JP2011113241A - Information apparatus, image processing apparatus, information processing apparatus which can communicate with the information apparatus and information processing system including them - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent leakage of secret information by not permitting use of an MFP (MultiFunction Peripheral) by a user different from a user making the secret information be stored. <P>SOLUTION: A CPU (Central Processing Unit) of the MFP communicating with an FSS server connected via a network executes a program including: a step (S3090) of transmitting a use permission request signal including a machine ID (IDentification), an already erased flag, and a communication setting parameter to the FSS server when connected to a network line (YES in S3080); a step (S3140) of displaying an initial screen together with an availability message when receiving a use permission signal from the FSS server (YES in S3120); and a step (S3150) of displaying a maintenance screen together with non-availability message when receiving a use non-permission signal transmitted when a user data storage area is not initialized though the MFP is moved from the FSS server (NO in S3120). <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an information device that can change a user or a business office to which the user belongs, and particularly relates to an information device that prevents leakage of information from storage units included in many information devices. The present invention also relates to an image processing apparatus that is one type of such information equipment, an information processing apparatus (server computer) that can communicate with such information equipment, and an information processing system including them.

  As one type of image processing apparatus that is an information device, an image forming apparatus (typically a copier) that forms an image on a recording sheet is introduced in many offices (company, office, etc.). In such offices, there are many cases where an image forming apparatus having a printer function or a copy function is connected to a network, and these are used (shared) by a plurality of users. In addition, a multifunction peripheral (MFP (Multi Function Peripheral)), which is one type of such an image forming apparatus, has a copy mode, a facsimile mode (hereinafter, a facsimile is sometimes referred to as “FAX” or “fax”), and a network compatible printer. A plurality of basic modes such as a mode and a scanner mode are provided.

  In these image forming apparatuses, an image is printed on a recording sheet based on scan data obtained by scanning a document or print data transmitted from a computer. The scan data or print data may include confidential information or personal information (hereinafter collectively referred to as “confidential information” or “confidential data”). Such data is stored in a storage unit (such as a nonvolatile built-in hard disk) in the image forming apparatus. That is, an information device that includes such an image forming apparatus and includes a storage unit that stores data often has a storage function that stores information including confidential information. Further, address book data such as the telephone line number and name of the FAX transmission destination may be stored in this storage unit.

  On the other hand, such an image forming apparatus may be provided to a user by a rental contract or a lease contract. In such a case, at the end of the rental period or lease period, the user may be changed from the installation location used by the previous user to the installation location used by the new user. . When the user is changed, if the confidential information stored in the storage unit by the previous user is not erased, the confidential information may be leaked to the new user. Further, although it is a special case, confidential information may be leaked to a third party even when the image forming apparatus is stolen. In preparation for such a situation, it is necessary to enhance the security of the image forming apparatus.

  Japanese Patent Laying-Open No. 2007-43430 (Patent Document 1) discloses an image forming apparatus that can prevent unauthorized use based on theft of the image forming apparatus without providing a special movement detection mechanism. The image forming apparatus includes a flag setting unit that sets a movement permission flag that has two states, a state where the movement of the image forming apparatus is permitted and a state where the movement is prohibited, and a movement permission that stores the set movement permission flag. After the flag storage unit, the state detection unit for detecting the state of the own device, and the power source of the own device are turned on, the presence / absence of movement of the own device is determined based on the state of the own device detected by the state detection unit When it is determined by the determination unit and the determination unit that the device has moved and the movement permission flag stored in the movement permission flag storage unit is in a movement prohibited state, the information stored in the device is deleted. A control unit.

  According to this image forming apparatus, after the apparatus is turned on, the determination unit determines whether or not the apparatus has moved based on the state of the apparatus detected by the state detection unit. When it is determined that the own device has moved and the movement permission flag stored in the movement permission flag storage unit is in a movement prohibited state, the information stored in the device is deleted. Can be abused and security can be improved.

  Furthermore, Japanese Patent Application Laid-Open No. 2008-15664 (Patent Document 2) discloses an image forming apparatus capable of improving security while suppressing a decrease in convenience. The image forming apparatus includes an image data input unit that inputs image data, a memory control unit that stores the input image data in an image memory, and a job determination unit that determines whether a job to be executed has confidentiality. And when the job is determined to be confidential, the automatic mode setting unit for setting the enhanced security mode, the network connection unit for connecting to the network, the enhanced security mode being set, and And a network control unit that outputs a disconnection command to disconnect the connection to the network to the network connection unit on condition that an image data input command to the image data input unit exists.

  According to this image forming apparatus, the user does not need to consciously set the enhanced security mode, and can automatically set the enhanced security mode only for a confidential job. For this reason, it is possible to easily prevent the image data in the image memory from being operated from the outside via the network, so that security can be easily improved. Moreover, compared with the case where the connection with a network is cut | disconnected previously, the fall of a user's convenience can be suppressed.

JP 2007-43430 A JP 2008-15664 A

  In various information devices including an image forming apparatus and an image processing apparatus, as described above, nonvolatile storage for storing various data (in addition to the above-described image data and address book data, job log data, etc.) Many units are equipped with a communication unit as well as a unit. For such information devices, a user may store confidential information in a storage unit. When an information device storing such confidential information is operated by another person, the other person can easily know the confidential information. In order to prevent such a situation, it is conceivable to apply the technique disclosed in the above-described patent document.

  However, the technique disclosed in Patent Document 1 is that information stored in the image forming apparatus indicates that the movement prohibition flag is in a movement prohibition state when the image forming apparatus, which is one type of information equipment, is moved. Is just what gets deleted. Any large information device such as an image forming apparatus that can be easily determined can be used. However, in the case of an information device that does not, it can be manipulated by others and leak confidential information. There is sex. Further, if the password is leaked and the movement prohibition flag is manipulated (if the password is used to intentionally change the movement prohibition state to the movement permission state), it is stored even if the image forming apparatus is moved. Information is not deleted, and confidential information may be leaked.

  Further, the technique disclosed in Patent Document 2 merely prevents the image data in the image memory from being manipulated from the outside via a network. For this reason, when it is determined that the job has confidentiality, the mode is changed to the enhanced security mode, and even if the network connection is disconnected, the image forming apparatus itself is operated by another person without being connected to the network. Otherwise, confidential information may be leaked.

  Such a problem includes an image forming apparatus that may be changed by the end of the rental period or the lease period as described above, and is an information device including a storage unit that can be operated by others. As long as there is a certain information device, it is common to any information device.

  In order to solve the above-described problem, the present invention is an information device having a communication function for communicating with another device and a storage function for storing information including confidential information, and a user storing the confidential information; To provide an information device (image processing device), an information processing device capable of communicating with the information device, and an information processing system including them, which can prevent leakage of confidential information without allowing use by different users. .

  An information device according to an aspect of the present invention switches between a communication unit for communicating with another device, a storage unit for storing data, and a state in which data can be recognized by a user and a state in which the user cannot Based on the received instruction information, the state information indicating the data storage state in the storage means and the state information indicating the data storage state is transmitted to the other device, the instruction information transmitted from the other device responding to the state information is received And control means for controlling the switching means.

  For example, when the user starts using an information device that may be changed, status information indicating the data storage state in the storage unit of the information device is transmitted to another device. This status information is, for example, information about whether highly confidential user data is stored in the storage means. If another device determines that user data is not stored in the storage means based on the status information, the instruction information permitting use is permitted, and if it is determined that user data is stored in the storage means, the use is permitted. Do not send instruction information. Based on this instruction information, the information device switches between a state in which data can be recognized by the user and a state in which it cannot. For this reason, when it is determined that the user data is not stored in the storage means, since there is no leakage of confidential data, use that allows data recognition is permitted. If it is determined that the user data is stored in the storage means, leakage of confidential data may occur, so that use that allows data recognition is not permitted. For this reason, it is possible to prevent leakage of confidential data stored in the information device.

  The switching means constituting the information device can be configured to include means for switching between a use-permitted state in which data can be recognized by a user and a use-not-permitted state in which it is impossible. In this case, when the information device is in a use-not-permitted state, the control unit transmits state information indicating a state in which no data is stored in the storage unit to another device, and based on the received instruction information. Further, it is possible to configure to include means for controlling to switch from the use non-permitted state to the use permitted state. Further, in this case, when the information device is in a use-not-permitted state, the control unit transmits state information indicating a state in which data is stored in the storage unit to another apparatus, and receives the received instruction information. Based on this, it can be configured to include a means for controlling so as not to switch from the use non-permitted state to the use permitted state.

  In this case, when the use of the information device is not permitted (use not permitted state) and status information indicating a state in which no data is stored is transmitted to another device, leakage of confidential information is performed. Since there is no, it is switched to the use permission state. On the other hand, when state information indicating a state in which data is stored is transmitted to another device, confidential information may be leaked, so that the use-not-permitted state is maintained. Thereby, leakage of confidential data can be prevented.

