JP2016130973A - Device, image forming apparatus, information processing method, information processing program, and information processing system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To easily enable update of setting information on a web browser developed by a manufacturer of an MFP with a web application developed by a vendor, while ensuring safety.SOLUTION: An access token is issued in advance to a web application regularly authenticated by an MFP. When settings of a web browser is updated, the web application presents the access token to the web browser of the MFP. The web browser analyses the presented access token to determine whether the web application is a regular one. When the access token includes setting information on a setting item in which the regular web application desires to update, the web browser updates the setting information on the web browser to the setting information included in the access token.SELECTED DRAWING: Figure 7

Description

  The present invention relates to a device, an image forming apparatus, an information processing method, an information processing program, and an information processing system.

  Today, single devices such as a copying apparatus, a printer apparatus, a facsimile apparatus, and a scanner apparatus are known. There is also known a multifunction peripheral (MFP) having a plurality of image forming functions such as a copy function, a printer function, a facsimile function, and a scanner function. Further, with the recent evolution of network technology, an increasing number of Web applications perform information processing with a server device on a predetermined network such as the Internet and return the information processing result to a user agent such as a Web browser of a client terminal. . Web is an abbreviation for “World Wide Web”.

  A Web API for making use of MFP functions, changing settings, and the like is also disclosed. Printing instructions and setting changes can be made from an HTML screen displayed by the Web API via the MFP Web browser. API is an abbreviation for “Application Programming Interface”. HTML is an abbreviation for “HyperText Markup Language”.

  In Patent Document 1 (Japanese Patent Laid-Open No. 2012-063813), when the access destination of the Web browser is switched, the setting of the Web browser is automatically set to the setting corresponding to the Web page without imposing a burden on the Web browser. An image forming apparatus to be switched is disclosed. In this image forming apparatus, when an access destination site is switched, a Web browser sets a browser setting to a local setting and accesses an access destination Web application. The web application determines whether or not it is necessary to update browser settings applied to the display of the web page. Then, when it is determined that the browser setting needs to be updated, the Web application instructs to update the browser setting. The web browser displays the web page using the updated browser settings.

  However, policies such as Web application security and user access restrictions differ depending on the vendor to be developed. In order to cope with different policies for each vendor on the user agent side such as a Web browser, it is necessary to add a setting screen and security setting items according to the request of each vendor to the user agent. As a result, there is a problem that a heavy burden is imposed on the developer side of the user agent.

  In order to solve this problem, APIs for referring to and updating the setting information are disclosed, and each Web application updates the setting information in response to each request, or the Web application generates a setting screen. There is a method of presenting to a user via a user agent.

  However, when the setting information is updated by the Web application side or the setting screen is generated by the Web application, the setting information is added and updated each time a setting item for a new model is added and a setting information for each model is different. Alternatively, the developer needs to create a Web application that generates a setting screen. In this case, even if the burden on the developer side of the user agent can be reduced, on the contrary, there arises a problem that a large burden is imposed on the developer side of the Web application.

  On the other hand, in the case of the image forming apparatus of Patent Document 1, there is a security problem because it is not determined whether or not the authority to change the setting is given to the Web application that changes the setting. Specifically, in the case of the image forming apparatus of Patent Document 1, setting information of important setting items is obtained by the user of the image forming apparatus accessing a Web application that is not approved by the manufacturer of the image forming apparatus. There is a risk that the user will be rewritten and suffer an unexpected disadvantage.

  In addition, in the case of the image forming apparatus disclosed in Patent Document 1, the web application adds and updates the setting information every time a setting item for a new model is added and a difference in setting information for each model occurs. It is necessary to develop a Web application so that a user can be generated and posted to the user. For this reason, as described above, there is a problem that even if the burden on the Web browser side can be reduced, a large burden is imposed on the developer side of the Web application.

  The present invention has been made in view of the above-described problems. An apparatus, an image forming apparatus, an information processing method, and an information processing apparatus that can safely and easily execute a setting change of the second application program by the first application program. An object is to provide an information processing program and an information processing system.

