JP2009110533A - Image processing system, image processing method, and image processing apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image processing system capable of improving a user's operability while ensuring security of a document processing environment. <P>SOLUTION: The image processing system includes a document storage server 22 storing document data, an image processing apparatus 21 connected to the server through a network to process document data transmitted from the server 22, a first authenticating means 23 for performing user authentication during accessing the server 22, a second authenticating means 44 for performing user authentication during accessing the image processing apparatus 21, and a control means 31. The control means 31 controls so as to prevent the second authenticating means from performing authentication when the first authenticating means establishes authentication, performs user account processing while associating it with user identification information when the user identification information used in authentication judgment by the first authenticating means is present as the user account destination of the image processing apparatus, and performs account processing as a public user when the user identification information is not present. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention, for example, when processing document data using an image processing apparatus such as an MFP (Multi Function Peripherals) or a printer, which is a multifunction image forming apparatus having a copy function, a printer function, a FAX function, and a scan function. The present invention also relates to an image processing system, a processing method, and a processing apparatus for performing user authentication.

  Recently, as an image processing apparatus such as an MFP or a printer, an apparatus that inputs a department password or the like at the time of use has been widely used in order to count the number of prints used for each department and use it for accounting management.

  In recent MFPs, individual functions such as a FAX transmission function, a print function, and a scan function are improved, and many functions for processing document data are installed, and an installed memory capacity is increased. It is now possible to set personal document data storage areas to manage document data for personal use.

  On the other hand, by storing document data scanned by the MFP on the server, more document data can be shared within the department, or a service provider can set up a server and store document data and content there. Services that charge for accumulating and providing through a network have also become widespread.

  In addition, various application programs for processing document data have been provided, and the number of scenes that are used by giving permission in advance has increased.

  In order to ensure security in accordance with such changes in the functions of the MFP, the widespread use of document storage servers, and the provision of various application programs, the management of the usage status of each function of the MFP, the management of stored documents, and the document storage server There is a growing need for strengthening management aspects such as access management for documents and usage management of document processing application programs.

Conventionally, as one of systems for accessing a Web server from an MFP and printing a document stored at the bottom, when Web server authentication information and a document number are input to the MFP, a document corresponding to the document number is input from the MFP to the server. After the output request is issued, the specified document data is transmitted from the server to the MFP. When printing this document data from the MFP, the authentication information is further input to print the other job preferentially. Is disclosed (for example, see Patent Document 1).
JP 2002-373070 A

  However, in the above-described known method, user authentication must be performed twice when accessing the document storage server and when printing from the MFP, and the user must input the user ID and password each time. Because it was forced, there were some troublesome operations.

  This burden on the operation side may increase as the range of use of the image input / output function of the MFP expands and processing is performed in cooperation with multiple servers and application programs. It was.

  The present invention has been made in view of the above circumstances, and provides an image processing system, a processing method, and a processing apparatus capable of improving user operability while ensuring the security of a document processing environment. Is an issue.

The above problem is solved by the following means.
(1) A document storage server that stores document data, an image processing apparatus that is connected to the document storage server via a network and processes document data transmitted from the document storage server, When authentication is established by the first authentication unit that performs user authentication at the time of access, the second authentication unit that performs user authentication at the time of access to the image processing apparatus, and the first authentication unit, When control is performed so that authentication by the second authentication means is not performed, and user identification information used in authentication determination by the first authentication means exists as a user account destination of the image processing apparatus, And a control means for performing account processing as a public user when user account processing is performed in association with the public account. Management systems.
(2) The first authentication information in the first authentication means is added to the document data transmitted from the document storage server to the image processing apparatus when the first authentication is established. Image processing system.
(3) The image processing system according to claim 2, wherein the first authentication information to be added is authentication result information in the first authentication means and input user identification information.
(4) The image processing system according to claim 2, wherein the function of the image processing apparatus is limited based on the added first authentication information.
(5) The image processing system according to (1), wherein the image processing apparatus is at least one of a multifunctional image forming apparatus and a printer.
(6) a first authentication step for performing user authentication when accessing a document storage server storing document data, and document data connected to the document storage server via a network and transmitted from the document storage server When the authentication is established in the second authentication step for performing user authentication and the first authentication step, the authentication in the second authentication step is not performed. If the user identification information used in the authentication judgment in the first authentication step exists as a user account destination of the image processing apparatus, user account processing is performed in association with this, If not, an image processing method comprising: performing account processing as a public user.
(7) When the authentication in the first step is established, the first authentication information in the first authentication step is added to the document data transmitted from the document storage server to the image processing apparatus. An image processing method described in 1.
(8) The image processing method according to claim 7, wherein the first authentication information to be added is authentication result information in the first authentication step and input user identification information.
(9) The image processing method according to claim 7, wherein the function of the image processing apparatus is limited based on the added first authentication information.
(10) The image processing method according to (6), wherein the image processing apparatus is at least one of a multifunctional image forming apparatus and a printer.
(11) An image processing apparatus that is connected to a document storage server that stores document data via a network and processes document data transmitted from the document storage server, and authenticates a user who accesses the apparatus. When authentication of the user who has accessed the document storage server is established by the authentication unit, the authentication is performed by the document storage server, and control is performed so that authentication by the authentication unit is not performed. Control means for performing user account processing in association with the user identification information when the user identification information exists as a user account destination, and performing account processing as a public user when the user identification information does not exist. An image processing apparatus.
12. The image processing apparatus according to claim 11, wherein when authentication by the document storage server is established, authentication information at the document storage server is added to the document data transmitted from the document storage server.
(13) The image processing apparatus according to (12), wherein the added authentication information is authentication result information in the document storage server and input user identification information.
(14) The image processing apparatus according to (12), wherein function restriction is performed based on the added authentication information.
15. The image processing apparatus according to claim 11, comprising at least one of a multifunctional image forming apparatus and a printer.

