JP2015032041A - Service providing system, service providing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To delete a use request for a service from a device which operates in a cloud environment.SOLUTION: A service providing system comprises: management information storage means which stores management information managing user identification information, device identification information and service identification information in association; authentication information reception means which receives authentication information including user authentication information and device authentication information from a device connected with the service providing system via a network; service determination means which, when the authentication information is successfully authenticated, determines a service associated with the authentication information on the basis of the authentication information and the management information; and execution means which receives a use request for the determined service from the device connected with the service providing system via the network, and executes processing corresponding to the use request. The execution means comprises execution request deletion means which, in response to a deletion request for deleting the use request of current processing, deletes corresponding execution request information stored in execution request storage means.

Description

  The present invention relates to a service providing system, a service providing method, and a program.

  Conventionally, a multifunction peripheral is connected to a distribution server or the like on a network. The distribution server may execute a workflow such as acquiring image data scanned by the multifunction peripheral, performing various data processing (for example, character recognition and image correction processing), and then uploading to a specific folder. it can. Conventionally, a list of jobs (workflows requested to be executed) executed by the distribution server can be acquired by an information terminal or the like, and the list can be displayed or jobs can be deleted.

  However, in a conventional workflow system including a multifunction peripheral and a distribution server, processing for displaying a list of jobs and deleting a job is a technique that is assumed to be operated in an office network. For this reason, it is accessed via the Internet from devices in the in-house network constructed by an unspecified number of users, organizations, companies, etc., for example, from a cloud environment that provides services according to each organization, company, etc. It was not considering the provision of services. Such a problem is not limited to a workflow system including a multi-function peripheral and a distribution server. A user performs a workflow execution request operation and transmits processing target data to the processing target data. This can be said in general workflow systems including a server that performs data processing according to a request.

  The present invention has been made in view of the above, and in an environment used by an unspecified number of users, a use request for a service provided to a device on a network can be deleted during processing of the service. It is an object to provide a service providing system, a service providing method, and a program. In addition, the present invention provides a service providing system and service capable of preferentially processing a request for using a service provided to a device on a network in an environment used by an unspecified number of users. An object is to provide a providing method and a program.

  In order to solve the above-described problems and achieve the object, a service providing system according to the present invention is a service providing system that includes one or more information processing apparatuses and provides services to apparatuses connected via a network. Management information for storing management information that associates and manages user identification information that identifies a user, device identification information that identifies a first device, and service identification information that identifies a service registered as a usage target An authentication information receiving unit for receiving authentication information including user authentication information used for user authentication and device authentication information used for device authentication from the device connected via a network; When authenticating the authentication means for executing the authentication process and the authentication information, the authentication is performed based on the authentication information and the management information. Service specifying means for specifying a service associated with information, and an execution means for receiving a use request for the specified service from the device connected via a network, and executing processing according to the use request, The execution means registers in the execution request storage means execution request storage means for storing execution request information of data processing requested to be executed, and execution request information for executing specific data processing in response to the use request. Data processing control means, a plurality of data processing means for executing data processing according to execution request information for predetermined data processing, among the execution request information registered in the execution request storage means, and a use request being processed Execution request deletion means for deleting the corresponding execution request information stored in the execution request storage means in response to a deletion request for deleting the execution request. And butterflies.

  According to the present invention, it is possible to delete a use request for a service provided to a device on a network during processing of the service in an environment used by an unspecified number of users. Further, according to the present invention, in an environment used by an unspecified number of users, it is possible to preferentially process a use request for a service provided to a device on a network while the service is being processed.

FIG. 1 is a diagram illustrating an example of a configuration of a system 10 according to the present embodiment. FIG. 2 is a diagram illustrating an example of a hardware configuration of the computer system 50 according to the present embodiment. FIG. 3 is a diagram illustrating a software functional configuration of the service providing system 20 according to the present embodiment. FIG. 4 is a diagram illustrating a data configuration example of the license information. FIG. 5 is a diagram illustrating a data configuration example of tenant information. FIG. 6 is a diagram illustrating a data configuration example of user information. FIG. 7 is a diagram illustrating a data configuration example of device information. FIG. 8 is a diagram illustrating a data configuration example of the external service information. FIG. 9 is a diagram illustrating a data configuration example of service information. FIG. 10 is a diagram illustrating a data configuration example of registration information. FIG. 11 is a diagram illustrating a processing flow at the time of tenant ID and service registration. FIG. 12 is a diagram showing a data flow at the time of data processing in the service providing system 20. FIG. 13 is a diagram showing a flow of data processing in the service providing system 20. FIG. 14 is a diagram illustrating a sequence of authentication processing. FIG. 15 is a diagram showing a processing flow when accessing the online storage 42. FIG. 16 is a diagram illustrating a workflow registration process sequence. FIG. 17 is a diagram illustrating an example of a workflow. FIG. 18 is a diagram illustrating a sequence during execution of a workflow. FIG. 19 is a diagram showing a sequence following FIG. FIG. 20 is a diagram illustrating a data configuration example of a job list. FIG. 21 is a diagram showing a sequence of the deletion process. FIG. 22 is a diagram showing a sequence following FIG. FIG. 23 is a diagram illustrating a priority processing sequence.

<System configuration>
FIG. 1 is a diagram illustrating an example of a configuration of a system 10 according to the present embodiment. The system 10 according to the present embodiment includes at least one in-office network system 11 and a service providing system 20 represented by a cloud service. Each of the at least one in-office network system 11 and the service providing system 20 are connected via a network such as the Internet.

  The intra-office network system 11 has a firewall 13. The firewall 13 restricts unauthorized access to devices connected to the office network system 11 from the outside.

  The service providing system 20 includes an access control device 21. The access control device 21 controls access to devices connected to the service providing system 20 from the outside.

  As an example, the in-office network system 11 includes a terminal device 14, an image forming device 15, an authentication device 16, and other devices 17. Each of the terminal device 14, the image forming device 15, the authentication device 16, and the other device 17 has a wireless or wired communication means, and is connected to each other via a private network inside the firewall 13.

  The terminal device 14 is realized by an information processing apparatus (for example, a computer system 50 described later) on which a general OS (operating system) or the like is mounted. The terminal device 14 is, for example, a personal computer, a tablet computer, a notebook computer, a smartphone, a mobile phone, or the like, and may be any device as long as the user can operate it.

  The image forming apparatus 15 has an image forming function such as a multifunction machine, a copier, a scanner, or a laser printer. The authentication device 16 is realized by an information processing device (for example, a computer system 50 described later) on which a general server OS or the like is mounted. The authentication device 16 provides a user authentication function to the terminal device 14 and the image forming device 15. The other device 17 is, for example, an electronic device such as a projector or an electronic blackboard device. The intra-office network system 11 may include a plurality of terminal devices 14, image forming devices 15, authentication devices 16, and other devices 17.

  The service providing system 20 is a system that provides cloud services to devices on a network. The service providing system 20 may be a system that provides a service provided by an ASP (Application Service Provider), a Web service, or the like to a device on a network instead of a cloud service.

  Each device in the service providing system 20 is connected to a network such as the Internet via an access control device 21. The service providing system 20 includes an access control device 21, a print service providing device 22, a distribution service providing device 23, a portal service providing device 24, an authentication device 25, a data processing control device 26, and a data processing execution control device. 27 and a data processing device 28. These devices are connected via a network in the service providing system 20.

  Each device in the service providing system 20 is realized by one or more information processing devices (for example, a computer system 50 described later). That is, it may be realized by a single computer, or may be realized by being distributed to a plurality of computers. Note that each device in the service providing system 20 may be integrated into one device, and how many information processing devices the service providing system 20 is configured and realized is applied to the present invention. It does not limit the range.

  A part or all of the service providing system 20 may be provided on a private network in the in-office network system 11. That is, the system 10 according to the present embodiment is merely a preferable example, and whether or not there is a firewall 13 between the service providing system 20 and various devices accessed to use the service providing system 20. Therefore, the scope of application of the present invention is not limited.

  The service providing system 20 realizes a device group (service providing unit 31) that realizes a service providing function for providing various services and a common platform function that can be commonly used when using various services. And a device group (platform 33). As an example, the service providing unit 31 includes a print service providing device 22, a distribution service providing device 23, a portal service providing device 24 (service specifying means), and the like. As an example, the platform 33 includes an authentication device 25, a data processing control device 26, a data processing execution control device 27, a data processing device 28 (execution means), and the like.

  Note that the service providing system 20 can be broadly divided into the service providing unit 31 and the platform 33, but such a broad method is merely a conceptual way of explaining the present invention in an easy-to-understand manner. In other words, it is not always necessary to realize the service providing system 20 in which each device is configured based on such an understanding.

  The service providing system 20 is connected to the terminal device 14, the mail server 41, the online storage 42, and the like via a network such as the Internet. The terminal device 14 is realized by an information processing device (for example, a computer system 50 described later) on which a general OS or the like is mounted. The terminal device 14 is an electronic device that can be operated by the user, such as a PC, a tablet computer, a notebook computer, a smartphone, or a mobile phone, as an example. The mail server 41 is realized by one or more information processing apparatuses. The mail server 41 is a server for sending and receiving electronic mail. The online storage 42 is realized by one or more information processing apparatuses. The online storage 42 is a server that provides a service for lending a storage area (storage device) of the storage.

<Hardware Configuration of Computer System 50>
FIG. 2 is a diagram illustrating an example of a hardware configuration of the computer system 50 according to the present embodiment. The terminal device 14, the authentication device 16, and the devices in the service providing system 20 illustrated in FIG. 1 are realized by a computer system 50 having a hardware configuration illustrated in FIG. 2, for example.

