JP2005309898A - Image processor, image processor management program, image processor management method and information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To apply a security countermeasure for access to an external device, in an image processor performing image processing service by use of the external device. <P>SOLUTION: In this image processor, when service of the external device used through second authentication is additionally registered (S62) in a situation wherein an individual account for logging on to the image processor through first authentication is already provided (S60), security levels of the first authentication and the second authentication are acquired (S64, S66). When the security level of the first authentication is lower (S68), stop setting is performed such that a request for the service using the external device cannot be performed from the individual account (S70). When a user tries to use the external service, warning display is performed to the user (S74), and resetting of a password is prompted (S76). <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a technique related to an apparatus that provides an information processing service such as an image processing service using an external apparatus, and more particularly to a technique for improving security related to authentication.

  In an image processing apparatus that provides image processing services such as copying, in particular, when charging processing is performed, each user logs on (logs in) with an individual account set for each user and receives the image processing service. As an image processing service, there is a service using an external device in addition to a service using only the image processing device.

  In the case of using an external device, a means for registering an account individually for each user in the external device has been taken. When the image processing service command is received from the user, the image processing apparatus logs on to the external apparatus using the individual account according to a preset setting and executes the image processing service. Note that user authentication is normally performed at the time of logon, but may be omitted by using authentication at the time of logging on to the image processing apparatus as authentication for logon to an external apparatus.

  In Patent Document 1 below, authentication information having a number of digits corresponding to the security level of the installation location of the information processing apparatus is selected from a plurality of authentication information stored in advance, and used for authentication of a password input by the user A processing device is disclosed. This is for the purpose of avoiding changing the password every time the information processing apparatus is moved to a location with a different security level.

JP 2003-306173 A

  In an image processing apparatus that uses an image processing service of an external device, if the authentication at the time of logon is broken, the external device is easily logged according to the settings made in advance. Therefore, even when high-level authentication is performed between the image processing apparatus and the external apparatus, it does not make sense. That is, not only the security of the image processing apparatus is lowered but also the security of the external apparatus is lowered. In addition, there is a risk that monetary damage may be caused by the image processing service being performed by such an intruder. In particular, in an image processing apparatus, a usage form that does not perform authentication at the time of logon may be standard, and it is desirable to ensure a certain security level.

  An object of the present invention is to establish a technique for performing security measures for logon to an information processing apparatus in accordance with the authentication security level of the external apparatus in the information processing apparatus that performs information processing service by logging on to the external apparatus. is there.

  Another object of the present invention is to provide an information processing apparatus that logs on to an external device using a representative account shared by an information processing service for each user. It is intended to improve the security level related to authentication when logging on.

  An image processing apparatus according to the present invention uses a scanner unit that captures an original image on a sheet to generate image data, or an image forming unit that forms a print image on a sheet based on the image data, and an external device. And an external processing means for performing processing for the user, and an image processing apparatus for providing an image processing service to a user, a user management means for managing individual accounts for each user while maintaining authentication information thereof, and the image processing A service request relating to a local logon means for performing first authentication using authentication information and logging on with a corresponding individual account for a user who accesses the apparatus by transmitting authenticated information, and an external processing means of the logged-on user Based on the representative account that is accessed by the corresponding external device, receives the second authentication, and is shared by a plurality of users. The external log-on means for logging on, command means for instructing the external device to execute processing related to the external processing means, and the security level related to the first authentication of the user to the security level related to the second authentication An inspection unit that performs inspection based on the inspection result; and an improvement unit that performs an improvement process on the security level of the first authentication based on the inspection result.

  The image processing apparatus is configured on the assumption that a plurality of users will use it. The user management means is provided for this purpose, and manages the individual account of each user to be set. The user accesses the image processing apparatus directly from the input unit or indirectly from another apparatus through a network or the like. Based on the access, the local logon means logs on the user with an individual account. In this local logon, user authentication is performed using authentication information such as a password and biometric authentication data. This is referred to as first authentication. The user management means holds authentication information used in the first authentication.

  A logged-on user can make a request for a service related to an external processing means such as an OCR (optical character reading) processing service or a high-precision image forming processing service. This request is accepted by the image processing apparatus by, for example, presenting a service item to the user and selecting a desired image processing service. The external logon means is means for logging on to the corresponding external device based on the service request received in this way. The external logon is performed with a representative account that is commonly used by a plurality of users, not with the individual account of the user who requested the service, and at that time, an authentication process is also performed. This authentication will be referred to as second authentication. Individual users do not need to be aware of this representative account unless otherwise set. Communication for logon including second authentication is performed between the image processing apparatus and the external apparatus in accordance with a preset procedure. Normally, only one representative account is set for one device or service. However, it is also possible to divide a plurality of users into groups and set different representative accounts for each group. When the logon is thus successful, the command unit commands the external device to perform the process related to the external processing unit.