  According to the invention described in (1) above, the user authentication performed by the first authentication means when the user accesses the document storage server in order to request the document storage server for the document data to be processed by the image processing apparatus. If established, control is performed so that the authentication by the second authentication means is not performed when accessing the image processing apparatus. Therefore, compared with the conventional system in which authentication by both authentication means is essential. Thus, the user is freed from the troublesome work of inputting a password, ID, etc. twice, and the operation burden on the user can be reduced. Of course, since authentication is performed by the first authentication means, security is ensured as before. Further, when the user identification information used in the authentication determination of the first authentication means exists as the user account destination of the image processing apparatus, the user account processing is performed in association with this and does not exist. In this case, since account processing is performed as a public user, user account processing in the image processing apparatus is simplified.

  According to the invention described in (2) above, when the document data transmitted from the document storage server to the image processing apparatus is received with the establishment of the first authentication, the first authentication information is immediately obtained from the received document data. This makes it easier to proceed with processing in the image processing apparatus.

  According to the invention described in item (3) above, since the authentication result information and the input user identification information are added, the image processing apparatus can immediately identify the user and start processing.

  According to the invention described in item (4) above, since the function of the image processing apparatus is limited based on the first authentication information, the user's use can be ensured while keeping a balance with security.

  According to the invention described in item (5), the above-described effect (1) can be achieved in an image processing system including at least one of a multifunctional image forming apparatus and a printer.

  According to the invention described in the preceding item (6), when authentication is established in the first authentication step, control is performed so that authentication in the second authentication step is not performed. Compared with the conventional method that has been indispensable, the user is freed from the troublesome work of inputting a password, ID, etc. twice, and the operation burden on the user can be reduced. Of course, since authentication is performed in the first authentication step, security is ensured as before. Further, when the user identification information used in the authentication in the first authentication step exists as a user account destination of the image processing apparatus, the user account processing is performed in association with this and does not exist. In this case, since account processing is performed as a public user, user account processing in the image processing apparatus is simplified.

  According to the invention described in item (7), when the document data transmitted from the document storage server to the image processing apparatus is received with the establishment of the first authentication, the first authentication information is immediately obtained from the received document data. This makes it easier to proceed with processing in the image processing apparatus.

  According to the invention described in item (8) above, since the authentication result information and the input user identification information are added, the image processing apparatus can immediately identify the user and start processing.

  According to the invention described in item (9) above, since the function of the image processing apparatus is limited based on the first authentication information, the use of the user can be ensured while balancing with security.

  According to the invention described in item (10) above, when the image processing apparatus is at least one of a multifunctional image forming apparatus and a printer, the above-described effect (6) can be obtained.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings.

  FIG. 1 is a block diagram showing an image processing system according to an embodiment of the present invention.

  1, the image processing system includes an MFP 21 as an example of an image processing apparatus, a document storage server 22, a personal authentication server 23, a mobile phone 25 as a user terminal, and a personal computer (hereinafter referred to as a PC) as a user terminal. 50) is connected via a network 41 (shown in FIG. 2).

  In addition, an application program 50a having an authentication function is installed in the host PC 50, and when the program 50a is used, the authentication unit 50b performs user authentication.