  The computer system 50 includes an input device 51, a display device 52, an external I / F 53, a RAM (Random Access Memory) 54, a ROM (Read Only Memory) 55, a CPU (Central Processing Unit) 56, a communication I / F 57, and an HDD ( Hard Disk Drive) 58 and the like, each of which is connected to each other by a bus.

  The input device 51 is a keyboard, a mouse, a touch panel, or the like, and is used for a user to input information. The display device 52 is a display or the like, and displays a processing result by the computer system 50.

  The communication I / F 57 is an interface for connecting the computer system 50 to a network. The computer system 50 can perform data communication with other devices via the communication I / F 57.

  The HDD 58 is a non-volatile storage device that stores programs and data. The programs and data stored in the HDD 58 include, for example, an OS that is basic software for controlling the entire computer system 50, and application software that provides various functions on the OS. The HDD 58 manages stored programs and data using a predetermined file system or DB (database).

  The external I / F 53 is an interface with an external device such as a recording medium. The computer system 50 can read data from and write data to the recording medium via the external I / F 53. Examples of the recording medium include a flexible disk, a CD (Compact Disk), a DVD (Digital Versatile Disk), an SD memory card, a USB (Universal Serial Bus) memory, and the like.

  The ROM 55 is a non-volatile semiconductor memory that can retain programs and data even when the power is turned off. The ROM 55 stores programs and data required for BIOS (Basic Input / Output System) executed when the computer system 50 is started, OS settings, and network settings. The RAM 54 is a volatile semiconductor memory that temporarily stores programs and data.

  The CPU 56 reads out a program and data from a storage device such as the ROM 55 or the HDD 58 onto the RAM 54 and executes processing, thereby realizing control and functions of the entire computer system 50. The terminal device 14, the authentication device 16, and each device in the service providing system 20 according to the present embodiment can realize various processes as described later by the hardware configuration of the computer system 50.

<Software functional configuration of service providing system 20>
FIG. 3 is a diagram illustrating a software functional configuration of the service providing system 20 according to the present embodiment. The service providing system 20 implements a service providing unit 31, a platform API (Application Programming Interface) 32, and a platform 33 by executing a program. Further, the service providing system 20 realizes the management data storage unit 34 by a storage device provided therein.

  The service providing unit 31 has a function realized by executing various service applications (service providing application programs). As an example, the service providing unit 31 includes a portal service application 61, a print service application 62, and a distribution service application 63.

  The portal service application 61 is realized by the portal service providing apparatus 24 executing an application program for providing a portal service. The print service application 62 is realized by the print service providing apparatus 22 executing an application program for print service. The distribution service application 63 is realized by the distribution service providing apparatus 23 executing a distribution service application program.

  The portal service application 61 provides tenant registration, service registration, registration processing of various management information, and the like as premise processes for providing services by various service applications. The print service application 62 provides a print service that causes the image forming apparatus 15 to print the print data.

  The distribution service application 63 provides a service for distributing data to a server (storage device) on a network such as the online storage 42 and the mail server 41. In this case, the distribution service application 63 may perform one or more data processing on the data and distribute the processed data to a server (storage device) on the network.

  The service application is not limited to these examples, and provides, for example, a service for transmitting stored image data (projection data) to the projector, a service for transmitting stored image data (projection data) to the electronic blackboard device, and the like. May be. That is, the service application may be an application that provides some service to the device used by the user.

  The platform API 32 is an interface for the service application to operate in cooperation with the platform 33. As an example, the platform API 32 is a predefined interface provided for the platform 33 to receive a request from a service application, and includes a function, a class, and the like. When the service providing system 20 is configured to be distributed among a plurality of information processing apparatuses, the platform API 32 may be, for example, a Web API that can be used via a network.

  The platform 33 includes a communication unit 71, an access control unit 72, a setting registration unit 73, a mail transmission unit 74, an authorization setting processing unit 75, a license authentication unit 77, a user authentication unit 78, and a user device authentication unit. 79, an in-house cooperation authentication unit 80, an external cooperation authentication unit 81, a data processing control unit 83, a plurality of processing queues 84, a plurality of data processing requesting units 85, and a plurality of data processing units 86. The management data storage unit 34 includes a management information storage unit 91 (management information storage unit, workflow storage unit), a data processing information storage unit 92, and a data storage unit 93.

  The communication unit 71 is a functional unit that communicates with each device on the network. For example, the access control device 21 includes the communication unit 71. The access control unit 72 is a functional unit that executes control according to various accesses requested from the devices on the network to the service providing system 20, and is provided in the access control device 21, for example.

  The setting registration unit 73 is a functional unit that registers various setting information stored in the management information storage unit 91, and is provided in the authentication device 25, for example. The mail transmission unit 74 is a functional unit that transmits mail, and is provided in the authentication device 25, for example. The authorization setting processing unit 75 is a functional unit for performing authorization setting corresponding to an external service such as the online storage 42, and is provided in the authentication device 25, for example.

  The license authentication unit 77 is a functional unit that performs authentication related to a license based on license information or tenant information stored in the management information storage unit 91, and is provided in the authentication device 25, for example. The user authentication unit 78 is a functional unit that performs user authentication based on a login request from a device that does not require device authentication, such as the terminal device 14, and is provided in the authentication device 25, for example. The user device authentication unit 79 is a functional unit that performs user authentication based on a login request from a device that requires device authentication, such as the image forming device 15, and is provided in the authentication device 25, for example. The in-house cooperation authentication unit 80 is a user who logs in using user information acquired from the authentication device 25 when the user performs authentication by the authentication device 16 of the intra-office network system 11 in an apparatus such as the image forming apparatus 15. For example, the authentication device 25 includes a functional unit that executes authentication. The external cooperation authentication unit 81 is a functional unit that executes an authentication process for logging in to the online storage 42, and is provided in the authentication device 25, for example.

  The data processing control unit 83 is a functional unit that controls data processing to be executed based on a request from the service application, and is provided in the data processing control device 26, for example. Each of the plurality of processing queues 84 is a message queue that stores execution request information (message) from a service application for a corresponding type of data processing. In each of the plurality of processing queues 84, a message is registered by the data processing control unit 83. Each of the plurality of processing queues 84 is provided in the data processing control device 26, for example. When the data processing request unit 85 monitors the processing queue 84 assigned to itself and acquires a message registered in the assigned processing queue 84, the data processing request unit 85 requests one of the data processing units 86 to execute the corresponding data processing. For example, the data processing execution control device 27 includes a functional unit.

  Each of the plurality of data processing units 86 is a functional unit that executes data processing according to a request, and is provided in the data processing device 28, for example. For example, the data processing unit 86 divides data processing requested by the service application, data format conversion processing for converting the data format (for example, PDF (Portable Document Format) processing), OCR (Optical Character Recognition) OCR processing for executing the processing, processing for distributing (uploading) data to the online storage 42 or the mail server 41, and the like. Note that the data processing execution control device 27 may include the data processing requesting unit 85 and the data processing unit 86 according to the contents of the data processing.

  The management information storage unit 91 stores management information such as license information, tenant ID information, user information, device information, service information, and registration information, and is provided in the authentication device 25, for example. The data processing information storage unit 92 stores information related to requested data processing, and is provided in the data processing control device 26, for example. The data storage unit 93 stores application data, print data, and other data, and is provided in the data processing control device 26, for example.

<Management information>
FIG. 4 is a diagram illustrating a data configuration example of the license information. The license information is a table for managing licenses registered in the service providing system 20. The license information includes, as data items, a license type, an ID, a registration code, a registration state, and the like.

  The license type is information indicating the type of license. There are tenant, print service, distribution service, and the like as license types. The ID is a license ID and is information used for license authentication. The registration code is information used when registering a tenant. The registration status is information indicating whether or not the license registration (ID registration) by the user has been completed (whether registered or not registered).

  FIG. 5 is a diagram illustrating a data configuration example of tenant information. The tenant information is a table that manages information on organizations (groups, companies, schools, etc.) that the service providing system 20 can provide services for each organization. Tenant information has tenant ID (organization identification information), name, service ID, service type, expiration date, external service, address information, and the like as data items.

  The tenant ID is information for identifying an organization, and is registered when the user performs tenant registration. The name is a company name or an organization name, and is set by a user (for example, an administrator of the organization) when registering the tenant ID.

  The service ID is information for identifying a service that can be used by a user belonging to the organization, and is set by a user (for example, an organization administrator) after tenant registration. The service type is information for specifying the registered service type. The expiration date is an expiration date in which the service can be used. For example, the expiration date is set from the time when the use start of the service is registered. The external service is information related to an external service that provides a service in cooperation with the service providing system 20. Examples of the external service include a data storage service using the online storage 42. The address information is the email address of the administrator of the organization, and is set when the tenant is registered.

  FIG. 6 is a diagram illustrating a data configuration example of user information. The user information is a table that manages, for each user, information related to users who can provide services by the service providing system 20. The user information includes tenant ID, login user ID and password, in-house authentication user ID, online storage 42 account, password, authorization token, scope, address information, and the like as data items.

  The tenant ID is information for identifying the organization to which the user belongs. The login user ID and password are information for identifying and authenticating a user for logging in to the service providing system 20. The login user ID may be any information as long as the information can identify the user.

  The user ID for in-house authentication is information for identifying and authenticating the user in the authentication device 16 of the in-office network system 11. The user ID for in-house authentication may be user identification information that can identify the user in the authentication device 16 of the in-office network system 11, and may be a card ID of an IC card carried by the user or a terminal ID of a portable terminal. Good.

  The account and password for the online storage 42 are identification and authentication information for logging in to the online storage 42. The authorization token is information for using the online storage 42 within a specific authority range. The scope is information for specifying the use range of the online storage 42. The account may be a user ID, a user name, an address for the online storage 42, or the like, and may be authentication information used for authentication when the user logs in to the target online storage 42. The address information is a user's mail address.

