JP2005205792A - Image forming device, storage device, information processor, method for processing information, information-processing program, and recording medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To propose a new authentication technique concerning authentication processing performed when a client of OA equipment accesses the OA equipment. <P>SOLUTION: An image forming device comprises a command execution means to execute a command to the image forming device issued by a client of the image forming device. The command execution means executes the command on condition that authentication has been authorized by the authentication processing based on the authentication information in which the command is inserted. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an image forming apparatus such as a scanner / printer / copy / facsimile / multifunction machine / multifunction machine, a storage apparatus, and an information processing apparatus such as a personal computer / server computer. The present invention relates to a recording medium such as an apparatus, an information processing apparatus, an information processing method, an information processing program, and a CD-ROM.

  The OA device executes document processing (document data processing) in various forms. For example, a scanner reads document data from a read original, a printer prints document data on a print sheet, a copy reads document data from a read original and prints it on a print sheet, and a facsimile sends document data via a telephone line. Will be given and received. Document data to be printed on printing paper by a printer is created by, for example, document application software such as word processor software or spreadsheet software.

  In recent years, networking of OA devices has been progressing rapidly. In order to appropriately cope with such a situation, “BMLinkS” has been proposed as a standard specification regarding an integrated interface of OA equipment. In BMLinkS, a search method (Discovery) for OA devices, a data format (Data Format) exchanged between OA devices, a control method for OA devices (Job / Device Control), and the like are standardized.

  In BMLinkS, the function of an OA device is modeled as an office service. The scan function of OA equipment is a scan service, the print function of OA equipment is a print service, the fax input function of OA equipment is a fax-in service, the fax output function of OA equipment is a fax-out service, and the storage function of OA equipment is modeled as a storage service. It becomes. As a result, a scanner usually has a scan service, a printer has a print service, a copy has a scan service and a print service, a facsimile has a fax-in service and a fax-out service, and a storage apparatus has a storage service. Commands such as create_job (job creation request) and list_jobs (job list request) are defined for the scan service and print service, and create_file (file creation request / data storage request) and list_files (file list) for the storage service. Commands such as request / data list request), read_data (data read request), and write_data (data write request) are defined. In BMLinkS, HTTP-SOAP is used as a network protocol.

  As a problem associated with the networking of OA devices, ensuring the security of OA devices can be cited. Therefore, in order to ensure the security of the OA device, it is desirable to execute an authentication process when a client of the OA device accesses the OA device. In such a case, how to obtain authentication information, how to exchange authentication information between devices, what is the desire to ensure the security of OA devices and what is the desire to freely access OA devices How to make them compatible is a problem. In BMLinkS, in particular, compatibility with the BMLinkS concept of being connected anytime and anywhere, compatibility with the standard specification of BMLinkS, and the like become problems.

  Therefore, an object of the present invention is to propose a new authentication method related to an authentication process executed when a client of an OA device accesses the OA device.

  The invention (image forming apparatus) described in claim 1 includes command execution means for executing a command for the image forming apparatus issued by a client of the image forming apparatus, and the command execution means is inserted into the command. The command is executed on the condition that authentication is permitted in the authentication process based on the authentication information.

  The invention according to claim 2 (image forming apparatus) relates to the invention (image forming apparatus) according to claim 1, wherein the authentication processing is executed by a server separate from the image forming apparatus.

  The invention (image forming apparatus) described in claim 3 relates to the invention (image forming apparatus) described in claim 1 or 2, wherein the authentication information is inserted into the command using a tag.

  The invention (image forming apparatus) described in claim 4 relates to the invention (image forming apparatus) described in any one of claims 1 to 3, wherein the authentication information includes authentication information acquired by screen input, storage. Authentication information acquired by medium reading or authentication information acquired by biometric authentication.

  The invention according to claim 5 (image forming apparatus) relates to the invention (image forming apparatus) according to any one of claims 1 to 4, wherein the command is a command written in XML (eXtensible Markup Language). It is.

  The invention (image forming apparatus) described in claim 6 is related to the invention (image forming apparatus) described in any one of claims 1 to 5, wherein the command is a job generation request command for generating a job. It is.

  The invention according to claim 7 (image forming apparatus) relates to the invention (image forming apparatus) according to claim 6, wherein the command execution means permits authentication in an authentication process based on authentication information inserted in the command. The command is executed on the condition that it has been confirmed and the existence of authority to execute the job has been confirmed.

  The invention (image forming apparatus) described in claim 8 is related to the invention (image forming apparatus) described in claim 7, wherein the information related to the authority is managed by a server separate from the image forming apparatus.

  The invention according to claim 9 (image forming apparatus) relates to the invention (image forming apparatus) according to any one of claims 6 to 8, wherein the command execution means includes authentication information inserted in the command. If authentication is not permitted in the authentication processing based on the command, the command is modified so that the job is executed under a job execution condition that matches the policy of the image forming apparatus, and the command is executed.

  The invention according to claim 10 (image forming apparatus) relates to the invention according to claim 9 (image forming apparatus), and the information relating to the policy is managed by a server separate from the image forming apparatus.

  The invention (image forming apparatus) described in claim 11 relates to what authentication information the image forming apparatus supports in relation to the invention (image forming apparatus) described in any one of claims 1 to 10. Means for providing information;

  An invention (information processing apparatus) according to claim 12 is an information processing apparatus functioning as a server of an image forming apparatus, and executes a command for executing a command for the information processing apparatus issued by a client of the image forming apparatus. The command execution means executes the command on the condition that the authentication is permitted in the authentication process based on the authentication information inserted in the command.

  The invention (information processing apparatus) described in claim 13 relates to the invention (information processing apparatus) described in claim 12, wherein the authentication processing is executed by a server separate from the information processing apparatus.

  The invention according to claim 14 (information processing apparatus) relates to the invention (information processing apparatus) according to claim 12 or 13, wherein the authentication information is inserted into the command using a tag.

  The invention (information processing apparatus) according to claim 15 relates to the invention (information processing apparatus) according to any one of claims 12 to 14, wherein the authentication information includes authentication information acquired by screen input, and storage. Authentication information acquired by medium reading or authentication information acquired by biometric authentication.

  The invention according to claim 16 (information processing apparatus) relates to the invention (information processing apparatus) according to any one of claims 12 to 15, wherein the command is a command described in XML (eXtensible Markup Language). It is.

  The invention (information processing apparatus) according to claim 17 relates to the invention (information processing apparatus) according to any one of claims 12 to 16, wherein the command is a job generation request command for generating a job. It is.

  The invention according to claim 18 (information processing apparatus) relates to the invention (information processing apparatus) according to claim 17, wherein the command execution means permits authentication in an authentication process based on authentication information inserted in the command. The command is executed on the condition that it has been confirmed and the existence of authority to execute the job has been confirmed.

  The invention (information processing apparatus) according to claim 19 relates to the invention (information processing apparatus) according to claim 18, wherein the information related to the authority is managed by a server separate from the information processing apparatus.

  The invention (information processing device) according to claim 20 relates to the invention (information processing device) according to any one of claims 17 to 19, wherein the command execution means includes authentication information inserted in the command. If authentication is not permitted in the authentication process based on the command, the command is modified so that the job is executed under job execution conditions that match the policy of the image forming apparatus, and the command is executed.

  The invention (information processing apparatus) according to claim 21 relates to the invention (information processing apparatus) according to claim 20, wherein the information related to the policy is managed by a server separate from the information processing apparatus.

  The invention (information processing apparatus) according to claim 22 relates to what authentication information the information processing apparatus supports with respect to the invention (information processing apparatus) according to any one of claims 12 to 21. Means for providing information;

  The invention (information processing method) according to claim 23 is an information processing method executed by the image forming apparatus, and executes a command for the image forming apparatus issued by a client of the image forming apparatus. In the command execution stage, the command is executed on the condition that authentication is permitted in the authentication process based on the authentication information inserted in the command.