  Although an example in which the application program 50a is installed in the PC 50 is shown here, the application program 50a may be stored in an external server or the like and used by the host PC 50, or In addition to performing user authentication at the authentication unit 50b when using, user authentication is performed when installing the application program 50b on the host PC 50, and the authentication information at that time is stored in the authentication unit 50b. In some cases, it may be read.

  The MFP 21 is a multi-function image forming apparatus having a copy function, a printer function, a facsimile function, a scan function, and the like, and includes an authentication unit 21a having a function to manage for each user / department to be used. The authentication unit 21 a functions as a second authentication unit when the user accesses the MFP 21 in order to use the document data stored in the document storage server 22.

  The function restriction information storage unit 21b stores restriction information for each function set for each account user.

  The MFP 21 can log in from the user's mobile phone 25 or PC 50. Note that the mobile phone company 27 collects the call charges for the mobile phone 25.

  The document storage server 22 stores document data (a concept including image data) that can be used by the user. If there is a request for obtaining document data from the user who wants to acquire the document data, the first authentication is performed. The personal authentication server 23, which is a means, is caused to perform an authentication process as to whether or not the document storage server 22 is a legitimate (pre-authorized) user. Further, the authentication information obtained by the personal authentication server 23 and the user identification information are transmitted to the MFP 21 separately with or without being added to the document data.

  Note that the first authentication information includes, for example, an authentication result (print permission signal) and user identification information.

  FIG. 2 is a block diagram showing an electrical configuration of the MFP 21.

  In FIG. 2, the CPU 31 and the first memory 32 (work memory) are connected to the bus 30 via the first bridge 33.

  The CPU 31 controls the overall operation of the MFP 21 as a control unit. In this embodiment, the CPU 31 controls the second authentication unit (authentication unit) 21 a according to the authentication result of the first authentication unit (personal authentication server) 23. Control authentication behavior. Specifically, when authentication by the authentication server 23 serving as the first authentication means has been established, control is performed so that the second authentication is not performed.

  Further, the CPU 31 permits the user to use the MFP 21 within a range in which the functions of the MFP 21 are limited based on the added first authentication information.

  Further, when the user identification information used in the authentication judgment of the first authentication means (personal authentication server) 23 exists as the user account destination of the MFP 21, the CPU 31 performs account processing in association with this. If not, account processing is performed as a public user.

  The bus 30 includes devices necessary for each data processing, for example, a memory controller 34, a second bridge 37, a raster interface (I / F) unit 41 for the scanner 40, and R, G, B signals as Y, M, C, An image processing unit 42 for converting to a K signal, an authentication unit 21a having a user account, and the like are connected.

  A second memory 35 as a file memory is connected to the memory controller 34, and a hard disk (HDD) 38 and an operation panel 39 are connected to the second bridge 37.

  Document data (including image data) read by the scanner 40 is transferred via the raster I / F unit 41 to the first memory 32 as the main memory via the bus 30 and the first bridge 33. The data transferred to the first memory 32 is transferred to the image processing unit 42 via the bus 30, subjected to necessary image processing, and returned to the first memory 32 again.

  Thereafter, the data is sent to the print engine 36 via the memory controller 34 and printed on paper.

  Further, the MFP 1 and the network 51 are connected via a NIC (Network Interface Card) 43, and the document data from the document storage server 22 is received via the NIC 43, and the document data read by the scanner 40 is received. The document is transmitted to the document storage server 22 via the NIC 43.

  In the case of printing, print data is transferred to the first memory 32 via the NIC 43. The transferred data is converted into bitmap data that can be read and printed by the CPU 31 and written into the first memory 32.

  The generated bitmap data is processed by the image processing unit 42 and transferred to the first memory 32 as print data. Thereafter, the print data is sent to the print engine 36 via the memory controller 34.

Next, an outline of the operation of the image processing system will be described with reference to FIG. In this example, document data on the document storage server 22 is selected, and the selected document data is output to the MFP 21.
(1) The user first sends account information (personal information) for login to the document storage server 22 using the mobile phone 25.
(2) The document storage server 22 sends the sent account information to the personal authentication server 23.
(3) The document storage server 22 obtains user authentication and user access authority for the requested document data from the personal authentication server 23.
(4) The document storage server 22 permits login and data access to the user based on the obtained authentication permission information and data access authority.
(5) A user who can log in and access data selects document data to be printed by the MFP 21 from the accessible data.

