JP2005266699A - Display control method and image processing apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an easy and flexible operation procedure for the user in authenticating of the user, using a prescribed authentication card. <P>SOLUTION: It is decided whether a user, authenticated by a user authentication function for performing user authentication using a prescribed authentication card, is authorized to execute a prescribed processing and based on the result of the decision, whether the user is capable of executing the prescribed processing is displayed on a display part. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a display control method for an image processing apparatus having a user authentication function for performing user authentication using a predetermined authentication card.

(User authentication by smart card)
In recent years, “smart cards”, which are IC cards incorporating CPUs, have become widespread. Along with improvements in CPU performance and storage capacity built into this card, advanced cryptographic algorithm processing and secure key management inside the card have been put to practical use, compared to cards with embedded magnetic stripes such as conventional cash cards. The safety is greatly improved. Furthermore, the multi-application of the operating system incorporated in the card has been achieved, and it has become possible to use a single card for a plurality of purposes.

  Further, by providing an electronic certificate function inside the card, it can be used for user authentication. The user authentication method uses the so-called "what-you-know type", which uses information that only the principal knows, such as a personal identification number and password, and authentication that only the principal should have such as a seal or various certificates The so-called “what-you-have type” using substances and the “what-you-are type” using the biological features of the person such as voiceprints, iris iris and handwriting are known (for example, , See Patent Document 1).

  In other words, what-you-have users based on the smart card's electronic certificate function will be used in various systems that have adopted what-you-know type user authentication based on the above-mentioned PIN and password. Authentication can be adopted. Furthermore, with the development of public key infrastructure (PKI) and the like, it is expected that user authentication in various systems can be commonly performed with one smart card in terms of operation.

(Per session authentication)
Conventionally, user authentication for each session is performed in the operation of the image processing system. For example, in a copier-based multi-function peripheral (MFP), department-specific device usage aggregation and access control by department-specific ID management are realized. This requests a login process prior to the use of the operation unit of the multifunction peripheral, and authenticates the department (group) to which the user belongs in the login process. If the group authentication is successful and login is permitted, the process in the session until the user logs out is treated as a process belonging to the group. The number of prints by a job activated during a session is counted in the counter of the group. Privileged processing that is permitted only to the administrator group is permitted only during a login session authenticated as a member of the administrator group (such as an operation for setting an administrator or a management operation for a box for which an end user has set a password).

  Group authentication at the time of login is performed by a combination of a department ID and a password. In addition, using a magnetic card storing department ID information, a period from insertion to removal of the card is managed as a session.

  Furthermore, not only group-based authentication but also session management in units of individual users is partially performed. Normal processing does not require authentication, and user management is performed only when shifting to a specific operation mode, and session management is also performed to handle a valid session until exiting a specific operation mode (for example, end user To operate a box with a password set by the user).

  As described above, in the authentication for each session, it is assumed that a user who logs in and starts a session always logs out and completes the session. To partially solve the problem that occurs when a user forgets to log out, an auto-logout mechanism is also provided that automatically logs out if no operation is performed for a certain period of time in a user-authenticated session. Yes (auto clear).

(Authentication for each operation after operation instruction)
Furthermore, in the operation of the image processing system, user authentication is conventionally performed for each operation. For example, secure print access control is performed in a copier-based MFP. The secure print is a function realized by combining the PDL print function of the MFP and the built-in document storage function. In this function, when a user submits a print job from a computer such as a desktop, an arbitrary password is set for the job. The submitted job is transmitted to the MFP via the network, and the MFP prepares for printing, but does not actually print out, but is kept in the storage. When the user moves in front of the MFP and instructs to print his / her own job from among the jobs retained from the operation unit, the user who has actually submitted the job responds to the instruction by the user himself / herself. Something is authenticated. That is, the input of the password set for the job is requested at the time of submission, and the actual printout is performed only when the user inputs the correct password.
JP 2002-109542 A

  In the above-described multi-user compatible image processing system that operates by recognizing an individual user, it is expected to use a smart card for the user authentication. However, the conventional example has the following problems.

  That is, when the session is handled as a session from the time when the card is inserted into the apparatus until the card is taken out as in the case of the conventional magnetic card, there is a high risk of forgetting to remove the card. In particular, multi-application smart cards are expected to serve not only for user management of image processing systems but also for various types of personal authentication, such as employee ID cards, student ID cards, and proof of identity. There is a possibility that it is effective for various kinds of processing including general payment processing.

  The impact of leaving such a smart card in a shared image processing system is greater than that of a dedicated magnetic card. In particular, in the case of a proximity contactless card that also serves as a student ID card or employee ID card, an operation mode in which the card is operated from the neck down is assumed for the convenience of close to the card reader in various situations and to prevent misplacement. (For example, a form as shown in FIG. 5). While using the image processing system, there are cases where user mobility around the apparatus such as document exchange and paper processing is required, and it is difficult to keep the card lowered from the neck in a predetermined position of the apparatus. . Removing the card that you normally wear from your neck and using the device detracts from convenience.

  So, in the conventional authentication for each session, if you use a smart card just to replace what-you-know type authentication processing at the time of login with what-you-have type, the worry of misplaced the card will be resolved. There is still a risk of forgetting to log out. In addition, since the auto logout mechanism must set a sufficiently long time to allow a series of operations, it is difficult to set a timeout time. That is, if the setting is too short, the session is canceled even if the user is simply troublesome in the operation. On the other hand, if the setting is too long, there is a risk that the next user who wants to use the system can operate the system with the authority of the previous user. This risk poses a major barrier in enhancing the multi-user support of shared systems such as image processing systems.

  On the other hand, in the case of the configuration based on the conventional technique of user authentication for each operation performed after an operation instruction, when the user instructs an operation requiring authentication, authentication is required after the instruction. Aiming to be able to use processes that are not subject to access control without complicated operations, while realizing advanced multi-user support for multifunctional MFPs, diversified device resources, complicated access control, etc. Authentication for each operation is performed in various operations that have not existed before.