  The invention (information processing method) according to claim 24 is an information processing method executed by an information processing apparatus functioning as a server of the image forming apparatus, the information processing apparatus issued by a client of the image forming apparatus A command execution stage for executing a command for the command, wherein the command is executed on the condition that authentication is permitted in an authentication process based on authentication information inserted in the command.

  An invention (information processing program) according to claim 25 is an information processing program for causing a computer to execute the information processing method according to claim 24.

  The invention (recording medium) according to claim 26 is a computer-readable recording medium on which an information processing program for causing a computer to execute the information processing method according to claim 24 is recorded.

  The invention (information processing method) according to claim 27 is an information processing method executed by an image forming apparatus or a server of the image forming apparatus and a client of the image forming apparatus, wherein the client of the image forming apparatus is A command issuance stage for issuing a command to the image forming apparatus or the server of the image forming apparatus, an authentication information inserting stage for the client of the image forming apparatus to insert authentication information into the command, and the image forming apparatus. Alternatively, the server of the image forming apparatus includes a command execution stage for executing the command, and in the command execution stage, the authentication is permitted in the authentication process based on the authentication information inserted in the command. , Execute the command.

  The invention (information processing method) according to claim 28 is an information processing method executed by an image forming apparatus or a server of the image forming apparatus and a proxy server of a client of the image forming apparatus. The proxy server of the client transfers a command for the image forming apparatus or the server of the image forming apparatus issued by the client of the image forming apparatus to the image forming apparatus or the server of the image forming apparatus A transfer step; an authentication information insertion step in which the proxy server of the client of the image forming apparatus inserts authentication information into the command; and the image forming apparatus or the server of the image forming apparatus executes the command. A command execution stage, and in the command execution stage, the command On condition in the authentication processing based on the inserted authentication information that the authentication is permitted in, and executes the command.

  The invention (storage device) according to claim 29 comprises command execution means for executing a command for the storage device issued by a client of the storage device, wherein the command execution means includes authentication information inserted into the command. The command is executed on the condition that the authentication is permitted in the authentication process based on.

  The invention (information processing apparatus) according to claim 30 is an information processing apparatus functioning as a server of a storage apparatus, comprising command execution means for executing a command for the information processing apparatus issued by a client of the storage apparatus. The command execution means executes the command on the condition that authentication is permitted in an authentication process based on authentication information inserted in the command.

  The invention (information processing method) according to claim 31 is an information processing method executed by a storage apparatus, comprising a command execution stage for executing a command for the storage apparatus issued by a client of the storage apparatus, In the command execution stage, the command is executed on the condition that the authentication is permitted in the authentication process based on the authentication information inserted in the command.

  An invention (information processing method) according to a thirty-second aspect is an information processing method executed by an information processing apparatus functioning as a server of a storage apparatus, and a command for the information processing apparatus issued by a client of the storage apparatus The command execution stage is executed, and in the command execution stage, the command is executed on the condition that the authentication is permitted in the authentication process based on the authentication information inserted in the command.

  The invention (information processing program) according to claim 33 is an information processing program for causing a computer to execute the information processing method according to claim 32.

  The invention (recording medium) described in claim 34 is a computer-readable recording medium on which an information processing program for causing a computer to execute the information processing method according to claim 32 is recorded.

  The invention (information processing method) according to claim 35 is an information processing method executed by a storage device or a server of the storage device and a client of the storage device, wherein the client of the storage device is the storage device. Or a command issuing stage for issuing a command to the server of the storage apparatus, an authentication information inserting stage for the client of the storage apparatus to insert authentication information into the command, and the storage apparatus or the server of the storage apparatus. And a command execution stage for executing the command. In the command execution stage, the command is executed on the condition that authentication is permitted in an authentication process based on authentication information inserted into the command.

  The invention (information processing method) according to claim 36 is an information processing method executed by a storage apparatus or a server of the storage apparatus and a proxy server of a client of the storage apparatus, wherein the client of the storage apparatus A proxy server transfers a command for the storage device or the server of the storage device issued by the client of the storage device to the storage device or the server of the storage device; and The proxy server of the client includes an authentication information insertion step of inserting authentication information into the command, and a command execution step of the storage device or the server of the storage device executing the command, the command The line stage, on condition that authentication by the authentication processing based on the inserted authentication information to the command is allowed to execute the command.

  The invention (image forming apparatus) according to claim 1 is a new authentication for executing the command on condition that the authentication is permitted in the authentication process based on the authentication information inserted in the command for the image forming apparatus. A method is proposed. The authentication process is executed based on the authentication information exchanged in the state inserted in the command.

  In the invention (image forming apparatus) according to the third aspect, since the authentication information is inserted into the command using a tag, the authentication information can be inserted into the command relatively easily. The authentication process is executed based on the authentication information exchanged while being inserted into the command using the tag.

  In the invention (image forming apparatus) described in claim 5, since the command is a command described in XML, authentication information can be inserted into the command using a tag. By adopting XML, it is possible to define a unique tag for inserting authentication information into the command, and to allow a device that does not support the unique tag to ignore the unique tag.

  According to the ninth aspect of the present invention (image forming apparatus), authentication is not permitted in the authentication process based on the authentication information inserted in the command for the command that is a job generation request command for generating a job. Even in this case, the job can be executed.

  The invention (information processing apparatus) according to claim 12 is a new authentication in which the command is executed on condition that the authentication is permitted in the authentication process based on the authentication information inserted in the command for the information processing apparatus. A method is proposed. The authentication process is executed based on the authentication information exchanged in the state inserted in the command.

  In the invention (information processing apparatus) according to the fourteenth aspect, since the authentication information is inserted into the command using a tag, the authentication information can be inserted into the command relatively easily. The authentication process is executed based on the authentication information exchanged while being inserted into the command using the tag.

  In the invention (information processing apparatus) according to claim 16, since the command is a command described in XML, authentication information can be inserted into the command using a tag. By adopting XML, it is possible to define a unique tag for inserting authentication information into the command, and to allow a device that does not support the unique tag to ignore the unique tag.

  In the invention (information processing apparatus) according to claim 20, authentication is not permitted in the authentication processing based on the authentication information inserted in the command for the command that is a job generation request command for generating a job. Even in this case, the job can be executed.

  The invention (information processing method) according to claim 23 is a new authentication in which the command is executed on condition that the authentication is permitted in the authentication process based on the authentication information inserted in the command for the image forming apparatus. A method is proposed. The authentication process is executed based on the authentication information exchanged in the state inserted in the command.

  The invention (information processing method) according to claim 24 is a new authentication in which the command is executed on condition that the authentication is permitted in the authentication process based on the authentication information inserted in the command for the information processing apparatus. A method is proposed. The authentication process is executed based on the authentication information exchanged in the state inserted in the command.

  The invention (storage device) according to claim 29 provides a new authentication method for executing the command on condition that the authentication is permitted in the authentication processing based on the authentication information inserted in the command for the storage device. It is what we propose. The authentication process is executed based on the authentication information exchanged in the state inserted in the command.

  The invention (information processing device) according to claim 30 is a new authentication for executing the command on condition that the authentication is permitted in the authentication processing based on the authentication information inserted in the command for the information processing device. A method is proposed. The authentication process is executed based on the authentication information exchanged in the state inserted in the command.

  The invention (information processing method) according to claim 31 is a new authentication method for executing the command on condition that the authentication is permitted in the authentication processing based on the authentication information inserted in the command for the storage device. This is a proposal. The authentication process is executed based on the authentication information exchanged in the state inserted in the command.