Subsequently, as a next step performed by the user, an operation from when the selected document data is output to the designated MFP 21 to obtain a print output will be described. Here, the department management of the MFP 21 is performed, and the use is permitted only for a user having an account.
(6) The user uses the camera function of the mobile phone 25 to photograph the MFP information such as the identification code displayed on the MFP 21 in order to convey the information of the MFP 21 that is the output destination to the document storage server 22.
(7) Then, the user transmits the photographed MFP information to the document storage server 22.
(8) Upon receiving the MFP information of the MFP 21 that is the output destination designated by the user, the document storage server 22 transmits a print permission signal to the MFP 21.
(9) Further, by sending the user's selected document data corresponding to the print permission signal, the MFP 21 can print.
(10) The MFP 21 prints the document data sent from the document storage server 22.
(11) After the printing is completed, the MFP 21 sends print number information to the document storage server 22.
(12) The document storage server 22 calculates a charging fee from the print information sent from the MFP 21 and sends the charging fee to the personal authentication server 23 in association with the printed user information.
(13) The personal authentication server 23 charges the user by sending the personal information and the charging fee to the charging management unit 24. The user pays this together with a communication fee to the mobile phone company 27.

  By the way, when data is sent from the document storage server 22 to the MFP 21 that is under department management or account management and printed out, conventionally, it has been necessary to authenticate the MFP 21 again for login.

On the other hand, in the present invention, if authentication is established in the document storage server 22, the authentication work in the MFP 21 is omitted based on the authentication result, and the user inputs the password and ID twice. Troublesome work is not required, and operability is improved.
[When Document Data and Authentication Information are Separately Transmitted from Document Storage Server 22 to MFP 21]
Next, the flow of processing on the document storage server 22 side will be described with reference to the flowchart of FIG. In the following description and drawings, step is abbreviated as S.

  As shown in FIG. 3, the document storage server 22 performs authentication processing in S101, document display processing in S102, document selection processing in S103, output destination determination processing in S104, user authentication information transmission processing in S105, and document transmission processing in S106. , Post-document output processing in S107 is performed.

  FIG. 4 is a flowchart showing a subroutine of the authentication process (S101). In this authentication process, the user who made the login request is authenticated.

  4, in S1011, it is determined whether or not there is a login request to the document storage server 22, and if there is no login request (NO in S1011), the process returns as it is and if there is a login request (S1011). If the determination is YES), in S1012, login information is acquired to obtain information of the logged-in user.

  In step S1013, the personal authentication server 23 is inquired of authentication processing, that is, login user information, and the result is obtained. In S1014, it is determined whether or not the document data can be accessed (permitted) based on the obtained authentication result. If access is possible (YES in S1014), in S1015, the access condition, that is, each of the logged-in users Get authority for document data. The authority with respect to each document data means a read authority, a print execution authority, a file operation authority, etc. with respect to the document data.

  If the access is not permitted (NO in S1014), the user is not authorized to log in, so access is denied in S1016 and the process returns.

  FIG. 5 is a flowchart showing a subroutine of the document display process (S102). This document display processing is processing for displaying document data for selection to a logged-in user.

  In FIG. 5, it is determined whether or not there is a user who is currently logged in in S1021, and if there is a user who is logged in (YES in S2021), it is determined whether or not the user is requesting document display in S1022. If the document display is requested (YES in S1022), the document data according to the access condition of the login user acquired in the authentication process in S101 is transmitted to the login user and the process returns.

  If there is no logged-in user (NO in S1021), the process returns. If the logged-in user has not requested a document display (NO in S1022), the process returns without doing anything.

  FIG. 6 is a flowchart showing a subroutine of the document selection process (S103). In this document selection processing, processing is performed when the logged-in user selects document data.

  In FIG. 6, in S1031, it is determined whether there is a document data selection request from the display data transmitted by the logged-in user in the document display processing in S102. If there is a document data selection request (determination in S1031). In step S1032, the document storage server 22 determines the document data selected by the logged-in user, acquires the document data, and returns. If there is no request for selecting document data (NO in S1031), the process directly returns.

  FIG. 7 is a flowchart showing a subroutine of the output destination determination process (S104). In this output destination determination process, the MFP 21 on the network 51 is specified based on the output destination information sent from the login user.

  In FIG. 7, in S1041, it is determined whether or not there is an output destination instruction for the selected document data from the login user. If there is an output destination instruction (YES in S1041), output destination information (for example, an IP address) is determined in S1042. ) To get. In S1043, a connection request is sent to the acquired connection destination and the process returns.

  If there is currently no output destination instruction (NO in S1041), it is determined whether or not to wait for an output destination response in S1044. If it is not waiting for an output destination response (NO in S1044), the process returns.

