JP2009087271A - Information processing system and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processing system, securing convenience of a user without degrading security as much as possible when authentication based on formal authentication information is temporarily disabled. <P>SOLUTION: According to this information processing system, a temporary authentication information is issued for a user, either a predetermined formal authentication information or the issued temporary authentication information is received from the user to authenticated the user based on the received authentication information. When user is authenticated based on the temporary authentication information, it is determined whether or not the processing request from the user can be performed or not based on the processing execution right with limitations compared to when the user is authenticated based on the formal authentication information. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an information processing system and a program.

In recent years, various information processing apparatuses such as a document management server that manages various types of document data and an image forming apparatus (printer, multifunction machine, etc.) that forms documents on a medium such as paper are used in offices. . In addition, a user authentication device may be used to authenticate a user who uses these information processing devices (see, for example, Patent Document 1). In this case, the user possesses, for example, an IC card issued to each user, and when using the information processing apparatus, the authentication information (official authentication information) recorded on the IC card is used. ) Is read by an IC card reader or the like. The user authentication device authenticates the user based on the authentication information read from the IC card. In this way, each information processing apparatus identifies who the user is, and executes various processes such as providing a document and outputting an image according to the process execution authority set for the user. can do.
JP 2004-234329 A

  However, in the above-described example, for example, if the user forgets or loses the IC card, the user cannot use the information processing apparatus at all, and the convenience of the user is significantly impaired. There's a problem. In such a case, for example, a method of issuing a temporary password (temporary authentication information) to the user and allowing the user to use the information processing apparatus by inputting the temporary password is also conceivable. . However, if the user is allowed to use an information processing device equivalent to the original authentication method, which is the original authentication method, at the time of authentication with this temporary password, the same level of authentication means with different security levels can be used. This is not preferable in terms of security.

  One of the objects of the present invention is to provide an information processing system and program that can ensure the convenience of the user without sacrificing security as much as possible when the authentication by the formal authentication information is temporarily impossible. is there.

  The invention according to claim 1 is an information processing system, wherein issuance means for issuing temporary authentication information to a user, and predetermined formal authentication information or the issued temporary authentication information from the user And authenticating means for authenticating the user based on the received authentication information, and when the user is authenticated based on the temporary authentication information, the user is included in the formal authentication information. And a process execution enable / disable determining unit that determines whether or not the process requested by the user can be executed based on the process execution authority restricted by the process execution authority in the case of authentication based on the above.

  The invention according to claim 2 is the information processing system according to claim 1, wherein information indicating the processing execution authority by the user includes predetermined official authority information and a processing execution authority indicated by the official authority information. And authority information holding means for holding temporary authority information indicating restricted process execution authority, and the process execution availability determination means is configured to determine whether the user is authenticated based on the formal authentication information. If the user is authenticated based on the temporary authentication information using official authority information, the temporary authority information is used to determine whether or not the process requested by the user can be executed. To do.

  The invention according to claim 3 is the information processing system according to claim 1 or 2, wherein the issuing means requests the user from among a plurality of information processing devices when issuing the temporary authentication information. And determining whether to permit the execution of the predetermined process, and determining whether the process can be executed or not when the user is authenticated based on the temporary authentication information. It is determined whether to permit the execution of the predetermined process by the information processing apparatus selected by the user according to whether or not the apparatus is the permission target apparatus.

  The invention according to claim 4 is the information processing system according to claim 3, wherein the issuing means allows the information processing apparatus installed in a predetermined place to be permitted when issuing the temporary authentication information. It is determined as a target device.

  A fifth aspect of the present invention is the information processing system according to any one of the first to fourth aspects, wherein a document image is formed on a medium in accordance with a result of determination by the processing execution determination unit. An image including image forming means and identification image forming means for forming an identification image for identifying the medium on the medium together with the document image when the user is authenticated based on the temporary authentication information. A medium discarding device including: a forming device; an identification image reading unit that reads the identification image from the medium; and a medium discarding unit that discards the medium after the identification image is read. The medium discarding device further includes identification image reading determining means for determining whether or not the identification image has been read by the medium discarding device.

  The invention according to claim 6 is an information processing system, comprising a user authentication device and an information processing device, wherein the user authentication device is a means for issuing temporary authentication information to a user; An authentication unit that accepts either predetermined formal authentication information or the issued temporary authentication information from the user, and authenticates the user based on the received authentication information. When the user is authenticated based on the temporary authentication information, the device is based on a process execution authority that is more limited than a process execution authority when the user is authenticated based on the formal authentication information. And a process execution enable / disable determining unit that determines whether or not the process requested by the user can be executed.

  The invention according to claim 7 is an authentication unit that issues temporary authentication information to a user, accepts either predetermined formal authentication information or the issued temporary authentication information from the user, and accepts the authentication. Authentication means for authenticating the user based on information, and processing when the user is authenticated based on the formal authentication information when the user is authenticated based on the temporary authentication information A program for causing a computer to function as a process execution permission determination unit that determines whether a process requested by the user can be executed based on a process execution right restricted by an execution right.

  According to the first, sixth, and seventh aspects of the present invention, when the authentication based on the official authentication information cannot be temporarily performed, the security is sacrificed as much as possible by giving the user execution authority of a certain limit. Without the user's convenience

  According to the second aspect of the present invention, when the user is authenticated by the temporary authentication information, it is possible to limit the user's processing execution authority using the stored temporary authority information.

  According to the third aspect of the present invention, when the user is authenticated by the temporary authentication information, it is possible to limit the information processing apparatus that allows the user to execute the predetermined process.

  According to the invention described in claim 4, when the user is authenticated by the temporary authentication information, the information processing device that can be used by the user to execute the predetermined process is restricted according to the location of the information processing device. Can do.

  According to the fifth aspect of the present invention, when the user is authenticated by the temporary authentication information, it can be determined whether or not the user has discarded the medium on which the image is formed on the image forming apparatus.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  As shown in FIG. 1, an information processing system 1 according to an embodiment of the present invention includes a user management server (user authentication device) 2, a document management server 3, a device management server 4, and an image processing device 5. The medium discarding device 6 is included. Each of these devices is configured to be able to communicate with each other via communication means such as a LAN. Although omitted in the figure, it is assumed that a plurality of image processing apparatuses 5 and medium discarding apparatuses 6 are included in the information processing system 1.

  The user management server 2 is a server computer, for example, and includes a control unit 11, a storage unit 12, and a communication unit 13, as shown in FIG.

