JP2007088945A - Image associated processing system and method of managing image forming apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable a user to use an image forming apparatus while maintaining fixed security even though use authorization is not set well in a complicated network environment. <P>SOLUTION: A use authorization information storage means stores use authorization information regarding use authorization of an image forming apparatus 1 for each user and furthermore, second use authorization information regarding use authorization of a guest user is stored therein. Processing is performed to authenticate the user to use the image forming apparatus 1 as a regular user (#11), a job designation is accepted from the user authenticated as a regular user (#13) and whether to permit performance of a job related to that designation is discriminated, if use authorization information of the user who has made the designation is stored in the use authorization information storage means, on the basis of that use authorization information. If the use authorization information is not stored, it is discriminated on the basis of the second use authorization information (#14). <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a system having an image forming apparatus such as an MFP and a method for managing the image forming apparatus.

  2. Description of the Related Art Conventionally, an image forming apparatus called a multifunction peripheral or MFP (Multi Function Peripherals) having various functions such as a copy, a scanner, a fax, network printing, and a document server has been widely used in offices. In recent years, an image forming apparatus can perform various processes in cooperation with other image forming apparatuses and servers. Accordingly, a large number of users having various purposes have shared one image forming apparatus.

  However, when the image forming apparatus is shared by many users, management of the image forming apparatus is important. For example, in order to prevent unauthorized use of the image forming apparatus, it is important to set and manage access rights for each user. Alternatively, in order to grasp the usage status for each user, it is important to provide a counter and count the number of copies.

Therefore, an image forming apparatus as described in Non-Patent Document 1 has been proposed. According to such an image forming apparatus, it is possible to set the authority to use the functions of copy, print, scan, and fax at the user level (that is, for each user).
Konica Minolta Business Technologies, Inc. “bizhub c450” catalog, search on August 22, 2005, Internet <URL http://konicaminolta.jp/products/business/copiers/color/c450/pdf/bizhub_c450.pdf>

  Each time an administrator increases the number of users who share an image forming apparatus, the administrator must perform a work for setting usage authority for the users. Also, an operation for preparing a counter for counting the usage status of the user must be performed.

  However, in a complex environment where there are a plurality of image forming apparatuses or an authentication server in one network, the administrator knows which user uses which image forming apparatus. The above work becomes increasingly troublesome. Therefore, setting of use authority and setting of a counter are likely to be complicated. In this case, the image forming apparatus cannot refer to the information regarding the use authority well, and there is a possibility that the use that is truly necessary for the user may be disabled. In addition, there is a risk that the usage status of the user may be accurately grasped individually. The conventional image forming apparatus described in Non-Patent Document 1 cannot solve these problems.

  SUMMARY OF THE INVENTION In view of the above problems, the present invention enables a user to use an image forming apparatus while maintaining a certain level of security even if usage authority is not set well in a complicated network environment. Objective. It is another object of the present invention to enable an administrator to accurately grasp the usage status of a user even if a counter is not well installed in a complicated network environment.

  The image-related processing system according to the present invention is an image-related processing system that executes image-related processing that is processing related to an image, and a user who desires to execute the image-related processing is a regular user. A user authentication means for performing a process for authenticating the user, a use authority information storage means for storing use authority information regarding the authority to use the image-related processing system for each user, and a user who is a legitimate user by the user authentication means Processing content designation receiving means for accepting designation of the content of the image-related processing desired by the user who has been authenticated, and executing the image-related processing of the content related to the designation received by the processing content designation receiving means. The use authority information of the user who made the designation, stored in the use authority information storage means, whether to permit or not An execution permission / inhibition determining means for determining based on the image, and an image related process for starting a control process for executing the image related process when the execution permission / inhibition determination means determines that the execution of the image related process is permitted. An execution control means, wherein the use authority information storage means stores second use authority information relating to the authority to use the image-related processing system, and the execution permission / inhibition judgment means is the user who made the designation. If the use authority information is not stored in the use authority information storage means, it is determined whether to permit execution of the image-related processing based on the second use authority information. Features.

  Alternatively, a user authentication unit that performs processing for authenticating that a user who desires to execute the image-related processing is a legitimate user, and a user who is authenticated by the user authentication unit as a legitimate user. History information for storing image-related process execution control means for performing control processing for executing the image-related processing instructed by the user, and history information indicating the contents of the executed image-related processing and the user who commanded the image-related processing. Based on the content of the image-related processing executed, the counter for counting the usage status of the image-related processing system for each user, and the counter of the user who commanded the image-related processing is updated. If there is no counter update means and the counter of the user who has instructed the executed image-related processing, the history information storage Stored in the stage, on the basis of the history information indicating the user, and having a a use status analyzing means for analyzing the usage according to the user.

  Alternatively, a user authentication unit that performs processing for authenticating that a user who desires to execute the image-related processing is a legitimate user, and a user who is authenticated by the user authentication unit as a legitimate user. Image-related processing execution control means for performing control processing for executing the image-related processing instructed by the user, a counter for counting the usage status of the image-related processing system for each user, and the executed image-related processing If there is no counter for the user who commanded the counter, the counter generation means for generating the counter for the user and the counter of the user who commanded the image-related processing based on the contents of the executed image-related processing. Counter updating means for updating.

  According to the first and fourth aspects of the present invention, the user can use the image forming apparatus while maintaining a certain level of security even if the use authority is not set well in a complicated network environment.

  According to the second, third, fifth, and sixth aspects of the present invention, even if the counter is not well installed in a complicated network environment, it is possible for the administrator to accurately grasp the usage status of the user.