  If the output destination response is awaited (YES in S1044), it is determined in S1045 whether a timeout has occurred. If there is no response from the connection destination even after a predetermined time, that is, in the case of timeout (YES in S1045), in S1046, it is determined that the connection cannot be made, and the process returns.

  If there is a response from the output destination within a predetermined time instead of timeout (NO in S1045), it is determined in S1047 whether or not connection is permitted. If connection is permitted (YES in S1047). In step S1048, an output destination determination process is performed, and the process returns. If the connection is not permitted (NO in S1047), the process directly returns.

  FIG. 8 is a flowchart showing a subroutine of the user authentication information transmission process (S105). In this user authentication information transmission process, the authentication information of the user who has logged into the document storage server 22 is transmitted to the output destination MFP 21.

  In FIG. 8, in S1051, it is determined whether or not the transmission destination has been determined. If the transmission destination has been determined (YES in S1051), whether or not the login user authentication information has already been transmitted in S1052. If the authentication information has already been transmitted (YES in S1052), the process returns as it is.

  If the authentication information has not been transmitted (NO in S1052), the user authentication information is transmitted to the transmission destination in S1053, and the process returns. If the transmission destination is not fixed (NO in S1051), the process directly returns.

FIG. 9 is a flowchart showing a subroutine of the document transmission process (S106). In this document transmission process, the selected document data is transmitted. In FIG. 9, in S1061, it is determined whether or not the selected document data has been transmitted to the output destination. If the determination in S1061 is YES), in S1062, it is determined whether or not a “notification notifying that document data has been output” has arrived (reception) from the output destination, and if it has arrived (determination in S1062 is YES). In step S1063, an output completion process is performed and the process returns. If the notification has not yet arrived (NO in S1062), the process directly returns.

  If the document data has not been transmitted (NO in S1061), in S1064, it is determined whether or not there is a response from the output destination to the user authentication information transmitted in the user authentication information transmission process in S105. If YES in step S1064 (YES in step S1064), in step S1065, the document data selected by the user is transmitted and the process returns.

  If there is no response (NO in S1064), it is determined in S1066 whether or not a timeout has occurred at this time. If no timeout has occurred (NO in S1066), the process returns. If it is time-out (determination in S1066 is YES), in S1067, the transmission of the document data is stopped and the process returns.

  FIG. 10 is a flowchart showing a subroutine of the document output post-processing (S107). In this document output post-processing, post-processing accompanying data output such as billing is performed according to the output information acquired from the output destination.

  In FIG. 10, in S1071, it is determined whether or not the process after the completion of data output has been completed. If the process after the completion of data output has already been completed (determination in S1071 is YES), the process directly returns.

  If the processing after the completion of data output is not completed (NO in S1071), it is determined in S1072 whether an output completion notification has been received from the data transmission destination, and if it has arrived (YES in S1072), In S1073, the process after the completion of output is executed and the process returns. If the output completion notification has not arrived (NO in S1072), the process returns as it is.

 Next, the processing flow in the MFP 21 that is the output destination of the document data will be described with reference to the flowchart shown in FIG.

  In FIG. 11, in S201, the MFP 21 determines whether or not there is an inquiry for determining the output destination from the document storage server 22, and when there is an inquiry (the determination in S201 is YES), in S202, “document An inquiry such as “It is an MFP capable of outputting data from the storage server 22” is made, and the process proceeds to S203. If there is no inquiry (NO in S201), the process directly proceeds to S203.

  In S203, it is determined whether or not the authentication information of the user who has requested the data output has been received from the document storage server 22. If the user authentication information has been received (YES in 203), The user account information stored in the MFP 21 and the authentication information from the document storage server 22 are collated. In S205, the collation result is transmitted to the document storage server 22, and the process proceeds to S206. If user authentication information has not been received (NO at S203), the process proceeds to S206.

In S206, it is determined whether or not document data has been received from the document storage server 22. If document data has been received (YES in S206), the authentication status of the user requesting output is determined in S207. Then, the next process is changed. If the document data has not been received (NO in S206), the process proceeds to S213.
(1) When the user is authenticated by the document storage server 22 and the user account exists as account data in the MFP 21.
(2) When the user is authenticated by the document storage server 22 and the user account does not exist as account data in the MFP 21.
(3) When the document storage server 22 does not have an authentication function or when logged in as a guest user or an anonymous user even with the authentication function. The guest user refers to a user who has been given access rights to a specific user by an “owner” who has all control access rights to the MFP 21, and an anonymous user has access rights given by the “owner”. A given user other than the guest user.