  The control unit 11 is a CPU or the like, and executes various types of information processing according to programs stored in the storage unit 12. In the present embodiment, the control unit 11 accepts authentication information for authenticating the user from a user (user) of the information processing system 1 and performs user authentication. A specific example of the process executed by the control unit 11 will be described later.

  The storage unit 12 includes a memory element such as a RAM and a ROM, a hard disk, and the like. The storage unit 12 holds programs executed by the control unit 11 and various data. The storage unit 12 also operates as a work memory for the control unit 11.

  The communication unit 13 is a network interface such as a LAN card, for example, and communicates with information processing apparatuses such as the document management server 3, the device management server 4, the image processing apparatus 5, and the medium discarding apparatus 6 via a communication unit. Send and receive information.

  The document management server 3 is, for example, a server computer, and includes a control unit 21, a storage unit 22, and a communication unit 23 as shown in FIG. The control unit 21, the storage unit 22, and the communication unit 23 may have the same configuration as the control unit 11, the storage unit 12, and the communication unit 13, respectively. The document management server 3 holds various types of document data in the storage unit 22 and executes various types of processing on these document data in response to a user process execution request (access request). The document data to be managed by the document management server 3 is not limited to text but may be electronic data including various contents. A specific example of processing executed by the control unit 21 of the document management server 3 will also be described later.

  The device management server 4 is, for example, a server computer and manages each device connected via communication means. Specifically, in the present embodiment, the device management server 4 holds information about each of the image processing device 5 and the medium discarding device 6 connected via the communication means, and makes an inquiry to the user management server 2 or the like. In response, the stored information is returned.

  The image processing apparatus 5 is, for example, a multifunction peripheral (an apparatus having a plurality of functions such as a printer, a copy, a scan, and a facsimile). As shown in FIG. 1, a control unit 31, a storage unit 32, and a communication unit 33, a UI (User Interface) unit 34, an image forming unit 35, an image reading unit 36, and an IC card reader 37. The control unit 31, the storage unit 32, and the communication unit 33 may have the same configuration as the control unit 11, the storage unit 12, and the communication unit 13, respectively. In the present embodiment, the image processing apparatus 5 holds the secret key information unique to each image processing apparatus 5 in the storage unit 32.

  The UI unit 34 includes a touch panel, a liquid crystal display, an input device (for example, a keyboard, a touch pad, and the like). The UI unit 34 displays, for example, a menu screen that prompts the user to input an instruction in accordance with an instruction input from the control unit 31. In addition, the UI unit 34 receives an instruction input from the user and outputs information indicating the content to the control unit 31.

  The image forming unit 35 is configured by a printer engine such as a laser printer or an inkjet printer, and executes a printing process for forming an image on a medium such as paper in accordance with an instruction from the control unit 31. With this image forming unit 35, the image processing apparatus 5 functions as an image forming apparatus. The image reading unit 36 is an image scanner or the like, and executes a scan process of reading an image formed on a medium such as paper and outputting data representing the image.

  The IC card reader 37 reads information recorded on the IC card and outputs it to the control unit 31. In the present embodiment, the IC card reader 37 includes, from the IC card 7 carried by the user, user identification information for identifying the user, information for authenticating the user (hereinafter referred to as formal authentication information), Read.

  The medium discarding device 6 is a shredder or the like, and includes a control unit 41, an image reading unit 42, a communication unit 43, and a medium discarding unit 44 as shown in FIG. The control unit 41 may be a CPU or the like similarly to the control unit 11. The image reading unit 42 is an image scanner or the like, for example, and reads at least a part of an image formed on a medium to be discarded by the medium discarding device 6. The communication unit 43 transmits information related to the image read by the image reading unit 42 via a communication unit. The medium discarding unit 44 discards a medium such as paper on which an image is formed by the image processing apparatus 5 by a method such as cutting. The medium discarding device 6 may also hold the secret key information unique to each medium discarding device 6 in a storage unit (not shown).

  Here, information stored in each server in the present embodiment will be described. In the present embodiment, the user management server 2 holds information for authenticating a user who uses each device included in the information processing system 1 in the storage unit 12 as a user management database D1. The user management database D1 authenticates each user based on user identification information (user ID) for identifying the user and formal authentication information stored in the IC card 7 possessed by the user. Information.

  FIG. 2 is a diagram illustrating an example of user information included in the user management database D1. In the example of FIG. 2, for a user, formal authentication information stored in the user's IC card 7 is included along with information such as the user ID, name, and address of the user. The user management server 2 compares the formal authentication information that the image processing device 5 reads from the IC card 7 and transmits to the user management server 2 with the formal authentication information included in the user management database D1, thereby enabling the user Authenticate.

  When the user management server 2 issues a temporary password as will be described later, the user management server 2 records information on the issued temporary password in the storage unit 12 as the temporary password management database D2. Furthermore, when the image processing apparatus 5 forms an image in response to a request from a user who has been authenticated using the temporary password, the user management server 2 stores information regarding the medium on which the image is formed, as a temporary print medium management. It records in the memory | storage part 12 as database D3. The contents of the temporary password management database D2 and the temporary print medium management database D3 will be described later.

  As described above, the document management server 3 holds a plurality of document data in the storage unit 22. Note that the document management server 3 may classify and store these document data into a plurality of folders. Further, the document management server 3 holds information indicating the user's access authority (processing execution authority) for information resources such as document data and folders held by the document management server 3 in the storage unit 22 as an access authority database D4. ing. The access authority database D4 is a temporary access that indicates temporary access authority limited by predetermined formal access authority information and the formal access authority indicated by the formal access authority information as information indicating the access authority for the document data or folder by the user. Authority information.

  FIG. 3 is a diagram illustrating an example of information included in the access authority database D4. In the example of FIG. 3, each of the document ID (ID starting with DOC) for identifying the document data held by the document management server 3 and the folder ID (ID starting with FOL) for identifying the folder in which the document data is stored. For each user, authority information indicating the official access authority and temporary access authority of the user is associated. Here, the formal access authority information and the temporary access authority information for the document data indicate whether or not the user has authority (print authority) to execute processing for causing the image processing apparatus 5 to print the document data. Yes. The formal access authority information and temporary access authority information for the folder execute processing for storing document data obtained by causing the image processing apparatus 5 to read an image formed on the medium by the user in the folder. It indicates whether or not the user has authority (scanned document storage authority). In the figure, “OK” indicates that there is an access authority, and “NG” indicates that there is no access authority. In the figure, the column labeled “-” indicates that the corresponding process does not exist in the first place.

