JP2014029651A - Security management system, and security management program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve convenience of a user as an operator of electric equipment such as an image forming apparatus, while securing safety by application of security.SOLUTION: An image forming apparatus includes: a regular security storage unit that stores regular security required for permission of execution of a function; an alternative security storage unit that stores alternative security replacing the regular security; and an authentication unit that permits the execution of the function directed to be executed by an operator, when authentication of the function directed to be executed by the regular security is not completed and if authentication of the function directed to be executed by the alternative security as an alternative of the regular security is normally completed.

Description

  The present invention relates to a security management system and a security management program, and more particularly to a technology for managing security applied in an electronic apparatus such as an image forming apparatus.

  Conventionally, various types of security have been applied to electronic devices such as image forming apparatuses and image processing apparatuses in order to prevent leakage of handling data. For example, in Patent Document 1 below, security appropriate for each function such as a copy operation and a scan operation that can be executed by the image forming apparatus is set by setting security for each function that can be executed by the image forming apparatus. An image processing apparatus to be secured is shown.

JP 2008-85471 A

  In the prior art disclosed in Patent Document 1, in order for an operator to execute a certain function, authentication based on security set in advance for the function must be completed. However, on the other hand, it can be said that it is not convenient for the operator because the function cannot be executed unless the authentication of the security is completed. Nowadays, it is required to further improve usability for a user as an operator while ensuring safety by applying security.

  The present invention has been made to solve the above problem, and aims to improve usability for a user as an operator while ensuring safety by applying security.

The invention described in claim 1 of the present invention includes a regular security storage unit that stores regular security required for permitting execution of a function for each function;
For the regular security stored in the regular security storage unit, an alternative security storage unit that stores one or a plurality of separate alternative securitys that replace the regular security; and
An instruction receiving unit for receiving an instruction to execute each function from an operator;
When the execution instruction is received by the instruction reception unit, authentication by the regular security required for permitting execution of the function indicated by the execution instruction is performed, and when the authentication is normally completed, An authentication unit that permits execution of the function,
The authentication unit is a security management system that permits execution of the function when authentication by the alternative security of the regular security is normally completed when authentication by the regular security for the function is incomplete. is there.

The invention according to claim 4 is a regular security storage unit that stores regular security required for permitting execution of a function for each function;
For the regular security stored in the regular security storage unit, an alternative security storage unit that stores one or a plurality of separate alternative securitys that replace the regular security; and
An instruction receiving unit for receiving an instruction to execute each function from an operator;
When the execution instruction is received by the instruction reception unit, authentication by the regular security required for permitting execution of the function indicated by the execution instruction is performed, and when the authentication is normally completed, Let the computer function as an authentication unit that permits execution of the function,
When the authentication by the regular security for the function is incomplete, the authentication unit allows the execution of the function when the authentication by the alternative security of the regular security is normally completed. A security management program that allows computers to function.

  In these inventions, the regular security required for permitting the execution of the function and a separate alternative security in place of the regular security are prepared, and the authentication unit authenticates the function for which the execution is instructed by the operator. When authentication by security is not completed, execution of the instructed function is permitted when authentication by alternative security is normally completed instead of authentication by regular security. For this reason, the operator is provided with the convenience of executing the function without having to complete the regular security authentication for the function instructed to be executed. By doing so, safety by applying security can be ensured. As a result, while safety is ensured by applying security, which is a conventional problem, it is possible to alleviate the problem that the convenience for the operator when the function is executed is reduced.

  The invention according to claim 2 is the security management system according to claim 1, wherein the alternative security storage unit includes a plurality of security conditions in which both authentication completions are conditions for permitting the function execution. The alternative security is stored.

  In the present invention, the authentication unit is instructed when authentication is performed with alternative security for the function instructed by the operator, and authentication is performed for a plurality of security, and both authentications for the plurality of security are completed. For example, in addition to regular security, other security employed in an electronic device to which the security management system is applied can be combined to provide alternative security. For this reason, the already adopted security can be effectively used as alternative security, and variations of alternative security can be enriched.

The invention according to claim 3 is the security management system according to claim 1 or 2, wherein the security level is received from the system administrator by the operator who designates the security level to be applied to the electronic device. A reception unit;
The alternative security storage unit stores the alternative security different for each of a plurality of security levels,
The authentication unit, when the authentication by the regular security for the function is not completed, when the authentication by the alternative security corresponding to the security level received by the security level reception unit is normally completed, The function is allowed to be executed.