  The inspection means is means for inspecting the security level related to the first authentication of the user based on the security level related to the second authentication. Security level includes information such as authentication method (public key method, password method, etc.), encryption algorithm (RSA, elliptic curve encryption, DES, etc.), authentication information setting freedom (password length, allowed character types, etc.) It can be obtained on the basis of one or a plurality of information. The inspection means performs a comparative inspection on the obtained security level. Then, based on the inspection result, the improvement means performs processing for setting the security level of the first authentication to a necessary security level. The inspection means can be implemented periodically or based on an instruction from the administrator. Further, it may be automatically performed when setting or changing the security level or authentication information related to the individual account or the representative account.

  According to this configuration, the security level of the first authentication can be set, updated, or maintained at a level corresponding to the security level of the second authentication. That is, it is possible to reduce or eliminate the non-target property of authentication strength. Accordingly, access to the external device can be protected by the first authentication set corresponding to the strength of the second authentication for the external device. This improvement process using the inspection means and the improvement means can also be applied when logging on with an account individually set in the external device without using a representative account. However, in particular, in a mode of logging on to an external device using a representative account, since processing using a representative account can be performed from a plurality of individual accounts, the security level of all the individual accounts is set to the second authentication level. The value that can be improved according to the security level is great.

  Note that the image processing apparatus is not necessarily configured by a single casing, and may be configured by a plurality of casings having a communication function. For example, the scanner unit and the image forming unit may be configured as a separate housing from the configuration for controlling the operation of the image processing apparatus, or an external logon unit is provided on the network and a job flow related to an external service is provided. It is also effective to be provided in a device that performs control.

  Here, I will explain the account. Regardless of whether the account is an individual account or a representative account, generally corresponding authority is set for the account. That is, for each account, an operation permitted according to the account is defined. Specifically, the authority to use a service, the authority to execute an execution command prepared inside, the authority to read, write, and delete files such as image data. Multiple accounts may have the same authority. An account is given an identifier for distinguishing it from other accounts. The identifier is normally set to a name that can be recognized by the user, but may be simply internal information for the device to recognize. In order to improve security, an account is generally assigned when user authentication is performed. Authentication is a process of confirming that the user corresponds to the identifier. For authentication, authentication information assigned to an account and secretly managed, authentication information publicly certified and publicized, and the like are used. Logon refers to the act of acquiring the authorized authority for an account.

  Preferably, in the image processing apparatus of the present invention, the improvement processing in the improvement means is performed such that the first security level is equal to or higher than the second security level when the first security level is lower than the second security level. It is a process that enhances. The security level is the password length (can be determined by bit length, etc.), authentication algorithm (difficulty of decryption varies depending on the algorithm), and communication method for authentication (encryption in the path) Etc.) can be determined.

  Preferably, in the image processing apparatus of the present invention, the improvement process in the improvement means is a process of outputting a warning to a user corresponding to authentication information that does not satisfy a predetermined condition. That is, when the security level of the first authentication is not in a predetermined condition corresponding to the security level of the second authentication (this can be set using, for example, a lookup table that performs association), A warning is output to the user. The warning can be performed by voice, paper printout, image display on the display, or the like. Further, the warning can be performed at the timing when the user logs on, or can be performed at the timing when the inspection unit performs the inspection. In the latter case, since the user does not always use the image processing apparatus, it is also effective to perform a warning output by remote transmission means such as mail transmission. The warning output by the improvement means is typically canceled when the user performs authentication information change processing (for example, password change) related to the first authentication.

  Preferably, in the image processing apparatus of the present invention, the improvement process in the improvement unit is a process of stopping a service related to the external processing unit for a user corresponding to authentication information that does not satisfy a predetermined condition. That is, when the security level of the first authentication is not in a predetermined condition corresponding to the security level of the second authentication, the user cannot receive the image processing service related to the external processing unit. An image processing service performed using only the image processing apparatus can be stopped or not stopped. At least by stopping the service related to the external processing means, it is possible to avoid a situation in which a user who has logged on through the first authentication with a low security level logs on to an external device managed with a high security level. That is, it is possible to prevent the external device from being contaminated in terms of security.

  Preferably, in the image processing apparatus of the present invention, the improvement process in the improvement means is a process for changing authentication information that does not satisfy a predetermined condition. The change of the authentication information means, for example, that the password is forcibly changed when the first authentication is password authentication. When the user changes the authentication information within the time period using the image processing apparatus, the user may be notified by e-mail (preferably encrypted). Further, when the user changes the authentication information while using the image processing apparatus, such as when logging on to the image processing apparatus, it is effective to notify the user by displaying an image on a display as an interface screen.

  Preferably, in the image processing apparatus of the present invention, the security level related to the first authentication is acquired based on a security policy of the image processing apparatus, or the security level related to the second authentication is acquired by an external device. Obtained based on the security policy provided. The security policy is policy information about security such as security countermeasure standards and implementation procedures for implementing them. This security policy may include information about authentication such as an authentication method, an encryption method, and a password strength. For this reason, it becomes possible to acquire the security level related to the first authentication based on the security policy provided by the image processing apparatus. Further, the security policy may be publicly disclosed or limited to a specific range, and the security level related to the second authentication can be obtained by acquiring the security policy from an external device.