  Here, the temporary access authority is an access authority that is more limited than the official access authority. That is, a user who has a temporary access right to a certain document data or folder also has a formal access right to the same document data or folder. On the other hand, there is a case where a certain user has a formal access right to a certain document data or folder but does not have a temporary access right.

  In the example of FIG. 3, it is assumed that the print authority for document data is set for each document data and for each user. However, the print authority for document data may be set for each folder in which a plurality of document data is stored, or may be set for each user group to which a plurality of users belong. Also, the access type is not limited to the print authority for each document data, and access authority for other access types such as browsing and editing may be defined. Similarly, the scan document storage authority for the folder may be set for each user group, or the access authority for other types of access to the folder may be determined.

  The device management server 4 holds information related to devices to be managed (image processing device 5 and medium discarding device 6) as a device management database D5. FIG. 4 is a diagram illustrating an example of information included in the device management database D5. In the example of FIG. 4, the device management database D5 includes, for each of the plurality of image processing apparatuses 5 and the plurality of medium discarding apparatuses 6, device identification information (device ID) for identifying the device and the type of the device (image processing). The device 5 or the medium discarding device 6), the location information (installation location ID) indicating the installation location of the device, and the public key corresponding to the secret key stored in the device. Information including a digital certificate.

  Here, the installation location ID is information indicating the installation location of each device, and indicates a predetermined physical area (installation area) such as an office or each floor in the office. That is, apparatuses having the same installation location ID in the device management database D5 are installed in the same installation area. The device management server 4 may further hold a database that associates the actual location (address) of the installation area indicated by the installation location ID, contact information (phone number), and the like for each installation location ID. .

  Hereinafter, each function realized by the information processing system 1 according to the present embodiment will be described. First, the functions realized by the user management server 2 will be described based on the functional block diagram of FIG. As shown in FIG. 5, the user management server 2 is functionally configured to include a temporary authentication information issuing unit 51, a user authentication unit 52, and a temporary print medium management unit 53. These functions can be realized by the control unit 11 executing a program stored in the storage unit 12. Note that this program may be provided via communication means such as the Internet, or may be provided by being stored in various computer-readable information storage media such as CD-ROM and DVD-ROM. .

  The temporary authentication information issuing unit 51 issues temporary authentication information to a user who has forgotten or lost the IC card 7 in response to a request from the image processing apparatus 5. In the present embodiment, the temporary authentication information issuing unit 51 issues a temporary password composed of a character string as the temporary authentication information. This temporary password may be generated by a random number generation function or may be determined by another algorithm. Hereinafter, a user who receives the temporary password issued by the temporary authentication information issuing unit 51 and uses the information processing system 1 using the temporary password is referred to as a temporary use user U1. A user who uses the information processing system 1 after receiving authentication based on the formal authentication information recorded on the IC card 7 instead of the temporary password is referred to as a formal user U2.

  Further, the temporary authentication information issuing unit 51 is permitted to execute a predetermined process requested by the temporary use user U1 that is a target of temporary password issuance among the plurality of image processing apparatuses 5 when issuing the temporary password. The target device may be determined. Specifically, for example, the temporary authentication information issuing unit 51 determines the image processing device 5 installed in a predetermined place as a permission target device. In the present embodiment, the temporary use user U1 authenticated by the temporary password requests the image processing apparatus 5 installed in the installation area where the image processing apparatus 5 that has transmitted the temporary password issue request is installed. It is assumed that the device to be permitted is permitted to execute the printing process or the scanning process.

  Further, the temporary authentication information issuing unit 51 records the issued temporary password in the temporary password management database D2 when issuing the temporary password. FIG. 6 is a diagram illustrating an example of information included in the temporary password management database D2. As shown in FIG. 6, the temporary password management database D2 includes information indicating the user ID of the temporary use user U1, the temporary password issued to the temporary use user U1, and the usable period of the temporary password (here Includes information that associates the use start date and time and the use end date and time with location information (issue destination location ID) indicating the installation area of the image processing apparatus 5 that has transmitted the temporary password issue request. Here, the usable period of the password may be a predetermined period (for example, one day), or may be a period determined based on a user instruction when the temporary password is issued. The issue destination location ID is information on the installation location ID stored in the device management database D5 in association with the device ID of the image processing apparatus 5 that has transmitted the temporary password issue request. The temporary authentication information issuing unit 51 obtains the issue destination location ID by making an inquiry to the device management server 4. The image processing device 5 installed in the installation area indicated by the issue destination location ID is the above-described permission target device.

  The user authentication unit 52 performs user authentication in response to a user authentication request from the image processing apparatus 5. Specifically, the user authentication unit 52 receives from the image processing apparatus 5 either the formal authentication information stored in the IC card 7 or the temporary password issued by the temporary authentication information issuing unit 51. Then, the user is authenticated based on the received authentication information, and the authentication result is returned to the image processing apparatus 5.

  As a specific example, when the user authentication unit 52 accepts the formal authentication information read from the IC card 7 possessed by the formal use user U2, the user authentication unit 52 stores the accepted formal authentication information and the user management database D1. The official user U2 is authenticated by collating it with the information of the official user U2. On the other hand, if the temporary password entered by the temporary user U1 is accepted, the accepted temporary password, the temporary password issued to the temporary user U1 stored in the temporary password management database D2, The temporary use user U1 is authenticated by checking the above.

  The temporary print medium management unit 53 records, as a temporary print medium management database D3, information related to a medium (hereinafter referred to as a temporary print medium) that is formed and output by the image processing apparatus 5 in response to a request from the temporary use user U1. To do. Such a temporary print medium is not output in response to a request from a formal user U2 who has received formal authentication. Therefore, compared with the medium output according to the request | requirement of the formal use user U2, management with a severer security should be performed. Therefore, in the present embodiment, the temporary use user U1 does not allow the temporary print medium to be taken out of a predetermined area, and after using it for browsing or the like, it should be discarded by the medium discarding device 6. When the image processing apparatus 5 outputs a temporary print medium in response to a request from the temporary use user U1, the temporary print medium management unit 53 stores information related to the temporary print medium in the storage unit 12 as a temporary print medium management database D3. Record. The temporary print medium management database D3 is used to manage whether or not the temporary print medium has been discarded within a predetermined area.

