JP2013186841A - Use restriction program, use restriction method, and use restriction device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To simplify setting for restricting use of a device via a network.SOLUTION: A use restriction program causes a computer to execute: a first reception procedure in which an acquisition request requesting for list information of devices is received, the acquisition request being transmitted from the information processing device via a network, and the devices being devices to which user identification information for identifying a user of an information processing device is specified; an extracting procedure in which in response to the acquisition request, a list of device identification information is extracted from a first storage part, the device identification information representing respective devices each of which is allowed to be used by a user associated with user identification information specified in the acquisition request, the first storage part storing information identifying users who are permitted to use a device for each device identification information for identifying the device; and a first reply procedure in which the extracted list is replied to the information processing device.

Description

  The present invention relates to a use restriction program, a use restriction method, and a use restriction device.

  Network devices such as printers (hereinafter simply referred to as “devices”) that are connected to a network and can be used via the network are widely used. In an office or the like, each device is generally shared by a plurality of users.

  Conventionally, regarding devices that are permitted to be used only by a specific user, it is necessary to set use restriction information such as an ACL (Access Control List) for each device.

  However, in a situation where a wide variety of devices are becoming available via a network, setting usage restriction information for each device is a cumbersome task for a system administrator or the like.

  The present invention has been made in view of the above points, and an object thereof is to simplify the setting for restricting the use of devices via a network.

  Therefore, in order to solve the above-described problem, the use restriction program receives a request for acquiring list information of a device in which user identification information for identifying a user of the information processing device is specified, which is transmitted from the information processing device via a network. In response to the acquisition request, the first storage unit that stores information for identifying a user who is permitted to use the device for each device identification information for identifying the device, in response to the acquisition request. An extraction procedure for extracting a list of device identification information of each device permitted to be used by the user related to the specified user identification information, and a first reply procedure for returning the extracted list to the information processing apparatus Let the computer run.

  Settings for restricting the use of devices via the network can be simplified.

It is a figure which shows the structural example of the apparatus control system in embodiment of this invention. It is a figure which shows the hardware structural example of the server apparatus in embodiment of this invention. It is a figure which shows the function structural example of a client apparatus and a server apparatus. It is a sequence diagram for demonstrating an example of the process sequence of the presentation process of the apparatus list which a user can utilize. It is a figure which shows the structural example of an apparatus information storage part. It is a figure which shows the example of a display of an apparatus list screen. It is a sequence diagram for demonstrating an example of the process sequence performed according to selection of an apparatus. It is a figure which shows the structural example of an apparatus control information storage part.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a diagram illustrating a configuration example of a device control system according to an embodiment of the present invention. In the device control system 1 of FIG. 1, the server device 10, the authentication device 20, one or more client devices 30, one or more image forming devices 40a, one or more projectors 40b, and one or more TV conference control devices. 40c etc. are communicably connected via a network such as a LAN (Local Area Network) or the Internet (whether wired or wireless).

  The image forming apparatus 40a is a multifunction machine that realizes two or more functions of printing, scanning, copying, FAX transmission / reception, and the like by a single casing. However, in the present embodiment, a printer having only a printing function among these functions may be used as the image forming apparatus 40a.

  The projector 40b is a device that projects an image.

  The TV conference control device 40c is a device that controls a video conference.

  Note that, when the image forming apparatus 40a, the projector 40b, the TV conference control apparatus 40c, and the like are not distinguished, they are referred to as devices 40.

  The client device 30 is an information processing device that a user operates to use the device 40. That is, the client device 30 functions as a user interface for using the device 40. Examples of the client device 30 include a PC (Personal Computer), a mobile phone, a smartphone, a tablet terminal, or a PDA (Personal Digital Assistance).

  The server device 10 is a computer that executes processing for restricting the use of the device 40 from the client device 30 via the network. The authentication device 20 is a computer that authenticates the user of the client device 30.

  FIG. 2 is a diagram illustrating a hardware configuration example of the server device according to the embodiment of the present invention. The server device 10 in FIG. 2 includes a drive device 100, an auxiliary storage device 102, a memory device 103, a CPU 104, an interface device 105, and the like that are mutually connected by a bus B.

  A program for realizing processing in the server device 10 is provided by a recording medium 101 such as a CD-ROM. When the recording medium 101 storing the program is set in the drive device 100, the program is installed from the recording medium 101 to the auxiliary storage device 102 via the drive device 100. However, the program need not be installed from the recording medium 101 and may be downloaded from another computer via a network. The auxiliary storage device 102 stores the installed program and also stores necessary files and data.