  Preferably, in the image processing apparatus of the present invention, the security level related to the first authentication is obtained by analyzing corresponding authentication information, or in the external logon unit, the authenticated information is transmitted to the external apparatus. The second authentication is transmitted, and the security level related to the second authentication is obtained by analyzing the authenticated information. For example, when password authentication is performed, the security level can be analyzed based on the password length. That is, the security level in each authentication can be analyzed based on the password as authentication information for performing the first authentication and the password as information to be authenticated for receiving the second authentication. Further, when the public key cryptosystem is used and authentication information including a certificate is transmitted to the external device and the second authentication is received, the security level can be analyzed based on the description items of the certificate.

  Desirably, in the image processing apparatus of the present invention, the inspection means is performed when a new representative account is set. For example, a representative account is set when another representative account using the same external device is added, or when a service using another external device is added. In order to protect the newly set representative account from contamination in terms of security, it is effective to implement an inspection means at the time of setting.

  Preferably, in the image processing apparatus according to the present invention, the inspection unit is performed when new authentication information is given to the user management unit, and the improvement process in the improvement unit is performed when the newly given authentication information is predetermined. This is a process for causing the user management means to reject acceptance of this authentication information when the condition is not satisfied. That is, the security level of the first authentication is inspected when a new individual account is registered or when the password of the set individual account is changed. Authentication information that does not satisfy the predetermined condition is rejected by the user management means. Therefore, it is possible to prevent a situation in which an individual account with a low security level exists.

  The image processing apparatus management program according to the present invention uses a scanner unit that captures an original image on a sheet to generate image data, an image forming unit that forms a print image on a sheet based on the image data, and an external apparatus. An external processing unit that performs processing on image data, and is a program that is executed in an image processing apparatus that provides an image processing service to a user, and manages an individual account for each user by holding authentication information thereof A user management procedure, a local logon procedure for performing first authentication using the authentication information and logging on with a corresponding individual account for a user who transmits authentication information to the image processing apparatus and accesses the user, and logged on Based on the service request relating to the user's external processing means, the corresponding external device is accessed and the second authentication is received. An external logon procedure for logging on with a representative account shared by a plurality of users, a command procedure for instructing the external device to perform processing relating to the external processing means, and a security level relating to the first authentication of the user And an improvement procedure for performing an improvement process for the security level of the first authentication based on the inspection result.

  An image processing apparatus management method according to the present invention uses a scanner unit that captures an original image on a sheet to generate image data, an image forming unit that forms a print image on a sheet based on the image data, and an external apparatus. And an external processing unit that performs processing on image data, and is a method executed by an image processing apparatus that provides an image processing service to a user, and manages an individual account for each user by holding authentication information thereof A user management step, a local logon step for performing first authentication using the authentication information and logging on with a corresponding individual account for a user who accesses the image processing apparatus by transmitting the authentication target information, and the logged-on user Based on the service request related to the external processing means, the corresponding external device is accessed, the second authentication is received, and a plurality of An external logon step for logging on with a representative account shared by the user, a command step for instructing the external device to perform processing relating to the external processing means, and a security level relating to the first authentication of the user. An inspection step of inspecting based on the security level relating to the second authentication, and an improvement step of performing a process of improving the security level of the first authentication based on the inspection result.

  An information processing apparatus according to the present invention includes an external processing unit that performs information processing using an external apparatus, and in the information processing apparatus that performs an information processing service for a user, an individual account for each user holds authentication information thereof. User management means for managing the information, and local logon means for performing first authentication using the authentication information and logging on with a corresponding individual account for a user who transmits and accesses the information to be authenticated to the information processing apparatus, An external logon unit that accesses a corresponding external device based on a service request related to the external processing unit of the logged-on user, receives a second authentication, and logs on with a representative account shared by a plurality of users; Command means for instructing the external device to execute the processing related to the external processing means, and the security level related to the first authentication of the user. The includes a testing means for testing for based on the security level of the second authentication, based on test results, and improved means for performing the improved process of the security level of the first authentication, the.

  Hereinafter, typical embodiments of the present invention will be described.

  FIG. 1 is a schematic block diagram showing a functional configuration of each device constituting a system 10 for information processing according to the present embodiment. The system 10 includes an MFP (multifunction peripheral) 20 and an external image processing service device 60, which are connected to the Internet 100 as a communication network. The external image processing service device 60 is a customer service device possessed by an ASP (Application Service Provider).

  The MFP 20 is an image processing apparatus having a scanner function, a printer (image forming) function, a copying function as a combination of a scanner function and a printer function, and a facsimile function as a combination of a telephone communication function and a printer function. The MFP 20 is placed in a public space in the company and used by a plurality of employees. In use, a mode in which the user can freely operate without logging on with a specific account is possible. However, typically, a user logs on with an individual account for administrative or confidentiality reasons.