[First embodiment]
1 is a diagram illustrating an example of the overall configuration of the image-related processing system GSY, FIG. 2 is a diagram illustrating an example of a hardware configuration of the image forming apparatus 1, and FIG. 3 is an example of a functional configuration of the image forming apparatus 1. FIG. 4 is a diagram illustrating an example of a functional configuration of the terminal device 2, FIG. 5 is a diagram illustrating an example of a functional configuration of the authentication server 3, and FIG. 6 is an example of a functional configuration of the access right management server 4. FIG.

  As shown in FIG. 1, the image-related processing system GSY according to the present invention includes a plurality of image forming apparatuses 1A, 1B,..., A plurality of terminal apparatuses 2A, 2B, ..., an authentication server 3, and an access right management server 4. And a communication line NW. Hereinafter, the image forming apparatuses 1A, 1B,... May be collectively referred to as “image forming apparatus 1”, and the terminal apparatuses 2A, 2B,.

  The image forming apparatus 1, the terminal apparatus 2, the authentication server 3, and the access right management server 4 can be connected to each other via a communication line NW. A LAN, the Internet, a dedicated line, a public line, or the like is used as the communication line NW.

  The image forming apparatus 1 is a processing apparatus that integrates various functions such as copying, scanner, fax, network printing, and document server. Sometimes called a multi-function peripheral or MFP (Multi Function Peripherals).

  “Network printing” is a function of receiving image data from a terminal device such as a personal computer and printing the image on paper. Sometimes called a “network printer function” or a “PC print function”.

  The “document server” is a function for providing and managing a storage area called a “personal box” or “box” corresponding to a folder or directory in a personal computer for each user. The user can store image data or the like in the personal box in units of files. It is sometimes called “box function” or “user box function”.

  The image forming apparatus 1 is installed in offices or offices such as businesses, public facilities such as schools or libraries, stores such as convenience stores, and other various places, and can be shared by a plurality of users.

  The hard disk of the terminal device 2 is installed with a driver for controlling the image forming apparatus 1 and an application program for using functions provided by the image forming apparatus 1. Therefore, the user can use the image forming apparatus 1 remotely by operating the terminal device 2.

  As shown in FIG. 2, the image forming apparatus 1 includes a CPU 10a, a RAM 10b, a ROM 10c, a hard disk 10d, a control circuit 10e, an operation panel 10f, a scanner unit 10g, a printing unit 10h, a network interface 10j, and the like.

  The control circuit 10e is a circuit for controlling the hard disk 10d, the operation panel 10f, the scanner unit 10g, the printing unit 10h, the network interface 10j, and the like.

  The scanner unit 10g optically reads an image of content such as a sentence, a mathematical formula, a symbol, a photograph, a chart, or an illustration drawn on a document and generates image data. The printing unit 10h prints an image on a sheet based on image data obtained by the scanner unit 10g or image data transmitted from the terminal device 2 or the like.

  The network interface 10j is a NIC (Network Interface Card) or a modem for communicating with other devices.

  The operation panel 10f includes a touch panel type liquid crystal display and a numeric keypad. The liquid crystal display includes a screen for giving a message or an instruction to the user, a screen for inputting a processing type and processing conditions desired by the user, a screen showing a result of processing executed by the CPU 10a and the like. Is displayed. The user operates the liquid crystal display or the numeric keypad while viewing these screens to give an instruction to the image forming apparatus 1 such as start or stop of processing, data destination, printing conditions, scanning conditions, etc. The processing conditions can be specified, and various other items can be specified. That is, the operation panel 10 f serves as a user interface for a user who operates the image forming apparatus 1.

  The hard disk 10d includes a user authentication request unit 101, a user authentication processing unit 102, a job execution availability determination unit 103, a job execution control unit 104, a job history management unit 105, a user account registration processing unit 106, an access as shown in FIG. Stored are programs and data for realizing the functions such as the right registration processing unit 107, the counter update processing unit 108, the user account database 1D1, the access right database 1D2, and the job history database 1D3. These programs are read into the RAM 10b as necessary, and the programs are executed by the CPU 10a. Some or all of these programs or data may be stored in the ROM 10c. Alternatively, part or all of the functions shown in FIG. 3 may be realized by the control circuit 10e.

  In addition, the image forming apparatus 1 is provided with a counter CN for each user who normally uses the image forming apparatus 1. In this embodiment, a copy counter CNA that counts the number of copies, a print counter CNB that counts the number of PC prints, and a fax transmission counter CNC that counts the number of fax transmissions are prepared for each user as the counter CN. . These counters CN are associated with the user name of the user who is the owner. In addition, a set of public user account counters CN (copy counter CNA, print counter CNB, and fax transmission counter CNC) is prepared. The public user account will be described later.

  As described above, the terminal device 2 is installed with a driver for controlling the image forming apparatus 1 and an application program for using functions provided by the image forming apparatus 1. As the terminal device 2, a personal computer or a workstation is used. Further, programs for realizing each function such as a server setting processing unit 201, a job history acquisition unit 202, and a user-specific counting unit 203 as shown in FIG. Yes. These programs are read into the RAM as necessary, and the programs are executed by the CPU.

  The authentication server 3 is a server for managing user accounts and processing for user authentication. The hard disk includes a user account registration processing unit 301, a user authentication processing unit 302, and an authentication result answer as shown in FIG. A program and data for realizing each function such as the unit 303 and the user account database 3D1 are installed. These programs are read into the RAM as necessary, and the programs are executed by the CPU.

  In order to use the image forming apparatus 1, the user needs to obtain a user account from an administrator in advance. Before using the image forming apparatus 1, it is necessary to receive user authentication by inputting a user name and a password related to his / her user account.