  Further, when the authentication is requested after the operation instruction, the operation flow of the user is delayed depending on the content of the operation. That is, for example, in the operation of the job that is the most basic and frequently used in the operation of the image processing apparatus, the user performs various operation parameter setting operations related to the job, confirms the operation, and then starts the job activation. Perform trigger operation. If user authentication is required for job submission, authentication for each operation is required at the timing when a trigger operation is performed at the time of job submission that includes all parameters.

  However, forcing such a fixed operation procedure in which job execution does not start even though a job start instruction has been issued causes confusion in recognition of the user's operation model and impairs usability. There is.

  The present invention has been made in view of the above-described problems, and an object thereof is to provide a user with a simple and flexible operation procedure when performing user authentication using a predetermined authentication card. That is.

  The present invention relates to a display control method for an image processing apparatus having a user authentication function for performing user authentication using a predetermined authentication card, wherein a user authenticated by the user authentication function is authorized to execute a predetermined process. And a step of displaying on a display section whether or not the user can execute a predetermined process based on a determination result in the determination step.

  According to another aspect of the present invention, there is provided an image processing apparatus having a user authentication function for performing user authentication using a predetermined authentication card, wherein a user authenticated by the user authentication function has execution authority for predetermined processing. And a means for causing the display unit to display whether or not the user can execute a predetermined process based on a determination result of the determination means.

  ADVANTAGE OF THE INVENTION According to this invention, when performing user authentication using a predetermined | prescribed authentication card | curd, a simple and flexible operation procedure can be provided with respect to a user.

  The best mode for carrying out the invention will be described below in detail with reference to the drawings. In the present embodiment, a plurality of image input devices, image output devices, and the like are connected to one control device as an image processing system, and functions such as copy, transmission, and box are provided to a user who is authenticated by a user authentication function. Display control will be described.

  FIG. 1 is a diagram illustrating an overall configuration of an image processing system 100 according to the present embodiment. In FIG. 1, an image input device (reader unit) 200 optically reads an image of a document, converts it into image data, and outputs the image data. The reader unit 200 includes a scanner unit 210 having a function for reading a document and a document feeding unit 250 having a function for conveying the document.

  Reference numeral 300 denotes an image output apparatus (printer unit) that conveys a recording sheet, prints image data as a visible image on the recording sheet, and discharges the sheet outside the apparatus. The printer unit 300 sorts and staples a paper feed unit 360 composed of a plurality of types of recording paper cassettes, a marking unit 310 having a function for transferring and fixing image data onto the recording paper, and a printed recording paper. And a paper discharge unit 370 having a function for outputting to the outside of the machine.

  Reference numeral 110 denotes a control device (controller unit), which is electrically connected to the reader unit 200 and the printer unit 300, and is connected to the public network 500 or a network 101 such as a local area network (LAN) or Ethernet (registered trademark). The host computers 180 and 190 are connected. The controller unit 110 controls the reader unit 200 and the printer unit 300, and provides functions such as copying, scanning, and printing that are instructed via an operation unit (described later) or the network 101.

  For example, in the case of the copy function, the image data of the original is read by controlling the reader unit 200, and the image data is output to a recording sheet by controlling the printer unit 300. In the case of the scan function, the image data read from the reader unit 200 is converted into code data and transmitted to the host computer via the network 101. In the case of the print function, the code data received from the host computer via the network 101 is converted into image data and output to the printer unit 300.

  An operation unit 150 is connected to the controller unit 110 and includes a liquid crystal touch panel, and provides a user interface (UI) for operating the image processing system 100. Reference numeral 160 denotes a CD-ROM drive for reading various applications of the image processing system 100 stored in the CD-ROM.

  FIG. 2 is a cross-sectional view illustrating configurations of the reader unit 200 and the printer unit 300. As shown in the drawing, the document feeding unit 250 of the reader unit 200 feeds documents one by one from the top to the platen glass 211 one by one. When the optical unit 213 finishes reading the document, the document feeding unit 250 on the platen glass 211 is finished. Eject the document. On the other hand, when the document is conveyed onto the platen glass 211, the optical unit 213 turns on the lamp 212, and scans the document while moving in the V direction. Reflected light from the original at this time is guided to a CCD image sensor (hereinafter referred to as CCD) 218 by mirrors 214, 215 and 216 and a lens 217. Thus, the scanned image of the original is read by the CCD 218.

  A reader image processing unit 222 performs predetermined processing on the image data output from the CCD 218 and outputs the processed image data to the control device 110 via a scanner interface (I / F) described later.

  A printer image processing unit 352 of the printer unit 300 outputs an image signal sent from the controller unit 110 to a laser driver via a printer interface (I / F) described later. A laser driver 317 drives the laser light emitting units 313, 314, 315, and 316. Laser light corresponding to the image data output from the printer image processing unit 352 is supplied to the laser light emitting units 313, 314, and 315. 316 is driven to emit light. The laser beams are irradiated onto the photosensitive drums 325, 326, 327, and 328 by mirrors 340 to 351, and latent images corresponding to the laser beams are formed on the photosensitive drums 325, 326, 327, and 328, respectively. Reference numerals 321, 322, 323, and 324 are developing devices for developing a latent image with black (Bk), yellow (Y), cyan (C), and magenta (M) toners. Then, it is transferred to a recording sheet and a full color printout is made.

  The recording paper fed from any of the paper feed units 360 and 361 and the manual feed tray 362 at the timing synchronized with the start of the laser beam irradiation described above is attracted onto the transfer belt 334 via the registration roller 333 and conveyed. . Then, the developer attached to the photosensitive drums 325, 326, 327, and 328 is transferred to a recording sheet. The recording sheet to which the developer has been transferred is conveyed to the fixing unit 335, and the developer is fixed to the recording sheet by the heat and pressure of the fixing unit 335. The recording paper that has passed through the fixing unit 335 is discharged by a discharge roller 336, and the paper discharge unit 370 bundles the discharged recording paper to sort the recording paper, or staples the sorted recording paper.