  In order to solve the above-described problems and achieve the object, the present invention uses an acquisition unit that acquires security identification information from a first application program used via a network, and the acquired security identification information. A determination unit that determines whether the first application program is correct and a setting information that is requested by the first application program that is determined to be correct by the determination unit, and that operates in the device in cooperation with the first application program. And an update unit for updating the setting information of the second application program.

  According to the present invention, there is an effect that the setting change of the second application program by the first application program can be executed safely and easily.

FIG. 1 is a system configuration diagram of an information processing system according to an embodiment. FIG. 2 is a schematic diagram of a software configuration of the MFP provided in the information processing system according to the embodiment. FIG. 3 is a functional block diagram of a Web browser provided in the MFP of the information processing system according to the embodiment. FIG. 4 is a functional block diagram of a Web application provided in the Web server device of the information processing system according to the embodiment. FIG. 5 is a schematic diagram of an access token issued from the manufacturer of the MFP of the information processing system according to the embodiment to the vendor developing the Web application. FIG. 6 is a diagram illustrating an example of a setting item list of a Web browser provided in the MFP of the information processing system according to the embodiment. FIG. 7 is a flowchart illustrating a flow in which the Web application in the information processing system according to the embodiment updates the setting information of the Web browser. FIG. 8 is a flowchart illustrating a flow of determining whether a Web application is correct using an access token in the information processing system according to the embodiment. FIG. 9 is a flowchart illustrating a flow of updating the setting information of the Web browser to the setting information included in the access token in the information processing system according to the embodiment. FIG. 10 is a flowchart illustrating a flow of updating the setting information of the Web browser other than the setting information included in the access token with reference to the setting item list in the information processing system according to the embodiment. FIG. 11 is a flowchart illustrating a flow of updating the setting information of the Web browser to the setting information selected by the user from the plurality of setting information in the information processing system according to the embodiment.

  Hereinafter, as an example, an information processing system according to an embodiment to which the present invention is applied will be described.

  First, FIG. 1 shows a system configuration diagram of an information processing system 100 according to an embodiment. As shown in FIG. 1, the information processing system 100 according to the embodiment includes a multifunction peripheral (MFP) 1 and a Web server device 37. The MFP 1 and the Web server device 37 are connected to each other via a network 40 such as the Internet.

  An MFP 1 as an example of a device and an image forming apparatus includes a main body 10 having various functions such as a copy function, a scanner function, a facsimile function, and a printer function, and an operation unit 20 that receives an input corresponding to a user operation. . The main body 10 and the operation unit 20 are connected via a dedicated communication path 30 so that they can communicate with each other. The communication path 30 may be, for example, a USB (Universal Serial Bus) standard, but may be of any standard regardless of wired or wireless. The main body 10 may have one function or a plurality of functions among image forming functions such as a copy function, a scanner function, a facsimile function, and a printer function.

  As the operation unit 20, an electronic device capable of executing complete information processing independently can be used. As an example, an information processing terminal such as a smartphone or a tablet terminal can be used as the operation unit 20. In this case, the information processing terminal used as the operation unit 20 functions as the operation unit of the MFP 1. Hereinafter, the term “operation panel” simply refers to an operation panel that is fixed and installed in the conventional MFP 1.

  More specifically, an information processing terminal used as the operation unit 20 is detachably connected to the MFP 1 instead of an operation panel that has been conventionally fixed and installed as an operation unit dedicated to the MFP 1. That is, the information processing terminal used as the operation unit 20 is installed integrally with the MFP 1 while being detachable (separable) at a predetermined position such as a position where the operation panel of the MFP 1 is disposed. Therefore, the information processing terminal and the MFP 1 used as the operation unit 20 may be grasped as a single device. When the information processing terminal that is the operation unit 20 is removed from the MFP 1, the information processing terminal performs wireless communication such as Bluetooth (registered trademark) or infrared communication with the MFP 1 and functions as an operation unit of the MFP 1.