  The access right management server 4 is a server that manages use rights of the functions of the image forming apparatus 1, that is, access right information. The hard disk includes an access right registration processing unit 401, an access right answer as shown in FIG. A program and data for realizing each function such as the unit 402 and the access right information database 4D1 are installed. These programs are read into the RAM as necessary, and the programs are executed by the CPU.

  In order to use a function provided in the image forming apparatus 1, the user needs to be given an access right to the function by an administrator in advance for his own user account in principle.

  Normally, the user account management and user authentication processing are performed centrally by the authentication server 3 and the access right management is performed centrally by the access right management server 4, but can also be performed for each image forming apparatus 1. is there. This will be described later.

  Although FIG. 1 shows an example in which the authentication server 3 and the access right management server 4 are realized by separate server machines, they may be realized by a single server machine. Alternatively, the functions of the authentication server 3 and the access right management server 4 may be distributed among three or more server machines. A plurality of authentication servers 3 or access right management servers 4 may be prepared, and the same type of processing may be executed in parallel.

  Next, the contents of the processing of each part of the image forming apparatus 1 shown in FIG. 3, each part of the terminal device 2 shown in FIG. 4, each part of the authentication server 3 shown in FIG. 5, and each part of the access right management server 4 shown in FIG. Are roughly classified into processing for setting a user account and access right, processing for executing a job, and processing after executing the job.

[Settings for user accounts and access rights]
7 shows an example of the user account database 3D1, FIG. 8 shows an example of the access right information database 4D1, FIG. 9 shows an example of the authentication server setting screen HG1, and FIG. 10 shows an access right management setting screen HG2. FIG. 11 is a diagram showing an example of a user account setting screen HG3, and FIG. 12 is a diagram showing an example of a public user account access right setting screen HG4.

  5, the user account database 3D1 of the authentication server 3 stores user account information DT1 for each user account of the user who uses the image forming apparatus 1, as shown in FIG. The user account information DT1 indicates a user name for identifying the user account, a password for user authentication, and a name (affiliation name) of a department to which the user belongs.

  The user account registration processing unit 301 newly generates user account information DT1 and performs processing for registering in the user account database 3D1. In addition, a process for changing the contents of the existing user account information DT1, a process for deleting the user account information DT1 from the user account database 3D1, and the like are performed.

  In FIG. 3, user account information DT1 is also stored in the user account database 1D1 of the image forming apparatus 1 in the same manner as the user account database 3D1 described above. The user account registration processing unit 106 performs processing for newly generating user account information DT1 and registering it in the user account database 1D1. However, if the authentication server 3 is to perform the user account management and user authentication processing of the user who uses the image forming apparatus 1, the user account registration processing unit 106 and the user account database 1D1 are not necessary.

  In FIG. 6, the access right information database 4D1 of the access right management server 4 stores access right information DT2 as shown in FIG. In principle, one access right information DT2 is given to one user account. The access right information DT2 indicates whether or not to use the seven functions of the image forming apparatus 1 and the upper limit value of use.

  In the “copy” or “monochrome print” field, “◯” means that a user having a user account related to the access right information DT2 is permitted to use the function corresponding to the field, “X” means that its use is prohibited. For example, according to FIG. 8, a user having a user account with a user name “User_A” is permitted to use the copy function, the scanner function, the fax function, and the monochrome print function, but the user box function, It can be seen that the use of the PC print function and the color print function is prohibited.

  The “number of copies”, “number of prints”, and “number of fax transmissions” are respectively the number of copies that the user can copy, the number of copies that can be PC printed, and the number of times that fax transmission can be performed in a predetermined period. The upper limit is shown.

  The access right registration processing unit 401 performs processing for newly generating access right information DT2 and registering it in the access right information database 4D1. In addition, a process for changing the contents of the existing access right information DT2, a process for deleting the access right information DT2 from the access right information database 4D1, and the like are performed.

  The image forming apparatus 1 also has functions corresponding to the access right registration processing unit 401 and the access right information database 4D1. That is, in FIG. 3, the access right information DT2 is stored in the access right database 1D2. The access right registration processing unit 107 performs a process of newly generating access right information DT2 and storing it in the access right database 1D2.

  As explained previously, user accounts and access rights are granted to users by an administrator. The administrator performs an operation for giving a user account or access right by operating his / her terminal device 2. Also, an operation is performed to set whether the user account management or the like is performed by the image forming apparatus 1 or the authentication server 3 or the access right management server 4. The server setting processing unit 201 of the terminal device 2 illustrated in FIG. 4 sets the settings relating to the user account or the access right to the image forming apparatus 1, the authentication server 3, or the access right management server 4 according to the content of the operation performed by the administrator. And execute.

  Here, referring to FIGS. 9, 10, 11, and 12, the server setting processing unit 201, the user account registration processing unit 106, the access right registration processing unit 107, the user account registration processing unit 301, and the access right registration A processing flow of the processing unit 401 will be described.

  When the administrator inputs an authentication setting command to the terminal device 2, the server setting processing unit 201 displays an authentication server setting screen HG1 as shown in FIG. 9 on the display. The authentication server setting screen HG1 is a screen for designating a subject or the like that executes user account management and user authentication processing.

  Here, the administrator inputs identification information (such as a device name or an IP address) of the image forming apparatus 1 in the text box TB10, and performs user account management and user authentication processing related to the user of the image forming apparatus 1. When the image forming apparatus 1 itself is desired to perform, the radio button RB11 is clicked and selected.

  On the other hand, when the authentication server 3 is desired to be performed, the radio button RB12 is selected by clicking. Further, the type of management service of the authentication server 3 is specified by inputting it in the text box TB11. When “Active Directory” or “Ntlm” is specified in the text box TB11, the domain name of the authentication server 3 is input and specified in the text box TB12. When “NDS” is specified in the text box TB11, the tree name and the context name are input and specified in the text boxes TB12 and TB13, respectively.