  The invention (information processing method) according to claim 32 is a new authentication for executing the command on condition that the authentication is permitted in the authentication process based on the authentication information inserted in the command for the information processing apparatus. A method is proposed. The authentication process is executed based on the authentication information exchanged in the state inserted in the command.

  As described above, the present invention proposes a new authentication method related to the authentication process executed when the client of the OA device accesses the OA device.

  FIG. 1 is a device layout diagram related to a network to which OA devices are connected. In FIG. 1, a printer 101, a scanner 102, a storage device 103, an authentication server 111, an ACL (Access Control List) server 112, a policy server 113, a PC (Personal Computer) 121, and a proxy server 122 are interconnected by a network 131. . The PC 121 is an information processing apparatus that functions as a client terminal for the printer 101, the scanner 102, and the storage apparatus 103. The proxy server 122 is an information processing apparatus that functions as a proxy server for the PC 121.

  Each of the OA devices in FIG. 1 is an OA device that conforms to BMLinkS. The printer 101 has a print service 104, the scanner 102 has a scan service 105, and the storage apparatus 103 has a storage service 106. The PC 121 is installed with a BMLinkS driver such as a printer driver, a scanner driver, or a storage driver.

  It should be noted that the printer 101 and the scanner 102 may be a multifunction device or a multifunction device that functions as a printer, or a multifunction device or a multifunction device that functions as a scanner, respectively. Further, instead of connecting the printer 101, the scanner 102, and the storage apparatus 103 to the network 131 as shown in FIG. 1, the scan connected to the print server 107 and the scanner 102 connected to the printer 101 as shown in FIG. The server 108 and the storage server 109 connected to the storage apparatus 103 may be connected to the network 131, respectively. Instead of connecting the OA device to the network 131, the server of the OA device is connected to the network 131. The print server 107 has a print service 104, the scan server 108 has a scan service 105, and the storage server 109 has a storage service 106.

  FIG. 3 is a hardware configuration diagram of the printer 101 of FIGS. The printer 101 in FIGS. 1 and 2 includes a CPU 301, a ROM 302, a RAM 303, an HDD (hard disk drive) 304, a print unit 311, an operation display unit 312, a communication unit 313, a USBIF 321 and a Centronics IF 322. ing. These hardware components are connected to the system bus 331.

  The CPU 301 is hardware that executes information processing such as control of the printer 101. The ROM 302 is hardware in which the information processing program and the like are stored. A RAM 303 is the information processing memory. The HDD 304 is the information processing storage described above, and is hardware in which the information processing program and the like are stored.

  The print unit 311 is hardware for executing print processing, and includes a printer engine or the like. The operation display unit 312 is hardware for the user to input to the printer 101 and hardware for the user to obtain an output from the printer 101, and includes an operation panel or the like. The communication unit 313 is hardware for connecting the printer 101 to a network such as Ethernet (registered trademark) or a telephone line, and includes a NIC, a MODEM, or the like.

  The USBIF 321 is an interface for connecting a cable compliant with the USB standard. The Centronics IF 322 is an interface for connecting a Centronics specification cable.

  FIG. 4 is a hardware configuration diagram relating to the scanner 102 of FIGS. 1 and 2 includes a CPU 401, a ROM 402, a RAM 403, an HDD (hard disk drive) 404, a scan unit 411, an operation display unit 412, a communication unit 413, a USBIF 421, a SCSI IF 423, and the like. ing. These hardware components are connected to the system bus 431.

  The CPU 401 is hardware that executes information processing such as control of the scanner 102. The ROM 402 is hardware in which the information processing program and the like are stored. The RAM 403 is the information processing memory. The HDD 404 is the information processing storage described above, and is hardware in which the information processing program and the like are stored.

  The scan unit 411 is hardware for executing scan processing, and includes a scanner engine or the like. The operation display unit 412 is hardware for the user to input to the scanner 102, and is hardware for the user to obtain an output from the scanner 102, and includes an operation panel or the like. The communication unit 413 is hardware for connecting the scanner 102 to a network such as Ethernet (registered trademark) or a telephone line, and is configured by NIC, MODEM, or the like.

  The USBIF 421 is an interface for connecting a cable compliant with the USB standard. The SCSI IF 423 is an interface for connecting a cable compliant with the SCSI standard.

  FIG. 5 is a hardware configuration diagram related to the storage apparatus 103 of FIGS. 1 and 2 includes a CPU 501, a ROM 502, a RAM 503, an HDD (hard disk drive) 504, an operation display unit 512, a communication unit 513, a USBIF 521, and the like. These hardware components are connected to the system bus 531. The roles and the like of these hardware components are the same as those of the printer 101 and the scanner 102.

  FIG. 6 is a hardware configuration diagram related to the PC 121 of FIGS. 1 and 2 includes a CPU 601, ROM 602, RAM 603, HDD (hard disk drive) 604, operation unit 611, display unit 612, communication unit 613, USBIF 621, Centronics IF 622, SCSIIF 623, and the like. These hardware components are connected to the system bus 631.

  The CPU 601 is hardware that executes information processing such as various controls. The ROM 602 is hardware that stores the information processing program and the like. The RAM 603 is the information processing memory. The HDD 604 is the information processing storage described above, and is hardware in which the information processing program and the like are stored.

  The operation unit 611 is hardware for a user to input to the PC 121, and includes a keyboard, a mouse, and the like. The display unit 612 is hardware for a user to obtain an output from the PC 121, and includes a display or the like. The communication unit 613 is hardware for connecting the PC 121 to a network such as Ethernet (registered trademark) or a telephone line, and is configured by NIC, MODEM, or the like.

  The USBIF 621 is an interface for connecting a cable compliant with the USB standard. The Centronics IF 622 is an interface for connecting a Centronics specification cable. The SCSI IF 623 is an interface for connecting a cable compliant with the SCSI standard.

  FIG. 7 is a hardware configuration diagram related to the proxy server 122 of FIGS. The proxy server 122 of FIGS. 1 and 2 includes a CPU 701, a ROM 702, a RAM 703, an HDD (hard disk drive) 704, an operation unit 711, a display unit 712, a communication unit 713, a USBIF 721, and the like. These hardware components are connected to the system bus 731.

  The CPU 701 is hardware that executes information processing such as various controls. The ROM 702 is hardware in which the information processing program and the like are stored. The RAM 703 is the information processing memory. The HDD 704 is a storage for the above information processing, and is hardware in which the above information processing program and the like are stored.

  The operation unit 711 is hardware for a user to input to the proxy server 122, and includes a keyboard, a mouse, and the like. The display unit 712 is hardware for a user to obtain an output from the proxy server 122, and includes a display or the like. The communication unit 713 is hardware for connecting the proxy server 122 to a network such as Ethernet (registered trademark) or a telephone line, and is configured by NIC, MODEM, or the like.

  The USBIF 721 is an interface for connecting a cable compliant with the USB standard.

  FIG. 8 is a hardware configuration diagram related to the print server 107 of FIG. 2 includes a CPU 801, a ROM 802, a RAM 803, an HDD (hard disk drive) 804, an operation unit 811, a display unit 812, a communication unit 813, a USBIF 821, a Centronics IF 822, and the like. These hardware components are connected to the system bus 831. The roles and the like of these hardware components are the same as those of the PC 121 and the proxy server 122.

  FIG. 9 is a hardware configuration diagram related to the scan server 108 of FIG. 2 includes a CPU 901, a ROM 902, a RAM 903, an HDD (hard disk drive) 904, an operation unit 911, a display unit 912, a communication unit 913, a USBIF 921, a SCSI IF 923, and the like. These hardware components are connected to the system bus 931. The roles and the like of these hardware components are the same as those of the PC 121 and the proxy server 122.