  The main body 10 performs an operation according to the input received by the operation unit 20. The main body 10 can also communicate with an external device such as a client PC (personal computer), and performs an operation according to an instruction received from the external device.

  Next, the hardware configuration of the main body 10 will be described. As shown in FIG. 1, the main body 10 includes a CPU 11, a ROM 12, a RAM 13, and an HDD (hard disk drive) 14. The main body 10 includes a communication I / F (interface) 15, a connection I / F 16, and an engine unit 17. The units 11 to 17 are connected to each other via a system bus 18.

  The CPU 11 comprehensively controls the operation of the main body 10. The CPU 11 controls the overall operation of the main body 10 by executing a program stored in the ROM 12 or the HDD 14 or the like using the RAM 13 as a work area (work area), and the above-described copy function, scanner function, facsimile function, printer function, etc. Implement various functions.

  The communication I / F 15 is an interface for communicating with an external device such as a client PC (personal computer) or the Web server device 37 on the network 40. The connection I / F 16 is an interface for communicating with the operation unit 20 via the communication path 30. 1 and 2, the communication path 30 is illustrated in a wired manner, but the operation unit 20 is provided to be detachable from the main body 10 of the MFP 1 as described above. Therefore, it is understood that the communication path 30 functions as a wired communication path when the operation unit 20 is attached to the MFP 1, and the communication path 30 functions as a wireless communication path when the operation unit 20 is detached from the MFP 1. I want.

  The engine unit 17 is hardware that performs processing other than general-purpose information processing and communication for realizing a copy function, a scanner function, a facsimile function, and a printer function. The engine unit 17 includes, for example, a scanner (image reading unit) that scans and reads an image of a document, a plotter (image forming unit) that performs printing on a sheet material such as paper, and a facsimile communication unit that performs facsimile communication. . Furthermore, a specific option such as a finisher for sorting printed sheet materials and an automatic document feeder (ADF) for automatically feeding a document can be provided.

  Next, the hardware configuration of the operation unit 20 will be described. As shown in FIG. 1, the operation unit 20 includes a CPU 21, a ROM 22, a RAM 23, a flash memory 24, a communication I / F 25, a connection I / F 26, and an operation panel 27, which are a system bus 28. Are connected to each other.

  The CPU 21 comprehensively controls the operation of the operation unit 20. The CPU 21 controls the entire operation unit 20 by executing a program stored in the ROM 22 or the flash memory 24 using the RAM 23 as a work area (work area). And CPU21 implement | achieves the various functions mentioned later, such as a display of the information (image) according to the input received from the user.

  For example, a Web browsing application program (Web browsing AP) is stored in a storage unit such as the ROM 22. The CPU 21 implements a web browser 19 to be described later by executing a web browsing AP. The web browser 19 is an example of a second application program. The web browser 19 performs a browsing operation or the like in cooperation with a web application 39 stored in a storage unit such as the HDD 34 of the web server device 37. Although details will be described later, in the information processing system according to the embodiment, the setting of the Web browser 19 can be changed by the Web application 39 safely and easily.

  In this example, the Web browsing AP is stored in the ROM 22 or the like of the operation unit 20 of the MFP 1. However, the web browsing AP may be stored in a storage unit on the main body 10 side of the MFP 1, such as the ROM 12, the RAM 13, or the HDD 14, for example. In this case, the Web browser 19 is realized by the CPU 11 on the main body 10 side executing the Web browsing AP stored in the ROM 12 or the like.

  The communication I / F 25 is an interface for communicating with a server device on the network 40, for example. The connection I / F 26 is an interface for communicating with the main body 10 via the communication path 30.

  The operation panel 27 is an example of an operation unit and a display unit, and includes a liquid crystal display device (LCD) provided with a touch sensor. The operation panel 27 receives various types of input in accordance with user operations, and displays various types of information such as information in accordance with the received input, information indicating the operation status of the MFP 1, information indicating a setting state, and the like. The operation panel 27 may be composed of an organic EL display device that includes a touch sensor. Further, in addition to or instead of this, an operation unit such as a hardware key and a display unit such as a lamp may be provided.