  If double-sided recording is set, the recording paper is conveyed to the discharge roller 336, and then the rotation direction of the discharge roller 336 is reversed and guided to the refeed conveyance path 338 by the flapper 337. Then, the recording sheet guided to the refeed conveyance path 338 is fed to the transfer belt 334 at the timing described above.

[Description of control device (controller section)]
FIG. 3 is a block diagram illustrating a configuration of the control device (controller unit) 110. As shown in the figure, the main controller 111 mainly includes a CPU 112, a bus controller 113, and various interface (I / F) controllers.

  The CPU 112 and the bus controller 113 control the overall operation of the controller unit 110, and the CPU 112 operates based on various programs read from the ROM 114 via the ROM interface (I / F) 115. Also included is a processing program that interprets PDL (page description language) code data received from an external host computer and develops it into raster image data, and is processed by software. The bus controller 113 controls data transfer input / output from various interfaces (I / F), and performs arbitration at the time of bus contention and control of DMA data transfer.

  The DRAM 116 is connected to the main controller 111 via a DRAM interface (I / F) 117, and is used as a work area for the CPU 112 to operate and an area for storing image data. The codec 118 compresses the raster image data stored in the DRAM 116 by an encoding method such as MH, MR, MMR, JBIG, JPEG, or the like, and conversely, compresses the stored code data and stores the raster image data. Elongate. The SRAM 119 is used as a temporary work area for the codec 118. The codec 118 is connected to the main controller 111 via an interface (I / F) 120, and data transfer to and from the DRAM 116 is controlled by the bus controller 113 and is DMA-transferred.

  A graphic processor 135 performs processes such as image rotation, image scaling, color space conversion, and binarization on the raster image data stored in the DRAM 116. The SRAM 136 is used as a temporary work area for the graphic processor 135. The graphic processor 135 is connected to the main controller 111 via an interface (I / F) 137, and data transfer to and from the DRAM 116 is controlled by the bus controller 113 and is DMA-transferred.

  A network controller 121 is connected to the main controller 111 via an interface (I / F) 123, and is connected to an external network (101 shown in FIG. 1) via a connector 122.

  The main controller 111 is connected to an expansion connector 124 for connecting an expansion board via the general-purpose high-speed bus 125 and an I / O control unit 126. The general-purpose high-speed bus 125 is generally a PCI bus.

  The above-described I / O control unit 126 is equipped with two channels of asynchronous serial communication controllers 127 for transmitting and receiving control commands to and from the CPUs of the reader unit 200 and the printer unit 300, and a scanner interface via the I / O bus 128. 140 is connected to the printer interface 145.

  The USB connector 170 is connected to the I / O control unit 126 and is used to connect a device having a USB interface. A part of the channel is reserved for connection of a built-in optional device, and is connected to the operation unit 150 via the USB I / F 171 and the panel I / F 132 in the apparatus housing. A smart card reader 422 (described later) installed in the operation unit 150 is connected by USB.

  A panel interface (I / F) 132 is connected to the LCD controller 131, and an interface (I / F) for displaying on the liquid crystal screen on the operation unit 150, and key input for inputting from hard keys and touch panel keys. And an interface (I / F) 130.

  The operation unit 150 includes a liquid crystal display unit, a touch panel input device attached on the liquid crystal display unit, and a plurality of hard keys. A signal input by the touch panel or the hard key is transmitted to the CPU 112 via the panel interface (I / F) 132 described above, and the liquid crystal display unit displays image data sent from the panel interface (I / F) 132. To do. The liquid crystal display unit displays function displays, image data, and the like in the operation of the apparatus.

  The real-time clock module 133 is for updating / saving the date and time managed in the device, and is backed up by a backup battery 134.

  The E-IDE connector 161 is for connecting an external storage device. In the present embodiment, the hard disk (HD) drive 160 is connected via the connector 161, and an operation of storing image data in the hard disk (HD) 162 or an operation of reading image data from the hard disk (HD) 162 is performed.

  The connectors 142 and 147 are connected to the reader unit 200 and the printer unit 300, respectively, and include asynchronous serial interfaces (I / F) 143 and 148 and video interfaces (I / F) 144 and 149, respectively.

  A scanner interface (I / F) 140 is connected to the reader unit 200 via a connector 142, and is connected to the main controller 111 via a scanner bus 141, and performs predetermined processing on image data received from the reader unit 200. And a function of outputting a control signal generated based on the video control signal sent from the reader unit 200 to the scanner bus 141.

  Data transfer from the scanner bus 141 to the DRAM 116 is controlled by the bus controller 113.

  A printer interface (I / F) 145 is connected to the printer unit 300 via a connector 147 and is connected to the main controller 111 via a printer bus 146, and performs predetermined processing on image data output from the main controller 111. And a function for outputting a control signal generated based on a video control signal sent from the printer unit 300 to the printer bus 146.

  Transfer of raster image data developed on the DRAM 116 to the printer unit 300 is controlled by the bus controller 113 and DMA-transferred to the printer unit 300 via the printer bus 146 and the video interface (I / F) 149.

  The timer 129 is set or reset by the CPU 112, and measures a remaining time during which user authentication described later is valid, a timeout time for user authentication, and the like.

[Description of operation unit]
FIG. 4 is a diagram showing a key layout of the operation unit 150 in the present embodiment. In FIG. 4, 401 is a power switch, and controls energization to the main body. A preheat key 402 is used to turn on / off the preheat mode. A copy mode key 403 is used when a copy function is selected from a plurality of functions. Reference numeral 404 denotes a transmission mode key, which is used when a transmission function is selected from a plurality of functions. This transmission function sends images scanned by a scanner and various files stored in a mailbox, which will be described later, to a desired destination using fax, e-mail, various file transfer protocols, protocols for database access, and the like. is there.