  In this invention, the authentication unit performs authentication using the alternative security prepared for each security level for each security level designated by the system administrator, and the authentication is completed by the regular security or the alternative security is used. Execution of the function instructed by the operator is permitted on the condition that the authentication is completed, so the contents of the security authentication, which is the condition for executing the function instructed by the operator, are changed according to the security strength required by the system administrator. Can be done.

  According to the present invention, it is possible to improve usability for a user as an operator while ensuring safety by applying security.

1 is a front sectional view showing a structure of an image forming apparatus according to an embodiment of the present invention. 2 is a functional block diagram schematically showing a main internal configuration of the image forming apparatus. FIG. (A) is a diagram showing a correspondence between functions and regular security, (B) is a diagram showing a correspondence between regular security and alternative security. 3 is a flowchart illustrating a first embodiment of security management in the image forming apparatus. 2 is a diagram illustrating an overview of an operation unit of the image forming apparatus. FIG. It is a figure which shows an example of the display screen of a display part. It is a figure which shows an example of the display screen of a display part. It is a figure which shows an example of the display screen of a display part. It is a figure which shows matching of a function, regular security, and alternative security. It is a figure which shows matching of a function, regular security, and alternative security. 6 is a flowchart illustrating a second embodiment of security management in the image forming apparatus. It is a figure which shows a response | compatibility of a function, regular security, and alternative security. It is a figure which shows the function permitted according to the completion of authentication of regular security and alternative security for each security level.

  Hereinafter, a security management system, an image forming apparatus, and a security management program according to an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a front sectional view showing the structure of an image forming apparatus according to an embodiment of the present invention.

  An image forming apparatus 1 according to an embodiment of the present invention is a multifunction machine having a plurality of functions such as a copy function, a printer function, a scanner function, and a facsimile function. The image forming apparatus 1 includes an apparatus main body 11 that includes an image forming unit 12, a fixing unit 13, a paper feeding unit 14, a document feeding unit 6, an image reading unit 5, and the like. The image forming apparatus 1 includes a security management system according to an embodiment of the present invention.

  The apparatus main body 11 includes a lower main body 111, an upper main body 112 disposed so as to face the lower main body 111, and a connecting portion 113 provided between the upper main body 112 and the lower main body 111. The upper body 112 is provided with an image reading unit 5 and a document feeding unit 6.

  The image reading unit 5 includes a contact glass 161 mounted on the upper surface opening of the upper main body 112 for placing a document, an openable / closable document pressing cover 162 for pressing the document placed on the contact glass 161, And a reading mechanism 163 that reads an image of a document placed on the contact glass 161. The reading mechanism 163 includes a light irradiation unit (light source) as a light source having an LED (Light Emitting Diode) that emits light toward a document, and an image sensor such as a CCD (Charge Coupled Device) or a CMOS (Complementary Metal Oxide Semiconductor). (Conversion unit) and an optical system that has a plurality of mirrors and condenser lenses, which will be described later, and is movable between a position below the document reading slit 53 and a document reading position that is a position below the contact glass 161. These are used to optically read an image of a document and generate image data. The generated image data is used for image formation by the image forming unit 12 or storage in the HDD 92 described later.

  The document feeding unit 6 feeds the document placed on the document placing unit 61 one by one by driving the paper feed roller and the conveyance roller, and conveys the document to a position facing the document reading slit 53, and the document reading slit Then, the image is read by the reading mechanism 163 of the image reading unit 5 through 53 and then discharged to the document discharge unit 66. In the case of setting to read the document conveyed by the document feeding unit 6 as described above, the reading mechanism 163 is conveyed by the document feeding unit 6 at a feeding document reading position below the document reading slit 53. Scan incoming documents.

  The lower main body 111 includes an image forming unit 12, a fixing unit 13, and a paper feeding unit 14. The paper feed unit 14 has paper feed cassettes 142, 143, and 144 that can be inserted into and removed from the apparatus main body 11.

  The image forming unit 12 performs an image forming operation for forming a toner image on the recording paper fed from the paper feeding unit 14. The image forming unit 12 is arranged in order from the upstream side to the downstream side in the traveling direction of the intermediate transfer belt 125, the magenta image forming unit 12M using magenta toner, and the cyan toner using cyan toner. The image forming unit 12C of yellow, the image forming unit 12Y for yellow using yellow toner, and the image forming unit 12Bk for black using black toner (hereinafter, when each image forming unit is described without distinction, Each of which is referred to as an “image forming unit 120”, and an intermediate transfer belt 125 stretched between a plurality of rollers such as a driving roller 125a (secondary transfer opposing roller) so as to be capable of running endlessly in the sub-scanning direction in image formation, The intermediate transfer belt 125 is a portion where the intermediate transfer belt 125 is stretched around the driving roller 125a. And a contact with the secondary transfer roller 210 to the outer peripheral surface 125.