  The information device can be configured to further include means for storing communication parameters for causing the communication means to function. In this case, the control means transmits the communication parameter to the other device in addition to the state information, receives the instruction information transmitted from the other device in response to the state information and the communication parameter, and receives the received instruction information. Based on the above, it can be configured to include means for controlling the switching means. Here, when the installation location of the information device is changed, the communication parameter can be changed.

  If it does in this way, the address etc. which identify the information apparatus in the place where the information apparatus was installed are set as a communication parameter for functioning a communication means, for example. When the installation location of this information device is changed (that is, when the user is changed), this address is also changed. This can be used to determine that the information device has moved. For example, when the installation location of an information device is moved and the user is changed, if status information indicating a state in which no data is stored is transmitted to another device, even if the user is changed, the confidential information Since there is no leakage, it is switched to a use-permitted state. On the other hand, when the user is changed in this way, when the status information indicating the state in which the data is stored is transmitted to another device, the confidential information may be leaked, so that the use non-permission state is maintained. Is done. Thereby, even if a user is changed, leakage of confidential data can be prevented.

  The switching means in the information device can be configured to include means for switching between a use-permitted state in which data can be recognized by the user and a use-not-permitted state where it is impossible. In this case, when the information device is in a use-not-permitted state, the control unit is in a state information indicating a state in which no data is stored in the storage unit, and other devices that the installation location of the information device is changed. And a means for controlling to switch from the use-not-permitted state to the use-permitted state based on the received instruction information. Further, in this case, when the information device is in a use-not-permitted state, the control unit indicates that status information indicating a state in which data is stored in the storage unit and that the installation location of the information device has been changed. A communication parameter that can be identified by the device is transmitted, and based on the received instruction information, it is possible to include a means for controlling so as not to switch from the use-not-permitted state to the use-permitted state.

  Even if the installation location of the information device is changed, if no data is stored in the storage means, even if the user is changed, there is no leakage of confidential information, so that the usage permission state is switched. On the other hand, when data is stored when the installation location of the information device is changed, confidential information may be leaked, so that the use disapproval state is maintained. Thereby, even if a user is changed, leakage of confidential data can be prevented.

  This status information can be configured to be either information indicating that no data is stored or information indicating that data is stored in the storage area in which the confidential data is stored. The instruction information can be configured to be either information that permits use of the information device or information that does not permit use of the information device.

  Such state information and instruction information can be used to prevent leakage of confidential data.

  The information device may be configured to further include a means for controlling so as not to switch to a state in which the user can recognize data unless receiving information permitting the use of the information device from another device. it can.

  For example, when there is no response from another device due to a communication error, it is not possible to switch to a state in which data can be recognized by the user, so that leakage of confidential data can be prevented even when a communication error occurs.

  An image processing apparatus according to still another aspect of the present invention further includes means for processing image data in addition to the above-described information device means.

  When the image forming apparatus which is an example of the image processing apparatus or the image processing apparatus may have confidential data stored in the storage unit even if the user is changed due to the expiration of the rental contract or the expiration of the lease contract The image processing apparatus is not ready for use. For this reason, even when the confidential data in the storage means is forgotten to be deleted when the contract expires, it is possible to prevent the confidential data from leaking.

  An information processing apparatus according to yet another aspect of the present invention communicates with an information device including a communication unit and a storage unit that stores data recognized by a user. The information processing apparatus includes a communication unit for communicating with the information device, information received from the information device, and the status information indicating the data storage state in the storage unit. It includes a determination unit for determining whether or not to permit a state in which recognition is possible, and a unit for transmitting use permission information to the information device when it is determined to be permitted by the determination unit.

  In this way, the information processing apparatus that has received the state information indicating that the data is stored in the storage unit of the information device does not permit a state in which the user can recognize the data. For this reason, it is possible to prevent leakage of confidential data when the user is changed.

  Here, when the information device transmits the communication parameter set for causing the communication unit to function to the information processing device, the information processing device stores the received communication parameter for each information device. The apparatus may further include position determining means for determining the installation location of the information device based on the means, the communication parameter stored in the parameter storage means, and the received communication parameter. In this case, the determination unit can be configured to include a unit for determining whether or not to permit a state in which the user can recognize data based on the installation location in addition to the state information.

  If it does in this way, it can be judged by the position judgment means whether the installation place of information equipment was changed (whether the user was changed). By using this determination, it is possible to prevent leakage of confidential data when the user is changed.

  This position determination means can be configured to include means for determining that the installation location of the information device has been changed if the communication parameter stored in the parameter storage means does not match the received communication parameter. In this case, when the determination unit determines that the installation location of the information device has been changed, the determination unit recognizes the data based on the reception of the state information indicating a state in which no data is stored in the storage unit. Can be configured to include means for determining that a possible state is permitted. Further, in this case, when the determination unit determines that the installation location of the information device has been changed, the determination unit receives data from the user based on the reception of the state information indicating the state in which the data is stored in the storage unit. It is possible to configure so as to include a means for determining that a state in which recognition of the information can be recognized is not permitted.

  In this way, when state information indicating a state in which no data is stored is received from the information device, since there is no leakage of confidential information, a state in which the user can recognize the data is permitted. On the other hand, when the status information indicating the status in which the data is stored is received from the information device, the confidential information may be leaked, and thus the status in which the user can recognize the data is not permitted. Thereby, leakage of confidential data can be prevented.

  The information processing apparatus includes a means for storing information on prohibition of use and information on a period of use for each information device, and a case where use is prohibited and a period of use has elapsed. In any case, it may be configured to further include means for determining that a state in which the user can recognize data is not permitted.

  In this way, regardless of whether or not data is stored in the storage unit of the information device, if the use is prohibited or if the information device cannot be used because the usage period has passed, The information equipment is not ready for use. For this reason, unauthorized use of information equipment can be prevented.

  An information processing system according to still another aspect of the present invention includes any one of the above-described information device and image processing apparatus, and the above-described information processing apparatus.

  According to this information processing system, when the user of the information device is changed, the use is permitted if the data is not stored in the storage unit, or the data device is used if the data is stored in the storage unit. Or allow it to be disallowed. Furthermore, when the use of the information device is prohibited or when the information device cannot be used because the use period has passed, the use of the information device can be prevented from being permitted. For this reason, leakage of confidential data can be prevented, and unauthorized use of information equipment can be prevented.

  According to the information device (image processing device), the information processing device capable of communicating with the information device, and the information processing system including them, the communication function for communicating with other devices and the information including confidential information are stored. It becomes possible to prevent leakage of confidential information without permitting an information device having a storage function to be used by a user different from the user who stored the confidential information.

1 is a diagram illustrating an overall configuration of a network image forming system including an information processing apparatus (server computer) and an image forming apparatus (MFP) according to an embodiment of the present invention. It is a control block diagram which shows the hardware constitutions of the server computer of FIG. FIG. 2 is a control block diagram illustrating a hardware configuration of the MFP in FIG. 1. It is a figure which shows the machine management table memorize | stored in the server computer of FIG. It is a flowchart which shows the control structure of the program run with the server computer of FIG. 6 is a flowchart (No. 1) showing a control structure of a program executed by the MFP of FIG. 6 is a flowchart (No. 2) showing a control structure of a program executed by the MFP of FIG. 6 is a flowchart (No. 3) showing a control structure of a program executed by the MFP of FIG. FIG. 3 is a diagram (part 1) illustrating a display example of a touch panel display of the MFP of FIG. 1; FIG. 8 is a second diagram illustrating a display example of the touch panel display of the MFP in FIG. 1. FIG. 10 is a third diagram illustrating a display example of the touch panel display of the MFP in FIG. 1. FIG. 8 is a diagram (No. 4) illustrating a display example of the touch panel display of the MFP in FIG. 1; FIG. 10 is a diagram (No. 5) illustrating a display example of the touch panel display of the MFP in FIG. 1;

  In the following embodiments, the same parts are denoted by the same reference numerals. Their functions and names are also the same. Therefore, detailed description thereof will not be repeated.

  In the embodiment of the present invention, it is assumed that the information device is an image forming apparatus that is a kind of image processing apparatus, the information processing apparatus is a server computer, and a system including these is an image forming system. . The image forming apparatus will be described as an MFP. However, the information apparatus according to the present embodiment may be an image processing apparatus other than such an image forming apparatus, or may be an apparatus other than the image processing apparatus and provided with a storage unit and a communication unit. I do not care. That is, the information device according to the present embodiment may be an information device provided with a communication function for communicating with other devices and a storage function for storing information including confidential information. In many cases, such an information device is often provided with a display function and an operation function (a touch panel display or the like that also serves as these functions).