  FIG. 10 is a hardware configuration diagram related to the storage server 109 of FIG. 2 includes a CPU 1001, a ROM 1002, a RAM 1003, an HDD (hard disk drive) 1004, an operation unit 1011, a display unit 1012, a communication unit 1013, a USBIF 1021, and the like. These hardware components are connected to the system bus 1031. The roles and the like of these hardware components are the same as those of the PC 121 and the proxy server 122.

(Document processing)
Based on the above description, document processing executed in the document processing system of FIG. 1 will be described. The document processing may be executed in the document processing system in FIG. 2 in the same manner as in the document processing system in FIG.

  When an input operation for printing document data is performed, the PC 121 issues a job generation request command for generating a print job and accesses the printer 101. The printer 101 prints the document data (executes the print job) by executing a job generation request command for generating a print job on condition that the authentication is permitted in the authentication process. The authentication information used in the authentication process is exchanged in a state inserted in the job generation request command. Hereinafter, command issue processing and command execution processing will be described.

(1) Command Issuance Processing FIG. 11 shows a printer operation screen 1101 displayed on the PC 121 screen. FIG. 12 shows an authentication information setting screen 1201 displayed on the screen of the PC 121. A printer driver is installed in the PC 121, and a printer operation screen 1101 and an authentication information setting screen 1201 are displayed by the printer driver.

  On the printer operation screen 1101, it is possible to set which printer is used for printing and under what printing conditions. When the authentication information setting button 1121 is clicked on the printer operation screen 1101, the screen moves to the authentication information setting screen 1201. On the authentication information setting screen 1201, authentication information “organization name”, “department name”, and “title” can be set together with the user information “Requesting User Name”. When an OK button 1211 is clicked on the authentication information setting screen 1201, the screen returns to the printer operation screen 1101 and authentication information is set. When an OK button 1111 is clicked on the printer operation screen 1101, a job generation request command for generating a print job is issued.

  13 and 14 show an example of a script of a command for a job generation request (create_job). The SOAP (Simple Object Access Protocol) envelope is omitted. FIG. 13 shows a command before inserting authentication information, and FIG. 14 shows a command after inserting authentication information. Descriptions 13 and 14 are descriptions related to the BMLinkS command “create_job” and are described in XML (extensible Markup Language). The descriptions 13-1 and 14-1 are the user name “Yamada Taro”. Descriptions 13-2 and 14-2 are job names “sample-job”. Description 14-3 is authentication information inserted into the command using a unique tag.

  Let's talk about tags. In the present embodiment, as tags for inserting authentication information into a command, an organization name tag <x-ORG-name>, a department name tag <x-ORG-group-name>, a department name 1 Tag <x-ORG-group-name-1>, department name tag 2 <x-ORG-group-name-2>, department name tag 3 <x-ORG-group-name-3> In addition, a tag <x-ORG-group-name-4> of the department name 4 and a title tag <x-ORG-title> are defined. The insertion positions of these tags are immediately after the user information tag <requesting-user-name> exists, and immediately after the user information tag <requesting-user-name> does not exist <job-instruction>. And the same level.

  FIG. 15 shows an example of a script of a job generation response (create_jobRESPONSE). The SOAP (Simple Object Access Protocol) envelope is omitted. The description 15 is a description related to the BMLinkS command response “create_jobRESPONSE”, and is described in XML (extensible Markup Language). Description 15-1 is “ok” for the job generation request. The description 15-2 is the job ID “001”. A description 15-3 is a URI “http://192.168.1.4/spool/job-001” as a transfer destination of the document data.

  FIG. 16 is a diagram for explaining an execution subject of the authentication information insertion process.

  FIG. 16A is a diagram when the printer driver 1601 in the PC 121 is the execution subject of the authentication information insertion process. In FIG. 16A, the printer driver 1601 in the PC 121 has an authentication information acquisition function and an authentication information insertion function. In FIG. 16A, the printer driver 1601 in the PC 121 issues a job generation request command to the print service 104 in the printer 101, and the printer driver 1601 in the PC 121 acquires authentication information and adds the command to the command. The authentication information is inserted using a tag.

  FIG. 16B is a diagram when the proxy service 1602 in the PC 121 is the execution subject of the authentication information insertion process. In FIG. 16B, the proxy service 1602 in the PC 121 has an authentication information acquisition function and an authentication information insertion function. In FIG. 16B, the printer driver 1601 in the PC 121 issues a job generation request command to the print service 104 in the printer 101, and the proxy service 1602 in the PC 121 acquires the authentication information and adds the command to the command. The authentication information is inserted using a tag.

  FIG. 16C is a diagram when the proxy service 1602 in the proxy server 122 is the execution subject of the authentication information insertion process. In FIG. 16C, the proxy service 1602 in the proxy server 122 has an authentication information acquisition function and an authentication information insertion function. In FIG. 16B, the printer driver 1601 in the PC 121 issues a job generation request command to the print service 104 in the printer 101, and the proxy service 1602 in the proxy server 122 sends the command to the print service 104 in the printer 101. At the same time, the proxy service 1602 in the proxy server 122 acquires the authentication information and inserts the authentication information into the command using a tag.

  16B and 16C have an advantage that the printer driver 1601 may be a standard driver without an authentication information acquisition function or an authentication information insertion function, compared to FIG. 16A. Compared to FIG. 16B, FIG. 16C has an advantage that a plurality of clients can share one proxy.

  As an aspect of the authentication information acquisition process, 1) an aspect of acquiring authentication information by screen input, 2) an aspect of acquiring authentication information by reading a storage medium such as an IC card, and 3) reading of biological information such as a fingerprint or an iris The aspect which acquires authentication information by the biometric authentication using ID is mentioned.

  In the aspect 1, the authentication information is input on the screen through the operation display unit 1611 (corresponding to the operation units 611 and 711 and the display units 612 and 712) of the PC 121 or the proxy server 122. The authentication information screen is input on the authentication information setting screen 1201 in FIG. In the case of FIG. 16A, the authentication information setting screen 1201 of FIG. 12 is displayed on the screen of the PC 121 by the printer driver 1601 in the PC 121 as described above. In the case of FIG. 16B, the authentication information setting screen 1201 of FIG. 12 is displayed on the screen of the PC 121 by the proxy service 1602 in the PC 121. In the case of FIG. 16C, the authentication information setting screen 1201 of FIG. 12 is displayed on the screen of the proxy server 122 by the proxy service 1602 in the proxy server 122.

  In the aspect 2, the authentication information stored in the IC card set in the IC card IF 1612 of the PC 121 or the proxy server 122 is read. The IC card IF 1612 is provided as an optional product such as the printer 101, for example.

  In the aspect 3, the authentication information is acquired through biometric authentication executed by the biometric authentication unit 1613 of the PC 121 or the proxy server 122. The biometric authentication unit 1613 is provided as an optional product such as the printer 101, for example.

  The authentication information acquisition process may be executed before the OK button 1111 is clicked on the printer operation screen 1101 in FIG. 11 (referred to as “pre-acquisition”). If the OK button 1111 is clicked on the printer operation screen 1101 in FIG. There are also cases where it is executed after being called (called post-acquisition). When the authentication information setting button 1121 is clicked on the printer operation screen 1101 in FIG. 11, the authentication information setting screen 1201 in FIG. 12 is displayed. This corresponds to a specific example of pre-acquisition (mode 1). In the case of FIG. 16A, the authentication information acquired in advance is obtained by the printer driver 1601 in the PC 121, in the case of FIG. 16B by the proxy service 1602 in the PC 121, and in the case of FIG. 16C, the proxy information in the proxy server 122 is obtained. Managed by the service 1602. The authentication information acquired in advance is managed in a table as shown in FIG. 17 in the case of FIG. 16B or FIG. 16C. The table in FIG. 17 is a table related to the correspondence between the IP address of the client and the authentication information of the client. Using this correspondence, authentication information corresponding to the IP address is inserted into a command including the IP address.