  Each image forming unit 120 includes a photosensitive drum 121, a developing device 122 that supplies toner to the photosensitive drum 121, a toner cartridge (not shown) that contains toner, a charging device 123, an exposure device 124, a primary device. A transfer roller 126 and a drum cleaning device 127 are integrally provided.

  The photosensitive drum 121 forms an electrostatic latent image and a toner image along the electrostatic latent image on the peripheral surface thereof. The developing device 122 supplies toner to the photosensitive drum 121. Each developing device 122 is appropriately supplied with toner from the toner cartridge.

  The charging device 123 is provided immediately below the photosensitive drum 121. The charging device 123 uniformly charges the peripheral surface of each photosensitive drum 121.

  The exposure device 124 is provided below the photosensitive drum 121 and further below the charging device 123. The exposure device 124 irradiates the circumferential surface of the charged photosensitive drum 121 with laser light corresponding to each color based on image data input from a computer or the like or image data acquired by the image reading unit 5, and each photosensitive member. An electrostatic latent image is formed on the peripheral surface of the drum 121. The exposure device 124 is a so-called laser exposure device, which is a laser light source that outputs a laser beam, a polygon mirror that reflects the laser beam toward the surface of the photosensitive drum 121, and a laser beam reflected by the polygon mirror. Optical components such as a lens and a mirror for guiding the drum 121 are provided.

  The developing device 122 supplies toner to the electrostatic latent image on the peripheral surface of the photoconductive drum 121 rotating in the direction of the arrow and stacks the toner, and the toner corresponding to the image data is formed on the peripheral surface of the photoconductive drum 121. Form an image.

  The intermediate transfer belt 125 is disposed above the photosensitive drums 121. The intermediate transfer belt 125 is stretched between the driving roller 125a on the left side in FIG. 1 and the driven roller 125b on the right side in FIG. It is in contact. The driven roller 125b is provided at a position facing the driving roller 125a and rotates following the endless running of the intermediate transfer belt 125. The intermediate transfer belt 125 is driven by a driving roller 125 a in a state where an image carrying surface on which a toner image is transferred is set on the outer peripheral surface thereof and in contact with the peripheral surface of the photosensitive drum 121. The intermediate transfer belt 125 travels endlessly between the driving roller 125a and the driven roller 125b while being synchronized with each photosensitive drum 121.

  A primary transfer roller 126 is provided at a position facing each photosensitive drum 121 with the intermediate transfer belt 125 interposed therebetween. A transfer bias is applied to the primary transfer roller 126 by a transfer bias applying mechanism (not shown), and the primary transfer roller 126 transfers the toner image formed on the outer peripheral surface of each photosensitive drum 121 to the intermediate transfer belt 125. Transfer to the surface.

  The control unit 10 (FIG. 2) drives and controls the primary transfer roller 126 and the image forming unit 120 for each color, and the magenta toner formed on the surface of the intermediate transfer belt 125 by the magenta image forming unit 12M. The image transfer, the transfer of the cyan toner image formed by the cyan image forming unit 12C at the same position of the intermediate transfer belt 125, and the yellow image forming unit 12Y at the same position of the intermediate transfer belt 125 are then performed. The transfer of the formed yellow toner image and the transfer of the black toner image formed by the final black image forming unit 12Bk are performed so that the toner images of the respective colors overlap each other. Are formed on the surface of the intermediate transfer belt 125 (intermediate transfer (primary transfer)).

  A transfer bias is applied to the secondary transfer roller 210 by a transfer bias applying mechanism (not shown). The secondary transfer roller 210 transfers the color toner image formed on the surface of the intermediate transfer belt 125 onto the recording paper conveyed from the paper supply unit 14. The secondary transfer roller 210 forms a nip portion N where the toner image is secondarily transferred onto the recording paper, with the intermediate transfer belt 125 and the drive roller 125a. The recording sheet conveyed through the sheet conveying path 190 is pressed and sandwiched between the intermediate transfer belt 125 and the secondary transfer roller 210 at the nip portion N, where the toner image on the intermediate transfer belt 125 is secondarily transferred to the recording sheet. The

  The drum cleaning device 127 is provided on the left side of each photoconductive drum 121 in FIG. 1, and removes residual toner on the peripheral surface of the photoconductive drum 121 for cleaning.