  An information processing apparatus that processes information about whether or not to permit use based on the state of the image forming apparatus that is the information device according to the present embodiment (the state of the installation location and the state of the storage unit). , FSS (Field Support System) server computer. However, the information processing apparatus according to the present embodiment may be a computer other than such an FSS server computer. Here, the FSS server computer will be described.

  This FSS server computer stores knowledge such as technology and product specification information, customer information, failure information, etc. on a hard disk as a database system in companies, etc. with the recent development of the network (Internet), and utilizes that knowledge. An information processing apparatus for realizing a system that supports MFP users. By such FSS, business efficiency, customer response speed, and cost reduction are achieved. In FSS for MFPs, a system has been constructed that can transmit information about the state of the MFP to a customer center equipped with a database system for customer management and service management, or the MFP can be remotely connected from the customer center. A system that can be operated to change the setting of the MFP is constructed. In such a configuration, it is possible to solve the trouble without a service person visiting by accessing the MFP from the FSS server computer at the customer center and changing the setting of the MFP.

  In the present embodiment, an FSS server computer having a remote maintenance function of such an image processing apparatus as one function is used as an information processing apparatus, and is based on the state of the image forming apparatus (installation location and storage unit state). Information about whether or not to permit the use.

  Furthermore, in the following embodiment, a network image forming system including a plurality of MFPs will be described. However, the network image forming system may be configured by only one MFP that communicates with the information processing apparatus described above. Absent. When the information device is not an MFP, it is not a network image forming system but a network information processing system.

  As described above, in this embodiment, a network image forming system including an FSS server computer and an MFP having a communication function for communicating with the FSS server computer and a storage function for storing confidential information will be described. The present invention is a network information processing system having a more general configuration, which is an information processing apparatus and an information device having a communication function for communicating with the information processing apparatus and a storage function for storing confidential information. I just need it.

[Overall system configuration]
With reference to FIG. 1, the overall configuration of a network image forming system according to an embodiment of the present invention will be described. This network image forming system is obtained by receiving a copy request or a print request, printing an image on recording paper, receiving a transmission request, transmitting image data to another computer, or scanning upon receiving a scan request. MFP (1) 300 to MFP (3) 300 (hereinafter, MFP (1) 300 to MFP (3) 300 may be referred to as MFP 300 in some cases) that stores the stored image data in a storage device (internal hard disk). And an FSS server computer 200 that processes a use permission request transmitted from the MFP 300. These FSS server computer 200 and MFP 300 are communicably connected via a network line (private LAN line) 400 and an Internet network 500. Note that MFP (1) 300 to MFP (3) 300 have the same reference numerals but are not necessarily MFPs having the same functions. The Internet network 500 may be an intranet network.

  The FSS server computer 200 in the present embodiment stores registration information and use permission information in a machine management table using a machine ID (IDentification) that uniquely identifies an MFP as a key. The FSS server computer 200 has transmitted a use permission request signal in response to a use permission request signal (this signal includes a machine ID and an erased flag) received from the MFP 300 via the network line 400 and the Internet network 500. Whether to permit use of the MFP 300 is determined. At this time, the FSS server computer 200 permits the use of the MFP 300 based on the information specified by the machine ID transmitted from the MFP 300 and the flag transmitted from the MFP 300 among the information stored in the machine management table. Determine whether or not. The FSS server computer 200 transmits a use permission signal or a use disapproval signal to the MFP 300 via the network line 400 and the Internet network 500. When the MFP 300 receives the use permission signal from the FSS server computer 200, the MFP 300 enters a state where image formation processing is possible, and receives the use non-permission signal (or receives the use permission signal) and enters a state where image formation processing is possible. Don't be.

  As described above, in the present embodiment, when a user who wants to use MFP 300 that is not connected to network line 400 and is not in a use-permitted state connects the cable of network line 400 to the network connection connector of MFP 300, MFP 300 is connected to FSS server. By transmitting a use permission request signal to the computer 200, the MFP 300 receives a use permission signal or a use non-permission signal from the FSS server computer 200. At this time, the MFP 300 operates in a mode that cannot be used without being connected to the FSS server computer 200 via the network line 400 (hereinafter, this mode is referred to as an FSS mode). For example, such an FSS mode is set during a rental contract or a lease contract. In such FSS mode, for example, the types of IP (Internet Protocol) addresses in the network are limited. In this FSS mode, the IP address cannot be a temporary address automatically assigned by a DHCP (Dynamic Host Configuration Protocol) server. However, the application of the present invention is not limited to information equipment (image forming apparatus) for which a rental contract and a lease contract are concluded.

  In the following, in the drawings and the like, the FSS server computer 200 may be simply referred to as a server, and the MFP 300 may be simply referred to as an MFP.

[Hardware configuration]
<FSS server computer 200>
Referring to FIG. 2, FSS server computer 200 constituting the network image forming system according to the present embodiment is connected to bus 290, CPU (Central Processing Unit) 210 connected to bus 290, and bus 290. ROM (Read-Only Memory) 220, RAM (Random Access Memory) 230 connected to bus 290, hard disk (HDD) 240 connected to bus 290, and optical disk 282 can be mounted. Thus, an interface related to the connection between the mouse 252 and the keyboard 254, which is connected to the bus 290 and the optical disk drive 280 capable of writing information to and reading information from the optical disk 282. An input interface (hereinafter referred to as “input IF”) 250 for providing and a display interface (hereinafter referred to as “display IF”) for providing an interface related to the connection between the bus 290 and the display 262. ) 260 and a network interface (hereinafter referred to as “network IF”) that provides connection to the network line 400 and the Internet network 500 by wired or wireless (in this embodiment, wired or wireless). 270). The FSS server computer 200 is provided with a magnetic disk drive that can be loaded with a magnetic disk and can write information to the magnetic disk and read information from the magnetic disk, instead of / in addition to the optical disk drive 280. It doesn't matter.

  The bus 290, the ROM 220, the RAM 230, the hard disk 240, the optical disk drive 280, the input IF 250, the display IF 260, and the network IF 270 all operate in cooperation under the control of the CPU 210, and as an information processing apparatus according to the present embodiment, The FSS server computer 200 realizes processing by various applications. These applications, for example, information in the network image forming system for transmitting a use permission signal or a use non-permission signal to the MFP 300 in response to a use permission request signal transmitted from the MFP 300 connected to the network line 400. A processing device is realized.

  A computer program for causing the FSS server computer 200 to operate as an information processing apparatus in the network image forming system according to the present embodiment is stored in the optical disk 282 inserted into the optical disk drive 280 and further transferred to the hard disk 240. Is done. Alternatively, the program may be transmitted to the FSS server computer 200 through the network line 400 and stored in the hard disk 240. The program is loaded into the RAM 230 when executed. The program may be loaded into the RAM 230 directly from the optical disk 282 or via the network line 400.

  These programs include a plurality of instructions that cause the FSS server computer 200 to operate as an information processing apparatus in the network image forming system according to the present embodiment. Some of the basic functions necessary for this operation are performed by an operating system (OS) or a third-party program running on the FSS server computer 200, or modules of various toolkits installed on the FSS server computer 200. Provided. Therefore, this program does not necessarily include all functions necessary for realizing the image forming system according to the present embodiment. This program includes only instructions for executing a predetermined process as the FSS server computer 200 by calling an appropriate function or “tool” in a controlled manner so as to obtain a desired result. Just go out. Since the general operation of the computer that is the entity of the FSS server computer 200 is well known, it will not be repeated here.

<MFP 300>
-Overall configuration-
Referring to FIG. 3, MFP 300 configuring the network image forming system according to the present embodiment is connected to bus 390, CPU 310 connected to bus 390, ROM 320 connected to bus 390, and bus 390. RAM 330, hard disk (HDD) 340 connected to bus 390, input IF 350 and display IF 360 for providing an interface related to connection with bus 390 and touch panel display 380, and bus 390. A network IF 370 that provides connection to the network line 400 and the Internet network 500 by wire or wireless (wired in the present embodiment). Although not shown in FIG. 3, the MFP 300 includes hardware buttons such as a start button and a numeric keypad button.

  The hard disk 340 of the MFP 300 corresponds to a user data storage area 342 for a user who uses the MFP 300, a setting parameter storage area 344 for storing setting parameters for the MFP 300, and an initialization state of the user data storage area 342. A flag storage area 346 for storing the erased flag, and a machine ID storage area for storing the machine ID of the MFP 300. Some of these may be stored in another storage unit (ROM 320 or RAM 330). Information (IP address, URL (Uniform Resource Locators), etc.) for connecting to the FSS server computer 200 is also stored in the hard disk 340.

