.

  In the figure, a plurality of personal computer devices PC1 to PCn, a server device SM, and a network multifunction device FX are connected to the local area network LAN. A personal computer device PC is also locally connected to the network multifunction peripheral FX.

  Here, the server device SM provides well-known e-mail collection and distribution services to users who use the personal computer devices PC1 to PCn connected to the local area network LAN and to the network network MFP FX. It has various server functions such as a mail server function to be provided, a file server function to provide a data file storage / reading service, and a directory server function for user authentication.

  Further, the local area network LAN is connected to the Internet via the router device RT, so that the personal computer devices PC1 to PCn, the mail server device SM, and the network multifunction peripheral FX are connected to other local area networks, etc. Various data can be exchanged with a host device or the like connected to the.

  The personal computer devices PC1 to PCn have facsimile application software for creating and displaying facsimile image information and a function for transferring print data to the network MFP FX via the local area network LAN (implemented by a device driver). Etc.) are introduced and used by specific users. Here, the specific user may be one or a plurality of users.

  In addition, the network multifunction peripheral FX has a monochrome copy function, a two-color copy function, a full-color copy function, a network scanner function, and an e-mail processing function (scan-to- E-mail function) and various image processing functions such as a facsimile communication function that connects to an analog public line network PSTN and uses the public network as a transmission path to transmit image information according to a group 3 facsimile transmission procedure. ing.

  FIG. 2 shows a configuration example of the network MFP FX.

  In the figure, a system control unit 1 includes applications for realizing control processing, monochrome copy function, two-color copy function, full-color copy function, network scanner function, and facsimile communication function of each unit of the network MFP FX. The system memory 2 stores a control processing program executed by the system control unit 1 and various data necessary for executing the processing program, and a system control unit. The parameter memory 3 is for storing various types of information unique to the network MFP FX, and the clock circuit 4 is for outputting current time information. .

  The color scanner 5 is for reading a document image in full color at a predetermined resolution, and the color plotter 6 is for recording and outputting an image in full color or two colors (including monochrome color) at a predetermined resolution. The operation display unit 7 is for operating the network MFP FX, and includes various operation keys and various displays.

  The encoding / decoding unit 8 encodes and compresses the image signal, and also decodes the encoded and compressed image information into the original image signal. The image storage device 9 performs encoding and compression. This is for storing a large number of image information and the like in a state of being recorded.

  The group 3 facsimile modem 10 is for realizing the modem function of the group 3 facsimile communication function, and is a low-speed modem function (V.21 modem) for exchanging transmission procedure signals, and mainly exchanges image information. High-speed modem functions (V.17 modem, V.34 modem, V.29 modem, V.27ter modem, etc.).

  The network control device 11 is for connecting the network MFP FX to the analog public network PSTN, and has an automatic outgoing / incoming function.

  The local area network interface circuit 12 is for connecting the network MFP FX to the local area network LAN, and the local area network transmission control unit 13 communicates with other data terminal devices via the local area network LAN. It is for executing communication control processing of various predetermined protocol suites for exchanging various data between them.

  The personal computer interface circuit 14 is for connecting a personal computer apparatus PC locally to the network multifunction peripheral FX.

  The system control unit 1, system memory 2, parameter memory 3, clock circuit 4, scanner 5, plotter 6, operation display unit 7, encoding / decoding unit 8, image storage device 9, group 3 facsimile modem 10, network The control device 11, the local area network transmission control unit 13, and the personal computer interface circuit 14 are connected to an internal bus 15, and data exchange between these elements is mainly via this internal bus 15. Has been done.

  Data exchange between the network control device 11 and the group 3 facsimile modem 10 is performed directly.

  Here, in the present embodiment, basically, data exchange between terminals connected to the local area network LAN is a transmission protocol up to a transport layer called TCP / IP, and more. This is performed by applying a combination with a higher layer communication protocol (so-called protocol suite). For example, in the exchange of e-mail data, a communication protocol called SMTP (Simple Mail Transfer Protocol) is applied as an upper layer communication protocol.

  In addition, as a protocol that each terminal applies to the mail server device SM in order to confirm reception of an e-mail addressed to the user or to obtain an acquisition request, a so-called POP (Post Office Protocol) can be applied.