  It is assumed that the authentication information insertion process is executed according to a predetermined setting. When the setting is “preliminary acquisition”, authentication information insertion processing based on the authentication information acquired by prior acquisition is executed. When the setting is “post-acquisition”, authentication information insertion processing is performed using the authentication information acquired by the post-acquisition. If the setting is “not implemented”, the authentication information insertion process is not executed.

  FIG. 18 is a flowchart relating to authentication information insertion processing executed by the printer driver 1601. When the OK button 1111 is clicked on the printer operation screen 1101 in FIG. 11, the printer driver 1601 issues a job generation request command for generating a print job. At this time, if the setting of the authentication information insertion process is “preliminary acquisition” (S111), the authentication based on the authentication information acquired by the prior acquisition is only performed when the prior acquisition of authentication information has been executed (S121). Information insertion processing is executed (S122). When the setting of the authentication information insertion process is “subsequent acquisition” (S111), the authentication information acquisition process is executed (S131), and the authentication information insertion process using the authentication information acquired by the subsequent acquisition is executed (S132). Is done. After passing through these processes, the printer driver 1601 issues the above command (S141).

  FIG. 19 is a flowchart relating to authentication information insertion processing executed by the proxy service 1602. The proxy service 1602 receives a job generation request command for generating a print job from the printer driver 1601 and transfers it to the print service 104 in the printer 101. At this time, if the setting of the authentication information insertion process is “preliminary acquisition” (S211), authentication based on the authentication information acquired by the prior acquisition is only performed when the authentication information is acquired in advance (S221). Information insertion processing is executed (S222). If not executed (S221), an authentication information acquisition process is executed (S223), and an authentication information insertion process using the authentication information acquired by the subsequent acquisition is executed (S224). Even when the setting of the authentication information insertion process is “subsequent acquisition” (S211), the authentication information acquisition process is executed (S231), and the authentication information insertion process using the authentication information acquired by the subsequent acquisition is executed (S232). The If the authentication information has already been inserted (S201), these processes are not necessary. After passing through these processes, the proxy service 1602 transfers the above command to the print service 104 in the printer 101 (S241).

  FIG. 20 is a flowchart relating to authentication information acquisition processing executed by the printer driver 1601 and the proxy service 1602. S131 in FIG. 18 and S223 and S231 in FIG. 19 correspond to this.

  When the setting of the authentication information acquisition process is mode 1 (authentication information is acquired by screen input) (S301 Yes), the authentication information setting screen 1201 of FIG. 12 is displayed (S311). The authentication information is input on the authentication information setting screen 1201 in FIG. In this way, authentication information is acquired (S313). If the authentication information acquisition process is canceled (S312), the authentication information becomes “none”.

  When the setting of the authentication information acquisition process is mode 2 (authentication information is acquired by reading the storage medium) (Yes in S302), a message prompting to set the IC card is displayed (S321). The IC card is set according to the message. The authentication information stored in the IC card set according to the message is read (S323), and the authentication information is acquired (S324). Then, the authentication information setting screen 1201 of FIG. 12 is displayed as a confirmation screen for the authentication information acquisition result (S325). If the authentication information acquisition process is canceled (S322), the authentication information becomes “none”. The same applies when reading of the storage medium fails.

  When the setting of the authentication information acquisition process is mode 3 (acquired by biometric authentication using reading of biometric information) (S303 Yes), a message prompting an operation for reading biometric information is displayed (S331). An operation for reading biometric information is performed according to the message. When the biometric information is read (S333), the personal identification information is acquired (S334) through collation with an internal database related to the correspondence relationship between the biometric information and the personal identification information or authentication information, and further the authentication information is acquired. (S335). Then, the authentication information setting screen 1201 of FIG. 12 is displayed as a confirmation screen for the authentication information acquisition result (S336). If the authentication information acquisition process is canceled (S332), the authentication information becomes “none”. The same applies when biometric information reading or database matching fails.

(2) Function Information Providing Process The print service 104 in the printer 101 can provide information relating to what functions it supports. Specifically, in response to a command requesting that information relating to what function is supported (referred to as a function information provision request), a response including the information relating to what function is supported (function It is called an information provision response).

  FIG. 21 shows an example of the command script for the function information provision request. The SOAP envelope is omitted. The description 21 is a description related to the BMLinkS command and is described in XML. The description 21-1 is the user name “Yamada Taro”.

  FIG. 22 shows an example of the function information provision response script. The SOAP envelope is omitted. A description 22 is a description related to the BMLinkS command response and is described in XML. The description 22-2 is the user name “Yamada Taro”. The description 22-2 is information relating to what “standard function” is supported. Here, it can be seen that stapling is not supported, color is supported, and single-sided printing, horizontal folding duplex printing, and vertical folding duplex printing are supported. That is, it can be understood what printing conditions are supported. Description 22-3 is information relating to what “extended function” is supported. Here, support for the organization name tag, support for the department tag, support for the department 1 tag, support for the department 2 tag It can be seen that the tag of the department name 3 is not supported, the tag of the department name 4 is not supported, and the title tag is supported. That is, it can be understood what authentication information is supported. Note that these tags and authentication information are also called extension tags and extended authentication information after the extended function.

  The print service 104 in the printer 101 manages information regarding what “standard functions” are supported and information regarding what “extended functions” are supported in separate tables. It is possible to restrict the provision of information related to what “extended function” is supported according to a predetermined setting. When the setting is “restricted”, a description like the description 22-3 is not attached to the function information provision response in FIG. When the setting is “non-restricted”, a description like the description 22-3 is attached to the function information providing response in FIG. By setting the setting to “restricted”, it is possible to prevent misuse of the extension function by a user who does not understand the extension function and abuse of the extension function by a malicious user.

  FIG. 23 is a flowchart relating to function information provision processing executed by the print service 104. When receiving the function information provision request command issued by the PC 121, the print service 104 issues a function information provision response to the PC 121. At this time, if the print service 104 supports the extended function (S401) and the setting of function information provision related to the extended function is “unrestricted” (S402), what “standard function” is selected. A function information provision response including information relating to support and information relating to what “extended function” is supported is issued (S403). On the other hand, when the print service 104 does not support the extended function (S401) or when the function information provision setting related to the extended function is “restricted” (S402), what “standard function” is supported. A function information providing response is issued (S404) which includes such information but does not include information regarding what “extended function” is supported.

(3) Command Execution Processing A command for the print service 104 issued (command issue processing) by the PC 121 is executed (command execution processing) by the print service 104. In section 1, command issue processing has been described, but in section 3, command execution processing will be described.

  When the print service 104 receives a job generation request command to generate a print job, it issues an “authentication request” to the authentication server 111 to execute authentication processing based on the authentication information inserted in the command. To do. This is because that the authentication is permitted in the authentication process is a condition for executing the command.

  The print service 104 issues an “access authority determination request” to the ACL server 112 for determining whether or not there is an authority (access authority) to execute the print job when authentication is permitted in the authentication process. To do. This is because it is a condition for executing the above command that the presence of the authority to execute the above print job is confirmed in addition to the authentication being permitted in the above authentication processing. When it is confirmed that the print service 104 has the authority to execute the print job, the print service 104 executes the command and generates the print job. The printer 101 executes the print job generated by the print service 104 and prints document data.