  Next, the hardware configuration of the Web server device 37 will be described. As shown in FIG. 1, the Web server device 37 includes a CPU 31, a ROM 32, a RAM 33, an HDD 34, and a communication I / F 35, which are connected to each other via a system bus 38. A web application (WebAP) 39 is stored in a storage unit such as the HDD 34. The Web AP 39 is executed by the CPU 31 and enables a browsing operation of the Web browser 19 in cooperation with the Web browser 19 of the MFP 1. Note that the Web AP 39 may be downloaded from the Web server device 37 to the MFP 1, and the CPU 21 or the CPU 11 of the MFP 1 may execute the downloaded Web AP 39.

  Next, FIG. 2 shows an example of the software configuration of the MFP 1. As illustrated in FIG. 2, the main body 10 includes an application layer 101, a service layer 102, and an OS layer 103. The entities of the application layer 101, the service layer 102, and the OS layer 103 are various software stored in the ROM 12, the HDD 14, or the like. Various functions are provided by the CPU 11 executing these software.

  The software of the application layer 101 is application software for operating a hardware resource to provide a predetermined function (in the following description, it may be simply referred to as “application”). For example, examples of the application include a copy application for providing a copy function, a scanner application for providing a scanner function, a facsimile application for providing a facsimile function, a printer application for providing a printer function, and the like.

  The software of the service layer 102 is software that is interposed between the application layer 101 and the OS layer 103 and provides an interface for using hardware resources included in the main body 10 for the application. Specifically, it is software for providing a function of accepting an operation request for a hardware resource and arbitrating the operation request. As an operation request received by the service layer 102, a request such as reading by a scanner or printing by a plotter can be considered.

  Note that the interface function by the service layer 102 is provided not only to the application layer 101 of the main body 10 but also to the application layer 201 of the operation unit 20. That is, the application layer 201 (application) of the operation unit 20 can also realize a function using hardware resources (for example, the engine unit 17) of the main body 10 via the interface function of the service layer 102.

  The software of the OS layer 103 is basic software (operating system) for providing a basic function for controlling hardware included in the main body 10. The software of the service layer 102 converts a hardware resource use request from various applications into a command interpretable by the OS layer 103 and passes the command to the OS layer 103. Then, when the command is executed by the software of the OS layer 103, the hardware resource performs an operation according to the request of the application.

  Similarly, the operation unit 20 includes an application layer 201, a service layer 202, and an OS layer 203. The application layer 201, the service layer 202, and the OS layer 203 included in the operation unit 20 have the same hierarchical structure as that of the main body 10 side. However, the functions provided by the applications in the application layer 201 and the types of operation requests that can be accepted by the service layer 202 are different from those on the main body 10 side. The application of the application layer 201 is software for operating a hardware resource included in the operation unit 20 and providing a predetermined function. Mainly, software for providing a UI (user interface) function for performing operations and display related to functions (copy function, scanner function, facsimile function, printer function) provided in the main body 10.

  In the example of the embodiment, the software of the OS layer 103 on the main body 10 side and the software of the OS layer 203 on the operation unit 20 side are different from each other in order to maintain the independence of functions. That is, the main body 10 and the operation unit 20 operate independently of each other with different operating systems. For example, it is possible to use Linux (registered trademark) as the software of the OS layer 103 on the main body 10 side and Android (registered trademark) as the software of the OS layer 203 on the operation unit 20 side.

  By operating the main body 10 and the operation unit 20 with different operating systems, communication between the main body 10 and the operation unit 20 is performed as communication between different devices, not communication between processes in a common device. The operation (command communication) for transmitting the input (instruction content from the user) received by the operation unit 20 to the main body 10 and the operation for the main body 10 notifying the operation unit 20 of an event correspond to this. Here, the function of the main body 10 can be used when the operation unit 20 performs command communication with the main body 10. The event notified from the main body 10 to the operation unit 20 includes the execution status of the operation in the main body 10 and the contents set on the main body 10 side.