  Then, the server setting processing unit 201 transmits the content specified on the authentication server setting screen HG1 to the image forming apparatus 1 specified in the text box TB10 as authentication setting information DT3.

  The image forming apparatus 1 that has received the authentication setting information DT3 recognizes based on the authentication setting information DT3 whether the image forming apparatus 1 itself performs user account management and user authentication processing or causes the authentication server 3 to perform the processing. .

  Alternatively, when the administrator inputs an access right management setting command to the terminal device 2, the server setting processing unit 201 displays an access right management setting screen HG2 as shown in FIG. 10 on the display.

  Here, when the administrator inputs the identification information of the image forming apparatus 1 in the text box TB2 and wants the image forming apparatus 1 itself to manage the access right to be given to the user of the image forming apparatus 1, the administrator Click the button RB21 to select it. When the access right management server 4 wants to perform it, the radio button RB22 is clicked and selected.

  Then, the server setting processing unit 201 transmits the content specified on the access right management setting screen HG2 to the image forming apparatus 1 specified in the text box TB2 as the access right management setting information DT4.

  The image forming apparatus 1 that has received the access right management setting information DT4 recognizes whether the image forming apparatus 1 itself manages the access right or causes the access right management server 4 to perform it based on the access right management setting information DT4. To do.

  Alternatively, when the administrator inputs a command for creating a new user account to the terminal device 2, the server setting processing unit 201 displays a user account setting screen HG3 as shown in FIG. 11 on the display.

  Here, the administrator inputs and designates the user name and password of the newly created user account in the text boxes TB31 and TB32, respectively. The user name must be specified so as not to overlap with the user name of the existing user account.

  Further, the administrator selects a function that is permitted to be used by the user related to the user account from among the seven functions of the image forming apparatus 1 indicated in the access right setting area RY3, and is located on the left side of the name of the function. Click to select a check box. For example, when only using the copy function is permitted, it is selected by clicking on the upper left check box in the access right setting area RY3. In the text boxes TB34, TB35, and TB36, the number of copies, the number of PC prints, and the number of fax transmissions allowed for the user in a predetermined period are respectively input and designated.

  And the apparatus which registers the user account is designated by radio button RB31, RB32 and text box TB33. When registering in the authentication server 3, click the radio button RB32 to select it. When registering in the image forming apparatus 1, the radio button RB31 is selected by clicking, and the identification information of the image forming apparatus 1 is input into the text box TB33. Similarly, a device for registering the access right of the user account is designated by radio buttons RB33 and RB34 and a text box TB37.

  The server setting processing unit 201 sets the contents specified in the text boxes TB31 and TB32 among the contents specified on the user account setting screen HG3 as new user account information DT5 using the radio buttons RB31 and RB32 or the text box TB33. Send to the specified device. Further, the contents designated in the text box TB31, the access right setting area RY3, and the text boxes TB34 to TB36 are transmitted as access right grant information DT6 to the device designated by the radio buttons RB33, RB34 or the text box TB37. .

  When the new user account information DT5 is transmitted to the authentication server 3, the user account registration processing unit 301 of the authentication server 3 generates a new record (user account information DT1) in the user account database 3D1, and receives the received new user The user name and password indicated in the account information DT5 are stored in the user account information DT1. When transmitted to the image forming apparatus 1, the user account registration processing unit 106 of the image forming apparatus 1 performs the same processing on the user account database 1D1.

  When the access right grant information DT6 is transmitted to the access right management server 4, the access right registration processing unit 401 of the access right management server 4 adds a new record (access right information DT2) to the access right information database 4D1. The user name generated and received in the access right grant information DT6 is stored in the “user name” field of the access right grant information DT2, and the field corresponding to the function permitting use indicated in the access right grant information DT6 is displayed. “○” is stored, and “×” is stored in the field of other functions. Further, the number of copies or the number of times indicated in the access right grant information DT6 is also stored in the fields of “number of copies”, “number of prints”, and “number of fax transmissions”. When transmitted to the image forming apparatus 1, the access right registration processing unit 107 of the image forming apparatus 1 performs the same processing on the access right database 1D2.

  As described above, in order to use the function of the image forming apparatus 1, the user must be given the use authority (access right) in principle. Therefore, in principle, the access right information DT2 must be registered for the user's own user account. However, even if the access right information DT2 is not registered, if the user authentication can be received, it is limited to the range set in the access right information DT2 given to the public user account. The function of the image forming apparatus 1 can be used. The “public user account” is a user account for a user who does not have a user account to temporarily use the image forming apparatus 1. That is, it is a so-called guest account. For example, it is used by part-time employees in the office.

  The access right information DT2 of the public user account is registered in the access right management server 4 or the image forming apparatus 1 as follows.

  When the administrator clicks the “Next” button on the authentication server setting screen HG1 (see FIG. 9) described above, the server setting processing unit 201 displays the public user account access right setting screen HG4 as shown in FIG. On the display. Alternatively, the public user account access right setting screen HG4 may be displayed when the administrator inputs a command for setting the access right for the public user account to the terminal device 2.

  Here, the administrator selects a function permitted to be used for the public user account from the seven functions of the image forming apparatus 1 indicated in the access right setting area RY4, and a check box on the left side of the name of the function. Click to select. In the text boxes TB41, TB42, and TB43, the number of copies allowed for the public user account, the number of PC prints, and the number of fax transmissions are input and specified in a predetermined period.