  A sheet conveyance path 190 extending in the vertical direction is formed at the left position in FIG. 1 with respect to the image forming unit 12. A pair of conveying rollers 192 is provided at an appropriate position on the sheet conveying path 190. The conveyance roller pair 192 conveys the recording paper fed from the paper supply unit 14 toward the nip N and the fixing unit 13. That is, the recording paper is transported by the transport mechanism including the transport roller pair 192 disposed at the appropriate position.

  The fixing unit 13 includes a heating roller 132 provided with an energization heating element as a heating source therein, and a pressure roller 134 disposed to face the heating roller 132. The fixing unit 13 generates heat from the heating roller 132 while the recording paper passes through the fixing nip between the heating roller 132 and the pressure roller 134 with respect to the toner image on the recording paper transferred by the image forming unit 12. To give a fixing process. The recording paper on which the color image has been formed after the fixing process is completed is discharged toward a discharge tray 151 provided on the top of the lower main body 111 through a discharge conveyance path 194 extending from the upper part of the fixing unit 13. The

  The paper feed unit 14 includes a manual feed tray 141 provided on the right side wall in FIG. 1 of the apparatus main body 11 so as to be openable and closable, and paper feed cassettes 142, 143, and 144. A pickup roller 145 provided above the paper feed cassettes 142, 143, and 144 feeds the uppermost recording paper in the paper bundle stored in the paper feed cassettes 142, 143, and 144 toward the paper transport path 190.

  The paper discharge unit 15 is formed between the lower main body 111 and the upper main body 112. The paper discharge unit 15 includes a discharge tray 151 formed on the upper surface of the lower main body 111. The discharge tray 151 is a tray in which the recording paper on which the toner image is formed by the image forming unit 12 is discharged after the fixing unit 13 performs the fixing process.

  Next, the configuration of the image forming apparatus 1 will be described. FIG. 2 is a functional block diagram schematically showing the main internal configuration of the image forming apparatus 1.

  The image forming apparatus 1 includes a control unit 10. The control unit 10 includes a CPU (Central Processing Unit), a RAM, a ROM, a dedicated hardware circuit, and the like, and controls the overall operation of the image forming apparatus 1.

  The image reading unit 5 includes the reading mechanism 163 having a light irradiation unit and a CCD sensor under the control of the control unit 10. The image reading unit 5 irradiates the document with the light irradiating unit and receives the reflected light with the CCD sensor, thereby reading the image from the document.

  The image processing unit 31 performs image processing on the image data of the image read by the image reading unit 5 as necessary. For example, the image processing unit 31 performs predetermined image processing such as shading correction in order to improve the quality after the image read by the image reading unit 5 is formed by the image forming unit 12.

  The image memory 32 is an area for temporarily storing document image data obtained by reading by the image reading unit 5 and temporarily storing data to be printed by the image forming unit 12.

  The image forming mechanism 40 includes a paper transport mechanism that includes the image forming unit 12, the fixing unit 13, the transport roller pair 192, and the like described above. The image forming mechanism 40 forms an image of the image data read by the image reading unit 5.

  The operation unit 47 includes a touch panel unit and operation key units that receive instructions from the operator regarding various operations and processes that can be executed by the image forming apparatus 1. The touch panel unit includes a display unit (notification unit) 473 such as an LCD (Liquid Crystal Display) provided with a touch panel.

  The facsimile communication unit 71 includes an unillustrated encoding / decoding unit, modulation / demodulation unit, and NCU (Network Control Unit), and performs facsimile transmission using a public telephone network.

  The network interface unit 91 is composed of a communication module such as a LAN board. Via a LAN or the like connected to the network interface unit 91, a device in a local area (such as a personal computer), or a server or web on the Internet Send and receive various data with the site.

  The HDD 92 is a large-capacity storage device that stores document images and the like read by the image reading unit 5.

  The HDD 92 stores (installs) a security management program according to an embodiment of the present invention. The control unit 10 operates according to the security management program, and functions as a regular security storage unit 101, an alternative security storage unit 102, an instruction reception unit 103, an authentication unit 104, and a security level reception unit 105, which will be described later.

  However, the regular security storage unit 101, the alternative security storage unit 102, the instruction reception unit 103, the authentication unit 104, and the security level reception unit 105 can be configured by hardware circuits independently of the operation based on the security management program. It is. The same applies to each embodiment unless otherwise specified.

  The operation control unit 100 includes an image reading unit 5, a document feeding unit 6, an image processing unit 31, an image memory 32, an image forming mechanism 40, an operation unit 47, a facsimile communication unit 71, a network interface unit 91, and an HDD (hard disk drive). 92 and the like. The control unit 10 controls the operation of each mechanism described above, and executes, for example, each function of a scanner function, a printer function, a copy function, and a printer function.