  The memory device 103 reads the program from the auxiliary storage device 102 and stores it when there is an instruction to start the program. The CPU 104 executes functions related to the server device 10 in accordance with a program stored in the memory device 103. The interface device 105 is used as an interface for connecting to a network.

  The client device 30 and the authentication device 20 may also have hardware similar to the hardware shown in FIG. However, the client device 30 includes an input device such as a mouse, a keyboard, a touch panel, or a button for receiving an operation instruction from the user, a display device that displays a request for input of the operation instruction, a response to the operation instruction, and the like. It is desirable.

  FIG. 3 is a diagram illustrating a functional configuration example of the client device and the server device. In FIG. 3, the client device 30 includes a display control unit 31, a client communication unit 32, and the like.

  The display control unit 31 displays information received from the server device 10 on a display device included in the client device 30. The client communication unit 32 controls communication with the server device 10. For example, the client communication unit 32 transmits a request according to the input from the user to the server device 10 or receives a response returned from the server device 10 in response to the request.

  Note that the display control unit 31 and the client communication unit 32 are realized by processing in which one or more programs installed in the client device 30 are executed by the CPU of the client device 30. For example, the display control unit 31 and the client communication unit 32 may be realized by a general-purpose web browser.

  The server device 10 includes a server communication unit 11, a function execution unit 12, a device management unit 13, an authentication control unit 14, a device control unit 15, and the like. Each of these units is realized by processing that one or more programs installed in the server device 10 cause the CPU 104 to execute. The server device 10 also includes a device information storage unit 16, a device control information storage unit 17, a data storage unit 18, and the like. Each of these storage units can be realized by using the auxiliary storage device 102 or a storage device connected to the server device 10 via a network.

  The server communication unit 11 controls communication with the client device 30. For example, the server communication unit 11 receives a request transmitted from the client device 30 or returns a response to the request.

  The function execution unit 12 controls the execution of the function according to the request from the client device 30 received by the server communication unit 11. The function execution unit 12 outputs the function execution result to the server communication unit 11.

  The device management unit 13 provides the function execution unit 12 with an interface for operating information stored in the device information storage unit 16. The device information storage unit 16 stores the attribute information of the device 40 for each device 40. The attribute information includes information for identifying a user who is permitted to use the device 40 (that can use the device 40).

  The authentication control unit 14 causes the authentication device 20 to execute authentication of the user of the client device 30.

  In response to a request from the function execution unit 12, the device control unit 15 executes acquisition of data list information stored in the data storage unit 18, transmission of the data to the device 40, and the like.

  The device control unit 15 and the data storage unit 18 exist for each type of device 40 (hereinafter, “device type”). The device type refers to a concept of classifying the devices 40 according to differences in functions or uses of the devices 40. In the present embodiment, the device 40 is classified into any one of “Printer”, “Projector”, and “TVconf”. Printer is the device type name of the device type to which the image forming apparatus 40a belongs. Projector is the device type name of the device type to which the projector 40b belongs. TVconf is the device type name of the device type to which the TV conference control device 40c belongs.

  The reason why the device control unit 15 exists for each device type is because the control method of the device 40 is different for each device type. The reason why the data storage unit 18 exists for each device type is that the format of the job (input data) differs for each device type. For example, in the case of the image forming apparatus 40a, print data is an example of a job. On the other hand, the projector 40b can consider image data to be projected as an example of a job. In general, the procedure for transmitting a print request for print data to the image forming apparatus 40a and the procedure for transmitting a request for projection of image data to the projector 40b are not unified.

  It is the device control unit 15 that absorbs such differences for each device type and provides a unified interface to the function execution unit 12. The data storage unit 18 stores input data in a format corresponding to the device type. In FIG. 3, as a specific example of the device control unit 15, a printer control unit 151, a projector control unit 152, and the like are shown. Further, as specific examples of the data storage unit 18, a print data storage unit 181 and a projection data storage unit 182 are shown.

  The printer control unit 151 obtains print data (print job) list information from storage in the print data storage unit 181 or print data stored in the print data storage unit 181 in response to a request from the function execution unit 12. Is sent to the image forming apparatus 40a.