  In the example of the embodiment, since the power supply to the operation unit 20 is performed from the main body 10 via the communication path 30, the power control of the operation unit 20 is performed separately from the power control of the main body 10 ( Can be done independently).

  In this example, the main body 10 and the operation unit 20 are electrically and physically connected via the communication path 30, but the operation unit 20 may be removable from the main body 10 as described above. In this case, the main body 10 and the operation unit 20 are provided with a short-range wireless communication unit such as an infrared communication unit, an RF communication unit, or a Bluetooth (registered trademark) communication unit. RF is an abbreviation for “Radio Frequency”. Alternatively, the main body 10 and the operation unit 20 are provided with a wireless LAN communication function such as Wi-Fi (registered trademark), and can communicate with each other via a wireless LAN access point (wireless LANAP) and the network 40 as shown in FIG. It is good. LAN is an abbreviation for “Local Area Network”. When the operation unit 20 can be removed from the main body 10, the operation unit 20 stores the power supplied from the main body 10 via the communication path 30 in the secondary battery, and when the operation unit 20 is removed from the main body 10, It operates using the power stored in the secondary battery and communicates with the main body 10.

  Next, FIG. 3 shows a functional block diagram of the Web browser 19 realized by the CPU 21 of the operation unit 20 of the MFP 1 executing the Web browser AP stored in the ROM 22. As shown in FIG. 3, the Web browser 19 includes a remote communication unit 51, an access token determination unit 52, a setting value reference unit 53, a setting value update unit 54, a setting item list generation unit 55, and a setting screen generation unit 56. doing.

  Further, the web browser 19 uses the remote communication unit 51 to the setting screen generation unit 56 to display screen configuration information 58 necessary for the screen configuration, such as information on the setting items of the web browser 19 (setting items 57), and words of the setting items. It manages current setting information 59 and security information 60 relating to security risks of setting items.

  In this example, the remote communication unit 51 to the setting screen generation unit 56 will be described as being realized by software. However, all or part of the remote communication unit 51 to the setting screen generation unit 56 is hardware. It may be realized.

  Further, the web browsing AP may be provided by being recorded in a recording medium readable by a computer device such as a CD-ROM or a flexible disk (FD) in an installable or executable format file. Further, the web browsing AP may be provided by being recorded on a computer-readable recording medium such as a CD-R, a DVD, a Blu-ray disc (registered trademark), or a semiconductor memory. DVD is an abbreviation for “Digital Versatile Disk”. Further, the web browsing AP may be provided via a network such as the Internet. Further, the MFP 1 may download the Web browsing AP via the network, install it on the operation unit 20 (or the main body 10), and execute it. Further, the Web browsing AP may be provided by being incorporated in advance in a ROM or the like in the device.

  The remote communication unit 51 is an example of an acquisition unit that acquires security identification information from the Web application 39 that is an example of a first application program. The remote communication unit 51 transmits and receives display content and setting information between the Web browser 19 and the Web application 39. The setting information includes a setting value. The access token determination unit 52 is an example of a determination unit. The encrypted access token obtained from the Web application 39 is decrypted to verify whether it is a legitimate access token. The access token is an example of security identification information, and is information obtained by encrypting user authentication information such as user-specific information and a password, for example. The setting value reference unit 53 manages the reference of the setting information of the Web browser 19 by the Web application 39. The set value update unit 54 is an example of an update unit, and manages the update of the setting information of the Web browser 19 by the Web application 39.

  The setting item list generation unit 55 presents a list (setting item list) of setting items 57 held by the Web browser 19 to the Web application 39. In addition, the setting item list generation unit 55 refers to the screen configuration information and the security information, and assigns information about the name and security risk to each setting item included in the setting item 57. The setting screen generation unit 56 renders content information for referring to or updating the setting information on the HTML page displayed on the operation panel 27 in response to a request from the Web browser 19 itself or a request from the Web application 39. .