  The online storage 42 is an example of an external service. Information such as an account, password, authorization token, and scope is an example of information used when using an external service. An authorization token is a usage range (authority) in using a service, such as which service is used when a user uses the service, access to which resource, etc., for example, OAuth. Authorization can be set using a standard API authorization technology called. From the viewpoint of using an external service such as the online storage 42 from the service providing system 20, the external service serves as an OAuth service provider, and the service providing system 20 serves as an OAuth consumer.

  FIG. 7 is a diagram illustrating a data configuration example of device information. The device information is a table for managing information related to a device that can use a service provided from the service providing system 20. The device information includes tenant ID, device ID, service ID, service type, use start date, use end date, and the like as data items.

  The tenant ID is information for identifying an organization in which the device is used. The device ID is information for identifying a device and is used for device authentication. The device ID is, for example, a device number of the device. The service ID and the service type are identification information and contents of a service that can be provided by the device. The use start date is the start date of service provision for the device. The use end date is the end date of service provision for the device.

  The device registered in the device information can use the service with the registered service ID from the use start date to the use end date of the service ID. Depending on the type of service or the type of license, there may be an indefinite expiration date (substantially no limitation on the expiration date). Even a device that is not registered in the device information can use the service (function) provided by the service providing system 20. However, some functions provided by the service cannot be used without device authentication.

  In this embodiment, the terminal device 14 is an example of an apparatus that does not require registration of apparatus information, and the image forming apparatus 15 is an example of an apparatus that requires registration. Examples of functions that can be used in the terminal device 14 include registration of various types of management information and input or deletion of print target data. Examples of functions that can be used in the image forming apparatus 15 include acquisition of print data and distribution data. Send. It is up to the provider who provides the service to determine what functions are required for device authentication and what functions are not required for device authentication. There may be no service.

  FIG. 8 is a diagram illustrating a data configuration example of the external service information. External service information is a table for managing information related to external services. The external service information includes, as data items, an external service ID, a service name, a client ID, a client secret, a product name, a scope, an authorization destination URL (Uniform Resource Locator), a redirect destination URL, and the like.

  The external service ID is information for specifying (identifying) an external service. The service name is the name of the external service. The client ID is information issued by an external service and identifying the service providing system 20 by the external service. The client secret is secret information for guaranteeing the identity of the client ID, and is information that plays a role like a password. The product name is information that identifies the service application. The scope is information for specifying the usage range of the external service. The authorization destination URL is the URL of the authorization system provided in the external service (for example, the URL of the authorization server provided in the external service). The redirect destination URL is a URL of the service providing system 20 that is redirected from an external service (for example, a URL of a function as an authorization client of the authorization setting processing unit 75).

  FIG. 9 is a diagram illustrating a data configuration example of service information. The service information is a table that manages options that can be added to the service. The service information includes a service name, a service ID, an option, and the like as data items.

  The service name is a name indicating an outline of the service content. The service ID is information for identifying a service. The option indicates a list of data processes that can be added to the main data process of the service. For example, in the example of FIG. 9, as an option of the distribution service, the user can perform character recognition (OCR processing), file format conversion (for example, PDF conversion processing), image correction, barcode reading, and document information extraction. Data processing can be added. Further, for example, as an option of the print service, the user can add an upper limit management process (a process for managing the upper limit of the printable number of sheets for each user).

  By managing such service information, the service providing system 20 can provide a service obtained by adding other data processing to the main data processing of the service.

  FIG. 10 is a diagram illustrating a data configuration example of registration information. The registration information is a table for managing registered services. The registration information includes tenant ID, service name, service ID, available option, workflow, and the like as data items.

  The tenant ID is information for identifying an organization that can use the registered service. The service name is the name of the registered service. The service ID is information for identifying the registered service.

  The available option shows a list of optional data processes that can be used together with the main data process of the registered service. This available option is selected by the user from the data processing shown in the option of FIG. 9 when the service is registered. In FIG. 10, the main data processing (distribution processing (A)) is shown at the top of the available option box, and the second and subsequent options data processing (OCR processing (B), PDF conversion processing). (C), barcode processing (D), image correction processing (E), etc.). Also, as shown in the box of available options in the second row of FIG. 10, folder distribution (B) for distributing data to a designated folder may be included as optional data processing.

  The workflow is information indicating the execution order of the data processing selected as the available option. The workflow is created by combining the data processing shown in the available options in FIG. 10 by the user (administrator) at the time of service registration, for example.

  As can be seen from the above, the tenant ID is information for identifying the organization (group, company, school, etc.) to which the user belongs. The tenant ID is associated with the service provided by the service providing system 20, the user who uses the service, and the device using the service. The service providing system 20 manages the user, the device, and the service in units of organizations. Information. The tenant ID is information (use target specifying information) that specifies a use target such as which service, which user, and which device is provided among the services that the service providing system 20 can provide.

<Processing flow for tenant ID and service registration>
FIG. 11 is a diagram illustrating a processing flow at the time of tenant ID and service registration.

  First, a user who wants to register a tenant ID (for example, an administrator of a company or organization) in advance receives a tenant ID (first from a service provider of the service providing system 20 (for example, a person in charge of providing and selling services)). Service identification information) and registration code (registration information). Examples of the acquisition method include a method of acquiring directly from the service provider or a method of acquiring by accessing the dedicated site operated by the service provider by the user terminal device 14. Thereafter, the user accesses the portal site of the service providing system 20 from the terminal device 14 (step S11).

  Since the access control unit 72 of the service providing system 20 is access to the portal site, the access is permitted, and the terminal device 14 is allowed to access the portal service application 61 (first service). The portal service application 61 displays a top screen on the display device 52 of the terminal device 14. The user operates the input device 51 of the terminal device 14 and can select whether to request login or new tenant registration from the top screen. Here, the description will be made assuming that a new tenant registration is requested. In addition, if it is a user (administrator or other user) registered in the user information of the management information storage unit 91, it is possible to log in by inputting a tenant ID, a user ID, and a password.

  When a new tenant registration is requested (registration request), the portal service application 61 of the service providing system 20 displays an input screen for temporarily registering a tenant ID on the display device 52 of the terminal device 14. The user operates the input device 51 of the terminal device 14 to input for temporary registration of the tenant ID, and then requests temporary registration (step S12).

  The information entered on the input screen is information related to the country or region where the service is used (sometimes referred to as usage area information), and the terms of use (agreement) displayed according to the country or region where the service is used. Information indicating that the user agrees, tenant ID, registration code, e-mail address, language used, and the like. Accordingly, the service providing system 20 holds the usage agreement (covenant) information according to the country or region to be used, and displays the usage agreement according to the usage area information selected and input by the user on the input screen. Control and let the user select whether to agree to the terms of use.

  When temporary registration is requested from the user's terminal device 14, the portal service application 61 requests the license authentication unit 77 (license authentication means) to check the validity of the input tenant ID and registration code. Upon receiving the request, the license authentication unit 77 executes license authentication processing, and checks whether the input tenant ID and registration code are stored in the license information stored in the management information storage unit 91 (license information storage unit). Judge (verify). If the registration state of the corresponding tenant ID is “unregistered” when stored, the license authentication unit 77 determines that the input tenant ID and registration code are valid information (input Authenticate the tenant ID (license).)

  The license authentication unit 77 notifies the portal service application 61 of the result of license authentication. Here, when the tenant ID and the registration code are valid, the portal service application 61 requests the setting registration unit 73 (registration means) to register the tenant ID, the mail address, and the usage area information. The setting registration unit 73 registers (stores) the tenant ID, the mail address, and the usage area information in the tenant information of the management information storage unit 91 in response to a request from the portal service application 61. When registration is performed by the setting registration unit 73, the portal service application 61 generates a main registration URL that is an access destination for displaying a main registration screen, and creates an email in which the main registration URL is described. Then, the mail transmission unit 74 is requested to transmit the mail.

  The mail transmission unit 74 transmits a mail addressed to the mail address input by the user in the terminal device 14. When a mail is transmitted by the mail transmission unit 74, the portal service application 61 displays a notification screen indicating that the mail has been transmitted on the display device 52 of the terminal device 14. The generated URL for main registration is managed by an expiration date (for example, one hour) from the time of generation. In addition, it is assumed that at least one of the tenant ID and the registration code is not described in the mail.

  Next, the user accesses the URL for main registration described in the mail received by the terminal device 14. In addition, the terminal device 14 accessed at this time may not be the same terminal device 14 at the time of temporary registration. The access control unit 72 allows access to the portal service application 61 (portal service providing apparatus 24). The portal service application 61 confirms whether the access to the main registration URL is valid (whether the access is to the generated main registration URL and the access is within the expiration date). If it is valid, the portal service application 61 displays the main registration screen on the display device 52 of the terminal device 14. The user operates the input device 51 of the terminal device 14 to make an input for performing the main registration of the tenant ID, and then requests the main registration (step S13).

  Information input on the registration screen is tenant information such as a tenant ID, a name, and a registration code, and user information such as a login user ID, a password, and an e-mail address. Note that the portal service application 61 may display the tenant ID or the registration code that the user has already input in the provisional registration in a state in which the user has input in advance. However, it is assumed that at least one of the information to be input by the user out of the tenant ID or the registration code is not described in the mail for the main registration URL.