  And the apparatus which registers the access right information DT2 of the public user account is designated by the radio buttons RB41, RB42 and the text box TB44. When registering in the access right management server 4, the radio button RB42 is selected by clicking. When registering in the image forming apparatus 1, the radio button RB 41 is selected by clicking, and the identification information of the image forming apparatus 1 is input into the text box TB 44.

  If it is not desired to permit use of the image forming apparatus 1 for the public user account, the access right information DT2 for the public user account may not be registered. Alternatively, as the access right information DT2 for the public user account, access right information DT2 that prohibits the use of all functions and sets the upper limit value to “0” may be registered.

  The server setting processing unit 201 displays the public access right grant information DT7 indicating the function selected in the access right setting area RY4 and the number or number of times input in the text boxes TB41 to TB43, the radio buttons RB41, RB42, or the text box TB44. Send to the device specified in. In other words, when the radio button RB42 is designated (selected), it is transmitted to the access right management server 4. When the radio button RB41 is designated, it is sent to the image forming apparatus 1 designated (input) in the text box TB44. Send.

  When the public access right grant information DT7 is transmitted to the access right management server 4, the access right registration processing unit 401 of the access right management server 4 generates a new record (access right information DT2) in the access right information database 4D1. Then, “O” is stored in the field corresponding to the function permitted to be used indicated in the received public access right grant information DT7, and “X” is stored in the field of other functions. Further, the number of copies or the number of times indicated in the public access right grant information DT7 is stored in the fields of “number of copies”, “number of prints”, and “number of fax transmissions”. In the “user name” field, “Public_User” which is identification information of the public user account is stored. When transmitted to the image forming apparatus 1, the access right registration processing unit 107 of the image forming apparatus 1 performs the same processing on the access right database 1D2.

  As described above, the settings relating to the user account and the access right are made to the image forming apparatus 1, the authentication server 3, and the access right management server 4.

[Process when job is executed]
FIG. 13 is a diagram illustrating an example of a login screen HG5, FIG. 14 is a flowchart for explaining an example of the flow of user authentication processing, and FIG. 15 is a flowchart for explaining an example of the flow of execution feasibility determination processing. Next, processing contents when the user causes the image forming apparatus 1 to execute a job will be described.

  When no one is logged in, the image forming apparatus 1 displays a login screen HG5 as shown in FIG. 13 on the liquid crystal display of the operation panel 10f as a standby screen. As described above, a user who desires the image forming apparatus 1 to execute a job must receive user authentication in advance. Accordingly, the user name and password of his / her user account are input to the text boxes TB51 and TB52 by operating the operation panel 10f, and the “login” button is pressed.

  Then, the user authentication request unit 101 or the user authentication processing unit 102 (see FIG. 3) of the image forming apparatus 1 executes a process for user authentication of the user in the procedure as shown in the flowchart of FIG.

  If the user authentication is set to be executed by the image forming apparatus 1 itself by the setting process described with reference to FIG. 9 or the like (No in # 101 of FIG. 14), the user authentication processing unit 102 User authentication is executed based on user account information DT1 registered (stored) in one's own (that is, local) user account database 1D1 and the input user name and password. That is, the user account information DT1 indicating the input user name is searched from the user account database 1D1 (# 102), and the input password and the password indicated in the searched user account information DT1 are collated (in # 103). Yes, # 104). If they match (Yes in # 105), authentication that the user is a regular user is given (# 106). If they do not match or if the user account information DT1 cannot be retrieved (No in # 105 or No in # 103), authentication is not given (# 107).

  On the other hand, when the authentication server 3 is set to be executed (Yes in # 101), the user authentication request unit 101 performs authentication of the user based on the authentication setting information DT3. 3 (# 108). At this time, the authentication server 3 is notified of the user name and password input on the login screen HG5.

  Upon receiving the request, the authentication server 3 performs the same processing as steps # 102 to # 107. That is, the user authentication processing unit 302 (see FIG. 5) searches the user account database 3D1 for user account information DT1 indicating the notified user name, and stores the notified password and the searched user account information DT1. If the displayed password matches, authentication that the user is a regular user is given. If they do not match or if the user account information DT1 cannot be retrieved, no authentication is given. Then, the authentication result reply unit 303 notifies the request source image forming apparatus 1 of the result of the user authentication processing by the user authentication processing unit 302. In this way, the user authentication processing unit 302 performs user authentication processing instead of the user authentication processing unit 102.

  If it is authenticated by the user authentication processing unit 102 or the user authentication processing unit 302 that the user is a legitimate user, the login of the user to the image forming apparatus 1 is permitted, and if the user is not authenticated, the login is rejected.

  In principle, a user who is permitted to log in can use the functions of the image forming apparatus 1 within the range of the access right given to his / her user account until the user logs out.

  The user can operate the terminal device 2 and use the image forming apparatus 1 remotely. In this case, the user inputs the user name and password of his user account to the terminal device 2. Then, the terminal device 2 transmits the input user name and password to the image forming apparatus 1 to request that the login be permitted. The user authentication request unit 101 or the user authentication processing unit 102 of the image forming apparatus 1 executes the user authentication process according to the procedure described above. When authentication indicating that the user is an authorized user is given, login to the image forming apparatus 1 is permitted, and in principle, the range of access rights given to his / her user account until logging out. Thus, the function of the image forming apparatus 1 can be used remotely.

  A user who has logged in to the image forming apparatus 1 can give a job execution command to the image forming apparatus 1 by operating the operation panel 10 f or the terminal device 2. When the execution command is given, the job execution possibility determination unit 103 determines whether or not the job related to the execution command may be executed according to the procedure shown in the flowchart of FIG.