  In the case of (1), the process proceeds to S208, authentication in the MFP 21 is skipped, and print processing is performed in accordance with the user account in the MFP 21 in S211.

  In the case of (2), the process proceeds to S209, the authentication in the MFP 21 is skipped, and the printing process is performed in accordance with the public user account in S212. In this case, since the security is lowered, the processing function of the MFP 21 is limited as compared with the case of S211 (for example, the number of printed sheets is 10 or less).

  In the case of (3), the process proceeds to S210, and authentication processing is performed on the operation panel 39 of the MFP 21 for the login user. This authentication process will be described later.

  Next, in S213, it is determined whether or not the printing process has been completed. If the printing process has been completed (YES in S213), a print end process for acquiring information such as the print condition and the number of prints is performed in S214, and in S215. The acquired print information is transmitted to the document storage server 22 and the process ends. If printing is in progress or if the print end process has been completed (NO in S213), the process ends as it is.

  FIG. 12 is a flowchart showing a subroutine of authentication processing (S210 in FIG. 11) in the MFP 21.

  In FIG. 12, in S <b> 2101, an authentication screen is displayed on the operation panel 39 of the MFP 21. In step S2102, it is determined whether account information has been input. If account information has been input (YES in step S2102), the process advances to step S2103. If there is no input of account information (NO in S2102), the process directly returns.

  In S2103, it is determined whether an account exists in the MFP 21. If an account exists in the MFP 21 (YES in S2103), a print process is executed in S2104, and the process returns. In this case as well, restrictions on the number of prints may be added. If the account does not exist in the MFP 21 (NO in S2103), the process returns in S2105 as authentication impossible.

As is clear from the above description, when user authentication is performed on the document storage server 22 side, re-authentication on the MFP 21 side is skipped, so that the user can specify a user ID and the like for authentication on the MFP 21 side. There is no need to re-input, and the operation is simplified.
[When Document Data and Authentication Information are Transmitted Together from Document Storage Server 22 to MFP 21]
The flow of processing on the document storage server 22 side in this case is shown in the flowchart of FIG.

  As shown in FIG. 13, the authentication process in S401, the document display process in S402, the document selection process in S403, the output destination determination process in S404, the document transmission process in S405, and the post-document output process in S406 are completed.

  The contents of the authentication process in S401, the document display process in S402, the document selection process in S403, the output destination determination process in S404, and the post-document output process in S406 are the authentication process in S101 and S102 in FIG. This is the same as the document display process, the document selection process in S103, the output destination determination process in S104, and the post-document output process in S107.

  As is clear from the comparison between FIG. 13 and FIG. 3, when the first authentication information and the document data are transmitted together, the user authentication information transmission process of S105 of FIG. 3 can be omitted, and the MFP 21 receives the received document data. Receive authentication results with

FIG. 14 is a flowchart showing a subroutine of the document transmission process (S405). In this document transmission process, the selected document is transmitted. In FIG. 14, in S4051, it is determined whether or not the selected document data has been transmitted to the output destination. If the document data has already been transmitted (determination in S4051). Is YES), in S4052, it is determined whether the “notification notifying that the document data has been output” has been received (received) from the output destination. If it has been received (YES in S4052), the output is completed in S4053. Process and return. If the notification has not yet arrived (NO in S4052), the process directly returns.

  If the document data has not been transmitted (NO in S4051), it is determined in S4054 whether or not the output destination has been determined. If the output destination has been determined (YES in S4054), in S4055. The authentication data is added to the selected document data, the data is transmitted in S4056, and the process returns.

  If the output destination has not been determined (NO in S4054), it is determined in S4057 whether or not a timeout has occurred at this time, and if it has not timed out (NO in S4057), the process directly returns. If it is time-out (determination in S4057 is YES), data transmission is stopped in S4057 and the process returns.

  In this way, the authentication data is transmitted in addition to the document data.

  Next, the flow of processing in the MFP 21 that is the output destination of the document data will be described with reference to the flowchart shown in FIG.

  In FIG. 15, the MFP 21 determines in S501 whether there is an inquiry for determining the output destination from the document storage server 22, and if there is an inquiry (YES in S501), in S502, “document storage” An inquiry such as “It is an MFP that can output data from the server 22” is made, and the process proceeds to S503. If there is no inquiry, the process proceeds directly to S503.