  When the main registration is requested from the user terminal device 14, the portal service application 61 requests the license authentication unit 77 to perform a license validation process (main registration process) based on the input tenant ID and registration code. Upon receiving the request, the license authentication unit 77 executes a license authentication process. Specifically, the license authentication unit 77 determines whether the input tenant ID and registration code are stored in the license information stored in the management information storage unit 91, and the tenant corresponding to the stored tenant ID and registration code. If the ID registration status is “unregistered”, it is determined that the input tenant ID and registration code are valid information. If the license authentication unit 77 determines that the tenant ID and the registration code are valid, the license authentication unit 77 requests the setting registration unit 73 to change the status of the license information.

  The setting registration unit 73 changes the value of “status information” associated with the valid tenant ID and registration code in the license information stored in the management information storage unit 91 to “registered”. When the validation process is completed, the portal service application 61 requests the setting registration unit 73 to register the name and user information input by the user on the terminal device 14. The setting registration unit 73 registers a name in the tenant information stored in the management information storage unit 91, and registers a tenant ID, a login user ID and password, a mail address, and the like in the user information.

  When the registration of various information settings by the setting registration unit 73 is completed, the portal service application 61 creates an email in which an organization registration completion notification is described, and requests the email transmission unit 74 to send an email. The mail transmission unit 74 transmits a mail in which an organization registration completion notification is written to the mail address input by the user on the terminal device 14. Then, the user confirms the organization registration completion screen displayed on the display device 52 of the terminal device 14. In this way, by completing the registration of the tenant ID, user ID, and password, the user can log in from the top screen of the portal site from the next time, and the tenant information and user associated with the tenant ID after login. Registration processing of information and device information can be performed.

  Next, the user (administrator) operates the input device 51 of the terminal device 14, and inputs a tenant ID, a user ID, and a password from the top screen of the portal site, and requests login. The portal service application 61 that has received the request requests the user authentication unit 78 for user authentication. The user authentication unit 78 determines (collates) whether the tenant ID, the user ID, and the password received from the terminal device 14 are stored in the user information of the management information storage unit 91, and authenticates the user when stored. . When the user is authenticated by the user authentication unit 78, the portal service application 61 permits login.

  Then, the logged-in user performs service registration of the service he wants to use (step S14). When registering a service, the user operates the input device 51 of the terminal device 14 and inputs a service ID from the service registration screen displayed on the display device 52 of the terminal device 14 to request service registration.

  When service registration is requested from the terminal device 14 of the user, the portal service application 61 acquires from the license information in the management information storage unit 91 the license type (service type) associated with the license ID that matches the received service ID. To do. Further, the portal service application 61 acquires the use area information associated with the tenant ID from the tenant information. Then, the portal service application 61 displays a usage rule (agreement) corresponding to the license type and usage area information on the display device 52 of the terminal device 14, and allows the user to select whether or not to agree to the usage rule. In other words, the service providing system 20 holds information on terms of use (terms) according to the country or region used for each service (license type), and the terms of use according to the use area information selected and input by the user. Display control to display.

  When the user operates the input device 51 of the terminal device 14 and inputs a selection for agreeing to the terms of use, the portal service application 61 performs license authentication for a service registration process based on the tenant ID and service ID received from the terminal device 14. Request to part 77. The license authentication unit 77 confirms (checks) whether or not the service ID (license ID) received from the terminal device 14 is stored in the license information of the management information storage unit 91, and determines that the service ID is a valid service ID if stored. (Authenticate the service ID).

  If it is determined that the service ID is valid, the license authentication unit 77 requests the setting registration unit 73 to register the service ID. The setting registration unit 73 registers the service ID in association with the tenant ID received from the terminal device 14 for the tenant information stored in the management information storage unit 91.

  Next, the user performs device registration of the service ID (step S15). The user operates the input device 51 of the terminal device 14 to obtain the service ID from the device registration screen displayed on the display device 52 of the terminal device 14 and the device ID of the device that enables the use of the service by the service ID. Input and request device registration of service ID.

  When the device registration of the service ID is requested from the user terminal device 14, the portal service application 61 performs the device registration processing of the service ID based on the tenant ID, the service ID, and the device ID received from the terminal device 14. To request. The license authentication unit 77 determines (collates) whether the tenant ID and the service ID received from the terminal device 14 are stored in the tenant information of the management information storage unit 91, and if stored, stores the terminal device in the license information. 14 determines whether the registration state of the service ID (license ID) received from 14 is “unregistered”.

  If the registration state is “unregistered” (if the service ID is not registered with the service ID), the license authentication unit 77 requests the setting registration unit 73 to register the service ID with the device. The setting registration unit 73 adds the tenant ID, device ID, and service ID received from the terminal device 14 to the device information in the management information storage unit 91, the license information based on the tenant ID, the service type specified from the tenant information, and the start of use. Register information such as date and use end date.

  For example, the date of device registration is stored as the use start date. The use end date stores the last date of the license period included in the contract information when the use start date of the record is the starting point. However, the use start date may be specified in the license use start request. In this case, the use start date specified in the license use start request may be stored on the use start date of the record.

  When the device registration of the service ID is completed, the setting registration unit 73 further changes the registration state in the license information of the service ID that has performed device registration to “registered”. Thereafter, the user can register the available option for the registered service by operating the input device 51 of the terminal device 14.

<Data processing function>
FIG. 12 is a diagram showing a data flow at the time of data processing in the service providing system 20. FIG. 13 is a diagram showing a flow of data processing in the service providing system 20.

  In the service providing system 20, the data processing control unit 83 (data processing control unit), the plurality of processing queues 84 (execution request storage unit), the plurality of data processing request units 85, and the plurality of data processing units 86 (data processing unit 86) of the platform 33. (Means) will be described processing for executing various data processing requested by the service application. The plurality of processing queues 84 constitute the message queue 102.

  Each service application has a processing request unit 101. First, the process request unit 101 of the service application records data to be processed (processing target data such as application data or image data) in the data storage unit 93 and also provides execution request information to the data processing control unit 83. A data processing request (sometimes called a request) is transmitted (step S21). The request includes processing details of data processing and information (for example, a URI) of a storage device that is a recording destination of processing target data.

  The data processing control unit 83 analyzes the received request, registers the message in the processing queue 84 corresponding to the processing content in the message queue 102, and registers the request in the data processing information storage unit 92 (step S22). . The request includes a data recording destination, data processing contents, and a request status. The request status includes “accepted”, “running”, “completed”, and the like. The status of the request represents a status indicating the processing status of data processing. The request state is “accepted” at the stage when the data processing control unit 83 registers.

  One or a plurality of processing queues 84 are assigned to each of the plurality of data processing request units 85. Each of the plurality of data processing request units 85 monitors the assigned processing queue 84 and acquires a message registered in the processing queue 84 (step S23).

  In the example of FIG. 12, the first data processing request unit 85-1 monitors the “first processing queue 84-1” and the “second processing queue 84-2”. The second data processing request unit 85-2 monitors the “first processing queue 84-1”, the “second processing queue 84-2”, and the “third processing queue 84-3”. The M-th (M is an integer equal to or greater than 2) data processing request unit 85-M monitors the “Nth (N is an integer equal to or greater than 2) process queue 84-N”. Note that how to assign can be set and changed as appropriate.

  Each of the plurality of data processing units 86 executes data processing. Each of the plurality of data processing units 86 may execute different data processing from the other data processing units 86, or may execute the same data processing. Each of the plurality of data processing request units 85 acquires a request from the data processing information storage unit 92 based on the message acquired from the assigned processing queue 84. Each of the plurality of data processing request units 85 causes the data processing unit 86 corresponding to the data processing indicated in the request to execute the requested processing (step S24). For example, each of the plurality of data processing request units 85 causes any one of the first to L-th (L is an integer equal to or larger than 2) data processing units 86-1 to 86-L to execute data processing.

  Next, each of the plurality of data processing request units 85 receives an execution result of the processing executed by the data processing unit 86. Each of the plurality of data processing request units 85 updates the request from the execution result (deletes the processing performed from the message, changes the request status if there is a change, etc.), and updates the updated request to the data processing information. Register in the storage unit 92. Each of the plurality of data processing requesting units 85 registers a message in the corresponding processing queue 84 if there is data processing to be performed next (step S25).

  In addition, when the data processing for the acquired processing target data is different from the processing target data before and after processing, the data processing unit 86 stores the processing target data after processing in the data storage unit 93. Record and include the destination of the processed data after processing in the request.

  Here, some specific examples of data processing executed by each of the plurality of data processing units 86 will be given. The content of the data processing is not limited to the specific example shown here.

  The data processing unit 86 executes distribution processing for transmitting data to the online storage 42. In addition, the data processing unit 86 executes reception processing for receiving data from the online storage 42. In addition, the data processing unit 86 executes distribution processing for transmitting mail to the mail server 41. In addition, the data processing unit 86 executes reception processing for receiving mail from the mail server 41.

  Further, the data processing unit 86 executes a process (OCR process) for recognizing characters in the image data and generating text data. In addition, the data processing unit 86 executes a conversion process for converting image data into another data format (for example, a PDF conversion process for converting into PDF data). In addition, the data processing unit 86 executes conversion processing for converting document data into PDL (Page Description Language) data. The data processing unit 86 executes image data correction processing. The correction processing includes, for example, correction of inclination, removal of noise and punch holes, top and bottom identification, resolution conversion, blank paper removal, and the like. In addition, the data processing unit 86 executes a process for recognizing a barcode included in the image data and a process for dividing the document using the paper with the barcode as a partition. In addition, the data processing unit 86 executes archiver processing for compressing image data into, for example, the Zip format. Further, the data processing unit 86 executes a process to be executed later or a flow branching process for branching the delivery destination depending on the condition. Further, the data processing unit 86 executes image conversion for converting the image format of the image data. In addition, the data processing unit 86 performs document information replacement that replaces the bibliographic information according to the conditions. In addition, the data processing unit 86 performs table replacement that replaces a table included in the bibliographic information according to a condition. Further, the data processing unit 86 executes a session designation input process for selecting and distributing only an arbitrary page. In addition, the data processing unit 86 executes style sheet conversion for converting the bibliographic information output format from XML (Extensible Markup Language) to XSL (Extensible Stylesheet Language).