  FIG. 7 is a diagram illustrating an example of information included in the temporary print medium management database D3. In the example of FIG. 7, the temporary print medium management database D3 includes, for each temporary print medium, medium identification information (medium ID) for identifying the temporary print medium and the temporary use user U1 who has requested printing of the temporary print medium. User ID (print user ID), print date / time when printing was performed, device identification information (print device ID) of the image processing device 5 that performed printing, discard date / time when the temporary print medium was discarded, It includes information for associating the device identification information (discard device ID) of the medium discard device 6 that has discarded the temporary print medium. For the temporary print medium in which the information of the discard date / time and the discard device ID is a null value, this indicates that the temporary print medium management unit 53 has not accepted information indicating that the temporary print medium has been discarded. Yes.

  Next, functions realized by the document management server 3 will be described based on the functional block diagram of FIG. As shown in FIG. 8, the document management server 3 is functionally configured to include an access permission determination unit 61 and a process execution unit 62. These functions can be realized by the control unit 21 executing a program stored in the storage unit 22. Note that this program may be provided via communication means such as the Internet, for example, as with the program stored in the storage unit 12, or various computer-readable programs such as CD-ROM and DVD-ROM, for example. It may be provided by being stored in an information storage medium.

  When an access request to the document data held by the document management server 3 or a folder for storing the document data is received from the image processing apparatus 5, the access permission determination unit 61 determines whether the requested access is permitted. . Here, when the user who made the access request is authenticated based on the temporary password, the access permission determination unit 61 is limited by the processing execution authority when the user is authenticated based on the formal authentication information. Based on the processing execution authority, it is determined whether or not the access requested by the user is permitted.

  As a specific example, the access permission determination unit 61 includes an authentication type indicating a user ID of a user who makes an access request and whether the user is authenticated based on a temporary password or based on formal authentication information. Information is received from the image processing apparatus 5. If the user who makes the access request is authenticated based on the temporary password, the temporary access authority information among the information stored in the access authority database D4 is used to determine whether the access requested by the user is permitted. judge. On the other hand, if the user who makes the access request is authenticated based on the formal authentication information, whether the access requested by the user is permitted using the formal access authority information among the information stored in the access authority database D4. Determine. As described above, since the temporary access authority information indicates an access authority limited by the access authority indicated by the official access authority information, the access permission determination unit 61 determines that the user is authenticated based on the temporary password. In addition, it is determined whether or not the access requested by the user is permitted based on the more restricted access authority.

  In addition, when the user who makes the access request is the temporary use user U1 who is authenticated based on the temporary password, the access permission determination unit 61 determines that the image processing apparatus 5 that transmitted the access request (that is, the temporary use user U1 uses the user) Depending on whether or not the image processing apparatus 5) selected as the permission target apparatus, it may be determined whether or not the access requested by the user is permitted. By making such a determination, the access permission determination unit 61 restricts execution of printing processing and scanning processing according to the request of the temporary use user U1 by the image processing device 5 other than the permission target device. Note that the access permission determination unit 61 does not perform the determination regarding the permission target device when the user who makes the access request is authenticated based on the formal authentication information. Accordingly, when the user is authenticated based on the temporary password, the image processing apparatus 5 other than the permission target apparatus is caused to execute the printing process and the scanning process, as compared with the case where the user is authenticated based on the formal authentication information. Authority will be restricted.

  The process execution unit 62 executes a process requested by the user in accordance with the access permission determination result by the access permission determination part 61. Specifically, for example, when the process execution unit 62 receives a print request for document data specifying any document data from the image processing apparatus 5, the process execution unit 62 sends the requested document data to the image processing apparatus 5. Send. In response to this, the image processing apparatus 5 performs a printing process for forming a document image representing the transmitted document data on a medium such as paper. In addition, when the processing execution unit 62 receives a scan document storage request designating one of the folders from the image processing device 5, the processing execution unit 62 performs a scan process for reading an image formed on the medium on the image processing device 5. The document data obtained by the scan process is received from the image processing apparatus 5 and stored in the designated folder.

  Hereinafter, specific examples of the flow of some processes executed by the information processing system 1 according to the present embodiment will be described.

  First, an example of the flow of processing when the official user U2 prints the document data stored in the document management server 3 using the image processing apparatus 5 will be described based on the flowchart of FIG.

  In this example, first, the authorized user U2 causes the IC card reader 37 of the image processing apparatus 5 to read information recorded on the IC card 7 that he / she owns. The image processing apparatus 5 reads the user ID of the formal use user U2 and the formal authentication information recorded on the IC card 7, and transmits them to the user management server 2 (S1). The user authentication unit 52 of the user management server 2 performs user authentication by collating the information transmitted in S1 with the information of the official user U2 stored in the user management database D1 (S2). Subsequently, the user authentication unit 52 returns information indicating the authentication result to the image processing apparatus 5 (S3).

  When the information indicating that the authentication has failed from the user management server 2 is received, the image processing apparatus 5 stops the subsequent processing. On the other hand, when information indicating that the authentication is successful is received from the user management server 2, the image processing apparatus 5 next acquires a list of held documents from the document management server 3 (S4). In this case, the image processing apparatus 5 first acquires information indicating a list of folders from the document management server 3, and displays a list of documents stored in a folder designated by the user from the list of folders. The request may be made to the document management server 3.

  Subsequently, the image processing apparatus 5 displays a list of documents acquired from the document management server 3 on the UI unit 34, and receives designation of a document to be printed from the official user U2 (S5). Then, the print request for the document designated in S5 is transmitted to the document management server 3 (S6). Here, the image processing apparatus 5 transmits to the document management server 3 the user ID of the official use user U2 and authentication type information indicating that the user is authenticated by the formal authentication information.

  Based on the formal access authority information included in the access authority database D4, the access permission determination unit 61 of the document management server 3 determines whether the official user U2 has the print authority for the document designated as the target of the print request in S6. (S7). As a result of the determination, if it is determined that the printing authority for the designated document does not belong to the official user U2, the processing is stopped. On the other hand, when it is determined that the authorized user U2 has the printing authority for the designated document, the process execution unit 62 transmits the data of the designated document to the image processing apparatus 5 (S8). The image processing apparatus 5 executes a printing process for forming a document image representing the document transmitted in S8 on a medium (S9).

  Through the processing described above, the authorized user U2 can print a document according to his / her own processing execution authority after being authenticated using the IC card 7.

  Even when the official user U2 stores image data obtained by causing the image processing apparatus 5 to read an image formed on a medium such as paper as document data in a predetermined folder of the document management server 3. Similarly to the above-described processing example, authentication by the user authentication unit 52 and determination by the access permission determination unit 61 are performed. Thereby, the formal use user U2 can store the document data obtained by the image processing apparatus 5 reading the image in the folder for which the user himself / herself has the scan document storage authority indicated by the official access authority information. it can.