  The user data storage area 342 stores image data of a scanned document, image data (print data) transmitted from a computer, log data about a job in the MFP 300, and an address book used when FAX transmission is performed using the MFP 300. Data and the like are stored. The user data storage area 342 can be initialized by a service person who performs maintenance.

  In the setting parameter storage area 344, for example, a time for shifting to the energy saving mode when the MFP 300 is not operated is stored. The setting parameter storage area 344 stores the telephone line number for FAX set for the MFP 300 and the IP address for network communication, which are communication setting parameters. The communication setting parameter may be only an IP address for network communication. Further, when the FSS server computer 200 and the MFP 300 are connected by a telephone line, this communication setting parameter may be only a telephone line number for FAX.

  In the flag storage area 346, an erased flag indicating the initialization state of the user data storage area 342 is stored. When the user data storage area 342 is initialized and no user data is stored, an erased flag in a set state (“1” in binary notation) is stored in the flag storage area 346. On the other hand, when user data is stored in the user data storage area 342, an erased flag in a reset state (“0” in binary number) is stored in the flag storage area 346.

  When the first job is executed using the MFP 300 immediately after being shipped from the manufacturer (user data is not stored in the user data storage area 342 and the erased flag is set at the time of shipment), The erased flag is reset (from “1” to “0”).

  After the job is executed, when the user data storage area 342 is initialized by a service person or the like, the erased flag in the reset state is set (from “0” to “1”). Further, when the job is executed in the MFP 300 in which the user data storage area 342 is initialized in this way, the set erased flag is reset again (from “1” to “0”). It is impossible to set the erased flag stored in the flag storage area 346 by any method other than the method for initializing the user data storage area 342. That is, the erased flag cannot be set other than initializing the user data storage area 342.

  The machine ID storage area 348 stores a machine ID (which may be a serial number) that uniquely identifies the MFP connected to the network image forming system. This machine ID cannot basically be rewritten.

  The bus 390, the ROM 320, the RAM 330, the hard disk 340, the input IF 350, the display IF 360, and the network IF 370 all operate in cooperation with the control of the CPU 310. And realize the application. These processes are executed by the CPU 310 controlling each component constituting the MFP 300 (not shown in FIG. 3). For example, when the MFP 300 is connected to the network line 400, the application transmits a use permission request signal to the FSS server computer 200 and operates based on the signal received from the FSS server computer 200. An image forming apparatus in a forming system is realized.

  A computer program for causing MFP 300 to operate as an image forming apparatus in the network image forming system according to the present embodiment is stored in hard disk 340. Alternatively, the program may be transmitted from the application server computer through the network line 400 and the Internet network 500 and stored in the hard disk 340. The program is loaded into the RAM 330 at the time of execution. The program may be loaded directly into the RAM 330 via the network line 400 and the Internet network 500.

  Note that the MFP 300 does not need to be connected to the FSS server computer 200 via the Internet network 500. For example, the MFP 300 can transmit a use permission request signal to the FSS server computer 200 via a general public line and a modem, and the MFP 300 can receive a use permission signal or a use non-permission signal from the FSS server computer 200. The connection method is not limited.

-Image forming unit in MFP-
The MFP 300 includes, for example, a document reading unit, an image forming unit, a paper feeding unit, and a paper discharge processing device. In MFP 300, image data received from another apparatus or image data of a document read by the document reading unit is subjected to various image processing by CPU 310, and the image data is output to the image forming unit. . The MFP 300 has a so-called laser type (electrophotographic type) printing function that uses laser light for photosensitivity. However, another type of printing function may be provided.

  The image forming unit prints an image indicated by image data on a recording sheet, and includes, for example, a photosensitive drum, a charging device, a laser scanning unit, a developing device, a transfer device, a cleaning device, a fixing device, and a charge eliminating device. Etc. For example, the image forming unit is provided with a conveyance path, and the recording paper fed from the paper feeding unit is conveyed along the conveyance path. The paper feeding unit pulls out the recording paper stored in the paper cassette or the recording paper placed on the manual feed tray one by one, and sends the recording paper to the conveyance path of the image forming unit.

  While the recording paper is being transported along the transport path of the image forming unit, the recording paper passes between the photosensitive drum and the transfer device, and further passes through the fixing device, and printing on the recording paper is performed. .

  The photosensitive drum rotates in one direction, and its surface is cleaned by a cleaning device and a static eliminator and then uniformly charged by a charging device. The laser scanning unit modulates the laser beam based on the image data to be printed, and repeatedly scans the surface of the photosensitive drum in the main scanning direction with this laser beam to form an electrostatic latent image on the surface of the photosensitive drum. To do. The developing device supplies toner to the surface of the photosensitive drum to develop the electrostatic latent image, and forms a toner image on the surface of the photosensitive drum.

  The transfer device transfers the toner image on the surface of the photosensitive drum to a recording sheet passing between the transfer device and the photosensitive drum. The fixing device includes a heating roller for heating the recording paper and a pressure roller for pressing the recording paper. The recording paper is heated by the heating roller and is pressed by the pressure roller, whereby the toner image transferred onto the recording paper is fixed on the recording paper. The recording paper discharged (printed) from the fixing device is discharged to a paper discharge tray. In the paper discharge processing apparatus, there are cases in which a plurality of recording papers are sorted into each paper discharge tray and discharged, a process of punching each recording paper, and a process of stapling a bundle of recording papers. For example, when creating multiple copies of printed matter, each recording sheet is sorted and discharged to each discharge tray so that a portion of the printed matter is assigned to each discharge tray. Punching processing or stapling processing is performed on a bundle of recording paper on the paper discharge tray to create a printed material. Such various processes are performed under the control of the CPU 310. The punching process may be performed for each recording sheet.

-Basic functions (modes) of MFP-
Using such a printing function, a printer mode is realized in which print data is received from a personal computer connected to the network line 400 via the network line 400 and an image is formed on a recording sheet.

  Further, the MFP 300 realizes a copy mode in which an original is read as image data by an original reading unit and an image is formed on a recording sheet based on the image data.

  Further, the MFP 300 realizes a facsimile transmission mode in which an original is read as image data by an original reading unit and the image data is transmitted to another apparatus. The MFP 300 also realizes a facsimile reception mode in which an image is formed on a recording sheet based on image data received from another device. Hereinafter, the facsimile transmission mode and the facsimile reception mode are referred to as a facsimile mode. In this MFP 300, on the touch panel display 380, the facsimile transmission mode is displayed as the fax / image transmission mode.

  Further, the MFP 300 implements a document filing mode in which an original is read as image data by the original reading unit and the image data is stored in the hard disk 340. It may be stored in another device (computer, external storage unit) via the network line 400 instead of the hard disk 340 of the MFP 300. In this case, SMB (Server Message Block), which is a protocol for realizing file sharing or printer sharing via a network, may be used. Using this protocol, scanned image data can be transferred to a shared folder shared on the network. This function may be called a scan to folder or a scan to shared folder.

  As described above, the MFP 300 includes a copy mode, a fax / image transmission mode, a document filing, and a printer mode as basic functions (modes). In the printer mode, when print data is received from a personal computer connected to the network line 400, the MFP 300 automatically switches to the printer mode and forms an image on a recording sheet based on the print data. For this reason, the screen for selecting the printer mode is not displayed on the touch panel display 380 of the MFP 300.

[Management table configuration]
In the image forming system according to the present embodiment, a user who wants to use MFP 300 that is not in a use-permitted state connects MFP 300 to network line 400 and receives a use permission signal from FSS server computer 200 to enable the function. Is provided. In order to realize such a function, a machine management table is stored in the hard disk 240 of the FSS server computer 200.

  A machine management table stored in the hard disk 240 of the FSS server computer 200 will be described with reference to FIG.

  As shown in FIG. 4, the machine management table includes a field for storing a machine ID for uniquely specifying an MFP in the network image forming system, and a registration information field for storing registration information about the MFP. And a permission information field for storing use permission information. The registration information field includes, for example, a field for storing a telephone line number and a field for storing an IP address. The usage information field is composed of, for example, a field for storing a usage time limit and a field for storing a usage prohibition flag.

  When the user sets a telephone line number for using FAX and an IP address for network connection in MFP 300, the telephone line number and IP address are stored as communication setting parameters in setting parameter storage area 344 of hard disk 340. MFP 300 connected to network line 400 transmits communication setting parameters (telephone line number and IP address) to FSS server computer 200. The FSS server computer 200 updates the information (telephone line number and IP address) stored in the registration information field of the machine management table based on the received communication setting parameter. Further, when the FSS server computer 200 receives the use permission request signal including the machine ID and the communication setting parameter from the MFP 300, the FSS server computer 200 compares the communication setting parameter stored in the registration information field with the received communication setting parameter. It is determined whether or not has been moved.