  In addition, the data processing unit 86 executes a mail creation process. In addition, the data processing unit 86 executes a storage process for storing data in a predetermined storage area. Further, the data processing unit 86 executes a monitoring process for monitoring whether data is stored in a predetermined folder of the online storage 42.

  In addition, the data processing unit 86 executes a deletion process for deleting a request instructed to delete among messages registered in the plurality of processing queues 84. In addition, the data processing unit 86 executes priority processing that causes the corresponding data processing unit 86 to process the request for which priority is given among the requests registered in the plurality of processing queues 84. Further, the data processing unit 86 executes error processing when data processing for the request fails.

<User authentication and device authentication functions>
FIG. 14 is a diagram illustrating a sequence of authentication processing.

  When the user performs authentication from the terminal device 14, the terminal device 14 displays an input screen for inputting a tenant ID, a user ID, and a password for logging in to the service providing system 20, and accepts login information (step S31). . When the user inputs login information (tenant ID for login, user ID and password) and requests login to the service providing system 20, the terminal device 14 requests authentication of the input login information (request for user device authentication). ) Is transmitted to the service providing system 20 (step S32). Then, the access control unit 72 of the service providing system 20 receives the login information from the terminal device 14 and requests the user authentication unit 78 for authentication.

  The user authentication unit 78 checks whether the combination of the tenant ID, the login user ID, and the password received from the terminal device 14 exists in the user information stored in the management information storage unit 91. Judgment is successful (step S33). If these combinations do not exist, the user authentication unit 78 determines that user authentication has failed. When the user authentication is successful, the user authentication unit 78 permits login to the service providing system 20 (login for using the service). Then, the access control unit 72 returns a login response indicating the authentication result to the terminal device 14 (step S34).

  The image forming apparatus 15 uses a login user ID (first user identification information) and a password (first user authentication information) in order to log in to the service providing system 20, or a user for in-house authentication. The setting of whether to use ID (second user identification information) is held. This setting can be appropriately changed by an administrator or the like. The image forming apparatus 15 holds a tenant ID (organization authentication information) and a device ID (device identification information) in its own storage area.

  When the user authenticates from the image forming apparatus 15 and is set to use a login user ID (first user identification information) and a password (first user authentication information), the image forming apparatus 15 Then, an input screen for inputting a user ID and password for logging in to the service providing system 20 is displayed, and login information is accepted (step S35). When the user inputs login information (login user ID and password) and requests login to the service providing system 20, the image forming apparatus 15 receives the input login information and the tenant ID and device ID ( A device authentication information) authentication request (user device authentication request) is transmitted to the service providing system 20 (step S36). Then, the access control unit 72 (authentication information receiving unit) of the service providing system 20 receives these pieces of information from the image forming apparatus 15 and requests authentication from the user device authentication unit 79 (authentication unit).

  The user device authentication unit 79 checks whether the combination of the tenant ID and the device ID received from the image forming device 15 exists in the device information stored in the management information storage unit 91, and if it exists, the device authentication is successful. Judgment is made (step S37). If the combination of the tenant ID and the device ID does not exist, the user device authentication unit 79 determines that the device authentication has failed. Further, the user device authentication unit 79 confirms whether the combination of the tenant ID received from the image forming device 15 and the login user ID and password exists in the user information stored in the management information storage unit 91, If it exists, it is determined that the user authentication is successful. The user device authentication unit 79 determines that user authentication has failed if there is no combination of tenant ID, login user ID, and password. When the device authentication and the user authentication are successful, the user device authentication unit 79 permits login to the service providing system 20 (login for using the service). Then, the access control unit 72 returns a login response indicating the authentication result to the image forming apparatus 15 (step S38).

  When the user authenticates from the image forming apparatus 15 and is set to use the user ID (second user identification information) for in-house authentication, the user performs user authentication in the image forming apparatus 15. This user authentication is user authentication executed to use the image forming apparatus 15 or use a specific function of the image forming apparatus 15. Here, an example in which the authentication device 25 performs user authentication using a card ID carried by the user will be described.

  First, the user causes the card reader connected to the image forming apparatus 15 to read the card ID (step S39). At this time, the user may also input a password (second user authentication information). The image forming apparatus 15 transmits the card ID read by the card reader to the authentication apparatus 25 and requests user authentication (step S40). The authentication device 25 stores user authentication information in which the card ID and the user ID are associated with each other in the storage area, and confirms whether the user ID and password associated with the received card ID can be specified. The authentication device 25 determines that the user authentication is successful when the user ID can be specified (step S41). The authentication device 25 transmits the user ID specified together with the authentication result indicating successful authentication to the image forming device 15 (step S42).

  Next, when the user requests login to the service providing system 20 (for example, selecting login to the service providing system 20 from the display screen), the image forming apparatus 15 identifies the identified user ID and the tenant ID and apparatus to be held. An ID (device authentication information) authentication request (in-house cooperation authentication request) is transmitted to the service providing system 20 (step S43). The access control unit 72 (authentication information receiving unit) receives these pieces of information from the image forming apparatus 15 and requests authentication from the in-house cooperation authentication unit 80 (authentication unit).

  The in-house cooperation authentication unit 80 checks whether the combination of the tenant ID and the device ID received from the image forming apparatus 15 exists in the device information stored in the management information storage unit 91. If it exists, the device authentication is successful. Judgment is made (step S44). If the combination of tenant ID and device ID does not exist, the in-house cooperation authentication unit 80 determines that device authentication has failed. Further, the in-house cooperation authentication unit 80 checks whether the combination of the tenant ID received from the image forming apparatus 15 and the user ID for in-house authentication exists in the user information stored in the management information storage unit 91. Then, it is determined that the user authentication is successful. If the combination of the tenant ID and the user ID for in-house authentication does not exist, the in-house cooperation authentication unit 80 determines that user authentication has failed. If the device authentication and the user authentication are successful, the in-house cooperation authentication unit 80 permits login to the service providing system 20 (login for using the service). Then, the access control unit 72 returns a login response indicating the authentication result to the image forming apparatus 15 (step S45).

  Note that when the device authentication is successful by the in-house cooperation authentication unit 80 and the user authentication is not successful, the service providing system 20 displays a screen for inputting a login user ID and password to the image forming device 15. Information may be transmitted to display an input screen. In this case, when the user inputs a login user ID and password and requests login again, the image forming apparatus 15 uses the input login user ID and password for the user device authentication unit 79 of the service providing system 20. To request login. The user device authentication unit 79 checks whether the combination of the tenant ID and the login user ID and password received from the image forming device 15 exists in the user information stored in the management information storage unit 91. It is determined that the authentication is successful, and login to the service providing system 20 is permitted. Further, in response to the successful login, the setting registration unit 73 associates the tenant ID received from the image forming apparatus 15 and the login user ID and password, which are present in the user information stored in the management information storage unit 91. Thus, the user ID for in-house authentication received from the image forming apparatus 15 is registered. In this way, when the user logs in from the image forming apparatus 15 next time, the user can log in using the user ID for in-house authentication.

<Cooperation with online storage 42>
<Authorization settings>
FIG. 15 is a diagram showing a processing flow when accessing the online storage 42.

  An administrator (user) who has logged in to the service providing system 20 by operating the input device 51 of the terminal device 14 is external to the management information storage unit 91 on the external service registration screen displayed on the display device 52 of the terminal device 14. The online storage 42 (external service) to be used is selected from the list of external services stored in the service information. When any online storage 42 is selected by the user, the terminal device 14 requests the service providing system 20 to register the selected online storage 42.

  The portal service application 61 that has received the registration request requests the setting registration unit 73 to register the selected online storage 42. The setting registration unit 73 registers the selected online storage 42 in the tenant information in the management information storage unit 91 in association with the administrator's tenant ID (step S51).

  Next, the administrator selects the user ID of the user to whom the authorization setting is applied, the external service ID (or service name of the external service) for which the authorization setting is to be applied, and the scope to be set for the user on the authorization setting screen of the portal site To do. When such information is selected, the terminal device 14 requests the service providing system 20 to register authorization settings. Then, the portal service application 61 receives an authorization setting request (step S52).

  The portal service application 61 that has received the request for authorization setting requests the authorization setting processing unit 75 for authorization setting. The authorization setting processing unit 75 acquires parameters necessary for setting authorization from the external service information in the management information storage unit 91 (step S53). In addition to the user ID selected by the administrator, the external service ID, and the scope, parameters necessary for setting the authorization include a client ID corresponding to the selected external service ID, a redirect URL, and a session for maintaining the session Arbitrary session keys etc. are included.

  The authorization setting processing unit 75 that has acquired the parameters necessary for the authorization setting acquires the authorization destination URL associated with the external service ID selected from the external service information in the management information storage unit 91. Then, the authorization setting processing unit 75 redirects a request including a parameter necessary for the setting (a request in which the parameter necessary for the setting is a GET request query) from the terminal device 14 to the authorization destination URL (step S54).

  In addition, the authorization setting is performed between the terminal device 14 and the online storage 42 by redirecting the request. After the authorization setting, the online storage 42 is further redirected to the authorization setting processing unit 75. For this reason, the session at the HTTP level is interrupted between the terminal device 14 and the online storage 42. Therefore, the terminal device 14 and the online storage 42 use a session key to maintain the same session.