  Next, FIG. 4 shows a functional block diagram of a Web application 39 realized by executing WebAP stored in the HDD 34 of the Web server device 37. As shown in FIG. 4, the Web application 39 includes a remote communication unit 61, a setting item display determination unit 62, a setting screen generation unit 63, a setting content determination unit 64, and an access token authentication unit 65.

  Also, the Web application 39 uses the remote communication unit 61 to the access token authentication unit 65, for example, the unique setting value 66 of the Web application 39 such as hiding the toolbar of the screen, and the current setting information of the Web application 39. 67, and a security policy 68 such that security information such as a cookie is not shown to general users.

  In this example, the remote communication unit 61 to the access token authentication unit 65 will be described as being realized by software, but all or part of the remote communication unit 61 to the access token authentication unit 65 is implemented by hardware. It may be realized.

  WebAP may be provided as a file in an installable or executable format recorded on a computer-readable recording medium such as a CD-ROM or a flexible disk (FD). The WebAP may be provided by being recorded on a recording medium readable by a computer device such as a CD-R, a DVD, a Blu-ray disc (registered trademark), or a semiconductor memory. DVD is an abbreviation for “Digital Versatile Disk”. WebAP may be provided via a network such as the Internet. Further, the Web server device 37 may download, install and execute WebAP via a network. Further, WebAP may be provided by being incorporated in advance in the ROM 32 or the like in the device.

  The remote communication unit 61 transmits and receives data such as display content and setting information between the Web browser 19 and the Web application 39. The setting item display determination unit 62 determines setting items to be displayed on the screen (operation panel 27) among the setting items used by the Web application 39. The setting content determination unit 64 includes “the setting item 57 held by the Web browser 19, the current setting information 59 and the security information 60 of each setting item”, and “the unique setting value 66 and the security policy 68 of the Web application 39 itself”. The setting items used by the Web application 39 and the setting contents to be set in the Web browser 19 are determined.

  The setting screen generation unit 63 generates a screen for changing the settings of the Web browser 19 and the Web application 39 from the setting items determined by the setting content determination unit 64 and screen information such as names included in the setting items. The access token authentication unit 65 presents an encrypted access token issued in advance to the web browser 19 when the web application 39 is activated. If the authentication is successful, the Web application 39 can use the function of the Web browser 19.

  Next, FIG. 5 shows an example of an access token format. A vendor that develops the Web application 39 applies to the manufacturer of the MFP 1 for issuance of an access token, for example, at the start of development or during development. The manufacturer of the MFP 1 issues a “provisional access token”, which is a temporary access token, when an application for issuing an access token is first made. The vendor develops the Web application 39 using the “provisional access token”. When the vendor completes the development of the Web application 39, the vendor applies again to the manufacturer of the MFP 1 for issuing an access token. When the manufacturer of the MFP 1 makes a request for issuance of an access token again from a vendor who has already issued a “provisional access token”, the “main access token” illustrated in FIG. Issue to 39 vendors who have completed 39 developments. Hereinafter, “access token” refers to “this access token”.

  In the access token, information for specifying the Web application 39, information indicating the necessity of setting update of the Web browser 19, and the like are stored. Specifically, the access token stores the development vendor name, product ID, access token expiration date, Web application name, information indicating whether setting update is necessary, cookie storage settings, password storage settings, and the like. ing.

  More specifically, in the example shown in FIG. 5, the development vendor name (Vendor Name) is “XX”, the product ID (Product ID) is “999999”, and the access token expiration date (Expiration Date) is “ “2019/12/31” and the Web application name (Product Name) are stored in the access token as “Sample Web Application”. In the case of the example shown in FIG. 5, the information (Require Update Settings) indicating whether setting update is necessary is “True”, the cookie save setting (Save Cookie) is “True”, and the password save setting (Save Password) is set. It is stored in the access token as “True”.