  When the MFP 300 is provided to the user by a rental contract or a lease contract, a time limit for using the MFP 300 is stored in the usage information field. If the rental company or lease company sets the MFP 300 so that it cannot be used, a use prohibition flag in the ON state (set state, “1” in binary) is stored in the use information field. .

  In order to make the MFP 300 used in the FSS mode usable, the FSS server computer 200 constituting the network image forming system according to the present embodiment stores the above-described table in the hard disk 240 and will be described below. The CPU 210 executes the program to be executed. In addition, the MFP 300 constituting this network image forming system also executes a program described below on the CPU 310.

Software configuration
Referring to FIGS. 5 to 8, in order to perform processing for permitting the use of MFP 300 without leaking confidential information based on a user permission request in the network image forming system according to the present embodiment. A control structure of computer programs executed by the FSS server computer 200 and the MFP 300 will be described. The flowchart shown in FIG. 5 shows the control structure of the computer program executed by the FSS server computer 200, and the flowcharts shown in FIGS. 6 to 8 show the control structure of the computer program executed by the MFP 300.

  Referring to FIG. 5, in step (hereinafter, step is abbreviated as S) 2000, CPU 210 of FSS server computer 200 (hereinafter simply referred to as CPU 210) receives a use permission request signal from MFP 300. It is determined whether or not. As will be described later, the use permission request signal includes a machine ID, an erased flag, and a communication setting parameter. If it is determined that a use permission request signal has been received from MFP 300 (YES in S2000), the process proceeds to S2010. If not (NO in S2000), the process returns to S2000 and waits until a use permission request signal is received from MFP 300. If NO in S2000, the process shown in FIG. 5 may be terminated.

  At S2010, CPU 210 refers to the machine management table (FIG. 4) stored in hard disk 240, and registers information (telephone line number and IP address) corresponding to the machine ID included in the received use permission request signal. Read usage permission information (expiration date and usage prohibition flag).

  In S2020, CPU 210 determines whether or not a use prohibition flag is set (whether or not it is in an ON state). If the use prohibition flag is set (if ON) (YES in S2020), the process proceeds to S2070. Otherwise (NO at S2020), the process proceeds to S2030.

  In S2030, CPU 210 determines whether or not the expiration date has passed. If it is determined that the execution date of this process has passed the expiration date (YES in S2030), the process proceeds to S2070. Otherwise (NO at S2030), the process proceeds to S2040.

  In S2040, CPU 210 determines whether MFP 300 has been moved or not. At this time, CPU 210 compares communication setting parameters (telephone line number and IP address) stored in the registration information field with the received communication setting parameters (telephone line number and IP address), and whether MFP 300 has been moved. Determine whether or not. If these setting parameters do not match, it is determined that MFP 300 has been moved. If it is determined that MFP 300 has been moved (YES in S2040), the process proceeds to S2050. If not (NO in S2040), the process proceeds to S2060.

  In S2050, CPU 210 determines whether or not the erased flag received from MFP 300 is set. If the erased flag indicating that user data storage area 342 of hard disk 340 of MFP 300 has been initialized is set (YES in S2050), the process proceeds to S2060. If not (NO in S2050), the process proceeds to S2070.

  In S2060, CPU 210 transmits a use permission signal to MFP 300 that has transmitted the use permission request signal. Thereafter, this process ends.

  In S2070, CPU 210 transmits a use disapproval signal to MFP 300 that has transmitted the use permission request signal. Thereafter, this process ends.

  Referring to FIG. 6, in S3000, CPU 310 of MFP 300 (hereinafter simply referred to as CPU 310) displays an initial setting screen on touch panel display 380. This initial setting screen is displayed on the touch panel display 380 when the MFP 300 is turned on when the MFP 300 is not connected to the network line 400. At this time, a procedure for connecting MFP 300 to network line 400 is displayed on touch panel display 380 after setting communication setting parameters (telephone line number and IP address). Has been. The MFP 300 may be turned on while the MFP 300 is connected to the network line 400.

  In S3010, CPU 310 determines whether or not a request for setting a communication relationship has been detected. At this time, for example, when the user presses a “set” button displayed on the initial setting screen, CPU 310 determines that a request for setting a communication relationship has been detected. If it is determined that a request for setting a communication relationship has been detected (YES in S3010), the process proceeds to S3020. Otherwise (NO in S3010), the process proceeds to S3050.

  In S3020, CPU 310 displays a communication-related setting screen on touch panel display 380.

  In S3030, CPU 310 determines whether or not an input of a communication setting parameter has been detected. At this time, for example, the CPU 310 presses the “telephone line number” button displayed on the communication setting screen, inputs the FAX number, presses the “IP address” button, inputs the IP address, When the “OK” button is pressed, it is determined that an input for the communication setting parameter is detected. If it is determined that an input for the communication setting parameter has been detected (YES in S3030), the process proceeds to S3040. If not (NO in S3030), the process returns to S3030 and waits until it is determined that an input for the communication setting parameter is detected.

  In S3040, CPU 310 stores the input telephone line number and IP address in communication parameter setting parameter storage area 344 of hard disk 340. Thereafter, the process proceeds to S3070.

  In S3050, CPU 310 determines whether or not communication-related settings have been completed. At this time, if communication setting parameters (telephone line number and IP address) are stored in setting parameter storage area 344 of hard disk 340, CPU 310 determines that communication-related settings have been made. If it is determined that communication-related settings have been made (YES in S3050), the process proceeds to S3060. Otherwise (NO at S3050), the process returns to S3010.

  In S 3060, CPU 310 reads the telephone line number and IP address, which are communication setting parameters, from setting parameter storage area 344 of hard disk 340.

  In S3070, CPU 310 reads the machine ID and erased flag from hard disk 340. At this time, the CPU 310 reads the machine ID from the machine ID storage area 348 and reads the erased flag from the flag storage area 346.

  In S 3080, CPU 310 determines whether or not the cable of network line 400 is connected to the network connection connector of MFP 300. If it is determined that network line 400 is connected to MFP 300 (YES in S3080), the process proceeds to S3090. If not (NO in S3080), the process returns to S3080 and waits until it is determined that MFP 300 is connected to network line 400.

  In S 3090, CPU 310 transmits a use permission request signal including a machine ID, an erased flag, and communication setting parameters (telephone line number and IP address) to FSS server computer 200. As described above, information for connecting to the FSS server computer 200 is stored in the hard disk 340.

  In S3100, CPU 310 causes touch panel display 380 to display a screen during communication.

  In S3110, CPU 310 determines whether a signal is received from FSS server computer 200 or not. At this time, since the received signal is a signal transmitted by the FSS server computer 200 in response to the use permission request signal, it is a use permission signal or a use non-permission signal (corresponding to the processing in S2060 or S2070 described above). If it is determined that a signal has been received from FSS server computer 200 (YES in S3110), the process proceeds to S3120. If not (NO in S3110), the process proceeds to S3130.

  In S3120, CPU 310 determines whether or not the received signal is a use permission signal. If it is determined that the received signal is a use permission signal (YES in S3120), the process proceeds to S3140. If not (NO in S3120), the process proceeds to S3150.

  In S3130, CPU 310 determines whether or not a predetermined time has elapsed since the use permission request signal was transmitted to FSS server computer 200 (whether or not communication timed out). If it is determined that a communication timeout has occurred after a predetermined time has elapsed (YES in S3130), the process proceeds to S3150. If not (NO in S3130), the process returns to S3110 and waits until it is determined that a signal has been received from the FSS server computer 200.

  In S 3140, CPU 310 displays a usage permission message on touch panel display 380 and an initial screen of MFP 300. Thereafter, the process proceeds to S3160 in FIG.

  In S 3150, CPU 310 displays a use disapproval message on touch panel display 380 and a maintenance screen (service man call screen) of MFP 300. Thereafter, the process proceeds to S3200 in FIG.

  Referring to FIG. 7, in S3160, CPU 310 determines whether or not a job is requested by the user. At this time, CPU 310 determines that a job is requested by the user when the user operates touch panel display 380 on which the initial screen is displayed to select an operation mode (for example, copy mode) and press the start button. If it is determined that a job is requested by the user (YES in S3160), the process proceeds to S3170. If not (NO in S3160), the process returns to S3160 and waits until it is determined that a job is requested by the user.

  In S3170, CPU 310 executes the job requested by the user. At this time, user data (such as image data obtained by scanning a document) is stored in the user data storage area 342.

  In S3180, CPU 310 determines whether or not the erased flag stored in flag storage area 346 is set. If it is determined that the erased flag is set (YES in S3180), the process proceeds to S3190. Otherwise (NO at S3180), the process ends.

  In S3190, CPU 310 resets the erased flag in the set state stored in flag storage area 346. Thereafter, this process ends.