  In S <b> 503, it is determined whether or not document data with authentication data has been received from the document storage server 22. If document data is received (YES in S503), authentication information is extracted from the received data in S504, authentication processing is performed in S505, and the process proceeds to S506. This authentication process will be described later. If the document data has not been received (NO in S503), the process proceeds directly to S506.

  In S506, it is determined whether or not the print process is completed. If the print process is completed (YES in S506), a print end process for acquiring information such as the print condition and the number of prints is performed in S507.

  In step S508, the acquired print information is transmitted to the document storage server 22 and the process ends. If printing is in progress or if the print end process has been completed (NO in S506), the process ends as it is.

  FIG. 16 is a flowchart showing a subroutine of authentication processing (S505 in FIG. 15) in the MFP 21.

  In FIG. 16, in S5101, it is determined whether there is account information in the authentication information added to the document data. If there is account information (YES in S5051), the process proceeds to S5052. If there is no account information (NO in S5051), the process directly returns.

  In S5052, it is determined whether an account exists in the MFP 21. If an account exists in the MFP 21 (YES in S5052), a print process is executed and the process returns. If there is no account in the MFP 21 (NO in S5052), the process returns in S5054 as an authentication impossible.

  As described above, even when the authentication information is added to the document data and transmitted together, if the added authentication information includes the account information and the account information also exists in the MFP 21, the user can use the MFP 21 side. The function of the MFP 1 can be used without performing authentication again.

  Next, another embodiment of the present invention will be described. This embodiment shows a case where, on the PC 50 that is a user terminal, re-authentication at the time of use of the MFP 21 is omitted based on authentication information input by the user when the application program is started (used).

  FIG. 17 shows the flow of processing.

  When a print request is made from an application program, the printer driver installed in the PC 50 executes the authentication process of FIG. 17 which is one of the processes. This authentication process is executed when an “OK” button 392 is pressed on the print mode setting screen 391 of the printer driver of FIG.

  In FIG. 17, in step S <b> 601, the printer driver acquires authentication information input by the user at the time of activation from an application program for which a print instruction has been issued. In S602, it is determined whether authentication information from the application program has been obtained. If authentication information has been obtained (YES in S602), an inquiry for authentication information (authentication confirmation) is made to the MFP 21 in S603. Do.

Next, in S604, it is determined whether there is authentication information from the MFP 21. If there is authentication information (YES in S604), the process is branched.
(1) When the authentication information acquired from the application program is in an account stored in the MFP 21.

In this case, in S605, a first driver display having an authentication screen 393 as shown in FIG. 19 is performed. As shown in this screen, the connection with the account acquired from the application program and the functions of the MFP 21 that can be used with this account are displayed. If the user can use the displayed account, the user can simply perform the following process. If the user needs to connect with a different account due to the function limitation of the MFP 21, the user can uncheck the check box in FIG. It is also possible to input.
(2) When the authentication information acquired from the application program is not in the account stored in the MFP 21.

  When it is determined that the authentication information cannot be obtained from the application program (NO in S602), or when there is no authentication information from the MFP 21 (NO in S604), in S606, as shown in FIG. The second driver display with the authentication screen 394 is displayed to prompt the account input.

  Also according to this embodiment, by using the authentication information performed when the application program is started, a re-input operation such as a user ID and a password can be omitted when the MFP 21 is used, and the operability is improved.

Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. For example, the following examples are included.
(1) In the first embodiment, when the user first logs in to the document storage server 22, selects a document therefrom, and then transmits to the MFP 21 to perform printing, the second login at the MFP 21 can be omitted. Although an example has been shown, when the user first logs in to the MFP 21 to scan a document and transmits the scanned document to the document storage server 22 and stores it in the document storage server 22, the login in the document storage server 22 may be omitted. . Of course, the document transmitted from the MFP 21 is not limited to a scanned document, and may be a document stored in advance in a box.
(2) In the second embodiment, an example in which a file created by the application program of the host PC 50 is sent to the MFP 21 for printing is shown. However, a file created by the host PC 50 is sent to the MFP 21 and sent to the MFP 21. For example, when using as a PC-FAX function for transmitting a fax from the outside to the outside, login with the MFP 21 may be omitted. The processing in the MFP 21 is not limited to this, and an application file created on the PC 50 by combining a document stored in advance in the box of the MFP 21 with an application file, or using a file format conversion function or compression function of the MFP 21. May be converted.

  In the above embodiment, the MFP 21 which is a multifunctional image forming apparatus is used as the image processing apparatus. However, a printer having only a print function may be used.