  The MFP 20 mainly includes a display unit 22, a user input unit 24, a scanner / image forming unit 26, a security level acquisition unit 27, a control unit 28, a storage unit 30, an inspection unit 50, and an improvement processing unit 52. The display unit 22 includes a display and displays guide information and execution results. The user input unit 24 includes an input device such as a touch panel provided on the display surface or a button provided in another part. As a result, the user can send an instruction to the MFP 20. The scanner / image forming unit 26 has the scanner function, image forming function, copying function, and facsimile function described above.

The security level acquisition unit 27 acquires security levels for local logon authentication (first authentication) and external logon authentication (second authentication). The security level is an index representing the strength of authentication, and here, it is assumed that the higher the security level, the harder it is to be broken. For example, when password authentication is performed, the security level acquisition unit 27 calculates the number of passwords that can be set based on the length of the password and usable characters. Then, by taking into account the time required for one logon, the average time required to break the password is calculated to obtain the password strength as the security level. As a specific example, considering the case where the password is composed of 4 digits, the number of cases where the password can be set is 10 ⁴ = 10000 times. If the attacker tries to log on when half of this number is attempted, the expected number of attempts is 5000. Then, if the attacker can make 20 trials per minute from the user input unit 24, the time required for 5000 trials, that is, the password strength is estimated to be 250 minutes≈4 hours.

  The security level acquisition unit 27 may acquire the security level based on the security policy information in which the authentication method, encryption algorithm, password length, and the like are defined. Furthermore, when external logon is performed using the certificate 40, the security level can be acquired based on the description of the certificate.

  The control unit 28 includes hardware having an arithmetic function such as an MPU (ultra-small processing unit) and a program (software) that defines the processing operation. Then, it controls the operation of each component of the MFP 20 based on a program and user input, and gives an instruction to an external device such as the external image processing service device 60.

  The storage unit 30 includes a storage device such as a semiconductor memory or a hard disk. In addition to storing programs, image data, and the like, the storage unit 30 stores a user authentication DB (database) 32, a service list 34, service authentication information 36, a secret key 38, a certificate 40, and a usage history DB 42. .

  The user authentication DB 32 is a database for authenticating a user who uses the MFP 20. The user authentication DB 32 is constructed when an administrator (KO; key operator) of the MFP 20 creates an individual account and sets authentication information for local authentication when logging on to the MFP 20 locally. The authentication information may be changed by the user. The authentication information is data used for authentication of input authentication target information. Typically, the authenticated information is a password input by the user, and the authentication information is a password having the same content or information created from the password. When there is a user logon access, the control unit 28 refers to the user authentication DB 32 to perform local authentication processing as the first authentication, and allows the authenticated user to log on.

  FIG. 2 shows an example of the user authentication DB 32 in a table format. This figure shows account names of taro and hanako and local authentication passwords as authentication information used for authentication when each user logs on to the MFP 20 for two users with individual accounts set. Yes. Specifically, a 7-digit number “6359153” is set as a password for taro, and a 4-digit number “2568” is set as a password for hanako.

  The service list 34 is a list of services available to each registered user. FIG. 3 shows an example of the service list 34 in a table format. In this figure, for the two users taro and hanako who have created accounts, a copy service and a scanner service as a local (inside apparatus) function 110 using the scanner / image forming unit 26, an external image processing service apparatus 60 Each service A112 (ServiceA) and Service B114 (ServiceB) using the service can be implemented (displayed with a circle) or not (displayed with a cross). In the example shown, taro can use all of this service, and hanako can use only the local function 110. The control unit 28 displays a list for the user who has logged on to the display unit 22 based on the service list 34. Then, the service selected by the user is received and an execution instruction is given.

  The service authentication information 36 is information indicating a representative account name and password used in external logon when executing a service related to the external device. FIG. 4 shows an example of the service authentication information 36 in a table format. FIG. 4 shows an item 120 indicating an external service user ID as a representative account name, an item 122 indicating the password, and a security level acquisition unit based on the password for the two services A 112 and B 114 illustrated in FIG. Each value is shown for each item 124 indicating the password strength calculated by 27. According to this, the service A 112 is logged on with the user name “foge” and the password “pass”. This password is strong enough to be broken in 24 hours. In addition, the service B 114 is logged on with the user name “fogefoge” and the password “passpass”, and the time required to break the password is about 48 hours. The control unit 28 refers to the service authentication information 36 and performs access to the external device. In the example of the service list 34 in FIG. 3, the user taro can implement the service A 112 (Service A) and the service B 114 (Service B), and the local authentication password of the user taro needs to have a strength of at least about 48 hours. It becomes.

  Note that it is also effective to use the identifier of the MFP 20 as the user name as the representative account. In particular, when only one representative account is set for each service in the MFP 20, the representative account name and the identifier of the MFP 20 have a one-to-one correspondence, so this naming is effective. Specifically, the user name can be a value uniquely determined based on the manufacturer name, product name, serial number, and the like of the device. Alternatively, a method of authenticating that access is from the MFP 20 based on a public key encryption method such as the digital signature method described below and logging on with a corresponding account (which can be regarded as a representative account indicating the MFP 20 itself) is also effective. It is.