  The print service 104 issues a “policy information provision request” to the policy server 113 to provide information related to the policy of the printer 101 if the authentication is not permitted in the above authentication process. This is to correct the above command based on information relating to the policy of the printer 101. The print service 104 corrects the command so that the document data is printed (print job is executed) under a print condition (print job execution condition) that matches the policy of the printer 101, and then the corrected command To generate a print job. Commands that cannot be executed as they are are modified and executed so that they can be executed. The printer 101 executes the print job generated by the print service 104 and prints document data.

  Note that the processes executed by the three servers of the authentication server 111, the ACL server 112, and the policy server 113 may be executed collectively by one or two servers. Also, processing executed by the authentication server 111 separate from the printer 101 is performed by the authentication service in the printer 101, and processing executed by the ACL server 112 separate from the printer 101 is performed by the ACL service in the printer 101 and separated from the printer 101. The processing executed by the policy server 113 may be executed by the policy service in the printer 101.

  FIG. 24 shows an example of an authentication request command script. The SOAP envelope is omitted. The description 24 is a description related to the BMLinkS command and is described in XML. The description 24-1 is the user name “Yamada Taro”. Description 24-2 is authentication information exchanged in a state inserted in a job generation request command using a unique tag.

  25 and 26 show examples of authentication response scripts. The SOAP envelope is omitted. FIG. 25 shows an authentication response when authentication is successful (when authentication is permitted), and FIG. 26 shows an authentication response when authentication fails (when authentication is not permitted). Descriptions 25 and 26 are descriptions related to the BMLinkS command response, and are described in XML.

  FIG. 27 shows an example of an ACL (Access Control List) managed by the ACL server 112. “+” And “−” in the access authority column mean presence / absence of access authority to the print service 104 (printer 101). For example, + r and −r indicate the presence or absence of Read authority for the print service 104, that is, the presence or absence of authority to acquire status information from the printer 101. For example, + w and −w respectively indicate the presence or absence of a write authority for the print service 104, that is, the presence or absence of an authority to execute a print job in the printer 101.

  The description 27-1 indicates that when the authentication information “x-ORG-name” is “*** Corporation”, both the Read authority and the Write authority for the sales department printer (name of the printer 101) are present. ing. The description 27-2 indicates that when the authentication information “x-ORG-group-name” is “... Sales department”, both the Read authority and the Write authority for the sales department printer (name of the printer 101) are provided. I mean. The description 27-3 means that when the authentication information “x-ORG-title” is “section manager”, there is neither Read authority nor Write authority for the sales department printer (name of the printer 101).

  When the ACL server 112 receives the access authority determination request issued by the print service 104, the ACL server 112 determines the presence or absence of the access authority based on the ACL as shown in FIG. 27, and sends an access authority determination response including the determination result to the print service. Issue to 104. The print service 104 confirms the existence of the access authority with reference to the determination result.

  FIG. 28 shows an example of a script of a policy information provision request command. The SOAP envelope is omitted. A description 28 is a description related to the BMLinkS command and is described in XML. The description 28-1 is the user name “Yamada Taro”. Description 28-2 is authentication information exchanged in a state inserted in a job generation request command using a unique tag. The description 28-3 is a description indicating that a policy relating to a job generation request command is an information providing target.

  FIG. 29 shows an example of a policy information provision response script. The SOAP envelope is omitted. The description 29 is a description related to the BMLinkS command response, and is described in XML. The description 29-1 is information provision content related to a policy related to a command of a job generation request. Here, it is understood that monochrome is essential for the printing color, horizontal folding duplex printing is essential for the printing surface, 2up is essential for the layout, and the maximum allowable number of pages is 6 pages. . In this way, policies relating to various printing conditions (print job execution conditions) are managed by the policy server 113 as policies relating to job generation request commands.

  30 and 31 show examples of script of a job generation request (create_job) command received by the print service 104. The SOAP envelope is omitted. FIG. 30 shows a command before correction based on the policy, and FIG. 31 shows a command after correction based on the policy. Descriptions 30 and 31 are descriptions related to the BMLinkS command, and are described in XML. Condition 1 “printing color” is corrected from color to monochrome, and condition 2 “printing surface” is corrected from single-sided printing to horizontal folding double-sided printing. This is because, according to the policy shown in FIG. 29, the printing color is indispensable for monochrome, and the printing surface is indispensable for horizontal folding duplex printing.

  FIG. 32 is a flowchart relating to command execution processing executed by the print service 104.

  When the print service 104 receives a job generation request command for generating a print job, if authentication information is inserted in the command (S501), the print service 104 performs authentication processing based on the authentication information inserted in the command. An “authentication request” for execution is issued to the authentication server 111 (S502). Authentication information in the job generation request command, Requesting User Name, and the like are attached to the authentication request.

  If the authentication is successful in the authentication process (S503), the print service 104 issues an “access authority determination request” for determining whether or not the authority to execute the print job (access authority) is present. (S511). In the access authority determination request, information on what is the access target to be determined (here, the printer 101), information on what access authority is to be determined (here, the Write authority), and the job generation request command The authentication information is attached. The print service 104 executes the above command (S541) when the existence of the authority to execute the above print job is confirmed (S512). If not confirmed (S512), the above command is rejected (the process may be shifted to S521).

  If the authentication fails in the above authentication process (S503), the print service 104 issues a “policy information provision request” to the policy server 113 to provide information related to the policy of the printer 101 (S521). To do. The policy information provision request is attached with information on what the policy is the information provision target (here, the policy regarding the command of the job generation request). Upon receiving the policy information provision response (S522), the print service 104 prints the document data (print job is executed) under the print conditions (print job execution conditions) that match the policy of the printer 101. The command is corrected (S523), and the corrected command is executed (S541).

  On the other hand, if authentication information is not inserted in the command (S501), the print service 104 is included in the list of Requesting User Names managed by the print service 104 only when the access control is set (S531). Then, it is determined whether or not the Requesting User Name in the job generation request command is listed (S532). If it is listed, the above command is executed (S541), and if it is not listed, the above command is rejected (the process may be shifted to S521). If the setting is such that access control is not performed (S531), access is free and the above command is executed (S541).

  FIG. 33 is a flowchart relating to command correction processing executed by the print service 104. S523 of FIG. 32 corresponds to this.

  If there is a policy related to “staple” in the policy of the printer 101 (S601), the printing conditions related to “staple” in the command of the job generation request match the policy within the limit that can be corrected (S602). (S603). If it cannot be corrected (S602), the command is rejected.

  If there is a policy related to “print color” in the policy of the printer 101 (S611), the print condition related to “print color” of the command of the job generation request matches the policy within the limit that can be corrected (S612). So as to correct (S613). If it cannot be corrected (S612), the command is rejected.

  If there is a policy related to “printing surface” in the policy of the printer 101 (S621), the printing condition related to “printing surface” of the command of the job generation request matches the policy within the limit that can be corrected (S622). So as to correct (S623). If it cannot be corrected (S622), the command is rejected.

  If there is a policy related to “layout” in the policy of the printer 101 (S631), the print condition related to “layout” of the command of the job generation request is matched with the policy within the limit that can be corrected (S632). (S633). If it cannot be corrected (S632), the command is rejected.

  If there is a policy related to “number of pages” in the policy of the printer 101 (S641), the print condition related to “number of pages” of the command of the job generation request matches the policy within the limit that can be corrected (S642). So that it is corrected (S643). If it cannot be corrected (S642), the command is rejected.

  In the third section, the case where the print service 104 in the printer 101 issues an authentication request, an access authority determination request, a policy information provision request, or the like as part of the command execution processing has been described. FIG. 32 corresponds to the flowchart. As a modification, a case will be described in which the proxy service 1602 in the proxy server 122 issues an authentication request, an access authority determination request, a policy information provision request, or the like as part of the command transfer process. 34 and 35 are used for the description.