  In the flowchart described above, the MFP 300 maintains the erased flag in the reset state in the reset state (NO in S3180). When the MFP 300 in use is disconnected from the network line 400, the communication setting parameter is set. When reconnecting to the network line 400 without changing (when the MFP 300 is moved without the user being changed without initializing the user data storage area 342 as in the case of moving the MFP 300 due to the layout change) ).

  Referring to FIG. 8, in S3200, CPU 310 determines whether or not the service person has logged in for maintenance. At this time, when the service person inputs a special key combination or the like from the touch panel display 380 or the hardware button, the CPU 310 determines that the user has logged in for maintenance. If it is determined that the service person has logged in for maintenance (YES in S3200), the process proceeds to S3210. If not (NO in S3200), the process returns to S3200 and waits until it is determined that the service person has logged in for maintenance.

  In S3210, CPU 310 displays an initial screen for maintenance on touch panel display 380.

  In S3220, CPU 310 determines whether a request for initializing user data storage area 342 has been detected or not. At this time, for example, when the service person presses a “go to initialization screen” button displayed on the initial screen for maintenance, the CPU 310 determines that a request to initialize the user data storage area 342 has been detected. If it is determined that a request for initializing user data storage area 342 has been detected (YES in S3220), the process proceeds to S3230. If not (NO in S3220), the process returns to S3220 and waits until a request to initialize the user data storage area 342 is detected.

  In S 3230, CPU 310 displays a screen for initializing user data storage area 342 on touch panel display 380.

  In S3240, CPU 310 determines whether or not an input for initializing user data storage area 342 has been detected. At this time, for example, when the service person presses the “Initialize” button displayed on the initialization screen of the user data storage area 342 and further presses the “Confirm” button, the CPU 310 stores the user data storage area 342. It is determined that an input to be initialized has been detected. If it is determined that an input for initializing user data storage area 342 has been detected (YES in S3240), the process proceeds to S3250. If not (NO in S3240), the process returns to S3240 and waits until an input for initializing the user data storage area 342 is detected.

  In S3250, CPU 310 initializes user data storage area 342 of hard disk 340. In S3260, CPU 310 sets the erased flag in the reset state stored in flag storage area 346. Thereafter, the process proceeds to S3090 in FIG.

[Operation]
An operation of the network image forming system according to the present embodiment based on the above-described structure and flowchart will be described.

  The operation of this network image forming system will be described using the machine management table shown in FIG. 4, the flowcharts shown in FIGS. 5 to 8, and the touch panel display 380 shown in FIGS. 9 to 13.

<For users immediately after shipment>
The MFP 300 that has been shipped from the manufacturer and transported to the location used by the first user has no erased data stored in the user data storage area 342, so the erased flag is set. When the user using this MFP 300 in the FSS mode turns on the MFP 300 without connecting the MFP 300 to the network line 400, an initial setting screen as shown in FIG. 9 is displayed on the touch panel display 380 (S3000).

  When the user presses the “set” button on touch panel display 380 shown in FIG. 9 (YES in S3010), a communication-related setting screen is displayed on touch panel display 380 (S3020). When the user inputs a telephone line number and an IP address according to this communication-related setting screen (YES in S3030), the input telephone line number and IP address are used as communication setting parameters in setting parameter storage area 344 of hard disk 340. (S3040).

  The machine ID is read from the machine ID storage area 348, and the set erased flag is read from the flag storage area 346 (S3070). When the user connects the cable of network line 400 to the network connection connector of MFP 300 (YES in S3080), the usage including the machine ID, erased flag, and communication setting parameters (telephone line number and IP address) set by the user A permission request signal is transmitted to the FSS server computer 200 (S3090). At this time, the screen shown in FIG. 10 is displayed on touch panel display 380 of MFP 300 (S3100).

  In response to the transmission of the use permission request signal by MFP 300, FSS server computer 200 determines that the use permission request signal has been received from MFP 300 (YES in S2000). The FSS server computer 200 refers to the machine management table (FIG. 4) stored in the hard disk 240, and registration information (telephone line number and IP address) and usage corresponding to the machine ID included in the received use permission request signal Read permission information (expiration date and use prohibition flag). Since this MFP 300 is the first device used after shipment from the manufacturer, it is assumed that only the machine ID is stored in the machine management table (the telephone line number, the IP address, and the expiration date are blank and The use prohibition flag is OFF (reset state). Thus, since the telephone line number and IP address stored in the machine management table are blank and the telephone line number and IP address received from the MFP 300 are not blank, they do not match and it is determined that the MFP 300 has been moved.

  It is determined that the use prohibition flag is not set (not ON) (NO in S2020), the expiration date has not passed (NO in S2030), and MFP 300 has been moved (in S2040). (YES), since the erased flag is set (YES in S2050), a use permission signal is transmitted to MFP 300 (S2060).

  In response to the transmission of the use permission signal by FSS server computer 200, MFP 300 determines that the use permission signal has been received from FSS server computer 200 (YES in S3110 and YES in S3120). The MFP 300 displays an initial screen on the touch panel display 380 together with the use permission message. At this time, the screen shown in FIG. 11 is displayed on the touch panel display 380 of the MFP 300 (S3140).

  For example, on the initial screen shown in FIG. 11, when the user sets a document on MFP 300, selects a copy mode, and presses the start button, it is determined that a job is requested by the user (YES in S3160). The MFP 300 executes the copy job requested by the user. At this time, user data (scanned document image data) is stored in the user data storage area 342 (S3170). Thus, since the user data has been stored, the set erased flag stored in the flag storage area 346 is rewritten to the reset state (S3190).

  Thereafter, the user uses the MFP 300 in the FSS mode. In this case, the erased flag holds the reset state.

<When user data is deleted and the user is changed>
The user data of the MFP 300 used by the user (first user) who started using it immediately after being shipped from the manufacturer is erased, and the MFP 300 is moved to a location used by the next user (second user). The case where is moved will be described.

  The MFP 300 transported from the location used by the first user to the location used by the second user had data stored in the user data storage area 342, but the user data storage area 342 was initialized. Therefore (S3250), the erased flag that has held the reset state is set (S3260). When a second user who uses the MFP 300 in the FSS mode turns on the MFP 300 without connecting the MFP 300 to the network line 400, an initial setting screen as shown in FIG. S3000).

  When the second user presses the “set” button on touch panel display 380 shown in FIG. 9 (YES in S3010), a communication-related setting screen is displayed on touch panel display 380 (S3020). When the second user inputs a telephone line number and an IP address according to this communication-related setting screen (YES in S3030), the input telephone line number and IP address are set in hard disk 340 as communication setting parameters. It is stored in the parameter storage area 344 (S3040).

  The machine ID is read from the machine ID storage area 348, and the set erased flag is read from the flag storage area 346 (S3070). When the second user connects cable of network line 400 to the network connection connector of MFP 300 (YES in S3080), the machine ID, erased flag, and communication setting parameters (telephone line number) set by second user And an IP address) are transmitted to the FSS server computer 200 (S3090). At this time, the screen shown in FIG. 10 is displayed on touch panel display 380 of MFP 300 (S3100).

  In response to the transmission of the use permission request signal by MFP 300, FSS server computer 200 determines that the use permission request signal has been received from MFP 300 (YES in S2000). The FSS server computer 200 refers to the machine management table (FIG. 4) stored in the hard disk 240, and registration information (telephone line number and IP address) and usage corresponding to the machine ID included in the received use permission request signal Read permission information (expiration date and use prohibition flag). In the machine management table, the telephone line number and IP address set by the first user are stored as registration information for the MFP 300 (the expiration date is blank and the use prohibition flag is in the OFF state (reset state). )). As described above, the telephone line number and IP address set by the first user are stored in the machine management table, and the telephone line number and IP address received from the MFP 300 are stored in the telephone set by the second user. Line number and IP address. Thus, since the telephone line number and the IP address are different, they do not match, and it is determined that MFP 300 has been moved.

  It is determined that the use prohibition flag is not set (not ON) (NO in S2020), the expiration date has not passed (NO in S2030), and MFP 300 has been moved (in S2040). (YES), since the erased flag is set (YES in S2050), a use permission signal is transmitted to MFP 300 (S2060).

  In response to the transmission of the use permission signal by FSS server computer 200, MFP 300 determines that the use permission signal has been received from FSS server computer 200 (YES in S3110 and YES in S3120). The MFP 300 displays an initial screen on the touch panel display 380 together with the use permission message. At this time, the screen shown in FIG. 11 is displayed on the touch panel display 380 of the MFP 300 (S3140). Thereafter, the second user also uses the MFP 300 in the same manner as the first user. In this case, when the second user starts using MFP 300, the erased flag that was in the set state is rewritten to the reset state, and the reset state is maintained.

<When the user is changed without deleting the user data>
The case where the user data of the MFP 300 used by the next user (second user) described above is not erased and the MFP 300 is moved to a location used by the next user (third user) will be described. To do.