  In response to a request from the function execution unit 12, the projector control unit 152 acquires projection data (projection job) list information from storage in the projection data storage unit 182, or projection data stored in the projection data storage unit 182. Is sent to the projector 40b. The projection data is image data in a data format that can be projected by the projector 40b.

  Each device control unit 15 corresponding to the device type may be realized by a different program. That is, the program that causes the server device 10 to function as the printer control unit 151 and the program that causes the server device 10 to function as the projector control unit 152 may be different from each other. When the necessity to correspond to a new device type arises, a program corresponding to the device type may be created, and the program may cause the server device 10 to function as the device control unit 15 corresponding to the device type. . In this case, the program that causes the server device 10 to function as the device control unit 15 is preferably implemented as a program module that can be dynamically called from the function execution unit 12.

  The device control information storage unit 17 stores correspondence information between each device type and each device control unit 15. The function execution unit 12 refers to the correspondence information and dynamically determines the device control unit 15 corresponding to the device type.

  Hereinafter, a processing procedure executed in the device control system 1 will be described. FIG. 4 is a sequence diagram for explaining an example of a processing procedure for presenting a list of devices available to the user.

  When a login screen acquisition instruction to the server device 10 is input to the client device 30, the client communication unit 32 transmits a login screen acquisition request to the server device 10 (S101). An example of a login screen acquisition instruction is, for example, input of a URL (Uniform Resource Locator) corresponding to the login screen.

  Upon receiving the login screen acquisition request, the server communication unit 11 requests the function execution unit 12 to execute a process corresponding to the acquisition request (S102). The function execution unit 12 generates display data (for example, a web page) for displaying a login screen, and outputs the display data (hereinafter referred to as “login screen data”) to the server communication unit 11 (S103). The server communication unit 11 returns a response including the login screen data to the client device 30 (S104).

  When the response is received by the client communication unit 32 of the client device 30, the display control unit 31 displays a login screen based on the login screen data included in the response. The configuration of the login screen varies depending on the authentication method employed. In this embodiment, the user is authenticated by the user name and password. Therefore, the user name and password are input on the login screen. When other authentication methods such as biometric authentication and card authentication are adopted, the login screen only needs to have a configuration corresponding to the authentication method.

  When a user name and password are input on the login screen and a login instruction (for example, pressing of a login button on the login screen) is input to the client device 30, the client communication unit 32 is input to the login screen. A login request in which the user name and password are specified is transmitted to the server device 10 (S106).

  Upon receiving the login request, the server communication unit 11 of the server device 10 requests the function execution unit 12 to execute processing corresponding to the login request (S106). The function execution unit 12 inputs an authentication request based on the user name and password specified in the login request to the authentication control unit 14 (S107). The authentication control unit 14 transmits an authentication request in which the user name and password are specified to the authentication device 20 (S108).

  The authentication device 20 performs authentication based on the specified user name and password. For example, the authentication device 20 stores a pair of a user name and a password, a group name to which the user belongs, and the like for each user who can use the device control system 1. If a set that matches the set of the user name and password specified in the authentication request is stored, the authentication device 20 determines that the authentication is successful. The authentication device 20 returns an authentication result indicating success or failure of the authentication to the authentication control unit 14 (S109). The authentication control unit 14 outputs the authentication result returned from the authentication device 20 to the function execution unit 12 (S110).

  If the authentication result indicates that the authentication is successful, the function execution unit 12 stores the authenticated user name as “login user name”, for example, in the memory device 103. Subsequently, the function execution unit 12 requests the device management unit 13 to acquire a list of attribute information (hereinafter referred to as “device information”) of each device 40 included in the device control system 1 (S111). The device management unit 13 acquires a list of device information from the device information storage unit 16 (S112, S113), and outputs the list to the function execution unit 12 (S114).

  FIG. 5 is a diagram illustrating a configuration example of the device information storage unit. In FIG. 5, the device information storage unit 16 stores a device ID, a model name, an IP address, a usage control target, a usage permission / inhibition, a device type, a remark, and the like for each device.

  The device ID is identification information that identifies an individual (machine) of each device 40. The model name is the model name of the device 40. The IP address is an IP address assigned to the device 40. The usage control target is a group name or a user name that is a target of usage control for the device 40. The device 40 in which a specific group name or user name is not recorded as a usage control target indicates that anyone can use it. The use permission / denial is information indicating permission / prohibition of use with respect to the use control target. “Allow” indicates that use is permitted, and “deny” indicates that use is not permitted. That is, the items of the usage control target and usage permission / rejection correspond to an example of information for identifying a user permitted to use the device 40.