  Next, an example of the flow of processing in which the user management server 2 issues a temporary password will be described based on the flowchart of FIG. Here, it is assumed that a temporary password used by the temporary use user U1 is issued in response to a request of a user having authority to issue a temporary password (hereinafter referred to as a temporary password issue user U3).

  First, the temporary password issuing user U3 causes the IC card reader 37 of the image processing apparatus 5 to read information recorded on the IC card 7 possessed by the temporary password issuing user U3. The image processing device 5 transmits the user ID and formal authentication information of the temporary password issuing user U3 read by the IC card reader 37 to the user management server 2. The user authentication unit 52 receives the user ID and formal authentication information of the temporary password issuing user U3 transmitted from the image processing apparatus 5 (S11). Then, the formal authentication information received in S11 is compared with the information on the temporary password issuing user U3 stored in the user management database D1, and the temporary password issuing user U3 is authenticated (S12). If the user authentication in S12 fails, the process is canceled.

  When the user authentication of S12 is successful, the temporary authentication information issuing unit 51 next specifies information (for example, temporary use) that the temporary password issuing user U3 inputs to the UI unit 34 of the image processing apparatus 5 (for example, temporary use user U1). The user ID of the user U1) is received from the image processing apparatus 5 (S13). Then, the temporary authentication information issuing unit 51 issues a temporary password by generating a character string of a temporary password to be used by the temporary use user U1 designated in S13 (S14).

  Subsequently, the temporary authentication information issuing unit 51 generates a temporary password transmission image for transmitting the temporary password issued in S14 to the temporary use user U1 (S15). Further, the temporary authentication information issuing unit 51 transmits the device ID of the image processing apparatus 5 that has transmitted the request for issuing the temporary password to the device management server 4 and makes an inquiry, thereby using the private key held by the image processing apparatus 5. Obtain a digital certificate containing the corresponding public key. Then, the temporary password transmission image data generated in S15 is encrypted with the acquired public key (S16). Further, the temporary authentication information issuing unit 51 transmits the encrypted temporary password transmission image data to the image processing apparatus 5 (S17).

  If the user management server 2 transmits the temporary password character string issued in S14 to the image processing apparatus 5 as it is, and the image processing apparatus 5 displays the transmitted temporary password on the UI unit 34 for temporary use. If it is transmitted to the user U1, there is a high risk that the temporary password is leaked to a third party. Therefore, in the present embodiment, the temporary authentication information issuing unit 51 does not directly transmit the character string of the temporary password to the image processing apparatus 5, but indirectly transmits the character string of the temporary password to the temporary use user U1. A temporary password transmission image for transmission is generated, and the generated temporary password transmission image is encrypted by a method that can be decrypted only by the image processing device 5 and transmitted to the image processing device 5.

  Subsequently, the temporary authentication information issuing unit 51 associates the temporary password issued in S14 with the user ID of the temporary use user U1 and the installation location ID indicating the installation location of the image processing apparatus 5 that requested the temporary password issuance. The temporary password management database D2 is recorded (S18). Here, the installation location ID indicating the installation location of the image processing apparatus 5 is information stored in the device management database D5 in association with the device ID of the image processing apparatus 5, and makes an inquiry to the device management server 4. Acquired by doing.

  Next, a method for transmitting a temporary password to the temporary user U1 using the temporary password transmission image will be described. The image processing apparatus 5 that has received the data transmitted in S17 executes a process of decoding the data transmitted in S17 in response to an instruction to output a temporary password transmission image by the temporary use user U1. At this time, the image processing apparatus 5 performs a decryption process using the secret key stored in the storage unit 32. Then, a temporary password transmission image is formed on the medium using the decrypted data.

  FIG. 11 is a diagram illustrating an example of a temporary password transmission image formed on a medium by the image processing apparatus 5. In this example, each user has a medium on which a predetermined pattern image is formed in advance (hereinafter referred to as a pattern image forming medium) in order to receive a temporary password. FIG. 12 is a diagram showing an example of this pattern image forming medium. The pattern image forming medium is a transparent sheet, and a portion indicated by a white frame in the drawing is transparent. In addition, it is assumed that the position of the transparent frame is different for each user. FIG. 13 is a diagram illustrating a state in which the pattern image forming medium illustrated in FIG. 12 is superimposed on the medium on which the temporary password transmission image illustrated in FIG. 11 is formed. As shown in this figure, when two media are overlapped, a specific character in the temporary password transmission image appears in the transparent frame portion of the pattern image forming medium. The temporary password is represented by characters appearing in the transparent frame portion. That is, among the characters included in the temporary password transmission image, the characters formed at positions corresponding to the transparent frame in the pattern image forming medium distributed to the temporary user U1 represent the temporary password. In the example of FIG. 13, the temporary password is “A4A730E9C9”.

  In this example, it is assumed that the position of the transparent frame in the pattern image forming medium distributed to each user is recorded in advance in the user management database D1. In this way, in the process of S15, the temporary authentication information issuing unit 51 sets each character constituting the issued temporary password at the position of the transparent frame of the pattern image forming medium possessed by the temporary use user U1 to be issued. A temporary password transmission image can be generated so as to be arranged. Of the characters included in the temporary password transmission image, characters other than the characters constituting the temporary password may be randomly selected characters.

  Note that the temporary password transmission method described above is merely an example, and the temporary password output process in the present embodiment is not limited to this. For example, the information processing system 1 may output a temporary password by a simpler method and transmit it to the temporary use user U1. Further, instead of outputting the temporary password, an IC card for temporary use in which temporary authentication information is recorded may be issued to the temporary use user U1.

  Next, a specific example of the flow of processing executed by the information processing system 1 in response to a request from the temporary use user U1 will be described. First, as a first example, in response to a request from the temporary user U1, the image processing apparatus 5 executes a printing process for forming a document image representing one of the documents stored in the document management server 3 on the medium. An example of this will be described with reference to the flowchart of FIG.