  A box mode key 405 is used to select a box mode from a plurality of functions. This box function is a function that has a storage area in the memory in the copying machine for each individual user or department, puts a PDL or a scanned image in the storage area, and outputs it at any time. Reference numeral 406 denotes an extended key, which is used when operating the PDL, when making a reservation for using the scanner from an external computer, or when operating a received document by fax or e-mail. Reference numerals 403 to 406 are also used when calling up each function screen of the LCD 416 described later, and the status of each job can be viewed on the display of the LCD 416.

  Reference numeral 407 denotes a copy start key, which is used to instruct the start of a job in each of the selected functions. Reference numeral 412 denotes a start key LED display window, which indicates whether or not the start key can be used by means of light emitting diodes of two colors, green and red, incorporated therein. Specifically, a green state indicates a valid state, and a red state indicates an invalid state. Reference numeral 408 denotes a stop key which is used when copying is interrupted or stopped. Reference numeral 409 denotes a reset key which operates as a key for returning to the standard mode during standby. Reference numeral 410 denotes a guide key, which is used when it is desired to know each function. A user mode key 411 is used when the user changes the basic setting of the system.

  An interrupt key 412 is used, for example, when it is desired to interrupt and copy during copying. Reference numeral 413 denotes a numeric keypad which is used when inputting numerical values. Reference numeral 414 denotes a clear key, which is used to clear a numerical value. Reference numeral 415 denotes an ID key which is used when shifting to an ID input mode when using a copying machine. Reference numeral 416 denotes an LCD touch panel comprising a combination of a liquid crystal screen and a touch sensor, and an individual setting screen is displayed for each mode. Various detailed settings can be made by touching the drawn keys. It also displays the operation status of each job. Reference numeral 417 denotes a tally lamp indicating a communication state of the network, which is normally green, blinks green when communicating, and turns red when a network error occurs.

  Reference numeral 418 denotes an ACS (auto color select) key, which is used to automatically determine whether a copy original is color or black and white and set a mode for scanning in color if it is color, or in black if it is black and white. A full color mode key 419 is used to set a full color scan mode regardless of the copy original. Reference numeral 420 denotes a black mode key, which is used to set a mode for scanning with a black color regardless of a copy original. One of 418 to 420 is always selected by the toggle operation, and the selected key is lit. Reference numeral 422 denotes a smart card reader. For example, using a known radio wave interface as ISO 1443, power is supplied and data is exchanged with a proximity non-contact type IC card close to a distance of about 10 cm.

  FIG. 5 is a schematic diagram showing an example of a smart card in the present embodiment. In FIG. 5, reference numeral 501 denotes a smart card, which is a thin card having an IC chip including a CPU and a memory and a coiled antenna incorporated therein. A card holder 502 holds a card. Reference numeral 503 denotes a string for hanging the card holder 502 around the neck or the like.

  The smart card 501 is a non-contact proximity type compatible with the ISO 1443 interface, can communicate with a card reader from a distance of about 10 cm, and can receive power from the card reader. An operating system (OS) built in the smart card 501 is a multi-application OS, and a plurality of applications for supporting a plurality of services can be installed.

  FIG. 6 is a diagram showing a data structure for controlling access to various resources in the image processing system. In the present embodiment, during startup and operation of the image processing system, the CPU 112 of the main controller 111 dynamically generates the object groups of the classes shown in FIG. Maintained.

  A resource 601 is a class that abstracts various resources in the system, and is used for access control of an image processing system that supports multi-users. As shown in FIG. 6, this resource 601 has attributes of owner, group, permission to owner, permission to group, permission to others, and these attributes are inherited by all subclasses described later. This is a characteristic that all subclasses have in common.

  The owner is an attribute indicating the user who is the owner of the resource. The group is an attribute indicating the group that owns the resource. The permission to the owner is an attribute indicating the authority of access to this resource by the user registered in the owner attribute. The permission to the group is an attribute indicating the authority to access this resource by the group registered in the group attribute. The permission to others is an attribute indicating the right of access to this resource by another user who is not a user of the owner attribute and is not a user included in the group of the group attribute. The permission attribute is a list of various access control information including read authority, write authority, and execution authority.

  The unit 602 is a subclass of the resource 601 and is a class that abstracts the physical units constituting the image processing system. Here, the operation unit 603, the scanner unit 604, the marking unit 605, the document feeding unit 606, the feeding unit 607, and the paper discharge unit 608 are subclasses of the unit 602.

  A function 609 is a subclass of the resource 601 and is a class that abstracts functions provided by the image processing system. First, the copy function 610 is a subclass of the function 609 and indicates a function of copying a document on a recording sheet. Further, the black and white copy 611 and the color copy 612 are subclasses of the copy function 610. Next, a transmission function 613 is a subclass of the function 609 and indicates a function of transmitting digital document data by various protocols. Further, a fax transmission 614, an e-mail transmission 615, a file transfer transmission 616, a file sharing transmission 617, and a database input transmission 618 are subclasses of the transmission function 613, and indicate functions for transmitting digital document data by a protocol corresponding to each. . Next, the box function 619 is a subclass of the function 609. The box function 619 stores image data read from a document, document data obtained by PDL expansion, and the like in a storage in the system. Further, the stored document data is browsed, printed, Indicates functions for sending and managing. A reception function 622 is a subclass of the function 609 and indicates a function of receiving digital document data by various protocols similar to the transmission function 613 and storing, transferring, printing, and the like.

  The job 621 is a subclass of the resource 601 and is a class that abstracts actual jobs corresponding to various services of the function 609.

  The history 622 is a subclass of the resource 601 and is a class that abstracts history information including information related to execution and termination of the object of the job 621 and information related to various events that occur with the operation of the system.