  The secret key 38 is a key generated based on a public key cryptosystem. The certificate 40 is a public key certificate that proves the public key corresponding to the private key 38. The private key 38 and the certificate 40 are normally stored in the storage unit 30 at the manufacturing stage of the MFP 20. However, storage may be performed for the first time when an image processing service contract is made with an external apparatus, or addition or change may be performed. The secret key 38 is roughly used for the following two. One is a digital signature. When the MFP 20 accesses the external device, the information is encrypted with the private key 38 and transmitted to the external device, and decrypted with the corresponding public key in the external device. This proves the integrity of the creation information of the MFP 20. The other is encryption, which secures the confidentiality of information by receiving the information encrypted with the public key corresponding to the external device and decrypting it with the secret key 38. is there. In order to realize these functions, it is necessary to hold the correct public key for the external device that is the communication destination. The certificate 40 is used for this purpose, and describes an MFP identifier created by its serial number to identify the MFP 20, and is issued by a trusted organization. Then, it is sent to an external device for use at the beginning of interactive communication or when digitally signed information is transmitted.

  A public key cryptosystem can be used for external logon to the external image processing service device 60. For example, instead of the password 122 shown in FIG. 4, authentication using the private key 38 and the corresponding public key certificate may be performed. Information on the authentication method to be used for authentication can be included in the service authentication information 36. In this case, the control unit 28 refers to the information and performs external logon using an appropriate one from the set representative account name, password, public key certificate, and the like.

  In the usage history DB 42, usage information of a user who uses the MFP 20 is recorded as needed. FIG. 5 is a diagram illustrating information recorded in the usage history DB. Here, the usage status is recorded for each item of usage date 130, user name 132, and service name 134. For example, the user taro uses the service A provided by the external image processing service device 60 at 10:32 on December 3, 2003. Further, at 10:41 on December 3, 2003, the user hanako uses the service B provided by the external image processing service device 60. The usage record for the external image processing service device 60 can be used to record the usage status of the MFP 20 and can also be used to replace the charge charged by the external image processing service device 60 with the user. That is, even when the external image processing service device 60 is used without specifying an individual using a representative account, the charged amount can be allocated. The usage history DB 42 can record not only services provided by the external image processing service device 60 but also the usage status of local services.

  The inspection unit 50 is configured to compare the strength of the password for performing the first authentication at the local logon and the strength of the password for receiving the second authentication at the external logon. Then, when the strength of the password for performing the first authentication is not the predetermined strength corresponding to the password for receiving the second authentication, the improvement processing unit 52 is instructed to perform the improvement processing. As the predetermined strength, typically, the strength of the password for receiving the second authentication itself is used. The inspection unit 50 can perform inspection at a timing when an instruction from the administrator of the MFP 20 is received, and can also inspect the setting periodically or when a set event occurs. it can. Examples of the event to be set include a process for newly or additionally registering an external processing service device and its service contents, a process for setting a new individual account in the user authentication DB 32, and a process for adding a password thereof.

  If it is determined that the strength of the password for performing the first authentication is weak (the security level is low) as a result of the inspection by the inspection unit 50, the improvement processing unit 52 performs processing for improving the strength. The process can be variously performed, for example, for the user who logs on locally using the corresponding password for the first authentication, the service process using the representative account that is the comparison target is stopped, A message prompting the user to change the password can be displayed on the display unit 22. It is also possible to give a warning to the display unit 22 to a user who wants to set or change the password for the first authentication, because the password strength does not satisfy a predetermined condition. .

  In the above description, the control unit 28 of the MFP 20 has been described as being inside the MFP 20. However, the control unit 28 or some of the functions of the control unit 28 may be provided in a device different from the MFP 20. For example, a function of the control unit 28 can be assigned by installing a PC on the way to connect the MFP 20 and the Internet 100.

  Next, the configuration of the external image processing service device 60 will be described. The external image processing service device 60 includes a control unit 62, a service unit 64, a service permission list 70, and a usage history DB 72 as main components. The control unit 62 is provided in the main body of the external image processing service device 60 or in a separate housing, and is configured by hardware having an arithmetic function and a program that defines its operation. It manages control of the external image processing service device 60, communication with external devices via the Internet 100, and the like. The service unit 64 is a component having hardware according to the service content provided. Here, it is assumed that a service A unit 66 that provides service A and a service B unit 68 that provides service B are included, corresponding to the description using FIGS.

  The service permission list 70 is provided in order to authenticate the logon of the MFP 20 group having a usage contract with the external image processing service device 60 for each service. Registration in the service permission list 70 is generally performed by an operator on the ASP side who is an administrator of the external image processing service apparatus 60 after a contract with the MFP 20 is made. FIG. 6 shows an example of the service permission list 70. Here, a service permission list 70 corresponding to the service authentication information 36 of the MFP 20 shown in FIG. 4 is shown. The service permission list 70 includes an item 200 indicating a service name related to the service unit 64, an item 202 indicating a registered external service user ID, and an item 204 indicating a password as authentication information for authenticating the user ID. A value is registered. Specifically, an account having an account name of “foge” and a password of “pass” is registered as an account using the service A. In addition, an account having an account name of “fogefoge” and a password of “passpass” is registered as an account using the service B. The control unit 62 refers to the service permission list 70, authenticates access from the MFP 20 with a password, permits logon, and gives the authority to use the corresponding service.