  Since the MFP 300 transported from the location used by the second user to the location used by the third user described above has data stored in the user data storage area 342 (the user data storage area 342 is stored in the user data storage area 342). The erased flag holds the reset state because it has not been initialized. When a third user who uses the MFP 300 in the FSS mode turns on the MFP 300 without connecting the MFP 300 to the network line 400, an initial setting screen as shown in FIG. S3000).

  When the third user presses the “set” button on touch panel display 380 shown in FIG. 9 (YES in S3010), a communication-related setting screen is displayed on touch panel display 380 (S3020). When the third user inputs a telephone line number and IP address according to the communication-related setting screen (YES in S3030), the input telephone line number and IP address are set in hard disk 340 as communication setting parameters. It is stored in the parameter storage area 344 (S3040).

  The machine ID is read from the machine ID storage area 348, and the erased flag in the reset state is read from the flag storage area 346 (S3070). When the third user connects the cable of network line 400 to the network connection connector of MFP 300 (YES in S3080), the machine ID, erased flag, and communication setting parameters (telephone line number) set by the third user And an IP address) are transmitted to the FSS server computer 200 (S3090). At this time, the screen shown in FIG. 10 is displayed on touch panel display 380 of MFP 300 (S3100).

  In response to the transmission of the use permission request signal by MFP 300, FSS server computer 200 determines that the use permission request signal has been received from MFP 300 (YES in S2000). The FSS server computer 200 refers to the machine management table (FIG. 4) stored in the hard disk 240, and registration information (telephone line number and IP address) and usage corresponding to the machine ID included in the received use permission request signal Read permission information (expiration date and use prohibition flag). In the machine management table, the telephone line number and IP address set by the second user are stored as registration information for the MFP 300 (the expiration date is blank and the use prohibition flag is OFF (reset state)). )). As described above, the telephone line number and IP address set by the second user are stored in the machine management table, and the telephone line number and IP address received from the MFP 300 are stored in the telephone set by the third user. Line number and IP address. Thus, since the telephone line number and the IP address are different, they do not match, and it is determined that MFP 300 has been moved.

  It is determined that the use prohibition flag is not set (not ON) (NO in S2020), the expiration date has not passed (NO in S2030), and MFP 300 has been moved (YES in S2040). ). Since the erased flag is not set (NO in S2050), a use non-permission signal is transmitted to MFP 300 (S2070).

  In response to the use disapproval signal transmitted by FSS server computer 200, MFP 300 determines that the use disapproval signal has been received from FSS server computer 200 (YES in S3110 and NO in S3120). The MFP 300 displays a maintenance screen (serviceman call screen) on the touch panel display 380 together with the use disapproval message. At this time, the screen shown in FIG. 12 is displayed on the touch panel display 380 of the MFP 300 (S3150).

  According to the maintenance screen shown in FIG. 12, the third user contacts the service person. When the service person who arrives at the installation location of MFP 300 used by the third user logs in for maintenance (YES in S3200), an initial screen for maintenance is displayed on touch panel display 380 (S3210). . At this time, the screen shown in FIG. 13 is displayed on the touch panel display 380 of the MFP 300 (S3210).

  When the service person presses the “go to initialization screen” button on the screen shown in FIG. 13 (YES in S3220), a screen for initializing user data storage area 342 is displayed on touch panel display 380 of MFP 300 (S3230). ). When the service person presses the “Initialize” button displayed on the initialization screen of user data storage area 342 and further presses the “Confirm” button (YES in S3240), user data storage area 342 is initialized. (S3250). Further, the erased flag in the reset state stored in the flag storage area 346 is set (S3260).

  If the cable of network line 400 remains connected to the network connection connector of MFP 300 by the user (YES in S3080), the machine ID, erased flag, and communication setting parameters (telephone line number) set by the third user And the use permission request signal including the IP address) are transmitted again to the FSS server computer 200 (S3090). At this time, the screen shown in FIG. 10 is displayed on touch panel display 380 of MFP 300 (S3100).

  In response to the transmission of the use permission request signal by MFP 300, FSS server computer 200 determines that the use permission request signal has been received from MFP 300 (YES in S2000). The FSS server computer 200 refers to the machine management table (FIG. 4) stored in the hard disk 240, and registration information (telephone line number and IP address) and usage corresponding to the machine ID included in the received use permission request signal Read permission information (expiration date and use prohibition flag). As described above, the machine management table stores the telephone line number and IP address set by the second user, and the telephone line number and IP address received from the MFP 300 are set by the third user. Telephone line number and IP address. Thus, since the telephone line number and the IP address are different, they do not match, and it is determined that MFP 300 has been moved.

  It is determined that the use prohibition flag is not set (not ON) (NO in S2020), the expiration date has not passed (NO in S2030), and MFP 300 has been moved (in S2040). Since the erased flag is set this time (YES in S2050), a use permission signal is transmitted to MFP 300 (S2060).

  In response to the transmission of the use permission signal by FSS server computer 200, MFP 300 determines that the use permission signal has been received from FSS server computer 200 (YES in S3110 and YES in S3120). The MFP 300 displays an initial screen on the touch panel display 380 together with the use permission message. At this time, the screen shown in FIG. 11 is displayed on the touch panel display 380 of the MFP 300 (S3140). Thereafter, the third user also uses the MFP 300 in the same manner as the first user and the second user. In this case, when the third user starts using MFP 300, the erased flag that was in the set state is rewritten to the reset state, and the reset state is maintained.

<Communication timeout>
If the signal is not received from the FSS server computer 200 after the use permission request signal is transmitted from the MFP 300 (S3090) after a predetermined time has elapsed (NO in S3110 and YES in S3130), the use permission signal Could not be received. Even in the case of such a communication timeout, since the use permission signal has not been received, the MFP 300 displays a maintenance screen (service man call screen) on the touch panel display 380 together with a use disapproval message. At this time, the screen shown in FIG. 12 is displayed on the touch panel display 380 of the MFP 300 (S3150).

  Subsequent initialization operation of the user data storage area 342 and reconnection operation to the network by the service person are the same as the above-described operations. In this case, when the initialization of the user data storage area 342 is completed, the communication with the FSS server computer 200 may be retried. In the processing shown in FIG. 6, when a communication timeout occurs, the communication may be retried a predetermined number of times.

<When reconnecting the MFP to the network without user changes>
A case will be described in which the MFP 300 used by the user is disconnected and reconnected without temporarily changing the user (without changing the communication setting parameter). For example, when the MFP 300 is moved in the same room due to the layout change, the network line 400 must be once disconnected from the MFP 300 at the time of the movement.

  When the user finishes moving the MFP 300 and turns on the MFP 300 without connecting the MFP 300 to the network line 400, an initial setting screen as shown in FIG. 9 is displayed on the touch panel display 380 (S3000). At this time, since the communication settings are the same, the user presses the “set” button displayed on touch panel display 380 (NO in S3010). Since communication setting parameters (telephone line number and IP address) are stored in setting parameter storage area 344 of hard disk 340 (YES in S3050), these communication setting parameters are read (S3060).

  The machine ID is read from the machine ID storage area 348, and the erased flag in the reset state is read from the flag storage area 346 (S3070). When this user connects the cable of network line 400 to the network connection connector of MFP 300 after the movement due to the layout change (YES in S3080), the machine ID, erased flag, and communication setting parameters whose settings have not been changed by this user A use permission request signal including (telephone line number and IP address) is transmitted to the FSS server computer 200 (S3090). At this time, the screen shown in FIG. 10 is displayed on touch panel display 380 of MFP 300 (S3100).

  In response to the transmission of the use permission request signal by MFP 300, FSS server computer 200 determines that the use permission request signal has been received from MFP 300 (YES in S2000). The FSS server computer 200 refers to the machine management table (FIG. 4) stored in the hard disk 240, and registration information (telephone line number and IP address) and usage corresponding to the machine ID included in the received use permission request signal Read permission information (expiration date and use prohibition flag). In the machine management table, the telephone line number and IP address set before reconnection by this user are stored as registration information for the MFP 300 (the expiration date is blank and the use prohibition flag is in the OFF state (reset) Status)). As described above, the machine management table stores the telephone line number and IP address set by the user before reconnection, and the telephone line number and IP address received from the MFP 300 are the telephone line number set by the user. And an IP address. As described above, since the telephone line number and the IP address are the same, the MFP 300 is not determined to have moved.

  The use prohibition flag is not set (not ON) (NO in S2020), the expiration date has not passed (NO in S2030), and it is not determined that the MFP 300 has been moved (NO in S2040). ), A use permission signal is transmitted to the MFP 300 (S2060).

  The subsequent operation of the MFP 300 is the same as the operation when the MFP 300 receives the use permission signal.