  When the use permission value is “allow”, use is not permitted for users other than the group name or user name specified as the use control target. When the use permission value is “deny”, the use is permitted for users other than the group name or the user name specified as the use control target.

  The device type is a device type name of the device type to which the device 40 belongs. In the present embodiment, the model and the device type are different concepts. As is clear from FIG. 5, even if the models are different, any device 40 having a common part in function and application can belong to the same device type. That is, it can be said that the device type is a classification including the model. However, when the control method of the device 40 is different for each model, that is, when it is necessary to vary the device control unit 15, the device type may be replaced depending on the model.

  The remarks are accompanying information regarding the device 40. FIG. 5 shows an example in which the installation location of the device 40 is recorded.

  In step S <b> 114, a list of device information as illustrated in FIG. 5 is output to the function execution unit 12.

  Subsequently, the function execution unit 12 designates the login user name and transmits a request for acquiring the group name of the group to which the login user belongs to the authentication device 20 via the authentication control unit 14 (S115, S116). The authentication device 20 returns a group name stored in association with the designated login user name (S117, S118). The returned group name is hereinafter referred to as “login group name”. One user may belong to a plurality of groups.

  Subsequently, the function execution unit 12 displays display data (hereinafter, “device list screen data”) that displays a screen (hereinafter, referred to as “device list screen”) including a list of device information of devices 40 that can be used by the login user. Generated) (S119). Specifically, the function execution unit 12 includes the login user name or the login group name in the usage control target item from the list of device information acquired in step S114, and the usage permission item is “allow”. Extract some device information. In addition, the function execution unit 12 does not include the login user name or the login group name in the usage control target item in the device information list acquired in step S114, and the usage permission / denial item is “deny”. Extract information. The function execution unit 12 generates device list screen data for displaying a device list screen including a list of extracted device information. Therefore, the device list screen includes a list of device information of the devices 40 that can be used by the login user.

  Subsequently, the function execution unit 12 outputs the generated device list screen data to the server communication unit 11 (S120). The server communication unit 11 returns the response to the response client device 30 including the device list screen data (S121).

  When the response is received by the client communication unit 32 of the client device 30, the display control unit 31 displays the device list screen based on the device list screen data included in the response.

  FIG. 6 is a diagram illustrating a display example of the device list screen. The device screen 510 in FIG. 6 includes a device type selection area 511, a device selection area 512, and the like.

  In the device selection area 512, device information of the devices 40 belonging to the device type selected in the device type selection region 511 is displayed. FIG. 6 shows an example in which the device ID and remarks in the device information are displayed. However, a list of device information of all the devices 40 that can be used by the login user may be displayed at a time.

  By referring to the device list screen 510, the user can easily grasp the devices 40 that can be used or operated by the user via the network. In other words, the device 40 that cannot be used by the user can be hidden from the user by the device list screen 510.

  Next, a processing procedure executed in response to selection of any device 40 on the device list screen 510 will be described.

  FIG. 7 is a sequence diagram for explaining an example of a processing procedure executed in response to selection of a device.

  When any device 40 is selected on the device list screen 510, the client communication unit 32 transmits a job list acquisition request in which the device ID of the selected device 40 is designated to the server device 10 (S201). .

  Upon receiving the job list acquisition request, the server communication unit 11 requests the function execution unit 12 to execute processing according to the acquisition request (S202). The function execution unit 12 specifies the device ID specified in the acquisition request and requests the device management unit 13 to acquire the device type name (S203). The function execution unit 12 stores the device ID in the memory device 103 as identification information of the device 40 to be used (hereinafter referred to as “target device”).

  The device management unit 13 acquires the device type name associated with the device ID with reference to a list of device information acquired in step S113 and stored in the memory device 103, for example. The device management unit 13 outputs the acquired device type name to the function execution unit 12 (S204).

  Here, it is assumed that the device type name of the device 40 to be used is “Printer”. That is, it is assumed that any one of the image forming apparatuses 40a is selected as a usage target.

  Subsequently, the function execution unit 12 refers to the device control information storage unit 17 and determines the device control unit 15 corresponding to the device type name “Printer” (S205).