  FIG. 34 is a flowchart relating to command transfer processing executed by the proxy service 1602 in the proxy server 122. FIG. 34 corresponds to the modified example of FIG. Equivalent to. However, the difference from FIG. 19 is that the process of S751 is executed before the process of S741. That is, after passing through the processing of FIG. 35 (S751), the command is transferred (S741).

  FIG. 35 is a flowchart relating to command transfer processing executed by the proxy service 1602 in the proxy server 122. FIG. 35 corresponds to a modification of FIG. 32, and S801, S802, S803, S811, S812, S822, S823, S831, and S832 are S501, S502, S503, S511, S5122, S521, S522, and S523, respectively. This corresponds to S531, S532. The difference from FIG. 32 is that there is no process corresponding to “command execution” in S541. A process that exists instead is “command transfer” in S741 of FIG.

  The processing from “START” to “END” in FIG. 35 corresponds to the processing in S751 in FIG.

  Note that the description from the first section to the third section is valid even if the printer 101 and the print service 104 are replaced with the scanner 102 and the scan service 105, the storage apparatus 103 and the storage service 106. That is, the command for the scan service 105 issued by the PC 121 is executed by the scan service 105 and issued by the PC 121 in the same manner as the command for the print service 104 issued by the PC 121 is executed by the print service 104. The command for the storage service 106 is executed by the storage service 106. In this case, a job generation request command for generating a print job includes a job generation request command for generating a scan job, a file generation request command for generating a file, and a data read request for reading data. Command, a data write request command for writing data, and the like. The printer driver is replaced with a scanner driver or a storage driver.

  Further, the description from the first section to the third section is valid even if the print service 104 in the printer 101 in FIG. 1 is replaced with the print service 104 in the print server 107 in FIG. That is, the command for the “print service 104 in the print server 107” issued by the PC 121 is executed in the same way as the command for the “print service 104 in the printer 101” issued by the PC 121 is executed. Is executed by the print service 104. In this case, the print job is generated by the print server 107 and executed by the printer 101. If the explanation in this paragraph and the explanation in the previous paragraph are combined, it is clear that the same can be said for the scan service 105 in the scan server 108 in FIG. 2 and the storage service 106 in the storage server 109 in FIG. .

(Modification)
The printer 101 in FIG. 1 and the scanner 102 in FIG. 1 correspond to the embodiment of the present invention (image forming apparatus), and information processing executed by the printer 101 in FIG. 1 and the scanner 102 in FIG. Processing method).

  The print server 107 in FIG. 2 and the scan server 108 in FIG. 2 also correspond to the embodiment of the present invention (information processing apparatus), and information processing executed by the print server 107 in FIG. 2 and the scan server 108 in FIG. Moreover, it corresponds to an embodiment of the present invention (information processing method). The print server 107 in FIG. 2 and the scan server 108 in FIG. 2 are, for example, personal computers installed with a computer program that causes a computer to execute the information processing. The computer program corresponds to an embodiment of the present invention (information processing program), and the CD-ROM on which the computer program is recorded corresponds to an embodiment of the present invention (recording medium). The print server 107 in FIG. 2 and the scan server 108 in FIG. 2 are, for example, personal computers installed with the computer program recorded on the CD-ROM.

  The storage apparatus 103 in FIG. 1 corresponds to an embodiment of the present invention (storage apparatus), and information processing executed by the storage apparatus 103 in FIG. 1 corresponds to an embodiment of the present invention (information processing method).

  The storage server 109 in FIG. 2 also corresponds to the embodiment of the present invention (information processing apparatus), and the information processing executed by the storage server 109 in FIG. 2 also corresponds to the embodiment of the present invention (information processing method). To do. The storage server 109 in FIG. 2 is, for example, a personal computer in which a computer program that causes a computer to execute the information processing is installed. The computer program corresponds to an embodiment of the present invention (information processing program), and the CD-ROM on which the computer program is recorded corresponds to an embodiment of the present invention (recording medium). The storage server 109 in FIG. 2 is, for example, a personal computer in which the computer program recorded on the CD-ROM is installed.

It is an apparatus arrangement | positioning figure which concerns on the network to which the OA apparatus was connected. It is an apparatus arrangement | positioning figure (modification) which concerns on the network to which the OA apparatus was connected. FIG. 3 is a hardware configuration diagram related to the printer 101 of FIGS. It is a hardware block diagram concerning the scanner 102 of FIGS. FIG. 3 is a hardware configuration diagram related to the storage apparatus 103 of FIGS. It is a hardware block diagram concerning PC121 of Drawings 1 and 2. It is a hardware block diagram concerning the proxy server 122 of FIGS. FIG. 3 is a hardware configuration diagram related to the print server 107 of FIG. 2. It is a hardware block diagram concerning the scan server 108 of FIG. It is a hardware block diagram concerning the storage server 109 of FIG. A printer operation screen displayed on the screen of the PC is shown. An authentication information setting screen displayed on the PC screen is shown. An example of a script for a job generation request command (before inserting authentication information) is shown. An example of a script for a job generation request command (after inserting authentication information) is shown. An example of a job generation response script is shown. It is a figure for demonstrating the execution main body of an authentication information insertion process. An example of a table for managing authentication information is shown. FIG. 9 is a flowchart relating to authentication information insertion processing executed by a printer driver. It is a flowchart figure which concerns on the authentication information insertion process performed by a proxy service. FIG. 10 is a flowchart relating to authentication information acquisition processing executed by a printer driver or a proxy service. An example of a command script for a function information provision request is shown. An example of a function information provision response script is shown. FIG. 10 is a flowchart relating to a function information providing process executed by a print service. An example of an authentication request command script is shown. An example of a script of an authentication response (when authentication is successful) is shown. An example of an authentication response script (when authentication fails) is shown. An example of ACL is shown. This example shows a script of a policy information provision request command. An example of a policy information provision response script is shown. An example of a script for a job generation request command (before modification) is shown. An example of a script for a job generation request command (before modification) is shown. FIG. 10 is a flowchart relating to command execution processing executed by a print service. FIG. 11 is a flowchart relating to command correction processing executed by the print service. It is a flowchart figure which concerns on the command transfer process performed by the proxy service in a proxy server. It is a flowchart figure which concerns on the command transfer process performed by the proxy service in a proxy server.

Explanation of symbols

DESCRIPTION OF SYMBOLS 101 Printer 102 Scanner 103 Storage apparatus 104 Print service 105 Scan service 106 Storage service 107 Print server 108 Scan server 109 Storage server 111 Authentication server 112 ACL server 113 Policy server 121 PC
122 Proxy server 131 Network 301 CPU
302 ROM
303 RAM
304 HDD
311 Print unit 312 Operation display unit 313 Communication unit 321 USBIF
322 Centronics IF
331 system bus 401 CPU
402 ROM
403 RAM
404 HDD
411 Scan unit 412 Operation display unit 413 Communication unit 421 USBIF
423 SCSIIF
431 System bus 501 CPU
502 ROM
503 RAM
504 HDD
512 Operation display unit 513 Communication unit 521 USBIF
531 System Bus 601 CPU
602 ROM
603 RAM
604 HDD
611 Operation unit 612 Display unit 613 Communication unit 621 USBIF
622 Centronics IF
623 SCSIIF
631 System bus 701 CPU
702 ROM
703 RAM
704 HDD
711 Operation unit 712 Display unit 713 Communication unit 721 USBIF
731 System Bus 801 CPU
802 ROM
803 RAM
804 HDD
811 Operation unit 812 Display unit 813 Communication unit 821 USBIF
822 Centronics IF
831 system bus 901 CPU
902 ROM
903 RAM
904 HDD
911 Operation unit 912 Display unit 913 Communication unit 921 USBIF
923 SCSIIF
931 System bus 1001 CPU
1002 ROM
1003 RAM
1004 HDD
1011 Operation unit 1012 Display unit 1013 Communication unit 1021 USBIF
1031 System Bus 1101 Printer Operation Screen 1111 OK Button 1121 Authentication Information Setting Button 1201 Authentication Information Setting Screen 1211 OK Button 1601 Printer Driver 1602 Proxy Service 1611 Operation Display Unit 1612 IC Card IF
1613 Biometric authentication unit