  If the image forming apparatus 1 itself is set to manage the access right by the setting process described with reference to FIG. 10 or the like (No in # 121 in FIG. 15), the job execution permission determination unit 103 The access right information DT2 corresponding to the user account of the currently logged-in user is searched from the access right database 1D2 of the forming apparatus 1 itself (that is, local) (# 122). If the access right information DT2 is not found (No in # 123), the access right information DT2 of the public user account is searched from the access right database 1D2 (# 124).

  On the other hand, when the access right management server 4 is set to manage the access right (Yes in # 121), the access right management server 4 is connected based on the access right management setting information DT4, and the access right management is performed. The server 4 is requested for access right information DT2 corresponding to the user account of the currently logged-in user (# 126).

  In the access right management server 4 that has received the request, the same processing as steps # 122 to # 124 is performed. That is, the access right answering unit 402 searches the access right information database 4D1 for the requested access right information DT2, and transmits it to the image forming apparatus 1. If not found, the access right information DT2 of the public user account is searched for and transmitted instead of the access right information DT2.

  Note that, in an environment where a plurality of access right management servers 4 are prepared in the image related processing system GSY and the access right information DT2 is distributedly managed, the required access right information DT2 is sent to the requested access right management server. 4 may not be included, but may be included in another access right management server 4. In this case, the job execution permission / inhibition determining unit 103 is notified of the other access right management server 4 that is the management location of the access right information DT2 from the access right management server 4 as the request destination, and the other access right management server 4 Again, it requests the necessary access right information DT2.

  The job execution possibility determination unit 103 determines a function necessary for executing a job related to an execution command given by the user before or after or in parallel with the processing of steps # 121 to # 127 (# 128). . For example, when a color copy job execution command is given, it is determined that a scan function, a copy function, and a color print function are necessary. The relationship between the job type and the necessary function may be defined in the image forming apparatus 1 in advance by a file indicating the job.

  Whether the user has the authority to execute the job related to the execution command based on the access right information DT2 searched in step # 122 or # 124 or the access right information DT2 transmitted from the access right management server 4 It is determined whether or not (# 129). For example, if it is determined in step # 128 that a scan function, a copy function, and a color printing function are necessary to execute a job related to an execution command given by the user, the access right information DT2 includes It checks whether the value of the field corresponding to these three functions is not. If all are “◯”, it is determined that the user has authority. If any one is “x”, it is determined that the user does not have authority.

  Further, if the job is executed, it is determined whether or not the value of the counter CN of the user exceeds the value (upper limit value) indicated in the access right information DT2 (# 130). For example, the job is a copy job that consumes 10 sheets, the value of the copy counter CNA of the user is currently “995”, and the upper limit value of the number of copies indicated in the access right information DT2 is “1000”. If it is, it is determined that it will exceed. If the copy job consumes two sheets, it is determined that the number is not exceeded. However, when there is no counter CN of the user, the determination is made based on the counter CN of the public user account.

  If it is determined that the user has the necessary authority and the counter CN does not exceed the upper limit (Yes in # 131), it is determined that the job may be executed (# 132). If it is determined that there is no necessary authority or that the CN exceeds the upper limit (No in # 131), it is determined that the job cannot be executed (# 133). Even when the access right information DT2 is not obtained (No in # 125 or No in # 127), it is determined that the job cannot be executed (# 133).

  When the job execution control unit 104 determines that the job according to the execution command may be executed, the job execution control unit 104 executes the job so that the job is executed as in the conventional case. Control hardware and software.

[Process after job execution]
FIG. 16 is a diagram illustrating an example of the job history database 1D3.

  After the job is executed, the counter update processing unit 108 in FIG. 3 adds the number of copies or the number of prints to the counter CN of the user who has given the execution instruction for the current job based on the processing contents of the current job. . For example, when ten copy sheets are used by executing a copy job based on an execution command from a user with a user name “User_A”, the copy counter associated with the user name “User_A” is used. Add “10” to CNA.

  However, there is a case where the counter CN corresponding to the user name of the user who has given the execution command is not provided in the image forming apparatus 1. For example, the image forming apparatus 1 may not include a counter CN such as a user who normally uses another image forming apparatus 1 or a user who works as a part-time employee. Therefore, for the case where there is no corresponding counter CN, the image forming apparatus 1 is provided with a counter CN for a public user account associated with the user name “Public”. Then, after the job is executed, the counter CN is incremented.

  In the job history database 1D3, as shown in FIG. 16, information related to the executed job is stored as a job history DT8. The job history DT8 is generated and managed by the job history management unit 105. Further, the job history management unit 105 generates the job history DT8 by the following procedure.

  When control processing for executing one job is performed by the job execution control unit 104, the job history management unit 105 issues a job ID for identifying the job from other jobs, and also uses the job history database 1D3. One new record (job history DT8) is generated.

  Then, the issued job ID is stored in the “job ID” field of the job history DT8, and the name and type of the current job are stored in the “job name” and “job type” fields, respectively. Stores in the field the user account name of the user who gave the job execution command this time. Further, information regarding the execution condition of the current job is stored in fields such as “number of faces” and “number of sheets”. The “counter” field stores the user name associated with the counter CN to which a value is added based on the processing contents of the current job.

  As described above, the number of copies, the number of prints, and the number of fax transmissions of users who are not given the counter CN are counted together in the counter CN for public user accounts. However, as it is, the usage status of the image forming apparatus 1 for each user cannot be known. Therefore, the job history acquisition unit 202 and the user-specific count unit 203 of the terminal device 2 illustrated in FIG. 4 perform processing for analyzing the usage status of the image forming apparatus 1 of the user who is not given the counter CN.