  The regular security storage unit 101 stores regular security set for each function that can be executed by the image forming apparatus 1. This regular security is security required to permit execution of a function when the execution of the function is instructed by an operator. For each function, when the authentication by the security is completed, the operation control unit 100 performs an operation corresponding to the function. Regular security refers to security set as a condition for permitting execution of the function.

  In the present embodiment, the function will be described using scan transmission, box transmission, box printing, normal printing, and pull printing as examples. The scan transmission is a function for transmitting a document obtained by reading by the document reading unit 5 by e-mail or fax. The box transmission is a function for transmitting a document stored in a predetermined area in the HDD 92 by e-mail or fax. Box printing is a function of printing (image forming) a document stored in a predetermined area in the HDD 92 by the image forming mechanism 40. The normal printing is a function for printing data received passively from a computer or the like connected to the image forming apparatus 1 via the image forming mechanism 40. The pull print is a function for acquiring and printing data external to the image forming apparatus 1 such as a file or web page on a server designated by the operator.

  For example, as shown in FIG. 3A, regular security is set for each function of scan transmission, box transmission, box printing, normal printing, and pull printing, and the regular security for each function is stored in the regular security storage unit 101. Is remembered. FIG. 3A shows an example in which user authentication that is the same regular security is set for each of these functions.

  The alternative security storage unit 102 stores, for the regular security stored in the regular security storage unit 101, separate alternative security composed of one or more that substitutes for the regular security. The alternative security is security in which authentication is performed instead of regular security when authentication by regular security is not performed or when authentication is not established. When the authentication by the alternative security is completed, even if the authentication is not completed by the regular security, the authentication unit 104 described later permits execution of the function instructed by the operator. For example, as shown in FIG. 3B, password authentication is set as alternative security for user authentication that is regular security, and is stored in the alternative security storage unit 102. Password authentication is security that authenticates whether or not the password entered by the operator is a legitimate password.

  The instruction receiving unit 103 receives an execution instruction for each of the functions input by an operation of the operation unit 47 by the operator.

  When the instruction receiving unit 103 receives the execution instruction, the authentication unit 104 performs authentication based on regular security required to permit execution of the function indicated by the execution instruction. The authentication unit 104 permits the execution of the function when the authentication is normally completed. That is, when the instruction receiving unit 103 receives the execution instruction, the authentication unit 104 reads the regular security set for the function indicated by the execution instruction from the regular security storage unit 101, and uses the read regular security. Authentication is performed, and operation control for execution of the function by the operation control unit 100 is permitted on the condition that the authentication is completed.

  Further, as described above, when the authentication by the regular security for the function for which the execution instruction has been accepted is not completed, the authentication unit 104 performs the authentication when the authentication by the alternative security for the regular security is normally completed. The execution of the function is permitted.

  The security level accepting unit 105 accepts designation of a security level to be applied to the image forming apparatus 1 from the system administrator based on the operation of the operation unit 47 by the system administrator. The authentication unit 104 reads the alternative security corresponding to the security level received by the security level reception unit 105 from the alternative security storage unit 102, and performs authentication based on the read alternative security for the operator. Details of the alternative security setting for each security level in this case will be described later.

  The security management system according to the embodiment of the present invention includes the regular security storage unit 101, the alternative security storage unit 102, the instruction reception unit 103, the authentication unit 104, and the security level reception unit 105.

  However, the security level receiving unit 105 is a component of the security management system according to the embodiment of the present invention as long as it is necessary in the embodiment described below.

  Next, a first embodiment of security management in the image forming apparatus 1 will be described. FIG. 4 is a flowchart illustrating a first embodiment of security management in the image forming apparatus 1. FIG. 5 is a diagram illustrating an overview of the operation unit of the image forming apparatus 1, and FIGS. 6 to 8 are diagrams illustrating an example of a display screen of the display unit 473. FIG. 9 and FIG. 10 are diagrams showing associations between functions, regular security, and alternative security.

  In a standby state where the image forming apparatus 1 is waiting for an instruction input from an operator as a user, the operation control unit 100 causes the display unit 473 to display an initial screen D1 shown as a display screen of the display unit 473 in FIG. ing. Here, an example is shown in which a copy operation setting input screen is displayed as the initial screen D1.