  A box 623 is a subclass of the resource 601 and is a class that abstracts the management unit of the file system handled by the function 609.

  The folder 624 is a subclass of the resource 601 and is a class that abstracts a management structure for grouping a plurality of files in a file system handled by the function 609.

  A document 625 is a subclass of the resource 601, and is a class that abstracts individual files in the file system handled by the function 609, that is, various digital documents.

  The address book 626 is a subclass of the resource 601 and is a class that abstracts a list of addresses used to register system users and user groups and handle address information in functions such as the transmission function 613 and the reception function 620. It is.

  The reception transfer rule 627 is a class that abstracts a rule group such as a transfer condition, a transfer destination designation, and a behavior description when a received document is transferred by the reception function 620.

  A setting 628 is a subclass of the resource 601 and is a class that abstracts the setting of operation parameters that control various operations of the system. Furthermore, the user setting 629 and the administrator setting 630 are subclasses of the setting 628, and indicate a setting for an end user and a setting for an administrator, respectively.

[First Embodiment]
Here, as a first embodiment, when a user authenticated by the user authentication function performs a copy operation, the CPU 112 of the main controller 111 determines the execution authority of the user, and the determination result is displayed on the LCD of the operation unit 150. The control for providing a simple and flexible operation procedure to the user by displaying on the touch panel 416 will be described.

  FIG. 7 is a diagram illustrating a copy standard screen of the operation panel according to the first embodiment. The image processing system according to the first embodiment is configured to start on a copy standard screen as a default when the power is turned on.

  In FIG. 7, reference numeral 701 denotes a message line, which is an area for displaying a copy job status as a message. Reference numeral 702 denotes a magnification display, which displays a magnification that is automatically determined according to a set magnification or a copy mode as a percentage. A paper size display 703 displays the selected output paper. When automatic paper selection is set, a message “auto paper” is displayed as shown in FIG. Reference numeral 704 denotes a numeric display indicating how many copies are made.

  Reference numeral 705 denotes a reduction key, which is used when a reduction copy is desired. Reference numeral 706 denotes an equal magnification key, which is used when it is desired to return to an equal magnification when reduction or enlargement is set. Reference numeral 707 denotes an enlargement key, which is used when an enlarged copy is desired. A zoom key 708 is used when it is desired to perform a reduction copy or an enlargement copy by setting a magnification in fine units. Reference numeral 709 denotes a paper selection key, which is used when designating an output paper.

  A finisher key 710 is used to set a sort or staple mode. Reference numeral 711 denotes a double-sided key, which is used when setting the double-sided mode. Reference numeral 712 is a density display, which displays the current density so that the current density can be understood. The left side indicates that the density is low and the right side indicates that the density is high. The density display 712 is configured so that the display changes in conjunction with a light key 713 and a light key 715 which will be described later. Reference numeral 713 denotes a light key, which is used when it is desired to reduce the density. Reference numeral 714 denotes an automatic key, which is used when a mode for automatically determining density is used. Reference numeral 715 denotes a rich key which is used when it is desired to increase the density.

  A character key 716 is used to set a “character mode” in which the density is automatically set to a density suitable for copying a text document. Reference numeral 717 denotes a character / photo key, which is used to set a “character / photo mode” in which the density is automatically set to a density suitable for copying a document in which text and photos are mixed. An application mode key 718 is used to set various copy modes that cannot be set on the copy standard screen.

  Reference numeral 719 denotes a system status key, which is used when the user wants to see the status of printing or scanning currently performed in the image processing system 100. The system status key 719 is displayed not only on the copy standard screen but also at this position at all times. By pressing this key, the system status can be viewed at any time.

  Reference numeral 720 denotes a message area for displaying a message, and a status line for displaying a message such as an alarm with a low priority which is not necessary to be displayed on the message line 701 or an execution state of another function. The message area 720 also displays a message for instructing the user to perform an operation, the remaining time for which user authentication is valid, and the like.

  Here, when a user uses a function such as copy or transmission of the image processing system 100, user authentication is performed using the smart card 501, and job activation is performed when the authenticated user has job execution authority. The permitted user authentication event process will be described.

  FIG. 8 is a flowchart showing user authentication event processing in the first embodiment. This process is a process executed by the CPU 112 of the main controller 111 when a user authentication event occurs.

  When the user brings the smart card 501 close to the card reader 422 of the operation unit 150, the user is authenticated by the cooperative processing between the application built in the smart card 501 and the software in the image processing system 100. A user authentication event occurs. First, in step S801, it is determined whether the authenticated user has the authority to execute functions such as copying and transmission as a job. If the authenticated user has job execution authority, the process advances to step S802 to store the authenticated user identification information as the current user. In step S803, the state is changed to a state where the job can be started. In step S804, the user is notified that the job can be started. In this process, the LED 421 disposed on the start key 407 of the operation unit 150 is turned on in green, and a message “Start is ready” as shown in FIG. 9 is displayed in the message area 720, for example.

  FIG. 9 is a diagram showing an example of a job startable message displayed in the message area 720. In FIG. 9, reference numeral 901 denotes a message display indicating that the job can be started. Reference numeral 902 denotes a valid time display, which displays the remaining time during which user authentication is valid. Reference numeral 903 denotes a progress bar, which displays an animation showing the progress of the remaining time for which user authentication is enabled.

  Next, in step S805, the timer 129 for measuring the authentication timeout is started or restarted. Unlike the auto logout time, this authentication timeout time is irrelevant to maintaining the operation session. Accordingly, about 3 to 10 seconds is appropriate. The authentication timeout period can be adjusted by an administrator setting operation. And it returns from this event processing. Thereafter, the processing when the authentication timeout time elapses will be further described later.