<When the expiration date has passed or use is prohibited>
When MFP 300 transmits the use permission request signal, FSS server computer 200 determines that the use permission request signal has been received from MFP 300 (YES in S2000). The FSS server computer 200 refers to the machine management table (FIG. 4) stored in the hard disk 240, and registration information (telephone line number and IP address) and usage corresponding to the machine ID included in the received use permission request signal Read permission information (expiration date and use prohibition flag).

  When the MFP 300 is the MFP 00003 in FIG. 4, the use prohibition flag is stored as ON (set) in the machine management table. Therefore, the use disapproval signal is transmitted from FSS server computer 200 to MFP 300 without determining whether MFP 300 has been moved and whether the erased flag has been set (YES in S2020). , S2070).

  The subsequent operation of the MFP 300 is the same as the operation when the MFP 300 receives the use non-permission signal. In this case, after logging in by the service person (YES in S3200), as shown in FIG. 13, an initial screen for maintenance is displayed on touch panel display 380 (S3210). A serviceman who sees the error code (XXXXXXXXX1) on this screen recognizes that the use of the MFP 300 is prohibited. After this, this service person will respond appropriately.

  If the MFP 300 is the MFP 00002 in FIG. 4, the expiration date of use is stored as 2009/11/30 in the machine management table. When this operation is executed on 2009/12/1, the use disapproval signal is sent to the FSS server without determining whether or not the MFP 300 has been moved and whether or not the erased flag is set. It is transmitted from computer 200 to MFP 300 (YES in S2030, S2070).

  The subsequent operation of the MFP 300 is the same as the operation when the MFP 300 receives the use non-permission signal. In this case, after logging in by the service person (YES in S3200), as shown in FIG. 13, an initial screen for maintenance is displayed on touch panel display 380 (S3210). A serviceman who sees the error code (XXXXXXXXX2) on this screen recognizes that the expiration date of use of the MFP 300 has passed. After this, this service person will respond appropriately.

As described above, according to the network image forming system according to the present embodiment,
(1) An MFP, which is an example of an information device including a storage unit and a communication unit, is used by a user unless it receives a use permission signal from an FSS server computer, which is an example of an information processing device, using the communication unit. I can't. For this reason, since the confidential information memorize | stored in the memory | storage unit cannot be accessed by the third party who does not receive permission, it can prevent that confidential information leaks easily.
(2) The FSS server computer stores registration information (telephone line number, IP address) for each MFP, compares the registration information with the received communication setting parameters (telephone line number, IP address), and It is determined whether or not has been moved. The FSS server computer transmits a use permission signal to the MFP if the MFP has not been moved, and a use permission signal to the MFP if the data in the storage unit has been erased even if the MFP has been moved. If the MFP has been moved and the data in the storage unit has not been erased, the FSS server computer transmits a use disapproval signal to the MFP. Therefore, when the MFP is moved, use is permitted only when the confidential information stored in the storage unit has been erased. When the MFP is moved, since an unauthorized third party cannot access, confidential information can be prevented from leaking easily.
(3) The FSS server computer stores use permission information (use time limit, use prohibition flag) for each MFP, and determines whether or not the use of the MFP is permitted. The FSS server computer transmits a use disapproval signal to the MFP if the use period of the MFP has passed, and a use disapproval signal to the MFP if the use prohibition flag of the MFP is set. For this reason, when the contract for the use of the MFP has expired or the use is prohibited for some reason, the use is not permitted. If the use is permitted or the use is prohibited, it cannot be used, and in addition to preventing leakage of confidential information, it may prevent use by unintended users. it can.

  The embodiment disclosed herein is merely an example, and the present invention is not limited to the embodiment described above. The scope of the present invention is indicated by each of the claims after taking into account the description of the detailed description of the invention, and all modifications within the meaning and scope equivalent to the wording described therein are intended. Including.

200 FSS server computer 300 MFP
340 Hard disk 342 User data storage area 344 Setting parameter storage area 346 Flag storage area 348 Machine ID storage area 400 Network line 500 Internet network

Claims (16)

Communication means for communicating with other devices;
Storage means for storing data;
Switching means for switching between a state where the user can recognize the data and a state where the data cannot be recognized;
Sending status information indicating the data storage status in the storage means to another device, receiving instruction information transmitted from another device responding to the status information, and based on the received instruction information, And an information device including control means for controlling the switching means. The switching means includes means for switching between a use permission state in which the user can recognize the data and a use disapproval state in which the data cannot be recognized,
The control means transmits state information indicating a state in which no data is stored in the storage means to another device when the information device is in a use-not-permitted state, and based on the received instruction information The information device according to claim 1, comprising means for controlling to switch from the use-not-permitted state to the use-permitted state. The switching means includes means for switching between a use permission state in which the user can recognize the data and a use disapproval state in which the data cannot be recognized,
When the information device is in a use-not-permitted state, the control unit transmits state information indicating a state in which data is stored in the storage unit to another device, and based on the received instruction information The information device according to claim 1, further comprising means for controlling so as not to switch from the use-not-permitted state to the use-permitted state. The information device further includes means for storing communication parameters for causing the communication means to function,
The control means transmits the communication parameter to another device in addition to the state information, receives the state information and instruction information transmitted from another device responding to the communication parameter, and receives the received The information apparatus according to claim 1, comprising means for controlling the switching means based on instruction information.   The information device according to claim 4, wherein the communication parameter is changed when an installation location of the information device is changed. The switching means includes means for switching between a use permission state in which the user can recognize the data and a use disapproval state in which the data cannot be recognized,
When the information device is in a use-not-permitted state, the control means indicates that the status information indicating a state in which no data is stored in the storage means and that the installation location of the information device is changed. The communication parameter which can be identified with an apparatus is transmitted, The means for controlling to switch from a use disapproval state to a use permission state based on the received instruction information is included, The means of Claim 4 or Claim 5 is included. Information equipment. The switching means includes means for switching between a use permission state in which the user can recognize the data and a use disapproval state in which the data cannot be recognized,
When the information device is in a use-not-permitted state, the control means indicates that the status information indicating a state in which data is stored in the storage means and that the installation location of the information device is changed. The communication parameter identifiable by the apparatus is transmitted, and means for controlling so as not to switch from the use non-permitted state to the use permitted state based on the received instruction information is included. Information equipment described. The status information is any one of information indicating that no data is stored and information indicating that data is stored in a storage area in which confidential data is stored,
The information device according to any one of claims 1 to 7, wherein the instruction information is one of information that permits use of the information device and information that is not permitted.   The information device further includes means for controlling not to switch to a state in which the user can recognize the data unless receiving information permitting use of the information device from the other device. The information device according to any one of claims 1 to 8. The data includes image data;
An image processing apparatus further comprising means for processing the image data in addition to the means according to any one of claims 1 to 9. An information processing apparatus that communicates with an information device including a communication unit and a storage unit that stores data recognized by a user,
A communication means for communicating with the information device;
It is determined whether to permit a state in which the user can recognize the data for each information device based on the information received from the information device and indicating the data storage state in the storage unit. Determination means for,
An information processing apparatus comprising: means for transmitting use permission information to the information device when it is determined to be permitted by the determination means. The information device transmits a communication parameter set to make the communication unit function to the information processing apparatus,
The information processing apparatus includes:
Parameter storage means for storing the received communication parameters for each information device;
A position determination means for determining the installation location of the information device based on the communication parameter stored in the parameter storage means and the received communication parameter;
The information processing according to claim 11, wherein the determination unit includes a unit for determining whether to permit a state in which the user can recognize the data based on the installation location in addition to the state information. apparatus. The position determination means includes means for determining that the installation location of the information device is changed when the communication parameter stored in the parameter storage means and the received communication parameter do not match,
When the determination unit determines that the installation location of the information device has been changed, the determination unit recognizes the data based on receiving state information indicating that no data is stored in the storage unit. The information processing apparatus according to claim 12, further comprising means for determining that a state in which permission is possible is permitted. The position determination means includes means for determining that the installation location of the information device is changed when the communication parameter stored in the parameter storage means and the received communication parameter do not match,
When the determination unit determines that the installation location of the information device has been changed, the determination unit recognizes the data based on receiving state information indicating a state in which data is stored in the storage unit. The information processing apparatus according to claim 12, further comprising means for determining that a state in which the operation is possible is not permitted. The information processing apparatus includes:
Means for storing any of the information about the use prohibition and the information about the use period for each information device;
12. The apparatus according to claim 11, further comprising means for determining that a state in which the user can recognize the data is not permitted in any of the case where the use is prohibited and the case where the use period has elapsed. The information processing apparatus according to claim 14.   An information device comprising: the information device according to any one of claims 1 to 9; the image processing device according to claim 10; and the information processing device according to any one of claims 11 to 15. Processing system.

Images