  The redirected online storage 42 displays a login screen on the terminal device 14. The administrator requests login to the online storage 42 from the login screen of the terminal device 14. If the login is successful, the online storage 42 displays an authorization screen on the terminal device 14. When the administrator confirms the authorization screen and performs authorization, the administrator operates the terminal device 14 to request authorization (for example, presses an authorization button displayed on the authorization screen). Upon receiving the authorization registration request, the online storage 42 registers the authorization and redirects the authorization code and the session key indicating that the authorization is permitted from the terminal device 14 to the redirect destination URL. By this redirection, the authorization setting processing unit 75 of the service providing system 20 receives the authorization code (step S55). If the administrator has already logged in when redirecting to the online storage 42, the login screen is not displayed.

  Upon receiving the authorization code, the authorization setting processing unit 75 obtains parameters necessary for obtaining an authorization token from the external service information in the management information storage unit 91 (step S56). The parameter necessary for obtaining the authorization token is the received authorization code. The necessary parameters are, for example, a client ID, a client secret, and the like associated with the external service ID of the online storage 42 that has transmitted the authorization code.

  Next, the authorization setting processing unit 75 transmits the acquired client ID and client secret and the received authorization code to the online storage 42, and requests acquisition of an authorization token (step S57). The online storage 42 verifies the received authorization code and transmits an authorization token to the authorization setting processing unit 75 of the service providing system 20. Upon receiving the authorization token, the authorization setting processing unit 75 requests the setting registration unit 73 to register the authorization token (step S58). The setting registration unit 73 registers the authorization token and scope for the selected user in the user information in the management information storage unit 91. When the registration of the authorization token is completed, the authorization setting processing unit 75 notifies the portal service application 61 of the completion of registration. The portal service application 61 displays a screen indicating the setting result of the authorization setting on the terminal device 14.

  When the online storage 42 transmits the authorization token to the service providing system 20, the online storage 42 also transmits an expiration date of the authorization token and a refresh token for reissuing the authorization token when the expiration date has expired. May be.

  Next, cooperation processing with external services (such as the online storage 42) will be further described. When a user who is logged in to the service providing system 20 requests processing to cooperate with an external service using the service providing system 20 from the terminal device 14 or the image forming apparatus 15 or the like, the external cooperation authentication unit 81 transfers to the external service. Perform the login process.

  For example, when the external cooperation authentication unit 81 receives a login request to the designated external service (online storage 42) from the data processing request unit 85 (or the data processing unit 86), the external cooperation authentication unit 81 provides the service from the user information in the management information storage unit 91. Required for login processing of a specified external service (online storage 42) associated with the user logged in to the system 20 (specifically, associated with the tenant ID of the logged-in user, the login user ID and password) Information (third user authentication information) is acquired. For example, if the login is to the online storage A shown in FIG. 6, the account and password of the online storage A are acquired, and if the login is to the online storage B, the account and the authorization token of the online storage B are acquired. .

  If the external service to be linked is an external service for which only the login process is performed without the authorization setting as in the online storage A shown in FIG. Login request with the account and password (authentication information for the external service) sent. The online storage A that has received the login request executes authentication for the received account and password. The online storage A that has received the login request transmits a response indicating that the login is permitted if the authentication is successful, and transmits a response indicating that the login is not permitted if the authentication is unsuccessful.

  When the external cooperation authentication unit 81 receives a response indicating that login is permitted from the online storage A, the service providing system 20 uploads (saves) data to the online storage A, or from the online storage A, for example. Data can be downloaded (acquired).

  Further, if the external service to be linked is an external service for which authorization is set like the online storage B shown in FIG. 6, the external linkage authentication unit 81 uses the account acquired for the online storage B (external Send login request with authentication information for service. The online storage B that has received the login request executes authentication for the received account and password. If the authentication is successful, the online storage B responds that the login is permitted, and if the authentication fails, the online storage B does not permit the login. It transmits to the external cooperation authentication part 81.

  When the external cooperation authentication unit 81 receives a response indicating that login is permitted from the online storage B, the service providing system 20 uses the authorization token within the set authorization usage range (within the authority range). Processing can be requested to the online storage B.

<Workflow setting process>
FIG. 16 is a diagram illustrating a workflow registration process sequence. When a workflow is registered for the image forming apparatus 15, the process proceeds in the sequence shown in FIG.

  After completing the login to the service providing system 20, the terminal device 14 displays a service registration screen and accepts a service registration start operation from the user (administrator) (step S61). When the user instructs the start of service registration on the service registration screen, the terminal device 14 transmits a registration request to the service providing system 20 (step S62).

  When the portal service application 61 receives a registration request from the terminal device 14, the portal service application 61 displays a screen showing a list of available services stored in the management information storage unit 91 in association with the tenant ID of the organization to which the user belongs. 14 (step S63). The terminal device 14 displays a screen showing a list of received services and accepts a service selection operation from the user (step S64). When the user selects any service on the screen showing the service list, the terminal device 14 transmits service selection information to the service providing system 20 (step S65).

  Subsequently, the portal service application 61 transmits a screen showing a list of data processing that can be added and stored in the management information storage unit 91 in association with the selected service to the terminal device 14 (step S66). The terminal device 14 displays the received data processing list and accepts a workflow creation operation by the user (step S67). Here, the data processing that can be added includes, for example, character recognition (OCR processing), file format conversion (for example, PDF conversion processing), image correction, barcode reading processing, and the like.

  The user operates the terminal device 14 to create a workflow that defines the execution order of data processing. When the creation of the workflow is completed, the terminal device 14 transmits the workflow setting information to the service providing system 20 (step S68). Upon receiving the workflow setting information from the terminal device 14, the portal service application 61 registers the workflow setting information in the management information storage unit 91 in association with the service (step S69).

<Example of workflow>
FIG. 17 is a diagram illustrating an example of a workflow. The service providing system 20 executes data processing according to a workflow as shown in FIG. 17, for example.

  When the service providing system 20 receives, for example, image data captured by the image forming apparatus 15, the service providing system 20 executes, for example, OCR processing as the first processing. Thereby, the service providing system 20 can generate text data from the image data.

  Subsequently, the service providing system 20 executes a PDF conversion process as the second process. Thereby, the service providing system 20 can convert the image data into PDF data. Subsequently, as a third process, the service providing system 20 distributes PDF data and text data to the online storage 42 registered in advance.

  Since the service providing system 20 can collectively execute a plurality of data processing in this way, work efficiency can be improved.

<Sequence during workflow execution>
FIG. 18 is a diagram illustrating a sequence during execution of a workflow. When using any service provided to the image forming apparatus 15, first, the user operates the display screen of the image forming apparatus 15 to select a workflow (step S71). When the workflow is selected by the user, the image forming apparatus 15 transmits selection information indicating the selected workflow to the service providing system 20 (step S72).

  The service providing system 20 activates the service application specified by the selection information. Here, the distribution service application 63 is activated. The distribution service application 63 transmits various information setting screens necessary for executing the data processing included in the selected workflow to the image forming apparatus 15 to display on the image forming apparatus 15 (step S73). For example, the distribution service application 63 causes the image forming apparatus 15 to display a setting screen for setting the URL of the online storage 42 to which the data is distributed.

  Subsequently, the user inputs necessary information on the setting screen (step S74). Subsequently, the image forming apparatus 15 transmits setting information (for example, the URL of the online storage 42) input by the user to the service providing system 20 (step S75). Upon receiving the setting information, the distribution service application 63 transmits a response screen to the image forming apparatus 15 and displays it on the image forming apparatus 15 (step S76).

  Subsequently, the user presses a scan start button or the like, and causes the image forming apparatus 15 to perform scanning (step S77). When the image forming apparatus 15 executes the scan, the image forming apparatus 15 transmits the image data acquired by the scan and a service use request to the service providing system 20 (step S78).

  FIG. 19 is a diagram showing a sequence following FIG. When the distribution service application 63 receives a service use request from the image forming apparatus 15 (step S78), each of the plurality of data processing defined in the selected workflow is sequentially executed by the data processing unit 86 in charge. Let

  For example, when the workflow shown in FIG. 17 is selected, the distribution service application 63 transmits a request for OCR processing to the data processing control unit 83 (step S79). When receiving the request, the data processing control unit 83 analyzes the request and registers a message in the corresponding processing queue 84 (step S80). Messages registered in the processing queue 84 are temporarily saved. The data processing request unit 85 in charge of the OCR processing acquires a message registered in the corresponding processing queue 84 when the data processing unit 86 in charge of the OCR processing becomes processable (step S81). Then, the data processing request unit 85 in charge of the OCR processing instructs the data processing unit 86 in charge of the OCR processing to execute the OCR processing indicated in the acquired message (step S82). When receiving the execution instruction, the data processing unit 86 in charge of the OCR process executes the OCR process (step S83). When the processing is completed, the data processing unit 86 in charge of the OCR processing returns an execution result to the data processing requesting unit 85 in charge of the OCR processing (step S84). Then, the data processing request unit 85 in charge of the OCR processing returns a response message to the distribution service application 63 (step S85).

  Subsequently, the distribution service application 63 transmits a request for PDF processing to the data processing control unit 83 (step S86). When receiving the request, the data processing control unit 83 analyzes the request and registers a message in the corresponding processing queue 84 (step S87). Messages registered in the processing queue 84 are temporarily saved. The data processing request unit 85 in charge of the PDF conversion process acquires a message registered in the corresponding processing queue 84 when the data processing unit 86 in charge of the PDF conversion process becomes processable (step S88). Then, the data processing request unit 85 in charge of the PDF conversion processing instructs the data processing unit 86 in charge of the PDF conversion processing to execute the PDF conversion processing indicated in the acquired message (step S89). When receiving the execution instruction, the data processing unit 86 in charge of the PDF conversion process executes the PDF conversion process (step S90). When the processing is completed, the data processing unit 86 in charge of the PDF conversion process returns an execution result to the data processing request unit 85 in charge of the PDF conversion process (step S91). Then, the data processing request unit 85 in charge of the PDF conversion process returns a response message to the distribution service application 63 (step S92).