  On the other hand, in step S801 described above, if the user does not have job execution authority, the process advances to step S806 to clear the storage area of the current user. In step S807, the process transits to a state in which job activation is prohibited. In step S808, the user is notified that job activation is prohibited. In this process, the LED 421 disposed on the start key 407 of the operation unit 150 is turned on in red, and a warning sound is generated when the start key 407 is pressed. In the message area 720, for example, FIG. This is a process for displaying a message such as “Please touch the card before starting”. And it returns from this event processing.

  FIG. 10 is a diagram illustrating an example of a message indicating a job activation prohibition state displayed in the message area 720. In FIG. 10, reference numeral 1001 denotes a message display indicating that user authentication by a user having job execution authority is required before starting a job.

  Next, an authentication timeout event process when the authentication timeout timer 129 started in step S805 has timed out will be described.

  FIG. 11 is a flowchart showing authentication timeout event processing. This process is a process that occurs when the authentication timeout period elapses after the authentication timeout timer (timer 129) is started or restarted, and is executed by the CPU 112 of the main controller 111.

  First, in step S1101, the current user's storage area is cleared, and in step S1102, a transition is made to a state in which job activation is prohibited. In step S1103, the user is notified that the job cannot be started. In this process, the LED 421 disposed on the start key 407 of the operation unit 150 is turned on in red, and a warning sound is generated when the start key 407 is pressed. In the message area 720, for example, FIG. This is a process for displaying a message indicating that user authentication is necessary after the effective time of user authentication has elapsed, as shown in FIG. And it returns from this event processing.

  Next, a start key event process that is executed by the CPU 112 of the main controller 111 and that occurs when the start key 407 of the operation unit 150 is pressed by the user will be described.

  FIG. 12 is a flowchart showing start key event processing. First, in step S1201, it is determined whether or not job activation is permitted. If the start of the job is permitted, that is, if the user authenticated by the user has the authority to execute this job and the start key 407 is pressed before the authentication timeout period elapses, the step is executed. In step S1202, the current user's storage area is read and set as the owner of the job to be started. In step S1203, a job object including the operation parameters set by the user and the job owner set in step S1202 is generated, and the job is started. And it returns from this event processing.

  On the other hand, if the start of the job is prohibited in step S1201, that is, if the start key 407 is pressed after the authentication timeout period has elapsed, the process proceeds to step S1204, and a message prompting authentication is displayed. In this process, a message “Authentication is required. Touch the card” as shown in FIG. 13 is displayed in the message area 720 of the LCD touch panel 416 of the operation unit 150. And it returns from this event processing.

  FIG. 13 is a diagram illustrating an example of a message displayed in the message area 720 when the start key is pressed in the job activation prohibited state. In FIG. 13, reference numeral 1301 denotes a message display indicating a word prompting user authentication. Reference numeral 1302 denotes an operation identification, which displays information for identifying an operation for which authority is required.

  Note that if a prompt for authentication is displayed in response to a start instruction that has been issued without user authentication, the subsequent user authentication is treated as a job start trigger, saving the need to press the start key again. You may comprise as follows.

  As described above, according to the first embodiment, there are the following effects.

  Start key only for a few seconds after touching the smart card by allowing the job activation according to the result of user authentication by proximity contactless smart card and managing the valid state of user authentication with a timer It is possible to provide a simple and easy-to-understand operation procedure that is effective. In addition, by configuring authentication and access control for each operation, it is not necessary to manage login sessions, so you can avoid worrying about leaving a smart card or forgetting to log out, and adjusting the auto logout time, which is difficult to adjust. No more bothering.

  In addition, since the user authentication valid state is displayed as a message on the start key LED or the operation unit, the user can concentrate on the operation without being confused.

  Further, the remaining time in the user authentication valid state and the progress of the remaining time being displayed are displayed in a message on the operation unit, so that the user can operate without panicking unnecessarily.

[Second Embodiment]
Next, a second embodiment according to the present invention will be described in detail with reference to the drawings. In the second embodiment, user authentication when executing the box function will be described.

  FIG. 14 is a diagram for explaining a logical usage method of the hard disk 162. In the second embodiment, the storage area of the hard disk is logically divided into a temporary area 1401 and a box area 1402 according to usage.

  The temporary area 1401 shown in FIG. 14 temporarily stores the PDL development data and the image data from the scanner so that the output order of the image data can be changed or output in a plurality of copies can be performed in one scan. It is a storage area. A box area 1402 is a storage area for using the box function, and is divided into a small number of registered storage areas 1403 to 1407. Each box can be given a box name.

  A user can store a PDL job or a scan job as a document in each box by designating the box. It is also possible to create a folder for managing a plurality of documents collectively. You can also browse, print, and send documents and folders stored in the box.

  In the boxes 1403 to 1407, users and groups having ownership are assigned as in the case of other in-device resources. In addition, for each of the three types of users: a user who is the owner (hereinafter referred to as user u), a user who belongs to the group owned (user g), and another user who does not belong to them (user o) Access rights can be set. Similarly, owners and groups are assigned to folders and documents, and access rights can be set.

  When the user presses the box mode key 405 of the operation unit 150 shown in FIG. 4, the CPU 112 of the main controller 111 displays a box selection screen on the LCD touch panel 416 and allows the user to select a box.

  FIG. 15 is a diagram illustrating an example of a box selection screen according to the second embodiment. 1501 shown in FIG. 15 is information indicating a box number registered, a box name, and how much space the box occupies in the box area 1402 of the hard disk 162. Reference numerals 1502 and 1503 denote vertical scroll keys, which are used to scroll the screen when a number of boxes exceeding the display indicated by 1501 are registered.

  The box number display 1501 also functions as a software button, and when this button is pressed, a transition is made to a screen for browsing a list of documents and folders stored in the box. In addition, when a certain box prohibits read access to the user o, the box number button of the box becomes invalid and is displayed by shading. Further, in the message area 720, for example, a message as shown in FIG. 16 “You need authority to operate the shaded items. Please touch the card.” Is displayed.