  The job history acquisition unit 202 accesses the image forming apparatus 1 and requests the job history DT8 from the image forming apparatus 1. Then, the job history management unit 105 (see FIG. 3) of the image forming apparatus 1 relates to the job executed in the analysis target period from the local job history database 1D3, and the “Counter” field is “Public”. A certain job history DT8 is searched and transmitted to the requesting terminal device 2. In this way, the job history acquisition unit 202 acquires the job history DT8 necessary for analysis.

  The user-specific count unit 203 sorts the acquired job history DT8 for each user, and further sorts the sorted job history DT8 for each function such as copy, print, and FAX transmission. Then, the number of copies, the number of prints, and the number of fax transmissions are counted by integrating the values of the number of sheets indicated in the sorted job history DT8. The count result is output to a display or the like together with the user name of the user.

  In addition, the job history DT8 stored in one image forming apparatus 1 is not analyzed, but the jobs stored in a plurality or all of the image forming apparatuses 1 provided in the image related processing system GSY. The history DT8 may be collectively analyzed.

  FIG. 17 is a flowchart for explaining an example of the overall processing flow of the image forming apparatus 1. Next, an overall processing flow of the image forming apparatus 1 when the user uses the image forming apparatus 1 will be described with reference to a flowchart.

  In FIG. 17, the image forming apparatus 1 executes a user authentication process for a user who desires to use the apparatus (# 11). The procedure of such processing is as described above with reference to FIG. As a result, if it is recognized that the user is a regular user (Yes in # 12), a job execution command from the user is awaited. When a job execution command is input, it is accepted (# 13), and it is determined whether or not the job can be executed (# 14). The procedure of the discrimination process is as described above with reference to FIG.

  If it can be executed (Yes in # 15), the job is executed (# 16), the log is recorded as access right information DT2 in the job history database 1D3 (see FIG. 16), and the user counter If there is CN, the number of sheets used this time is counted in the counter CN (# 17).

  Until the user logs out, steps # 14 to # 17 are repeated each time a job execution command is received.

  If the counter CN cannot be counted in step # 17, the usage status of the user is counted later by the job history acquisition unit 202 and the user-specific counting unit 203 (see FIG. 4) of the terminal device 2. be able to.

[Second Embodiment]
FIG. 18 is a diagram showing a modification of the functional configuration of the image forming apparatus 1, and FIG. 19 is a flowchart for explaining a modification of the overall processing flow of the image forming apparatus 1.

  In the first embodiment, when a job is executed in accordance with an execution command from a user who does not have the counter CN, the usage status is temporarily counted in the counter CN for the public user account, and the job history DT8 of the user later. The usage situation was counted by analyzing In the present embodiment, when an execution command is issued from a user who does not have the counter CN, a new counter CN is generated for the user, and the usage status is counted for this.

  Overall configuration of image-related processing system GSY in the second embodiment, hardware configuration of image forming apparatus 1, terminal apparatus 2, authentication server 3, and access right management server 4, and authentication server 3 and access right management server 4 is basically the same as that of the first embodiment, but the functional configurations of the image forming apparatus 1 and the terminal device 2 are different from those of the first embodiment.

  In the first embodiment, the terminal device 2 has the functions of the server setting processing unit 201, the job history acquisition unit 202, and the user-specific counting unit 203 as shown in FIG. 4, but in the second embodiment, The job history acquisition unit 202 and the user-specific count unit 203 are not necessary. As shown in FIG. 18, the image forming apparatus 1 includes a counter generation unit 129 instead of the job history management unit 105 and the job history database 1D3. The processing contents of the user authentication request unit 121, the user authentication processing unit 122, the job execution availability determination unit 123, the job execution control unit 124, the user account registration processing unit 126, the access right registration processing unit 127, and the counter update processing unit 128 are as follows. User authentication request unit 101, user authentication processing unit 102, job execution availability determination unit 103, job execution control unit 104, user account registration processing unit 106, access right registration processing unit 107, and counter update processing unit of the first embodiment The processing contents 108 are the same.

  Hereinafter, the processing content of each part will be described with reference to the flowchart shown in FIG. 19 with a focus on differences from the first embodiment.

  A user authentication process for a user who intends to use the image forming apparatus 1 and a process for determining whether or not to execute a job are executed by the same procedure and method as in the first embodiment (# 21 to # 26 in FIG. 19). .

  After the job is executed, the status of use of the image forming apparatus 1 by the current job is counted in the counter CN corresponding to the user name of the user who has given the execution command (# 29). However, if the counter CN does not exist (No in # 27), the counter generation unit 129 newly generates the counter CN (# 28) and counts it (# 29).

  Until the user logs out, steps # 24 to # 29 are repeated each time a job execution command is received.

  According to the first and second embodiments, whether or not the user's use authority is set successfully is determined based on the use authority of the public user account by the user. Determine. Therefore, the user can use the image forming apparatus 1 while maintaining a certain level of security.

  Further, according to the first embodiment, even if a user's counter is not set up well, the usage status of the user can be analyzed based on the job history DT8. Therefore, the administrator can accurately grasp the usage status of a user who does not have a counter installed.

  According to the second embodiment, when a user who does not have a counter executes a job, the user's counter is generated and the usage status is recorded therein. Therefore, it is possible to accurately grasp the usage status of the user while efficiently installing the counter.

  In the first embodiment, the user-specific counting unit 203 is provided in the terminal device 2, but it may be provided in the authentication server 3 or the access right management server 4. Alternatively, the image forming apparatus 1 may be provided.

  In addition, the image-related processing system GSY, the image forming apparatus 1, the terminal apparatus 2, the authentication server 3, the entire access right management server 4, the configuration of each part, the processing content, the processing order, the database configuration, the screen configuration, etc. It can change suitably according to the meaning of invention.

  The present invention is preferably used for an image forming apparatus installed in a network constituted by a large number of devices.