  First, the temporary use user U1 inputs his / her user ID and the temporary password issued by the temporary authentication information issuing unit 51 to the UI unit 34 of the image processing apparatus 5. The image processing apparatus 5 accepts the input user ID and temporary password, and transmits the accepted information to the user management server 2 (S21). The user authentication unit 52 of the user management server 2 collates the temporary password transmitted in S21 with the temporary password issued to the temporary use user U1 stored in the temporary password management database D2. Authentication is performed (S22). At this time, the user authentication unit 52 not only determines whether or not the temporary password input by the temporary use user U1 matches the temporary password stored in the temporary password management database D2, but also at the time of executing user authentication. It is also determined whether or not the usable period of the temporary password to be verified has passed. As a result of the determination, if the temporary password input by the temporary use user U1 is incorrect, or if the usable period of the temporary use password has elapsed, the user authentication fails.

  The user authentication unit 52 returns information indicating the authentication result of S22 to the image processing apparatus 5 (S23). If the authentication is successful, the issue destination location ID stored in the temporary password management database D2 in association with the temporary password used for the authentication is also transmitted to the image processing apparatus 5.

  When the information indicating that the authentication has failed from the user management server 2 is received, the image processing apparatus 5 stops the subsequent processing. On the other hand, when the information indicating that the authentication is successful is received from the user management server 2, the image processing apparatus 5 displays a list of documents from the document management server 3 in the same manner as the process of S 4 in the flowchart of FIG. 9 described above. Obtain (S24). Subsequently, the image processing apparatus 5 presents a list of documents to the temporary use user U1 and accepts designation of a document to be printed (S25), similarly to the process of S5 described above.

  When receiving the designation of the document to be printed in S25, the image processing apparatus 5 transmits a print request for the designated document to the document management server 3 (S26). At this time, unlike the case of S5 described above, the image processing apparatus 5 receives not only the user ID of the temporary use user U1 and the authentication type information indicating that the user is authenticated by the temporary password, but also the issue received in S23. The destination ID is also transmitted to the document management server 3.

  The access determination unit 61 of the document management server 3 that has received the print request in S26 uses the installation location ID indicating the installation area of the image processing apparatus 5 that has transmitted the print request in the device management database D5. The device ID is obtained by sending an inquiry to the device management server 4 (S27). Then, the issue destination location ID transmitted in S26 is compared with the installation location ID of the image processing apparatus 5 that transmitted the print request acquired in S27, and it is determined whether or not they match (S28). If it is determined in S28 that the two do not match, the temporary use user U1 uses the image processing apparatus 5 installed in an area different from the area in which the image processing apparatus 5 that received the temporary password is installed. Therefore, the document is being printed. Since such use is restricted in the present embodiment, the access permission determination unit 61 determines that printing of a document by the temporary use user U1 is not permitted.

  On the other hand, if it is determined in S28 that the issuance destination location ID indicating the temporary password issuance location matches the installation location ID of the image processing apparatus 5 that has transmitted the print request, the access permission determination unit 61 further determines in S26. Whether the temporary use user U1 has the print authority for the document requested in (1) is determined based on the temporary access authority information included in the access authority database D4 (S29). This determination process is executed in the same manner as the determination process of S7 described above except that temporary access authority information is used.

  In the process of S28 or S29, if it is determined that the temporary use user U1 does not have the authority to execute the process of printing the requested document using the image processing apparatus 5, the process is stopped. On the other hand, when it is determined that the printing authority of the requested document is in the temporary use user U1, the process execution unit 62 transmits the requested document data to the image processing apparatus 5 (S30).

  The image processing apparatus 5 executes a printing process for forming a document image representing the document transmitted in S30 on the medium (S31). The medium on which the document image is formed by this processing becomes a temporary print medium. In the present embodiment, the image processing apparatus 5 identifies the temporary print medium on which the document image is formed when the user who made the print request is the temporary use user U1 who is authenticated based on the temporary password. The image is formed on the temporary print medium together with the document image.

  Here, the identification image is an image representing a character string (medium ID) for identifying the temporary printing medium, and is a code image such as a barcode or a QR code (registered trademark). The image processing device 5 generates such a code image by executing a predetermined encoding process on the medium ID. The medium ID is data for uniquely identifying the temporary print medium on which the image processing apparatus 5 forms a document image in response to a request from the temporary use user U1. The medium ID may be determined based on, for example, the user ID of the temporary use user U1, the device ID of the image processing apparatus 5 that executes the printing process, the identification information (document ID) of the document specified as the target of the print request, and the like. It may be generated using a random number or a serial number. When a document designated as a target of a print request includes a plurality of pages, and a document image is formed on a plurality of media in response to a single print request, the plurality of pages A medium ID may be set for each of the media, or one medium ID may be set for a plurality of media as a whole.

  Furthermore, in the process of S31, the image processing apparatus 5 may form message information that prompts the temporary user U1 to discard the temporary print medium on the medium. FIG. 15 is a diagram illustrating an example of a temporary print medium on which such an identification image and message information are formed together with a document image. In the example of FIG. 15, message information is formed at the upper right of the medium, and a QR code is formed as an identification image at the upper left of the medium.

  Subsequent to the processing of S31, the image processing apparatus 5 displays the medium ID represented by the identification image, the user ID of the temporary use user U1 who made the print request, the printing date and time when the printing process was executed, and its own device. Along with the ID, it is transmitted to the user management server 2 (S32). The temporary print medium management unit 53 of the user management server 2 records the data transmitted in the process of S32 in the temporary print medium management database D3 (S33). At this time, the temporary print medium management unit 53 stores a null value for information on the discard date / time and the discard device ID of the temporary print medium.

  Through the processing described above, the temporary use user U1 is more limited than the case where authentication is performed using the IC card 7 within the range of the installation area where the image processing apparatus 5 that has received the temporary password is installed. The document can be printed according to the processing execution authority.

  Next, as a second example of processing executed by the information processing system 1 in response to a request from the temporary use user U1, the image processing apparatus 5 executes scan processing in response to a request from the temporary use user U1, and this scan An example in which the document data generated by the process is stored in the designated folder by the document management server 2 will be described with reference to the flowchart of FIG.

  First, similarly to the example of the flowchart of FIG. 14, the temporary use user U1 sends its own user ID and the temporary password issued by the temporary authentication information issuing unit 51 to the UI unit 34 of the image processing apparatus 5. And enter. The image processing apparatus 5 transmits the input user ID and temporary password to the user management server 2 (S41). The user authentication unit 52 of the user management server 2 performs user authentication of the temporary use user U1 based on the transmitted information, similarly to the process of S22 described above (S42). The user authentication unit 52 returns information indicating the authentication result of S42 to the image processing apparatus 5 (S43). As in the process of S23, when the user authentication is successful, the issue destination location ID indicating the area where the temporary password is issued is also transmitted to the image processing apparatus 5.