    FIG. 16 is a diagram illustrating an example of a display in an access right unconfirmed state. A message 1601 shown in FIG. 16 indicates that user authentication is required before an operation.

  Here, when the user brings the smart card 501 close to the card reader 422, user authentication is performed by cooperative processing between an application built in the smart card 501 and software in the image processing system 100. As a result, when the authenticated user is the user u or the user g and the read access authority for the box is set, the shaded display of the box number button of the box is canceled and the box becomes valid.

  This valid state continues until a predetermined timeout time elapses. During this timeout period, a message “You can operate” is displayed in the message area 720, for example, as shown in FIG.

  FIG. 17 is a diagram illustrating an example of a display in the access right confirmation state. In FIG. 17, reference numeral 1701 denotes a message indicating that an operation is possible. Reference numeral 1702 denotes a display indicating the remaining time for which user authentication is valid. Reference numeral 1703 denotes a progress bar, which is an animation display showing the progress of the remaining time for which user authentication is enabled.

  Thereafter, when this timeout period elapses, the original state is restored.

  In addition, when the user o presses the shaded box number button in an invalid state, a warning sound is emitted and a message “Authentication is required. Touch the card in the message area 720, for example, as shown in FIG. ”Is displayed to request a user authentication operation.

  FIG. 18 is a diagram illustrating an example of a display when a process operation requiring access authority is performed in an access authority unconfirmed state. In FIG. 18, reference numeral 1801 denotes a message indicating a word prompting user authentication. Reference numeral 1802 denotes an operation identification, which is a display showing information for identifying an operation for which authority is required.

  In this manner, appropriate display (FIGS. 16 to 18) is performed on the message area 720 on the LCD touch panel 416 of the operation unit 150 in accordance with whether or not the job can be activated and the user's operation. In addition, when a display prompting authentication is performed for a processing instruction operation performed in a state where user authentication has not been performed, an operation for treating the user authentication performed thereafter as a processing trigger and executing the processing again for the user You may comprise so that the effort to perform may be saved.

  Next, an operation when the user selects box 2 on the box display screen shown in FIG. 15 and performs scanning or printing will be described.

  FIG. 19 is a diagram illustrating an example of a box display screen according to the second embodiment. 1901 shown in FIG. 19 is a file list in the box 2, in which a registration date and a file name of each file are displayed in a list. When the user selects and presses a desired file (registration date / time, file name) from the list display 1901, the pressed file (registration date / time, file name) is highlighted and the file is selected. Reference numeral 1902 denotes a scan key, which is used when an image is input from the scanner into the currently open box 2, and transitions to a scan setting screen (not shown). A print key 1903 is used when printing a file selected from the list display 1901.

  Reference numeral 1904 denotes a reduced layout key, which is used when a plurality of pages are to be stored together in one page. An erasure key 1905 is used when erasing a file selected from the list display 1901. Reference numerals 1906 and 1907 denote up and down scroll keys, which are used to scroll the screen when a number of files exceeding the display area of the list display 1901 are registered. Reference numeral 1908 denotes a close key, which is used when returning to the screen shown in FIG.

  Here, when the currently displayed box (“box 2” in the example shown in FIG. 19) prohibits the user o from having write access, the scan button 1902 is disabled and displayed in a shaded manner. Further, a message similar to that in FIG. 16 is displayed in the message area 720.

  Here, when the user brings the smart card 501 close to the card reader 422, user authentication is performed. As a result, when the authenticated user is the user u or the user g and the write access authority for the box is set, the shaded display of the scan button 1902 of the box is canceled and the box becomes valid.

  This valid state continues until a predetermined timeout time elapses. During this timeout period, a message similar to that shown in FIG. 17 is displayed in the message area 720, and then returns to the original state when the timeout period elapses.

  When the user o presses the shaded scan button 1902 in an invalid state, a warning sound is emitted and a message similar to that shown in FIG. 18 is displayed in the message area 720 to request a user authentication operation.

  If the selected document (“File 1” in FIG. 19) prohibits read access to the user o, the print button 1903 is disabled and displayed with shading. Further, a message similar to that in FIG. 16 is displayed in the message area 720.

  Here, when the user brings the smart card 501 close to the card reader 422, user authentication is performed. As a result, if the authenticated user is the user u or the user g and the read access authority for the document is set, the shaded display of the print button 1903 for the document is canceled and the document becomes valid.

  This valid state continues until a predetermined timeout time elapses. During this timeout period, a message similar to that shown in FIG. 17 is displayed in the message area 720, and then returns to the original state when the timeout period elapses.

  Further, when the user o presses the shaded print button 1903 in an invalid state, a warning sound is emitted and a message similar to that shown in FIG. 18 is displayed in the message area 720 to request a user authentication operation.

  If the selected document (“file 1” in FIG. 19) prohibits the user o from being read-accessed, the reduced layout button 1904 is disabled and displayed in shaded form. Further, a message similar to that in FIG. 16 is displayed in the message area 720.

  Here, when the user brings the smart card 501 close to the card reader 422, user authentication is performed. As a result, when the authenticated user is the user u or the user g and the read access authority for the document is set, the shaded display of the reduced layout button 1904 for the document is canceled and becomes valid. .

  This valid state continues until a predetermined timeout time elapses. During this timeout period, a message similar to that shown in FIG. 18 is displayed in the message area 720, and then the original state is restored when the timeout period elapses.

  When the user presses the reduced layout button 1904 displayed in a shaded state in an invalid state, a warning sound is emitted and a message similar to that shown in FIG. 18 is displayed in the message area 720 to request a user authentication operation.

  If the selected document (“file 1” in FIG. 19) prohibits write access to the user o, the delete button 1905 is disabled and displayed in a shaded display. Further, a message similar to that in FIG. 16 is displayed in the message area 720.