  In this standby state, when the operator operates the operation unit 47 to specify the mode of the image forming apparatus 1 in order to select a function to be performed by the image forming apparatus 1 (YES in S1), the operation control unit 100 The display unit 473 displays a setting input screen for inputting detailed operation settings corresponding to the designated mode (S2). For example, when the operator inputs a mode selection instruction for selecting a transmission mode for performing detailed settings for scan transmission and box transmission by pressing the transmission button B1 shown in FIG. However, the setting input screen D2 as shown in FIG. 6 is displayed on the display unit 473.

  In this state where the setting input screen is displayed, the image forming apparatus 1 is in a state of waiting for the detailed setting and the function execution instruction to be input by the operation of the operation unit 47 by the operator (S3). When the function execution instruction is received by the instruction receiving unit 103 as an input from the person (YES in S3), the authentication unit 104 sets the normal security corresponding to the function indicated by the received function execution instruction to the normal security storage unit 101. (S4). The operation control unit 100 displays an authentication screen for authenticating the read regular security on the display unit 473 (S5). For example, among the execution instruction buttons d1 to d10 on the setting input screen D2 by the operator, the execution instruction button corresponding to the user function requested by the operator, for example, the execution instruction button d1 corresponding to the scan transmission is pressed. When the function execution instruction of the mail transmission function including the scan and the mail transmission of the document created by the scan is input by the touch panel function of the display unit 473 and the function execution instruction is received by the instruction reception unit 103, the authentication unit 104 reads the user authentication stored in the regular security storage unit 101 as the regular security associated with the mail transmission function indicated by the function execution instruction, and the operation control unit 100 operates the operator for the user authentication. Prompts for user identification information (user ID) On the display unit 473 the Za identification information input screen D3.

  When waiting for the input of the function execution instruction (S3), the operation control unit 100 causes the display unit 473 to display the setting input screen until the instruction execution unit 103 receives the function execution instruction. (NO in S3, S2).

  Here, when the operator as the user inputs unique user identification information by the operation of the operation unit 47 and the authentication unit 104 receives the user identification information (YES in S6), the authentication unit 104 Then, it is determined whether or not the input user identification information is regular user identification information (S7). For example, in the input of user identification information, in addition to the operation of the operation unit 47 by the operator, the image forming apparatus 1 has a card reader such as an RF-ID, and the operator holds a unique ID card over the card reader. The user identification information stored in the memory in the ID card may be received by the authentication unit 104 via a card reader.

  If the authentication unit 104 determines in S7 that the input user identification information is legitimate user identification information (YES in S7), the authentication unit 104 indicates the function execution instruction input in S3. The execution of the function is permitted (S12). After permitting the execution of the function, the operation control unit 100 causes the corresponding operation mechanism to perform the operation indicated by the function (S13). Thereafter, the process ends.

  Explaining with the above example, in S12, the authentication unit 104 permits the execution of the mail transmission function because the authentication by the regular security for the mail transmission function indicated by the function execution instruction is completed by the completion of the user authentication. Processing to do.

  On the other hand, when the authentication unit 104 determines in S7 that the input user identification information is not regular user identification information (NO in S7), the user identification information is not input from the operator in S6, When the authentication unit 104 does not accept the user identification information (NO in S6), the authentication unit 104 reads the alternative security associated with the regular security read in S4 from the alternative security storage unit 102. (S8). The operation control unit 100 causes the display unit 473 to display an authentication screen for performing authentication of the read alternative security (S9).

  For example, if the authentication unit 104 determines that the input user identification information is not regular user identification information, the authentication unit 104 reads password authentication stored in the alternative security storage unit 102 as alternative security for the regular security. The operation control unit 100 causes the display unit 473 to display a password input screen D4 as shown in FIG. 8 urging the operator to input a password.

  At this time, when the password is input by the operation of the operation unit 47 by the operator and the authentication unit 104 receives the password (YES in S10), the authentication unit 104 indicates that the input password is a regular password. It is determined whether or not (S11). That is, in S11, the authentication unit 104 performs alternative security authentication instead of regular security authentication. Until the authentication unit 104 accepts the password (NO in S10), the operation control unit 100 displays the password input screen D4 on the display unit 473 (S9).

  Here, if the authentication unit 104 determines that the input password is a regular password (YES in S11), the authentication unit 104 permits the execution of the function indicated by the function execution instruction received in S3 (S12). After permitting the execution of the function by the authentication unit 104, the operation control unit 100 causes each corresponding operation mechanism to perform the operation indicated by the function (S13).

  On the other hand, if the authentication unit 104 determines that the input password is not a regular password (NO in S11), the authentication unit 104 does not permit execution of the function indicated by the function execution instruction. In this case, the process ends after the authentication unit 104 determines that the password is not a regular one.