  When the information indicating that the authentication has failed from the user management server 2 is received, the image processing apparatus 5 stops the subsequent processing. On the other hand, when the information indicating that the authentication is successful is received from the user management server 2, the image processing apparatus 5 acquires a folder list from the document management server 3 (S44). Subsequently, the image processing apparatus 5 displays a list of acquired folders on the UI unit 34, and accepts designation of a folder to be stored as a scanned document from the temporary use user U1 (S45). Then, a document storage request for storing the scanned document in the folder designated in S45 is transmitted to the document management server 3 (S46). At this time, as in the process of S26, the image processing apparatus 5 determines the user ID of the temporary use user U1, authentication type information indicating that the user is authenticated by the temporary password, and the issue destination location transmitted in S43. The ID is also transmitted.

  The access permission determination unit 61 of the document management server 3 that has received the document storage request in S46 acquires an installation location ID indicating the installation area of the image processing apparatus 5 that has transmitted the document storage request, in the same manner as in the process of S27. S47). Then, the issue destination location ID transmitted in S46 and the installation location ID of the image processing apparatus 5 that transmitted the document storage request acquired in S47 are compared to determine whether or not they match (S48). ). If it is determined in S48 that the two do not match, the access permission determination unit 61 determines that the scan process requested by the temporary use user U1 and the process of storing the scanned document in the designated folder are not permitted.

  On the other hand, if it is determined in S48 that the issuance destination location ID indicating the issuance location of the temporary password matches the installation location ID of the image processing apparatus 5 that transmitted the document storage request, the access permission determination unit 61 determines in S46. Based on the temporary access authority information included in the access authority database D4, it is determined whether the temporary use user U1 has the authority to store the scanned document for the folder requested as the storage destination of the scanned document (S49).

  The accessibility determination unit 61 transmits the determination result obtained by the processing of S48 and S49 to the image processing device 5 (S50). Here, in the process of S48 or S49, when it is determined that the temporary use user U1 does not have the authority to store the scanned document in the designated folder by causing the image processing apparatus 5 to execute the scanning process, the image processing apparatus 5 Stops processing. On the other hand, if it is determined by the processing of S48 and S49 that the temporary use user U1 has the authority to cause the image processing apparatus 5 to execute the scanning process, the image processing apparatus 5 sets the temporary use user U1 to a predetermined tray. A scan process for reading an image formed on the placed medium is executed, and image data generated as a result is transmitted to the document management server 3 (S51).

  The process execution unit 62 of the document management server 3 that has received the data transmitted in S51 stores the transmitted data as document data in the folder requested as the storage location of the scanned document in S46 (S52).

  Through the processing described above, the temporary use user U1 is more limited than the case where authentication is performed using the IC card 7 within the range of the installation area where the image processing apparatus 5 that has received the temporary password is installed. Depending on the processing execution authority, the image processing apparatus 5 can read the image formed on the medium and store it in the document management server 3 as new document data.

  Next, a process executed when the temporary use user U1 discards the temporary print medium output by the image processing apparatus 5 by the process illustrated in FIG.

  When the temporary user U1 inserts a temporary print medium into the medium discarding device 6, the image reading unit 42 of the medium discarding device 6 reads an identification image formed on the temporary print medium. The control unit 41 of the medium discarding device 6 decodes the read identification image, restores the character string of the medium ID, and transmits the restored medium ID to the user management server 2. Then, the medium discarding unit 44 of the medium discarding apparatus 6 discards the input temporary print medium.

  On the other hand, the temporary print medium management unit 53 of the user management server 2 receives the medium ID information transmitted from the medium discarding device 6, and discards the date / time and the discard associated with the medium ID in the temporary print medium management database D3. Update the device ID information. Specifically, the date and time when the medium discarding device 6 read the identification image formed on the temporary print medium as the discard date and time, the device ID of the medium discarding device 6 that transmitted the information of the medium ID as the discard device ID, Record each. As a result, the fact that the temporary print medium has been discarded is recorded in the temporary print medium management database D3.

  Next, an example of processing in which the temporary print medium management unit 53 detects a temporary print medium that has not been discarded according to a predetermined rule based on the contents of the temporary print medium management database D3 will be described. This process is executed, for example, every predetermined time.

  First, the temporary print medium management unit 53 extracts a temporary print medium that satisfies a predetermined extraction condition from the temporary print media whose information is recorded in the temporary print medium management database D3. Here, as a first example of the extraction condition, there is a temporary print medium in which a predetermined time (for example, one day) has passed since the printing date and time, and the information of the discard date and the discard device ID is a Null value. . A temporary print medium that meets this condition is not discarded even after a predetermined time has passed, even though it has been printed at the request of the temporary user U1.

  Further, as a second example of the extraction condition, a temporary print medium in which the installation area of the image processing apparatus 5 identified by the print device ID and the installation area of the medium discarding apparatus 6 identified by the discard device ID are different from each other. Is mentioned. Since the printed area and the discarded area of the temporary print medium that matches this condition are different, the temporary user U1 has taken the temporary print medium out of the printed area. Note that the installation areas of the image processing apparatus 5 and the medium discarding apparatus 6 are both inquired by the temporary print medium management unit 53 by transmitting the device ID to the device management server 4 and associated with the device ID in the device management database D5. It can be specified by acquiring the set installation place ID.

  When there is a temporary print medium extracted from the temporary print medium management database D3 according to the extraction conditions described above, the temporary print medium management unit 53 sends predetermined information for notifying the presence of such a temporary print medium. , Output to a predetermined output destination. Specifically, for example, the temporary print medium management unit 53 transmits an e-mail indicating a list of extracted temporary print media to an e-mail address of a predetermined user (for example, a user having administrator authority). Accordingly, when there is a temporary print medium that has not been discarded according to a predetermined rule, the user can be notified of the presence of such a temporary print medium.

  Note that the extraction conditions described above are merely examples, and the temporary print medium management unit 53 may extract temporary print media based on other conditions. For example, when the image processing apparatus 5 identified by the printing device ID is installed in a predetermined installation area, the image processing apparatus 5 may be excluded from the extraction target, or the elapsed time from the printing date and time used as the extraction condition according to the printing user ID or the like. It may be changed.

  According to the present embodiment described above, when the user is authenticated based on the temporary password, based on the process execution authority limited by the process execution authority when authentication based on the formal authentication information is performed, It is determined whether or not the process requested by the user can be executed. As a result, even when authentication based on the formal authentication information cannot be temporarily performed, the temporary use user U1 is given a certain level of processing execution authority by the temporary password based authentication, and the temporary use user U1 is given processing execution authority. Execution of processing that is not preferable can be restricted.