1 is a configuration diagram illustrating an image processing system according to an embodiment of the present invention. 2 is a block diagram illustrating an electrical configuration of an MFP in the image processing system. FIG. It is a flowchart which shows the process which a document storage server performs when document data and authentication information are transmitted separately. It is a flowchart which shows the subroutine of the authentication process of FIG. It is a flowchart which shows the subroutine of the document display process of FIG. It is a flowchart which shows the subroutine of the document selection process of FIG. It is a flowchart which shows the subroutine of the output destination determination process of FIG. It is a flowchart which shows the subroutine of the user authentication information transmission process of FIG. It is a flowchart which shows the subroutine of the document transmission process of FIG. FIG. 4 is a flowchart illustrating a subroutine of post-document output processing in FIG. 3. FIG. 6 is a flowchart illustrating processing performed by an image processing apparatus (MFP). 12 is a flowchart illustrating a subroutine of MFP authentication processing in FIG. 11. It is a flowchart which shows the process which a document storage server performs when transmitting document data and authentication information together. It is a flowchart which shows the subroutine of the document transmission process of FIG. 6 is a flowchart showing processing on the image processing apparatus (MFP) side. 16 is a flowchart showing a subroutine of MFP authentication processing in FIG. 5 is a flowchart illustrating authentication processing performed by a printer driver when a print request is made to an MFP using an application program. This is a screen when the print mode is set by the printer driver. It is a 1st driver display screen. It is a 2nd driver display screen.

Explanation of symbols

21 MFP (image processing apparatus, printer)
22 document storage server 23 personal authentication server (first authentication means)
31 CPU (control means)
44 Authentication section (second authentication means)
50 Personal computer (user terminal)
51 network

Claims (15)

A document storage server storing document data;
An image processing apparatus connected to the document storage server via a network and processing document data transmitted from the document storage server;
A first authentication means for performing user authentication when accessing the document storage server;
A second authentication means for performing user authentication when accessing the image processing apparatus;
When authentication is established by the first authentication means, control is performed so that authentication by the second authentication means is not performed, and user identification information used in the authentication judgment of the first authentication means is an image. If there is a user account destination of the processing device, perform user account processing in association with this, and if not, control means for performing account processing as a public user,
An image processing system comprising:   2. The image processing system according to claim 1, wherein when the first authentication is established, the first authentication information in the first authentication means is added to the document data transmitted from the document storage server to the image processing apparatus. .   The image processing system according to claim 2, wherein the first authentication information to be added is authentication result information from the first authentication means and user identification information input.   The image processing system according to claim 2, wherein the function of the image processing apparatus is restricted based on the added first authentication information.   The image processing system according to claim 1, wherein the image processing apparatus is at least one of a multifunctional image forming apparatus and a printer. A first authentication step for performing user authentication when accessing a document storage server storing document data;
A second authentication step for performing user authentication when accessing an image processing apparatus connected to the document storage server via a network and processing document data transmitted from the document storage server;
When authentication is established in the first authentication step, control is performed not to perform authentication in the second authentication step, and the user identification information used in the authentication judgment in the first authentication step is If there is a user account destination of the image processing apparatus, perform user account processing in association with this, and if not, perform account processing as a public user,
An image processing method comprising:   7. The authentication information according to claim 6, wherein when the authentication in the first step is established, the first authentication information in the first authentication step is added to the document data transmitted from the document storage server to the image processing apparatus. Image processing method.   The image processing method according to claim 7, wherein the first authentication information to be added is authentication result information in the first authentication step and input user identification information.   The image processing method according to claim 7, wherein the function of the image processing apparatus is restricted based on the added first authentication information.   The image processing method according to claim 6, wherein the image processing apparatus is at least one of a multifunctional image forming apparatus and a printer. An image processing apparatus that is connected to a document storage server that stores document data via a network and processes document data transmitted from the document storage server,
An authentication means for authenticating a user who accesses the device;
When authentication of a user who has accessed the document storage server is established by the document storage server, control is performed so that authentication by the authentication means is not performed, and user identification information used in authentication judgment by the document storage server is If it exists as a user account destination, a user account process is performed in association with this, and if it does not exist, a control means for performing an account process as a public user,
An image processing apparatus comprising:   12. The image processing apparatus according to claim 11, wherein when authentication by the document storage server is established, authentication information at the document storage server is added to the document data transmitted from the document storage server.   The image processing apparatus according to claim 12, wherein the added authentication information is authentication result information in the document storage server and input user identification information.   The image processing apparatus according to claim 12, wherein function restriction is performed based on the added authentication information.   The image processing apparatus according to claim 11, comprising at least one of a multifunctional image forming apparatus and a printer.

Images