  According to the first embodiment, the regular security originally required for permitting the execution of the function and the separate alternative security in place of the regular security are prepared, and the authentication unit 104 is executed by the operator. When the authentication by the regular security for the instructed function cannot be completed, the execution of the instructed function is permitted if the authentication by the alternative security is normally completed. For this reason, for example, when the operator forgets the information necessary for completing the regular security (user identification information in the above example) or when the regular security is troublesome and cancels, etc. Even if the process is not completed, convenience is obtained by giving an opportunity to execute the function. In this case, since the completion of authentication by the alternative security is used as an alternative condition for permitting the function execution, the security by applying the security can be maintained. As a result, according to the first embodiment, it is possible to solve the problem in the prior art that when the security is secured by applying security, the convenience for the operator when the function is executed deteriorates. is there.

  In the first embodiment, an example is shown in which the same regular security is set for all functions, but it is also possible to set each regular security for each function. In this case, as shown in an example in FIG. 9, regular security is set for each function. For each regular security, alternative security can be set.

  The secure print shown in FIG. 9 is a case where the image forming apparatus 1 includes the card reader, and the operator holds the unique ID card over the card reader and is stored in the ID card. When the user identification information is received by the authentication unit 104 via the card reader, the image forming apparatus 1 performs image formation and recording paper discharge when the user identification information is received by the authentication unit 104. It is security to ensure safety by making it appear.

  Further, in the first embodiment, an example is shown in which alternative security that is authenticated in place of regular security is the same for all functions. However, as shown in FIG. It is good also as what consists of the content each set for each function to perform. In this case, the alternative security for each function is stored in the alternative security storage unit 102, and the authentication unit 104 reads out and executes the alternative security corresponding to the function for each function for which execution has been instructed.

  In the first embodiment, one alternative security is set for the regular security. However, the present invention is not limited to this, and a plurality of alternative security is set for the regular security and the alternative security storage unit 102 is set. The authentication unit 104 may permit the execution of the function when all the authentications of the set alternative security are completed and stored. In this case, for example, the security applied to the image forming apparatus 1 can be combined and used as alternative security. For this reason, each security applied in the image forming apparatus 1 can be effectively used, and variations of alternative security can be enriched. Further, the authentication unit 104 may permit the execution of the function instructed to be executed when any one of the plurality of alternative security settings set for the regular security is completed.

  Moreover, although one regular security is set for each function, a plurality of regular security may be set for each function and stored in the regular security storage unit 101. In this case, the authentication unit 104 may (1) permit the execution of the function upon completion of all the authentications of the set regular security, and (2) the set value. The execution of the function may be permitted upon completion of any of the plurality of regular security.

  Next, a second embodiment of security management in the image forming apparatus 1 will be described. FIG. 11 is a flowchart illustrating a second embodiment of security management in the image forming apparatus 1. Note that the description of the same processing as in the first embodiment is omitted.

  In the second embodiment, when the authentication unit 104 determines in S26 that the input user identification information is not legitimate user identification information (NO in S26), the operator identifies the user identification in S27. If no information is input and the authentication unit 104 does not accept the user identification information (NO in S27), the authentication unit 104 substitutes alternative security according to each security level set by the system administrator. Reading from the storage unit 102 (S28), authentication is performed using alternative security corresponding to the security level (S29 to S31). The operation control unit 100 causes the display unit 473 to display a display screen corresponding to the alternative security. When the alternative security authentication is completed (YES in S31), the authentication unit 104 permits the execution of the function (S32).

  For example, when the alternative security is secure printing, a message to the effect that the ID card is held over the card reader is displayed on the display unit 473 (S29). When the operator holds the unique ID card over the card reader and the user identification information stored in the ID card is received by the authentication unit 104 via the card reader (YES in S30), the user identification information is If it is legitimate user identification information (YES in S31), the authentication unit 104 permits execution of the function instructed to be executed (S32).

  In the second embodiment, a plurality of security levels are set, and the alternative security storage unit 102 stores alternative security for regular security for each security level. The alternative security is enhanced in security strength as the security level increases. FIG. 12 is a diagram showing the correspondence between functions, regular security, and alternative security. FIG. 13 is a diagram illustrating the functions permitted in accordance with the completion / non-completion of regular security and alternative security authentication for each security level. FIG. 13 shows scan transmission as (1), box transmission as (2), box printing as (3), printing as (4), and pull printing as (5). 12 and 13 show the same contents.

  For example, as shown in FIG. 12 and FIG. 13, at level 3 where the security level is the highest, alternative security is not set, that is, function execution is permitted only when authentication of regular security is completed. .