  FIG. 8 is a diagram illustrating a configuration example of the device control information storage unit. As illustrated in FIG. 8, the device control information storage unit 17 stores, for each device type name, a device control unit name corresponding to the device type. The device control unit name is an identification name of the device control unit 15. More strictly, it is an identification name (for example, an executable file name) of a program that causes the server device 10 to function as the device control unit 15.

  In FIG. 8, the device control unit name corresponding to the device type name “Printer” is “Printer control unit”. Therefore, in step S205, the function execution unit 12 determines that the device control unit 15 corresponding to the device type name “Printer” is the printer control unit 151. The determined device control unit 15 is hereinafter referred to as “target device control unit 15”.

  Subsequently, the function execution unit 12 specifies the login user name and requests the printer control unit 151 as the target device control unit 15 to acquire the job list (S206). Each device control unit 15 includes a method for receiving a job list acquisition request based on a common interface specification. Therefore, the function execution unit 12 requests the printer control unit 151 to acquire a job list by calling the method of the printer control unit 151.

  In response to the job list acquisition request, the printer control unit 151 acquires print data attribute information associated with the login user name in the print data (print job) stored in the print data storage unit 181 ( S207, S208). That is, the print data storage unit 181 stores attribute information for each print data. The attribute information includes a user name who is the owner of the print data, an identification name (for example, a job name) of the print data, and the like. The printer control unit 151 acquires attribute information of print data in which the user name as the owner matches the login user name. The printer control unit 151 outputs the list of acquired attribute information to the function control unit (S209).

  As described above, the job list is acquired based on the correspondence relationship for each device type, not the correspondence relationship for each device 40. That is, regardless of which image forming apparatus 10a is the target device, a job list including attribute information of the same print data is acquired. Therefore, the user can select a print target from the same list of print data, regardless of which image forming apparatus 10a is selected as the target of use (target device).

  Subsequently, the function execution unit 12 generates display data (hereinafter referred to as “job list screen data”) that displays a job list screen including a list of the attribute information. Subsequently, the function execution unit 12 outputs the generated job list screen data to the server communication unit 11 (S210). The server communication unit 11 returns the response to the response client device 30 including the job list screen data (S211).

  When the response is received by the client communication unit 32 of the client device 30, the display control unit 31 displays the job list screen based on the job list screen data included in the response. When any job is selected on the job list screen, the client communication unit 32 transmits a job execution request in which the job name of the selected job is designated to the server apparatus 10 (S212).

  Upon receiving the job execution request, the server communication unit 11 requests the function execution unit 12 to execute a process corresponding to the execution request (S213). The function execution unit 12 requests the execution of the job by specifying the job name and the IP address of the target device to the printer control unit 151 that is the target function control unit (S214). The IP address of the target device can be specified based on the device ID of the target device. Each device control unit 15 includes a method for receiving a job execution request based on a common interface specification. Therefore, the function execution unit 12 requests the printer control unit 151 to execute a job by calling the method of the printer control unit 151.

  Subsequently, the printer control unit 151 acquires print data corresponding to the designated job name from the print data storage unit 181 and transmits the print data to the image forming apparatus 40a associated with the designated IP address (S215). ). As a result, the print job is executed in the image forming apparatus 40a.

  Thereafter, for example, the printer control unit 151 performs polling for detecting the completion of the print job (S216 to S219). When the printer control unit 151 detects the completion of the print job in the image forming apparatus 40a, the printer control unit 151 outputs a response indicating the completion of the job to the function execution unit 12 (S220).

  In subsequent steps S221 to S224, processing similar to that in steps S209 to S211 described above is executed. As a result, the job list screen is displayed again on the client device 30.

  As described above, in the present embodiment, the information indicating whether or not each user is permitted or not allowed to use each device 40 is centrally managed by the server device 10, and whether or not the use is permitted or not is determined by the server device 10. Judgment is made centrally. The client device 30 that functions as an interface for using the device 40 is provided with list information of the devices 40 that can be used by the user of the client device 30. Therefore, the setting for restricting the use of the device 40 via the network can be simplified. That is, the administrator or the like does not need to set information indicating whether each user is permitted or not, or information indicating a restriction on the use for each device 40.

  In the device list screen 510, the device 40 arranged near the client device 30 may be displayed at the top. In this case, if the client device 30 has a GPS (Global Positioning System) function, the client communication unit 32 designates the latitude, longitude, sea level, and the like of the client device 30 in step S105 and the like, and requests a login. May be sent.