  The usage history DB 72 is a database that records users who use the service of the external image processing service device 60. FIG. 7 is a diagram illustrating information held in the usage history DB 72. Here, the history information is recorded separately in two items, a use date 140 and an external service user ID 142. Specifically, at 15:03 on December 1, 2003, it is used by the MFP 20 as a user having the external service user ID foge, and at 10:32 on December 3, 2003, the external service user ID is used. The fact that it was used by the MFP 20 as a user having fogefoge is recorded. The usage history DB 72 can further record the name of the provided service (service A or service B) and the amount of processing related to the service (size of image data, etc.). As a result, detailed billing can be made to the MFP 20 having the corresponding external service user ID.

  Next, an outline of general operation of the system 10 will be described with reference to FIGS.

  FIG. 8 is a flowchart showing the flow of the management process and use process for the external image processing service device 60. When a contract is made online or offline between the ASP that owns the external image processing service device 60 and the company that owns the MFP 20 (S10), the administrator on the ASP side sets a representative account in the external image processing service device 60. Setting is performed (S12). According to the example shown in FIG. 6, the registration for the service A is performed by registering a representative account with the account name foge and a corresponding password called pass. Service B is registered using a representative account with the account name fogefoge and a password passpass. Then, service list information for presenting service contents and the like to the user is provided to the MFP 20 (S14).

  When there is an access from the registered MFP 20, the external image processing service device 60 performs authentication and permits logon (S 16). For example, a user name “foge” and password information “pass” are transmitted to the service A (encrypted if necessary). The control unit 62 of the external image processing service device 60 performs authentication by referring to the service permission list 70.

  If the log-on is successful, the MFP 20 issues a command for executing the service to the external image processing service device 60 together with transmission of necessary image data. Then, the external image processing service device 60 provides a corresponding service (S18). Upon completion of the service, the external image processing service device 60 logs out the MFP 20 and leaves a record of the service provided in the usage history DB 72 (S20). Steps S16, S18, and S20 are repeated in response to a service request from the MFP. The external image processing service device 60 or ASP charges the MFP side based on the usage history DB 72 at the set timing (S22).

  Next, an outline of typical operations of the MFP 20 will be described with reference to FIG. FIG. 9 is a flowchart showing the flow of the management process and use process of the MFP 20. In the MFP 20, when a contract with the external image processing service device 60 is made (S30), the administrator registers a representative account for the service authentication information 36 (S32). Further, the administrator downloads service list information from the external image processing service device 60 and adds it to the service list 34 (S34). The service list 34 can be set to automatically receive and add by registering address information such as the URL and IP address of the external image processing service device 60. In addition, as shown in FIG. 3, when the service which can be utilized for every user differs, it can respond by setting the access right given for every user.

  The control unit 28 of the MFP 20 refers to the user authentication DB 32, authenticates user access to a preset individual account, and permits logon (S36). For the logged-on user, the service list is displayed on the display unit 22 with reference to the service list 34. And the information which the user selected through the user input part 24 is received (S38). When the accepted service is provided by the external image processing service device 60, the service is logged on with reference to the service authentication information 36 (S40). According to the example shown in FIG. 4, in the case of service A, logon is performed through password authentication with a representative account called foge. For this reason, the user does not need to be aware of how the logon to the external image processing service device 60 is performed, and does not need to perform complicated operations such as entering a password.

  After logging on, the external image processing service device 60 is instructed to execute processing related to the service selected by the user (S42). At that time, image data is transmitted and received as necessary. The external image processing service device 60 logs out immediately after the service is completed (S44). When the post-processing in the MFP 20 ends, the MFP 20 logs out. The MFP 20 records a record relating to the execution process of the user in the usage history DB 42 (S46). The process from step S36 to S46 is repeated as appropriate.

  Billing information is periodically transmitted from the external image processing service device 60 or the ASP that manages it (S48). Therefore, on the MFP 20 side, the corresponding billing amount is reassigned to the corresponding user against the usage history DB 42 (S50).

  Next, an outline of the operation of the MFP 20 for local logon security measures will be described with reference to FIGS.

  FIG. 10 is a flowchart for explaining the flow of processing when a service related to the external image processing service device 60 is added to the MFP 20 later. In other words, it is assumed here that an individual account has already been set in the MFP 20 (S60). For the MFP 20, the service of the external image processing service device 60 is additionally registered according to the contract (S62). In other words, the service is added to the service list 34 and the service authentication information 36 is set for external logon. At this stage, the security level acquisition unit 27 acquires the security level for the second authentication when performing external logon with the representative account (S64). The security level may be obtained by using the security policy information of the external device if it can be used, or by calculating from the number of digits of the password entered in the service authentication information 36. May be. Furthermore, the security level acquisition unit 27 acquires the security level for the first authentication when local logon is performed with an individual account (S66). This security level can also be obtained by using the security policy information of the MFP 20 if it can be used, and can also be calculated from the number of digits of the password registered in the user authentication DB 32. Is possible.