  Further, communication protocols such as TCP / IP, SMTP, POP, and data format and data structure of e-mail are defined by RFC documents issued from IETF. For example, RFC is defined as RFC793, IP as RFC793, SMTP as RFC821, and e-mail format as defined by RFC822, RFC1521, RFC1522 (MIME (Multipurpose Mail Extension) format), respectively.

  In the present embodiment, user access to stored documents is restricted, and an example of a software configuration for the user access restriction (hereinafter referred to as “user access restriction function”) is shown in FIG.

  In this figure, this user access restriction function manages information on stored documents, and determines whether or not the document information management unit 21 provides the information to an appropriate user, and permission / non-permission of access input by the user. The user input information storage unit 22 that stores information to be stored, information that is a condition for permitting access, information for determining whether access is permitted or not, and information that is a condition for permitting access are stored. And two document access information storage units 23 and 24 for determining whether or not to use the stored document.

  Further, for the document access information storage unit 23 and the document access information storage unit 24, interfaces such as a procedure of data exchange performed with the document information management unit 21 are unified.

  The document access information storage unit 23 has a function of checking whether or not the user can access the document based on the user authority assigned to each user. In order to realize the above, a user authority information table as shown in FIG.

  This user authority information table includes a plurality of user authority information. Each user authority information includes a user name and an access authority set for the user name as shown in FIG. It is a summary.

  Further, the document access information storage unit 24 has a function of checking whether the document can be accessed by comparing the input password with a password set for permitting document access. In order to realize such a function, a password information table as shown in FIG. 4C is held.

  This password information table registers a plurality of password information that is referred to when accessing a document.

  On the other hand, in the present embodiment, a plurality of document access information storage units 23 and 24 are provided, but the system administrator applies the access restriction function among these document access information storage units 23 and 24. Can be set and registered systematically. The information referred to at this time is, for example, an access restriction means collation information table as shown in FIG.

  This access restriction means collation information table has a plurality of access restriction means collation information, and each access restriction means collation information, as shown in FIG. 24 includes access restriction means identification information for identifying 24 and a verification valid flag for setting validity / invalidity of the document access information storage units 23 and 24.

  With the above configuration, when an access request to the stored document is input from the user, the document information management unit 21 notifies the document access information storage unit 23 of the content of the document operation requested by the user. When the user collation is requested and the user collation result is acquired, the contents of the document operation requested by the user are notified to the document access information storage unit 24 and the user collation is requested. Get the verification result.

  On the other hand, the user has already input information necessary for operating the network MFP FX, such as a user name and password, before inputting an access request to the stored document. This information is held in the user input information storage unit 22.

  Here, when the document access information storage unit 23 receives a user collation request from the document information management unit 21 together with the contents of the document operation requested by the user, the document access information storage unit 23 first checks the access restriction means collation information table and self It is checked whether or not the collation operation is enabled, and if it is determined that the collation operation is invalid, “verification OK” is notified to the document information management unit 21.

  If it is determined that the user name is valid, the user name is acquired from the user input information storage unit 22, and the access authority registered for the corresponding user name is acquired from the stored user authority information table. To do.

  Then, the acquired access authority is verified as to whether it is valid for the contents of the document operation provided by the document information management unit 21, and the verification result is returned to the document information management unit 21.

  Similarly, when the document access information storage unit 24 receives a user verification request from the document information management unit 21 together with the contents of the document operation requested by the user, first, the document access information storage unit 24 checks the access restriction means verification information table, It is checked whether or not the collation operation is enabled, and if it is determined that the collation operation is invalid, “verification OK” is notified to the document information management unit 21.

  If it is determined that the password has been validated, a password is obtained from the user input information storage unit 22, and whether or not the obtained password is registered in the stored password information table is verified. The collation result is returned to the document information management unit 21.

  If the registration items of the password information table are set corresponding to each document operation content, the password information content corresponding to the document operation content requested at that time, and the user input information storage unit The password acquired from 22 is verified.

  Then, the document information management unit 21 permits the user's document operation only when “verification OK” is notified from the document access information storage units 23 and 24, and does not permit otherwise.

  FIG. 5 shows an example of processing of the document information management unit 21.