It is a figure which shows the example of the whole structure of an image related processing system. 2 is a diagram illustrating an example of a hardware configuration of an image forming apparatus. FIG. 2 is a diagram illustrating an example of a functional configuration of an image forming apparatus. FIG. It is a figure which shows the example of a functional structure of a terminal device. It is a figure which shows the example of a functional structure of an authentication server. It is a figure which shows the example of a functional structure of an access right management server. It is a figure which shows the example of a user account database. It is a figure which shows the example of an access right information database. It is a figure which shows the example of an authentication server setting screen. It is a figure which shows the example of an access right management setting screen. It is a figure which shows the example of a user account setting screen. It is a figure which shows the example of the access right setting screen for public user accounts. It is a figure which shows the example of a login screen. It is a flowchart for demonstrating the example of the flow of a user authentication process. It is a flowchart for demonstrating the example of the flow of an execution availability determination process. It is a figure which shows the example of a job history database. 5 is a flowchart for explaining an example of the overall processing flow of the image forming apparatus. It is a figure which shows the modification of a functional structure of an image forming apparatus. 10 is a flowchart for explaining a modification of the overall processing flow of the image forming apparatus.

Explanation of symbols

GSY image related processing system 102, 122, 302 User authentication processing unit (user authentication means)
103, 123 Job execution availability determination unit (execution permission determination means)
104, 124 Job execution control unit (image related process execution control means)
108, 128 Counter update processing unit (counter update means)
129 Counter generation unit (counter generation means)
10f Operation panel (Processing content designation receiving means)
10j network interface (processing content designation accepting means)
1D2, 4D1 access right database (use authority information storage means)
1D3 job history database (history information storage means)
203 Count section for each user (usage status analysis means)
DT2 access right information (use right information)
DT8 Job history (history information)
CN counter

Claims (6)

An image-related processing system that executes image-related processing, which is processing related to an image,
User authentication means for performing processing for authenticating that a user who desires to execute the image-related processing is a legitimate user;
Usage authority information storage means for storing usage authority information related to the authority to use the image-related processing system for each user;
A process content designation accepting unit that accepts designation of the content of the image related process desired by a user who has been authenticated by the user authenticating unit;
Whether to permit execution of the image-related processing of the content related to the designation received by the processing content designation accepting unit is stored in the use authority information storage unit, and the user who made the designation An execution permission / rejection determining means for determining based on the use authority information of
Image-related process execution control means for starting a control process for executing the image-related process when the execution permission determination means determines that the image-related process is permitted,
The usage authority information storage means stores second usage authority information related to the authority to use the image-related processing system,
The execution permission determination unit executes the image-related processing based on the second use authority information when the use authority information of the user who made the designation is not stored in the use authority information storage unit. To determine whether or not to allow
An image-related processing system characterized by that. An image-related processing system that executes image-related processing, which is processing related to an image,
User authentication means for performing processing for authenticating that a user who desires to execute the image-related processing is a legitimate user;
Image-related processing execution control means for performing control processing for executing the image-related processing instructed by a user who has been authenticated as a legitimate user by the user authentication means;
History information storage means for storing the contents of the image-related processing executed and history information indicating the user who commanded the image-related processing;
A counter for counting the usage status of the image-related processing system for each user;
Counter updating means for updating the counter of the user who commanded the image-related processing based on the contents of the executed image-related processing;
When there is no counter of the user who commanded the executed image-related processing, the usage status of the user is analyzed based on the history information indicating the user stored in the history information storage unit. Usage analysis means;
An image-related processing system comprising: An image-related processing system that executes image-related processing related to an image,
User authentication means for performing processing for authenticating that a user who desires to execute the image-related processing is a legitimate user;
Image-related processing execution control means for performing control processing for executing the image-related processing instructed by a user who has been authenticated as a legitimate user by the user authentication means;
A counter for counting the usage status of the image-related processing system for each user;
Counter generation means for generating the counter of the user when there is no counter of the user who commanded the executed image-related processing;
Counter updating means for updating the counter of the user who commanded the image-related processing based on the contents of the executed image-related processing;
An image-related processing system comprising: A management method of an image forming apparatus provided in a network,
The usage authority information storage means stores usage authority information related to the authority to use the image forming apparatus for each user, and further stores second usage authority information related to the authority to use the image forming apparatus,
A process of authenticating that the user who uses the image forming apparatus is a regular user,
Accepts job specifications from users who have been authenticated as legitimate users,
Whether or not to permit execution of the received job according to the designation is determined based on the usage authority information when the usage authority information of the user who has made the designation is stored in the usage authority information storage unit. If the use authority information is not stored, it is determined based on the second use authority information.
An image forming apparatus management method. A management method of an image forming apparatus provided in a network,
Prepare a counter for counting the usage status of the image forming apparatus for each user,
A process of authenticating that the user who uses the image forming apparatus is a regular user,
Causing the image forming apparatus to execute a job instructed by a user who has been authenticated as an authorized user;
History information indicating the contents of the executed job and the user who commanded the job is stored in the history information storage means,
Update the counter of the user who commanded the job based on the contents of the executed job,
Analyzing the usage status of the user based on the history information indicating the user stored in the history information storage means when there is no counter of the user who commanded the executed job;
An image forming apparatus management method. A management method of an image forming apparatus provided in a network,
Prepare a counter for counting the usage status of the image forming apparatus for each user,
A process of authenticating that the user who uses the image forming apparatus is a regular user,
Causing the image forming apparatus to execute a job instructed by a user who has been authenticated as an authorized user;
If the counter of the user who commanded the executed job does not exist, the counter of the user is generated,
Updating the counter of the user who commanded the job based on the contents of the executed job;
An image forming apparatus management method.