  The device information storage unit 16 only needs to store latitude, longitude, sea level, and the like for each device 40. When the function execution unit 12 generates the device list screen data, the function execution unit 12 is close to the client device 30 based on the comparison of the latitude, longitude, and sea level of the client device 30 with the latitude, longitude, and sea level of the client device 30. What is necessary is just to produce | generate apparatus list screen data so that the apparatus information may be arranged from a high order in an order from the apparatus 40. At this time, sea level may be given top priority. That is, first, the devices 40 are sorted in descending order of sea level, and grouping is performed for each device 40 estimated to be installed on the same floor based on the difference in sea level. Subsequently, sorting may be performed for each group based on latitude and longitude.

  Alternatively, the device 40 that is determined to be on a different floor from the client device 30 based on the sea level may be removed from the display target on the device list screen 510.

  Note that the present embodiment may be applied to the use of devices other than the device 40 shown in the present embodiment.

  In the present embodiment, the server device 10 is an example of a usage restriction device. The client device 30 is an example of an information processing device. The device information storage unit 16 is an example of a first storage unit. The server communication unit 11 is an example of a reception unit and a reply unit. The function execution unit 12 is an example of an extraction unit.

  As mentioned above, although the Example of this invention was explained in full detail, this invention is not limited to such specific embodiment, In the range of the summary of this invention described in the claim, various deformation | transformation・ Change is possible.

1 device control system 10 server device 11 server communication unit 12 function execution unit 13 device management unit 14 authentication control unit 15 device control unit 16 device information storage unit 17 device control information storage unit 18 data storage unit 20 authentication device 30 client device 31 display Control unit 32 Client communication unit 40a Image forming device 40b Projector 40c TV conference control device 100 Drive device 101 Recording medium 102 Auxiliary storage device 103 Memory device 104 CPU
105 Interface Device 151 Printer Control Unit 152 Projector Control Unit 181 Print Data Storage Unit 182 Projection Data Storage Unit B Bus

JP 2010-251926 A

Claims (5)

A first reception procedure for receiving an acquisition request for list information of devices in which user identification information for identifying a user of the information processing device is specified, which is transmitted from the information processing device via a network;
In response to the acquisition request, for each piece of device identification information for identifying the device, the first storage unit that stores information for identifying a user permitted to use the device relates to the user identification information specified in the acquisition request. An extraction procedure for extracting a list of device identification information of each device permitted to be used by the user;
A use restriction program that causes a computer to execute a first reply procedure for returning the extracted list to the information processing apparatus. A second reception procedure for receiving device identification information selected from the list, transmitted from the information processing apparatus that has received the list;
In response to the reception of the device identification information, the second storage unit corresponding to each device type indicated by the device type information stored in the first storage unit in association with the device identification information stores the type. An acquisition procedure for acquiring a list of data identification information for identifying each input data for a device to which the device belongs;
A use restriction program that causes the computer to execute a second reply procedure for returning a list of acquired data identification information to the information processing apparatus. A third reception procedure for receiving the data identification information selected from the list, transmitted from the information processing apparatus that has received the list information of the data identification information;
Utilizing the computer to execute a transmission procedure for transmitting the input data related to the data identification information to the device related to the device identification information selected from the list of the device identification information in response to reception of the data identification information Restricted program. A first reception procedure for receiving an acquisition request for list information of devices in which user identification information for identifying a user of the information processing device is specified, which is transmitted from the information processing device via a network;
In response to the acquisition request, for each piece of device identification information for identifying the device, the first storage unit that stores information for identifying a user permitted to use the device relates to the user identification information specified in the acquisition request. An extraction procedure for extracting a list of device identification information of each device permitted to be used by the user;
A use restriction method in which a computer executes a first reply procedure for replying the extracted list to the information processing apparatus. A receiving unit that receives an acquisition request for list information of devices in which user identification information for identifying a user of the information processing device is specified, which is transmitted from the information processing device via a network;
In response to the acquisition request, for each piece of device identification information for identifying the device, the first storage unit that stores information for identifying a user permitted to use the device relates to the user identification information specified in the acquisition request. An extractor for extracting a list of device identification information of each device permitted to be used by the user;
A use restriction device comprising: a reply unit that returns the extracted list to the information processing device.

Images