  Here, when the user brings the smart card 501 close to the card reader 422, user authentication is performed. As a result, when the authenticated user is the user u or the user g and the write access authority for the document is set, the shaded display of the delete button 1905 for the document is canceled and the user enters the valid state.

  This valid state continues until a predetermined timeout time elapses. During this timeout period, a message similar to that shown in FIG. 17 is displayed in the message area 720, and then returns to the original state when the timeout period elapses.

  If the user presses the delete button 1905 for shading display in an invalid state, a warning sound is emitted and a message similar to that shown in FIG. 18 is displayed in the message area 720 to request a user authentication operation.

  As described above, according to the second embodiment, in addition to the effects of the first embodiment, there are the following effects.

  In addition to starting a job, various accesses such as reading, writing, and execution of various access-controlled internal resources can be performed safely and easily.

  By indicating the user authentication valid state in the display state of the software buttons displayed on the liquid crystal display with a touch panel, it is possible to provide operability that is easy to use and does not require additional cost.

  Even if the present invention is applied to a system composed of a plurality of devices (for example, a host computer, an interface device, a reader, a printer, etc.), it is applied to an apparatus (for example, a copier, a facsimile machine, etc.) composed of a single device. It may be applied.

  Another object of the present invention is to supply a recording medium in which a program code of software realizing the functions of the above-described embodiments is recorded to a system or apparatus, and the computer (CPU or MPU) of the system or apparatus stores the recording medium in the recording medium. Needless to say, this can also be achieved by reading and executing the programmed program code.

  In this case, the program code itself read from the recording medium realizes the functions of the above-described embodiment, and the recording medium storing the program code constitutes the present invention.

  As a recording medium for supplying the program code, for example, a floppy (registered trademark) disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a CD-R, a magnetic tape, a nonvolatile memory card, a ROM, or the like is used. be able to.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) operating on the computer based on the instruction of the program code. It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Further, after the program code read from the recording medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function expansion is performed based on the instruction of the program code. It goes without saying that the CPU or the like provided in the board or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

1 is a diagram illustrating an overall configuration of an image processing system 100 in the present embodiment. 2 is a cross-sectional view illustrating configurations of a reader unit 200 and a printer unit 300. FIG. 3 is a block diagram showing a configuration of a control device (controller unit) 110. FIG. It is a figure which shows the keyboard layout of the operation part 150 in this embodiment. It is a schematic diagram which shows an example of the smart card in this embodiment. It is a figure which shows the data structure for carrying out access control of the various resources in an image processing system. It is a figure which shows the copy standard screen of the operation panel in 1st Embodiment. It is a flowchart which shows the user authentication event process in 1st Embodiment. FIG. 10 is a diagram illustrating an example of a job startable message displayed in a message area 720. FIG. 11 is a diagram illustrating an example of a job activation prohibition message displayed in a message area 720. It is a flowchart which shows an authentication timeout event process. It is a flowchart which shows a start key event process. FIG. 10 is a diagram illustrating an example of a message displayed in a message area 720 when a start key is pressed in a job activation prohibited state. 3 is a diagram for explaining a logical usage method of a hard disk 162. FIG. It is a figure which shows an example of the box selection screen in 2nd Embodiment. It is a figure which shows an example of the display in an access right unconfirmed state. It is a figure which shows an example of the display in an access right confirmation state It is a figure which shows an example of a display when operation of the process which requires access authority is performed in the access authority unconfirmed state. It is a figure which shows an example of the box display screen in 2nd Embodiment.

Explanation of symbols

100 Image processing system 101 LAN
110 Controller (Controller)
150 Operation unit 160 CD-ROM
180 Host computer (PC)
190 Host computer (PC)
200 Image input device (reader part)
210 Scanner unit 250 Document feeding unit (DF unit)
300 Image output device (printer part)
310 Marking unit 360 Paper feed unit 370 Paper discharge unit 403 Copy mode key 404 Transmission mode key 405 Box mode key 416 LCD touch panel 422 Smart card reader 501 Smart card

Claims (12)

A display control method for an image processing apparatus having a user authentication function for performing user authentication using a predetermined authentication card,
Determining whether the user authenticated by the user authentication function has execution authority for a predetermined process;
A display control method for an image processing apparatus, comprising: displaying on a display unit whether or not the user can execute a predetermined process based on a determination result in the determination step.   The display control method for an image processing apparatus according to claim 1, wherein the predetermined user authentication card is a smart card.   The display of the image processing apparatus according to claim 1, wherein in the displaying step, when it is determined in the determining step that the user has execution authority, a message for prompting a next operation is displayed on the display unit. Control method.   The display control method for an image processing apparatus according to claim 3, wherein in the displaying step, an effective remaining time of user authentication is displayed in addition to the message.   The display control method for an image processing apparatus according to claim 4, wherein the effective remaining time of the user authentication is displayed as an animation by a progress bar.   2. The image processing apparatus according to claim 1, wherein in the displaying step, an operation item indicating an operable state is displayed on the display unit when it is determined in the determining step that the user has an execution authority. Display control method.   The display step includes displaying a message prompting user authentication of a user having execution authority on the display unit when it is determined in the determination step that the user does not have execution authority. A display control method for the image processing apparatus.   The display control method for an image processing apparatus according to claim 7, wherein in the displaying step, an operation requiring the execution authority is displayed in addition to the message.   2. The image according to claim 1, wherein in the displaying step, an operation item indicating an inoperable state is displayed on the display unit when it is determined in the determining step that the user has no execution authority. A display control method for a processing apparatus. An image processing apparatus having a user authentication function for performing user authentication using a predetermined authentication card,
Means for determining whether or not a user authenticated by the user authentication function has an execution right for a predetermined process;
An image processing apparatus comprising: a display unit that displays whether or not the user can execute a predetermined process based on a determination result of the determination unit.   A program for causing a computer to execute the display control method for an image processing apparatus according to claim 1.   A computer-readable recording medium on which the program according to claim 11 is recorded.

Images