  The embodiments of the present invention are not limited to those described above. For example, at least a part of the processing that each device executes in the above description may be executed by another device. Specifically, for example, a part of the determination process executed by the document management server 3 may be executed by another information processing apparatus such as the user management server 2 or the image processing apparatus 5. In addition, the single image processing apparatus 5 that holds the user management database D1 may realize the functions of the information processing system 1 described above. Furthermore, in the above description, the authority to execute each user's process execution authority, the authority to print a document, the authority to store a scanned document in a folder, and the authority to cause the image processing apparatus 5 to execute a print process or a scan process are based on the temporary password. An example that is restricted when authenticated is described. However, the process execution authority is not limited to this, and may be an authority that allows various types of information processing apparatuses to execute various types of processes.

  In the above description, the formal authentication information itself is recorded in the IC card 7, and the image processing apparatus 5 transmits the formal authentication information read from the IC card 7 to the user management server 2 as it is. Yes. However, from the viewpoint of ensuring security, for example, the image processing apparatus 5 may encrypt and transmit the formal authentication information by a predetermined method that can be decrypted only by the user management server 2. In addition, the IC card 7 may record information on a secret key unique to each user, for example, instead of the formal authentication information itself. In this case, for example, the image processing apparatus 5 uses, as official authentication information, a character string generated by a predetermined method and encrypted data obtained by encrypting the character string with a secret key read from the IC card 7. It transmits to the management server 2. The user management server 2 holds a public key corresponding to each user's private key in the user management database D1, and decrypts the formal authentication information transmitted from the image processing apparatus 5 using this public key, Perform user authentication.

It is a block diagram showing the example of an outline structure of the information processing system which concerns on embodiment of this invention. It is a figure which shows an example of the user information contained in a user management database. It is a figure which shows an example of the information contained in an access authority database. It is a figure which shows an example of the information contained in a device management database. It is a functional block diagram showing the example of a function of a user management server. It is a figure which shows an example of the information contained in a temporary password management database. It is a figure which shows an example of the information contained in a temporary printing medium management database. It is a functional block diagram showing the example of a function of a document management server. It is a flowchart which shows an example of the process which the information processing system which concerns on embodiment of this invention performs according to a formal user's request | requirement. It is a flowchart which shows an example of the process performed when a user management server issues a temporary password. It is a figure which shows an example of the image for temporary password transmission. It is a figure which shows an example of a pattern image forming medium. It is a figure which shows an example of a mode that the pattern image formation medium was piled up on the medium in which the image for temporary password transmission was formed. It is a flowchart which shows an example of the process which the information processing system which concerns on embodiment of this invention performs according to a request | requirement of a temporary use user. It is a figure which shows an example of the temporary printing medium in which the identification image and message information were formed. It is a flowchart which shows another example of the process which the information processing system which concerns on embodiment of this invention performs according to a request | requirement of a temporary use user.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 Information processing system, 2 User management server, 3 Document management server, 4 Device management server, 5 Image processing apparatus, 6 Medium destruction apparatus, 7 IC card, 11, 21, 31, 41 Control part, 12, 22, 32 Storage Unit, 13, 23, 33, 43 communication unit, 34 UI unit, 35 image forming unit, 36, 42 image reading unit, 37 IC card reader, 44 medium discarding unit, 51 temporary authentication information issuing unit, 52 user authentication unit, 53 Temporary print medium management unit, 61 Access permission determination unit, 62 Process execution unit.

Claims (7)

An issuing means for issuing temporary authentication information to the user;
An authentication unit that accepts either predetermined formal authentication information or the issued temporary authentication information from the user and authenticates the user based on the received authentication information;
When the user is authenticated based on the temporary authentication information, the use is based on the process execution authority limited by the process execution authority when the user is authenticated based on the formal authentication information. Process execution availability determination means for determining whether or not the process requested by the person can be executed;
An information processing system comprising: Authority information holding means for holding predetermined formal authority information and temporary authority information indicating process execution authority limited by the process execution authority indicated by the official authority information as information indicating the process execution authority by the user Further including
The process execution availability determination unit uses the formal authority information when the user is authenticated based on the formal authentication information, and when the user is authenticated based on the temporary authentication information. The information processing system according to claim 1, wherein the temporary authority information is used to determine whether the process requested by the user can be executed. The issuing means determines a permission target device that is permitted to execute a predetermined process requested by the user among a plurality of information processing devices when issuing the temporary authentication information,
When the user is authenticated based on the temporary authentication information, the processing execution propriety determining unit determines whether the information processing apparatus selected by the user is the permission target apparatus, The information processing system according to claim 1, wherein it is determined whether or not the information processing apparatus selected by the user permits execution of the predetermined process. The information processing system according to claim 3, wherein the issuing unit determines an information processing apparatus installed in a predetermined place as the permission target apparatus when issuing the temporary authentication information. A document image forming unit that forms a document image on a medium according to a result of the determination by the process execution determination unit;
An identification image forming unit for forming an identification image for identifying the medium together with the document image when the user is authenticated based on the temporary authentication information;
An image forming apparatus including:
Identification image reading means for reading the identification image from the medium;
Medium discarding means for discarding the medium after the identification image is read;
A medium discarding device including:
An identification image reading determination unit for determining whether the identification image is read by the medium discarding device for the medium on which the identification image is formed;
The information processing system according to claim 1, further comprising: Including a user authentication device and an information processing device,
The user authentication device is:
An issuing means for issuing temporary authentication information to the user;
An authentication unit that accepts either predetermined formal authentication information or the issued temporary authentication information from the user and authenticates the user based on the received authentication information;
Including
The information processing apparatus includes:
When the user is authenticated based on the temporary authentication information, the use is based on the process execution authority limited by the process execution authority when the user is authenticated based on the formal authentication information. Process execution availability determination means for determining whether or not the process requested by the person can be executed;
An information processing system characterized by including: Issuing means for issuing temporary authentication information to users,
An authentication unit that accepts either predetermined formal authentication information or the issued temporary authentication information from the user and authenticates the user based on the received authentication information, and the user authenticates the temporary authentication. If the user is authenticated based on the information, execution of the process requested by the user based on the process execution authority limited by the process execution authority when the user is authenticated based on the formal authentication information A process execution determination unit that determines whether or not
As a program to make the computer function.

Images