Claims (36)

Command execution means for executing a command for the image forming apparatus issued by a client of the image forming apparatus;
The image forming apparatus, wherein the command execution unit executes the command on the condition that authentication is permitted in an authentication process based on authentication information inserted in the command.   The image forming apparatus according to claim 1, wherein the authentication process is executed by a server separate from the image forming apparatus.   The image forming apparatus according to claim 1, wherein the authentication information is inserted into the command using a tag.   4. The authentication information according to claim 1, wherein the authentication information is authentication information acquired by screen input, authentication information acquired by reading a storage medium, or authentication information acquired by biometric authentication. The image forming apparatus described in 1.   The image forming apparatus according to claim 1, wherein the command is a command described by XML (extensible Markup Language).   The image forming apparatus according to claim 1, wherein the command is a job generation request command for generating a job.   The command execution means executes the command on the condition that authentication is permitted by an authentication process based on authentication information inserted in the command and that the existence of authority to execute the job is confirmed. The image forming apparatus according to claim 6.   The image forming apparatus according to claim 7, wherein the information related to the authority is managed by a server separate from the image forming apparatus.   The command execution unit is configured to execute the job so that the job is executed under a job execution condition that matches the policy of the image forming apparatus when authentication is not permitted in the authentication process based on the authentication information inserted in the command. The image forming apparatus according to claim 6, wherein the command is executed after correction.   The image forming apparatus according to claim 9, wherein the information related to the policy is managed by a server separate from the image forming apparatus.   11. The image forming apparatus according to claim 1, further comprising means for providing information relating to what authentication information the image forming apparatus supports. An information processing apparatus that functions as a server of an image forming apparatus,
Command execution means for executing a command for the information processing apparatus issued by a client of the image forming apparatus;
The information processing apparatus, wherein the command execution unit executes the command on condition that authentication is permitted in an authentication process based on authentication information inserted in the command.   The information processing apparatus according to claim 12, wherein the authentication process is executed by a server separate from the information processing apparatus.   The information processing apparatus according to claim 12 or 13, wherein the authentication information is inserted into the command using a tag.   15. The authentication information according to claim 12, wherein the authentication information is authentication information acquired by screen input, authentication information acquired by reading a storage medium, or authentication information acquired by biometric authentication. The information processing apparatus described in 1.   The information processing apparatus according to claim 12, wherein the command is a command described in XML (extensible Markup Language).   The information processing apparatus according to claim 12, wherein the command is a job generation request command for generating a job.   The command execution means executes the command on the condition that authentication is permitted by an authentication process based on authentication information inserted in the command and that the existence of authority to execute the job is confirmed. The information processing apparatus according to claim 17.   The information processing apparatus according to claim 18, wherein the information related to the authority is managed by a server separate from the information processing apparatus.   The command execution unit is configured to execute the job under a job execution condition that matches a policy of the image forming apparatus when authentication is not permitted in the authentication process based on the authentication information inserted in the command. The information processing apparatus according to claim 17, wherein the command is executed after correction.   The information processing apparatus according to claim 20, wherein the information related to the policy is managed by a server separate from the information processing apparatus.   The information processing apparatus according to any one of claims 12 to 21, further comprising means for providing information relating to what authentication information the information processing apparatus supports. An information processing method executed by an image forming apparatus,
A command execution stage for executing a command for the image forming apparatus issued by a client of the image forming apparatus;
In the command execution stage, the command is executed on condition that authentication is permitted in an authentication process based on authentication information inserted in the command. An information processing method executed by an information processing apparatus functioning as a server of an image forming apparatus,
A command execution stage for executing a command for the information processing apparatus issued by a client of the image forming apparatus;
In the command execution stage, the command is executed on condition that authentication is permitted in an authentication process based on authentication information inserted in the command.   An information processing program for causing a computer to execute the information processing method according to claim 24.   A computer-readable recording medium on which an information processing program for causing a computer to execute the information processing method according to claim 24 is recorded. An information processing method executed by an image forming apparatus or a server of the image forming apparatus and a client of the image forming apparatus,
A command issuance stage in which the client of the image forming apparatus issues a command to the image forming apparatus or the server of the image forming apparatus; and authentication information in which the client of the image forming apparatus inserts authentication information into the command. An insertion stage, and a command execution stage in which the image forming apparatus or the server of the image forming apparatus executes the command,
In the command execution stage, the command is executed on condition that authentication is permitted in an authentication process based on authentication information inserted in the command. An information processing method executed by an image forming apparatus or a server of the image forming apparatus and a proxy server of a client of the image forming apparatus,
The proxy server of the client of the image forming apparatus sends a command to the image forming apparatus or the server of the image forming apparatus issued by the client of the image forming apparatus to the image forming apparatus or the image forming apparatus. A command transfer step of transferring to a server, an authentication information insertion step of inserting authentication information into the command by the proxy server of the client of the image forming device, and the image forming device or the server of the image forming device, A command execution stage for executing the command,
In the command execution stage, the command is executed on condition that authentication is permitted in an authentication process based on authentication information inserted in the command. Comprising command execution means for executing a command for the storage device issued by a client of the storage device;
The storage device characterized in that the command execution means executes the command on condition that authentication is permitted in an authentication process based on authentication information inserted in the command. An information processing device that functions as a server of a storage device,
Command execution means for executing a command for the information processing apparatus issued by the client of the storage apparatus;
The information processing apparatus, wherein the command execution unit executes the command on condition that authentication is permitted in an authentication process based on authentication information inserted in the command. An information processing method executed by a storage device,
A command execution stage for executing a command for the storage device issued by a client of the storage device;
In the command execution stage, the command is executed on condition that authentication is permitted in an authentication process based on authentication information inserted in the command. An information processing method executed by an information processing apparatus functioning as a server of a storage apparatus,
A command execution stage for executing a command for the information processing apparatus issued by the client of the storage apparatus;
In the command execution stage, the command is executed on condition that authentication is permitted in an authentication process based on authentication information inserted in the command.   An information processing program for causing a computer to execute the information processing method according to claim 32.   A computer-readable recording medium on which an information processing program for causing a computer to execute the information processing method according to claim 32 is recorded. An information processing method executed by a storage device or a server of the storage device and a client of the storage device,
A command issuance stage in which the client of the storage apparatus issues a command to the storage apparatus or the server of the storage apparatus; and an authentication information insertion stage in which the client of the storage apparatus inserts authentication information into the command; A command execution stage in which the storage device or the server of the storage device executes the command;
In the command execution stage, the command is executed on condition that authentication is permitted in an authentication process based on authentication information inserted in the command. An information processing method executed by a storage device or a server of the storage device and a proxy server of a client of the storage device,
Command transfer in which the proxy server of the client of the storage device transfers a command for the storage device or the server of the storage device issued by the client of the storage device to the storage device or the server of the storage device An authentication information insertion step in which the proxy server of the client of the storage device inserts authentication information into the command, and a command execution step in which the storage device or the server of the storage device executes the command With
In the command execution stage, the command is executed on condition that authentication is permitted in an authentication process based on authentication information inserted in the command.

Images