  The acquired security level of the first authentication is compared with the security level of the second authentication (S68). If the first authentication has a higher security level, the setting of the external service is completed. On the other hand, when the first authentication has a lower security level, the improvement processing unit 52 stops the use of the external service by the individual account (S70). That is, it is impossible to log on to the external image processing service device 60 with the representative account from the individual account.

  The user logs on the MFP 20 by inputting the password for the individual account (S72). When the user logs on or when the user intends to use the external service, the improvement processing unit 52 displays through the display unit 22 that the external service cannot be used because the password does not satisfy the condition, and the password (S74). On the other hand, the user changes the password to satisfy the condition (S76). When the security level acquisition unit 27 and the inspection unit 50 determine that the security level of the new password satisfies the condition, the improvement processing unit 52 cancels the use of the external service (S78). The processing flow described above creates a situation in which the password security level must be improved and prompts the user to change the password. Thereby, the safety of local logon is gradually improved, and at the same time, the security safety of the external image processing service device 60 is also improved.

  FIG. 11 is a flowchart showing a flow of processing in which the processing shown in FIG. 10 is partially modified. The figure shows the flow when the first authentication has a lower security level than the second authentication in step S68 of FIG. Here, instead of step S70 of FIG. 10, the improvement processing unit 52 forcibly resets the password of the corresponding individual account to satisfy the condition (S80). The new password is notified to the user through communication means such as encrypted mail based on the instruction of the improvement processing unit 52 (S82). The user can use the image processing apparatus including the external service by performing local logon with the new password. In this configuration, when an external service is registered, local logon using a password with a low security level becomes impossible immediately, so high security can be ensured.

  FIG. 12 is a flowchart for explaining a case where a new individual account is set after a service related to the external image processing service device 60 is registered in the MFP 20. Here, it is assumed that an external service has already been registered for the MFP 20 (S90). Then, by using the security policy of the external device or by analyzing the password, the security level acquisition unit 27 acquires the security level of the second authentication in the external logon (S92).

  In this situation, a new individual account setting operation is performed, and the administrator of the apparatus inputs a first authentication initial setting password for local logon (S94). At this time, the security level acquisition unit 27 acquires the security level of the input password (S96), and the inspection unit 50 compares the security level of the first authentication with the security level of the second authentication (S98). If the security level of the first authentication is higher, the password is registered in the user authentication DB 32, and the setting of the individual account is completed. On the other hand, when the security level of the first authentication is lower, the registration of the input password is rejected according to the instruction of the improvement processing unit 52. Then, a warning is displayed on the display unit 22 so as to input a password with increased strength (S100). This process flow is applicable not only when a new individual account is set in step S94, but also when the user changes the password of the individual account. In either case, it is possible to maintain a predetermined security level in order to prevent a situation where a password that does not satisfy the condition is newly registered.

  FIG. 13 is a flowchart illustrating a processing flow obtained by partially modifying the processing illustrated in FIG. The figure shows the flow when the first authentication has a lower security level than the second authentication in step S98 of FIG. Here, instead of step S100 in FIG. 12, the improvement processing unit 52 takes measures so that the external service cannot be used from an individual account that does not satisfy the condition (S110). That is, when the security level of the second authentication is higher than the security level of the first authentication, the use of the external service is stopped. Then, the improvement processing unit 52 instructs a warning display indicating that it is necessary to change the password when the user logs on locally or when using an external service (S112).

It is a block diagram which shows schematic structure of the apparatus which concerns on this Embodiment. It is a figure which shows the example of user authentication DB. It is a figure which shows the example of a service list. It is a figure which shows the example of service authentication information. 6 is a diagram illustrating an example of an MFP usage history DB. FIG. 6 is a diagram illustrating an example of an MFP permission list. FIG. It is a figure which shows the example of utilization log | history DB of an external device. It is a flowchart explaining the outline | summary of operation | movement of an external device. 3 is a flowchart illustrating an outline of operation of the MFP. It is a flowchart which shows the example of a security level improvement process. It is a flowchart which shows the modification of a security level improvement process. It is a flowchart which shows the example of another security level improvement process. It is a flowchart which shows the modification of another security level improvement process.

Explanation of symbols

  10 system, 20 MFP, 22 display unit, 24 user input unit, 26 scanner / image forming unit, 27 security level acquisition unit, 28 control unit, 30 storage unit, 32 user authentication DB, 34 service list, 36 service authentication information , 38 Private key, 40 Certificate, 42 Usage history DB, 50 Inspection unit, 52 Improvement processing unit, 60 External image processing service device, 62 Control unit, 64 Service unit, 66 Service A unit, 68 Service B unit, 70 Service Permit list, 72 Usage history DB, 100 Internet.