  In Level 2, which is the second highest security level, when the authentication of both the box password and the secure print as the alternative security is completed, the authentication unit 104 performs the functions of box transmission, box printing, printing, and pull printing. Is set to allow execution. However, the execution of scan transmission is permitted by the authentication unit 104 only when normal security authentication is completed.

  Furthermore, level 3, which has the third highest security strength, is set to permit execution of box transmission and box printing when authentication of a box password as alternative security is completed. Further, when authentication of secure print as alternative security is completed, execution of printing and pull printing is permitted. However, the execution of scan transmission is permitted by the authentication unit 104 only when normal security authentication is completed.

  Furthermore, at the lowest level of security level 0, if authentication is completed with either the user box password or secure print as an alternative security, all functions of scan transmission, box transmission, box printing, printing, and pull printing are performed. The authentication unit 104 is set to permit execution.

  Also, the designation of the security level by the system administrator is input in a timely manner by the operation of the operation unit 47 by the system administrator and is stored in the authentication unit 104 in advance. If the authentication unit 104 determines that the input user identification information is not authentic, the authentication unit 104 reads alternative security corresponding to the security level stored in advance and performs authentication of the alternative security.

  In the second embodiment, the regular security is the same and the alternative security is set for each function. However, the present invention is not limited to this, and the regular security may be set for each security level.

  According to the second embodiment, the authentication unit 104 performs authentication using alternative security prepared for each security level for each security level specified by the system administrator, and completes authentication by regular security. Alternatively, since the execution of the function instructed by the operator is permitted on condition that the authentication by the alternative security is completed, the security level that is a condition for executing the function instructed by the operator is set to the security level required by the system administrator. Depending on the level, different levels can be used. In other words, the system administrator can change the security strength based on the alternative security according to the security level required for the operator.

  The present invention is not limited to the configuration of the above embodiment, and various modifications can be made. For example, in each of the above-described embodiments, an image forming apparatus that is a multifunction peripheral is described as an electronic apparatus provided with the security management system according to the present invention. However, this is merely an example, and a copy other than the multifunction peripheral is used. Other image forming apparatuses such as an image forming apparatus, a scanner apparatus, and a facsimile apparatus may be used, and further, a portable terminal device other than the image forming apparatus, a medical device, an information processing apparatus, and the like may be used.

  The configuration and processing shown in the above embodiments using FIGS. 1 to 13 are only one embodiment of the present invention, and the present invention is not limited to the configuration and processing.

DESCRIPTION OF SYMBOLS 1 Image forming apparatus 12 Image forming part 100 Operation control part 101 Regular security storage part 102 Alternative security storage part 103 Instruction reception part 104 Authentication part 105 Security level reception part

Claims (4)

A regular security storage unit that stores the regular security required to permit the execution of the function for each function;
For the regular security stored in the regular security storage unit, an alternative security storage unit that stores one or a plurality of separate alternative securitys that replace the regular security; and
An instruction receiving unit for receiving an instruction to execute each function from an operator;
When the execution instruction is received by the instruction reception unit, authentication by the regular security required for permitting execution of the function indicated by the execution instruction is performed, and when the authentication is normally completed, An authentication unit that permits execution of the function,
The authentication unit is a security management system that permits execution of the function when the authentication by the alternative security of the regular security is normally completed when the authentication by the regular security for the function is incomplete.   The security management system according to claim 1, wherein the alternative security storage unit stores the alternative security including a plurality of security conditions in which completion of both authentications is a condition for permitting the function execution. A security level accepting unit that accepts from the system administrator the designation of the security level to be applied to the electronic device from the operator;
The alternative security storage unit stores the alternative security different for each of a plurality of security levels,
The authentication unit, when the authentication by the regular security for the function is not completed, when the authentication by the alternative security corresponding to the security level received by the security level reception unit is normally completed, The security management system according to claim 1 or 2, wherein the execution of the function is permitted. A regular security storage unit that stores the regular security required to permit the execution of the function for each function;
For the regular security stored in the regular security storage unit, an alternative security storage unit that stores one or a plurality of separate alternative securitys that replace the regular security; and
An instruction receiving unit for receiving an instruction to execute each function from an operator;
When the execution instruction is received by the instruction reception unit, authentication by the regular security required for permitting execution of the function indicated by the execution instruction is performed, and when the authentication is normally completed, Let the computer function as an authentication unit that permits execution of the function,
When the authentication by the regular security for the function is not completed, the authentication unit allows the execution of the function when the authentication by the alternative security of the regular security is normally completed. A security management program that allows computers to function.