  When a document use permission application is input from the user (process 101), the value of the counter n is initialized to 1 (process 102), and the contents of the document operation are notified to the nth document access information storage unit. A verification request is made (process 103).

  Then, the collation result is received from the nth document access information storage unit (process 104), and it is examined whether or not the collation result is “verification OK” (decision 105). When the result of determination 105 is YES, it is checked whether or not all document access information storage units have been collated (decision 106). When the result of determination 106 is NO, the value of counter n is set to 1. (Step 107), the process returns to step 103, and a collation request is made to the next document access information storage unit.

  Further, when the result of determination 106 is YES, this is a case where “verification OK” is obtained from all the document access information storage units. In this case, the user is permitted to use the document (processing 108). ). As a result, the user can appropriately operate the requested document.

  On the other hand, if “verification NG” is returned from any document access information storage unit and the result of determination 105 is NO, the user is not permitted to use the document (process 109). As a result, the user is prohibited from operating the requested document.

  FIG. 6 shows an example of processing of the document access information storage unit.

  When a user verification request is received together with the contents of the document operation requested by the user from the document information management unit 21 (process 201), first, referring to the access restriction means verification information table, the own verification operation becomes effective. If it is determined that it has been invalidated (the result of determination 202 is NO), the document information management unit 21 is notified of “verification OK” (processing) 203), a series of operations are terminated.

  Also, if it is determined that it is enabled (the result of determination 202 is YES), information necessary for the collation process performed by the user is acquired from the user input information storage unit 22 (process 204) and held in the self The registered access information is collated (process 205), and it is examined whether or not the collation result is OK (decision 206).

  When the result of determination 206 is YES, “verification OK” is notified to the document information management unit 21 (process 207), and the series of operations is terminated. When the result of determination 206 is NO, “verification NG” is notified to the document information management unit 21 (process 208), and the series of operations is terminated.

  As described above, in this embodiment, the access restriction method is modified (addition, deletion, change) by dividing the parts into functions such as the document information management unit, the user input information storage unit, and the document access information storage unit. When there is, it is easy to understand which part should be modified.

  In addition, since the document access information storage unit is provided for each access condition, when the access restriction method is corrected (added, deleted, changed), the correction work is easy. .

  In addition, by sharing the interface of a plurality of document access information storage units, it is not necessary to make any changes to the document information management unit even when the access restriction method is modified (added, deleted, changed). .

  Also, it is convenient because it is possible to set whether to use the access restriction method when restricting access. For example, various access restriction methods can be applied to a confidential document, but an access restriction method is not used for a less important document.

  In the above-described embodiment, two document access information storage units are provided. However, the present invention can be similarly applied even when three or more document access information storage units are provided.

  The present invention is not limited to the above-described embodiments, but is a multifunction machine having at least a plurality of image processing functions (copy + printer, copy + network scanner, copy + facsimile, copy + printer + facsimile, copy + The same applies to network scanner + facsimile, copy + network scanner + facsimile + printer, and the like.

1 is a block diagram showing a network system according to an embodiment of the present invention. FIG. 2 is a block diagram illustrating a configuration example of a network multifunction peripheral FX. The block diagram which showed the structural example of the user access restriction function concerning a present Example. Schematic which showed an example of a user authority information table, user authority information, a password information table, an access restriction means collation information table, and access restriction means collation information. 5 is a flowchart showing an example of processing of a document information management unit 21. The flowchart which showed an example of the process of a document access information storage part.

Explanation of symbols

21 Document Information Management Unit 22 User Input Information Storage Unit 23, 24 Document Access Information Storage Unit

Claims (4)

In an image processing apparatus having a plurality of image processing functions,
An image processing apparatus comprising an access restriction unit independently referred to when a user who can access a stored document is restricted.   The image processing apparatus according to claim 1, wherein a plurality of the access restriction units are provided, and data exchange with each access restriction unit is performed according to a unified interface.   3. The image processing apparatus according to claim 2, wherein it is determined that the user can access only when it is determined that access is possible by all of the plurality of access restriction means.   4. The image processing apparatus according to claim 2, wherein an application to be applied as a system can be appropriately selected from the plurality of access restriction units.

Images