Claims (12)

A scanner unit that captures an original image on a sheet to generate image data, or an image forming unit that forms a print image on a sheet based on the image data;
An external processing means for processing image data using an external device;
In an image processing apparatus that provides an image processing service to a user,
User management means for managing individual accounts for each user while maintaining their authentication information;
A local logon means for performing first authentication using the authentication information and logging on with a corresponding individual account for a user who accesses the image processing apparatus by transmitting authentication information;
An external logon means for accessing a corresponding external device based on a service request related to an external processing means of a logged-on user, receiving a second authentication, and logging on with a representative account shared by a plurality of users;
Command means for instructing the external device to perform processing related to the external processing means;
Inspection means for inspecting the security level related to the first authentication of the user based on the security level related to the second authentication;
Improvement means for performing a process of improving the security level of the first authentication based on the inspection result;
An image processing apparatus comprising: The image processing apparatus according to claim 1.
The improvement process in the improvement means is a process for increasing the first security level to be equal to or higher than the second security level when the first security level is lower than the second security level. Image processing device. The image processing apparatus according to claim 1.
The image processing apparatus according to claim 1, wherein the improvement process in the improvement means is a process of outputting a warning to a user corresponding to authentication information that does not satisfy a predetermined condition. The image processing apparatus according to claim 1.
The improvement processing in the improvement means is a process for stopping a service related to the external processing means for a user corresponding to authentication information that does not satisfy a predetermined condition. The image processing apparatus according to claim 1.
The image processing apparatus according to claim 1, wherein the improvement process in the improvement means is a process of changing authentication information that does not satisfy a predetermined condition. The image processing apparatus according to claim 1.
The security level related to the first authentication is acquired based on a security policy of the image processing apparatus.
Alternatively, the security level related to the second authentication is acquired based on a security policy provided by an external device. The image processing apparatus according to claim 1.
The security level related to the first authentication is obtained by analyzing the corresponding authentication information.
Alternatively, the external logon means receives the second authentication by transmitting the authenticated information to an external device, and the security level related to the second authentication is obtained by analyzing the authenticated information. An image processing apparatus. The image processing apparatus according to claim 1.
The image processing apparatus, wherein the inspection unit is performed when a new representative account is set. The image processing apparatus according to claim 1.
The inspection means is performed when new authentication information is given to the user management means,
The image processing apparatus according to claim 1, wherein the improvement process in the improvement unit is a process for causing the user management unit to reject acceptance of the authentication information when newly given authentication information does not satisfy a predetermined condition. A scanner unit that captures an original image on a sheet to generate image data, or an image forming unit that forms a print image on a sheet based on the image data;
An external processing means for processing image data using an external device;
A program executed in an image processing apparatus that provides an image processing service to a user,
User management procedures for managing individual accounts for each user while maintaining their authentication information;
A local logon procedure for performing first authentication using authentication information and logging on with a corresponding individual account for a user who accesses the image processing apparatus by transmitting authentication target information;
An external logon procedure for accessing a corresponding external device based on a service request related to an external processing means of a logged-on user, receiving a second authentication, and logging on with a representative account shared by a plurality of users;
A command procedure for instructing the external device to perform the processing related to the external processing means;
An inspection procedure for inspecting the security level related to the first authentication of the user based on the security level related to the second authentication;
An improvement procedure for performing a process of improving the security level of the first authentication based on the inspection result;
An image processing apparatus management program comprising: A scanner unit that captures an original image on a sheet to generate image data, or an image forming unit that forms a print image on a sheet based on the image data;
An external processing means for processing image data using an external device;
A method executed by an image processing apparatus that provides an image processing service to a user,
User management step for managing individual accounts for each user while maintaining their authentication information;
A local logon step of performing first authentication using the authentication information and logging on with a corresponding individual account for a user who accesses the image processing apparatus by transmitting authentication target information;
An external logon step of accessing a corresponding external device based on a service request relating to an external processing means of a logged-on user, receiving a second authentication, and logging on with a representative account shared by a plurality of users;
A command step for instructing the external device to perform processing related to the external processing means,
An inspection step of inspecting a security level related to the first authentication of the user based on a security level related to the second authentication;
An improvement step for performing a process of improving the security level of the first authentication based on the inspection result;
An image processing apparatus management method comprising: In an information processing apparatus provided with an external processing means for performing information processing using an external apparatus and performing an information processing service for a user,
User management means for managing individual accounts for each user while maintaining their authentication information;
Local logon means for performing first authentication using the authentication information and logging on with a corresponding individual account for a user who accesses the information processing apparatus by transmitting authentication information;
An external logon means for accessing a corresponding external device based on a service request related to an external processing means of a logged-on user, receiving a second authentication, and logging on with a representative account shared by a plurality of users;
Command means for instructing the external device to perform processing related to the external processing means;
Inspection means for inspecting the security level related to the first authentication of the user based on the security level related to the second authentication;
Improvement means for performing a process of improving the security level of the first authentication based on the inspection result;
An information processing apparatus comprising:

Images