  Subsequently, the distribution service application 63 transmits a request for distribution processing to the data processing control unit 83 (step S93). When receiving the request, the data processing control unit 83 analyzes the request and registers a message in the corresponding processing queue 84 (step S94). Messages registered in the processing queue 84 are temporarily saved. The data processing request unit 85 in charge of the distribution processing acquires the message registered in the corresponding processing queue 84 when the data processing unit 86 in charge of the distribution processing becomes processable (step S95). Then, the data processing request unit 85 in charge of the distribution process instructs the data processing unit 86 in charge of the distribution process to execute the distribution process indicated in the acquired message (step S96). When receiving the execution instruction, the data processing unit 86 in charge of the distribution process executes the distribution process on the online storage 42 of the set URL (step S97). Then, when the processing is completed, the data processing unit 86 in charge of the distribution processing returns an execution result to the data processing requesting unit 85 in charge of the distribution processing (step S98). Then, the data processing request unit 85 in charge of the distribution process returns a response message to the distribution service application 63 (step S99).

  As described above, according to the service providing system 20, a service that executes a plurality of data processing according to a workflow in an environment used by an unspecified number of users such as a cloud is provided to an apparatus such as the image forming apparatus 15. Can be provided via a network.

<Message deletion process>
FIG. 20 is a diagram illustrating a data configuration example of a job list. Each service application of the service providing system 20 manages a data processing request (request) received from the terminal device 14 or the image forming apparatus 15 as a list of jobs. The list of jobs managed by each service application has tenant ID, job ID, and status as data items. The tenant ID is information for identifying an organization to which the terminal device 14 or the like that transmitted the request belongs. The job ID is information for identifying the content of the request. The status is information for identifying whether the processing corresponding to the request is completed, being processed, or ended due to an error.

  When the status is being processed, the service providing system 20 can delete the process for the request or cause the process to be preferentially performed in response to a request from the terminal device 14. When the status is an error, the service providing system 20 can re-execute processing corresponding to the request in response to a request from the terminal device 14.

  FIG. 21 is a diagram showing a sequence of the deletion process. The platform 33 of the service providing system 20 receives a data processing request (request) from each service application, and executes data processing by the corresponding data processing unit 86 among the plurality of data processing units 86. In this case, the data processing control unit 83 analyzes the received request and registers a message in the processing queue 84 corresponding to the processing content. The message is stored in the processing queue 84 until it is read by the corresponding data processing unit 86.

  Here, after receiving the service use request, the service providing system 20 issues a use request when the execution of the process of the service has not yet been completed (for example, when the status in the list of FIG. 20 is being processed). Can be deleted. Specifically, the service providing system 20 proceeds with the use request deletion process in the sequence shown in FIG.

  After completing the login to the service providing system 20, the terminal device 14 transmits an acquisition request for a list of usage requests for services being processed to the service providing system 20 in accordance with a user operation (step S301). When the distribution service application 63 (request processing means) accepts the acquisition request from the terminal device 14, the distribution service application 63 (request processing means) stores the usage request being processed stored in the data processing information storage unit 92 in association with the tenant ID of the organization to which the user belongs. Information is read and acquired (steps S302 and S303). Then, the distribution service application 63 transmits the acquired list of usage requests being processed to the terminal device 14 for display (step S304).

  FIG. 22 is a diagram showing a sequence following the process of FIG. The user operates the terminal device 14 to select a usage request for which processing is to be stopped from the screen of the usage request list being processed (step S305). When the use request for deleting the process is selected by the user, the terminal device 14 transmits a delete request for deleting the use request selected by the user to the service providing system 20 (step S306).

  When the portal service application 61 receives a deletion request for deleting a service use request from the terminal device 14, the portal service application 61 transmits a deletion processing request to the data processing control unit 83 (step S307). When receiving the request, the data processing control unit 83 analyzes the request and registers a message in the corresponding processing queue 84 (step S308). The data processing request unit 85 in charge of the deletion process acquires a message registered in the corresponding processing queue 84 when the data processing unit 86 (execution request deletion unit) in charge of the deletion process can be processed (step S309). . Then, the data processing request unit 85 in charge of the deletion process instructs the data processing unit 86 in charge of the deletion process to execute the deletion process indicated in the acquired message (step S310).

  The data processing unit 86 in charge of the deletion processing deletes the corresponding message from the processing queue 84 in which the message corresponding to the usage request to be deleted is registered among the plurality of processing queues 84 (step S311). . As a result, the service providing system 20 can cancel the processing corresponding to the use request for which the deletion request has been made.

  Further, the data processing unit 86 in charge of the deletion process stores the deleted message in the data storage unit 93 (data storage unit) for a certain period (step S312). In this case, if there is data (for example, image data obtained by scanning) received together with the service use request, the data processing unit 86 also stores the data in the data storage unit 93. Further, if the data processing is being executed halfway, the data processing unit 86 also stores the data after being executed halfway in the data storage unit 93.

  Then, the data storage unit 93 stores the saved message and data for a certain period (step S313). Thereby, the portal service application 61 can re-execute the usage request once deleted later.

  As described above, according to the service providing system 20, in an environment used by an unspecified number of users, a use request for a service provided to a device on a network can be deleted during processing of the service.

<Message priority processing>
FIG. 22 is a diagram illustrating a priority processing sequence. The platform 33 of the service providing system 20 receives a plurality of data processing requests (requests) in parallel from each of a plurality of service applications, and executes data processing.

  In this case, the data processing control unit 83 analyzes the received request and registers a message in the processing queue 84 corresponding to the processing content. The message is accumulated in the processing queue 84 until it is read by the corresponding data processing unit 86. For this reason, the platform 33 of the service providing system 20 basically executes processing sequentially in the order in which service use requests are received.

  Here, after receiving a use request for a certain service, the service providing system 20 preferentially compares the use request with other use requests when the execution of the processing of the service has not yet been completed. Can be processed. Specifically, the service providing system 20 advances the priority processing of the usage request in the sequence shown in FIG.

  First, the service providing system 20 executes the processing until the terminal device 14 displays a screen of a list of usage requests being processed in the same manner as the processing from step S301 to step S304 shown in FIG.

  The user operates the terminal device 14 to select a usage request to be preferentially processed as compared with other usage requests from the list of usage requests being processed (step S325). When a usage request to be preferentially processed is selected by the user, the terminal device 14 transmits a priority processing request for preferentially processing the usage request selected by the user to the service providing system 20 (step S326). .

  Upon receiving a priority processing request from the terminal device 14, the portal service application 61 transmits a priority processing request to the data processing control unit 83 (step S327). When receiving the request, the data processing control unit 83 analyzes the request and registers a message in the corresponding processing queue 84 (step S328). The data processing request unit 85 in charge of priority processing acquires a message registered in the corresponding processing queue 84 when the data processing unit 86 (priority processing means) in charge of priority processing becomes processable (step S329). Then, the data processing request unit 85 in charge of priority processing instructs the data processing unit 86 in charge of priority processing to execute the priority processing indicated in the acquired message (step S330).

  The data processing unit 86 in charge of the priority processing gives priority to the data processing request unit 85 in charge of data processing for the priority processing target message in comparison with the other data processing. (Step S331).

  For example, the data processing unit 86 in charge of the priority processing extracts a corresponding message from the processing queue 84 in which a message corresponding to the usage request for priority processing is registered, and performs priority processing on the message. Set a flag to indicate. In this case, the data processing request unit 85 acquires the flagged message from the processing queue 84 with priority over other messages, and executes data processing.

  When a workflow is set, a plurality of data processes are executed for one use request. Accordingly, in this case, the data processing unit 86 in charge of priority processing instructs the data processing requesting unit 85 that executes each of the plurality of data processings to preferentially process the corresponding message (step S332).

  As described above, according to the service providing system 20, in an environment used by an unspecified number of users, a use request for a service provided to a device on a network can be preferentially processed during the processing of the service. .

  The program executed by the service providing system 20 of the present embodiment is an installable or executable file and can be read by a computer such as a CD-ROM, flexible disk (FD), CD-R, or DVD. Recorded on a simple recording medium.

  Further, the program executed in the service providing system 20 of the present embodiment may be stored on a computer connected to a network such as the Internet and provided by being downloaded via the network. Further, the program executed by the service providing system 20 of the present embodiment may be configured to be provided or distributed via a network such as the Internet.

  The program executed by the service providing system 20 according to the present embodiment has a module configuration including part or all of the above-described units (the service providing unit 31, the platform API 32, and the platform 33). The CPU (processor) reads out the program from the recording medium and executes the program, so that the above-described units are loaded onto the main storage device. It is to be generated.

10 System 11 Office Network System 13 Firewall 14 Terminal Device 15 Image Forming Device 16 Authentication Device 17 Other Device 20 Service Providing System 21 Access Control Device 22 Print Service Providing Device 23 Distribution Service Providing Device 24 Portal Service Providing Device 25 Authentication Device 26 Data Processing control device 27 Data processing execution control device 28 Data processing device 31 Service providing unit 32 Platform API
33 Platform 34 Management Data Storage Unit 41 Mail Server 42 Online Storage 51 Input Device 52 Display Device 53 External I / F
54 RAM
55 ROM
56 CPU
57 Communication I / F
58 HDD
61 Portal service application 62 Print service application 63 Distribution service application 71 Communication unit 72 Access control unit 73 Setting registration unit 74 Mail transmission unit 75 Authorization setting processing unit 77 License authentication unit 78 User authentication unit 79 User device authentication unit 80 Internal cooperation authentication unit 81 External Cooperation Authentication Unit 83 Data Processing Control Unit 84 Processing Queue 85 Data Processing Request Unit 86 Data Processing Unit 91 Management Information Storage Unit 92 Data Processing Information Storage Unit 93 Data Storage Unit 101 Processing Request Unit 102 Message Queue

JP 2010-130528 A

Claims (14)

A service providing system configured to include one or more information processing devices and provide services to devices connected via a network,
Management information storage means for storing management information for associating and managing user identification information for identifying a user, device identification information for identifying a first device, and service identification information for identifying a service registered as a usage target ,
Authentication information receiving means for receiving authentication information including user authentication information used for user authentication and device authentication information used for device authentication from the device connected via a network;
Authentication means for executing authentication processing of the received authentication information;
A service specifying means for specifying a service associated with the authentication information based on the authentication information and the management information when the authentication information is authenticated;
An execution means for receiving a usage request for the identified service from the device connected via a network and executing a process according to the usage request;
With
The execution means includes
Execution request storage means for storing execution request information of data processing that is requested to execute;
Data processing control means for registering execution request information for executing specific data processing in the execution request storage means in response to the use request;
Among the execution request information registered in the execution request storage means, a plurality of data processing means for executing data processing according to execution request information for predetermined data processing;
An execution request deleting means for deleting the corresponding execution request information stored in the execution request storage means in response to a deletion request for deleting a use request being processed;
A service providing system comprising:   The execution means provides a list of execution request information stored in the execution request storage means to an apparatus connected via a network, and receives a request to delete execution request information selected from the provided list. The service providing system according to claim 1, further comprising a request processing unit that performs the processing.   The execution means includes data storage means for storing the execution request information deleted by the execution request deletion means and data to be processed according to the execution request information for at least a predetermined period. The service providing system according to 1. The management information storage means stores the management information for managing the organization identification information for identifying the organization, the user identification information, the device identification information, and the service identification information in association with each other,
The authentication information receiving means receives organization authentication information used for organization authentication, authentication information including the user authentication information and the device authentication information from the first device connected via a network,
The service providing system according to claim 1, wherein the service specifying unit specifies a service associated with the organization identification information, the user identification information, and the device identification information. Among the service identification information, the first service is identified, the first service identification information which is a license of the first service, and the registration information for registering the first service identification information as a usage target. License information storage means for storing license information associated with
In response to receiving a registration request including the first service identification information and the registration information, license authentication is performed based on the received first service identification information, the registration information, and the license information. A license authentication means for executing
First registration means for registering the received first service identification information in the management information as a service use target when a license is authenticated;
The service providing system according to claim 1, further comprising: The management information storage means stores first user identification information and second user identification information as the user identification information for identifying a user who logs in to the service providing system,
The authentication information receiving means is first user authentication information or user identification information of a user authenticated by another authentication means as user authentication information used for user authentication from the device connected via a network. One of the second user authentication information is received,
The authentication unit performs user authentication based on the first user authentication information and the first user identification information when the first user authentication information is received by the authentication information receiving unit, and the authentication The user authentication based on the second user authentication information and the second user identification information is executed when the second user authentication information is received by an information receiving unit. Service provision system. The management information storage means stores third user authentication information, which is authentication information of a user who logs in to an external service connected to the service providing system via a network,
The execution means logs in to the external service based on the third user authentication information authenticated by the authentication means when the process according to the received use request includes a process linked to the external service. The service providing system according to claim 1, wherein the service is executed. The execution means includes
Execution request storage means for storing execution request information of data processing that is requested to execute;
Data processing control means for registering execution request information for executing specific data processing in the execution request storage means in response to the use request;
Among the execution request information registered in the execution request storage means, a plurality of data processing means for executing data processing according to execution request information for predetermined data processing;
Including
Each of the plurality of data processing means registers execution request information of the next data processing in the execution request storage means when there is next data processing as a result of executing the data processing. Item 4. The service providing system according to Item 1. Each of the plurality of data processing means includes a data processing means for registering the execution request information of the next data processing in the execution request storage means after generating the plurality of execution request information according to the execution request information. The service providing system according to claim 8, comprising: A service providing system configured to include one or more information processing devices and provide services to devices connected via a network,
Management information storage means for storing management information for associating and managing user identification information for identifying a user, device identification information for identifying a first device, and service identification information for identifying a service registered as a usage target ,
Authentication information receiving means for receiving authentication information including user authentication information used for user authentication and device authentication information used for device authentication from the device connected via a network;
Authentication means for executing authentication processing of the received authentication information;
A service specifying means for specifying a service associated with the authentication information based on the authentication information and the management information when the authentication information is authenticated;
An execution means for receiving a usage request for the identified service from the device connected via a network and executing a process according to the usage request;
With
The execution means includes
Execution request storage means for storing execution request information of data processing that is requested to execute;
Data processing control means for registering execution request information for executing specific data processing in the execution request storage means in response to the use request;
Among the execution request information registered in the execution request storage means, a plurality of data processing means for executing data processing according to execution request information for predetermined data processing;
Priority processing that causes the corresponding data processing means to preferentially process the corresponding execution request information stored in the execution request storage means in response to a priority processing request that preferentially processes the usage request being processed. Means,
A service providing system comprising: A service providing method that is executed in a service providing system that provides a service to an apparatus that is configured by one or more information processing apparatuses and is connected via a network,
Management information that associates and manages user identification information that identifies a user, device identification information that identifies a first device, and service identification information that identifies a service registered as a usage target is stored in the management information storage unit. A management information storage step;
An authentication information receiving step of receiving authentication information including user authentication information used for user authentication and device authentication information used for device authentication from the device connected via a network;
An authentication step of executing an authentication process of the received authentication information;
A service specifying step for specifying a service associated with the authentication information based on the authentication information and the management information when the authentication information is authenticated;
An execution step of receiving a usage request for the identified service from the device connected via a network and executing a process according to the usage request;
Including
The execution step includes:
A data processing control step for registering execution request information for executing specific data processing in the execution request storage means in response to the use request;
A data processing step of executing data processing according to execution request information of predetermined data processing by a plurality of data processing means among execution request information registered in the execution request storage means;
An execution request deleting step of deleting the corresponding execution request information stored in the execution request storage means in response to a deletion request for deleting a use request being processed;
Service providing method including: A service providing method that is executed in a service providing system that provides a service to an apparatus that is configured by one or more information processing apparatuses and is connected via a network,
Management information that associates and manages user identification information that identifies a user, device identification information that identifies a first device, and service identification information that identifies a service registered as a usage target is stored in the management information storage unit. A management information storage step;
An authentication information receiving step of receiving authentication information including user authentication information used for user authentication and device authentication information used for device authentication from the device connected via a network;
An authentication step of executing an authentication process of the received authentication information;
A service specifying step for specifying a service associated with the authentication information based on the authentication information and the management information when the authentication information is authenticated;
An execution step of receiving a usage request for the identified service from the device connected via a network and executing a process according to the usage request;
Including
The execution step includes:
A data processing control step for registering execution request information for executing specific data processing in the execution request storage means in response to the use request;
A data processing step of executing data processing according to execution request information of predetermined data processing by a plurality of data processing means among execution request information registered in the execution request storage means;
Priority processing that causes the corresponding data processing means to preferentially process the corresponding execution request information stored in the execution request storage means in response to a priority processing request that preferentially processes the usage request being processed. Steps,
Service providing method including: A program for causing an information processing device to function as a service providing system that provides a service to a device connected via a network,
The information processing apparatus;
Management information storage means for storing management information for associating and managing user identification information for identifying a user, device identification information for identifying a first device, and service identification information for identifying a service registered as a usage target ,
Authentication information receiving means for receiving authentication information including user authentication information used for user authentication and device authentication information used for device authentication from the device connected via a network;
Authentication means for executing authentication processing of the received authentication information;
A service specifying means for specifying a service associated with the authentication information based on the authentication information and the management information when the authentication information is authenticated;
An execution means for receiving a usage request for the identified service from the device connected via a network and executing a process according to the usage request;
To function,
Execution request storage means for storing execution request information of data processing that is requested to execute the execution means;
Data processing control means for registering execution request information for executing specific data processing in the execution request storage means in response to the use request;
Among the execution request information registered in the execution request storage means, a plurality of data processing means for executing data processing according to execution request information for predetermined data processing;
An execution request deleting means for deleting the corresponding execution request information stored in the execution request storage means in response to a deletion request for deleting a use request being processed;
Program to make it work. A program for causing an information processing device to function as a service providing system that provides a service to a device connected via a network,
The information processing apparatus;
Management information storage means for storing management information for associating and managing user identification information for identifying a user, device identification information for identifying a first device, and service identification information for identifying a service registered as a usage target ,
Authentication information receiving means for receiving authentication information including user authentication information used for user authentication and device authentication information used for device authentication from the device connected via a network;
Authentication means for executing authentication processing of the received authentication information;
A service specifying means for specifying a service associated with the authentication information based on the authentication information and the management information when the authentication information is authenticated;
An execution means for receiving a usage request for the identified service from the device connected via a network and executing a process according to the usage request;
To function,
Execution request storage means for storing execution request information of data processing that is requested to execute the execution means;
Data processing control means for registering execution request information for executing specific data processing in the execution request storage means in response to the use request;
Among the execution request information registered in the execution request storage means, a plurality of data processing means for executing data processing according to execution request information for predetermined data processing;
Priority processing that causes the corresponding data processing means to preferentially process the corresponding execution request information stored in the execution request storage means in response to a priority processing request that preferentially processes the usage request being processed. Means,
Program to make it work.

Images