  The Web browser 19 verifies whether the Web application 39 uses the function of the Web browser 19 with such an access token. When information (Require Update Settings) indicating whether setting update is necessary is “True”, it indicates that the setting update of the Web browser 19 is possible. If the information indicating whether setting update is required (Require Update Settings) is “True” and the cookie save setting (Save Cookie) is “True”, the Web browser 19 authenticates the access token of the Web application 39. The rewriting of the setting information of the Web browser 19 by the Web application 39 is permitted.

  Next, FIG. 6 shows an example of a setting item list presented by the web browser 19. The Web browser 19 presents the recommended security level, the read / write authority for each security level, and the initial setting value for the setting items held by the Web browser 19 itself. The setting item list shown in FIG. 6 is an example of a setting item list related to the cookie storage setting (attribute id = “Cookie Setting”) of the Web browser 19. The recommended security level is “high” (secure = “High”).

  Saving cookies creates a security risk. However, storing the cookie also has a useful aspect, such as being able to be used as a storage destination of information of the Web server 37. The Web application 39 selects the final setting according to the policy, and rewrites the initial value of the setting.

  That is, the security level of “high (secure id =“ High ”)” in the cookie storage setting of the Web browser 19 gives read / write authority only to the administrator (role id = "Manager" read = "true" write = "true"), it is set not to give read / write authority to general users (role id = "User" read = "false" write = "false"). In addition, the initial value of the security level setting of “high (secure id =“ High ”)” is set not to save the cookie (select default = “doNotSave”).

  In addition, the security level of “Medium (secure id =“ Middle ”)” in the cookie storage setting of the Web browser 19 gives the administrator read / write authority (role id = “Manager” read = “true” write = "true"), only general read permission is set for general users (role id = "User" read = "true" write = "false"). In addition, the initial value of the security level setting of “medium (secure id =“ Middle ”)” is a setting for saving a cookie (select default = “doSave”).

  In addition, the security level of “low (secure id =“ Low ”) in the cookie storage setting of the Web browser 19 gives the administrator read / write authority (role id =“ Manager ”read =“ true ”write = "true"), it is also set to give read / write authority to general users (role id = "User" read = "true" write = "true"). In addition, the initial value of the security level setting of “low (secure id =“ Low ”) is a setting for saving a cookie (select default =“ doSave ”).

  The Web application 39 follows the policy from among the above security levels “high (secure id =“ High ”)”, “medium (secure id =“ Middle ”)”, and “low (secure id =“ Low ”)”. The final setting is selected, and the initial value of the setting is rewritten. The same applies to the new setting item, and the Web application 39 refers to the authority and the initial setting value according to the security level of the setting item list according to the policy. Thereby, the Web application 39 can easily determine the behavior (operation).

  Next, the flowchart of FIG. 7 shows a flow in which the Web application 39 changes the setting of the Web browser 19. First, in step S <b> 1, the Web browser 19 of the MFP 1 accesses the Web server device 37 and makes a request for starting the Web application 39. Thereby, the CPU 31 of the Web server device 37 activates the Web application 39 stored in the HDD 34, and the process proceeds to Step S2. In step S2, the web application 39 presents the access token described with reference to FIG.

  The access token determination unit 52 of the Web browser 19 issues the presented access token to the vendor by verifying the development token name, product ID, expiration date, necessity of setting update, etc. of the access token shown in FIG. It is verified whether it is a regular access token. In step S3, the access token determination unit 52 determines whether the access token is correct and the user has setting update authority. If it is an illegal access token and the access token is correct but there is no setting update authority (step S3: No), the process of the flowchart of FIG. 7 is terminated. On the other hand, when it is determined that the access token is correct and the setting update authority is granted (step S3: Yes), the process proceeds to step S4.

  In step S4, the setting value reference unit 53 of the Web browser 19 refers to the access token, and determines whether the value of the setting item is included in the access token. When the value of the setting item is included in the access token, the setting value update unit 54 of the Web browser 19 uses the value of the setting item of the Web browser 19 corresponding to the setting item included in the access token as the access token. Update to the value of the included setting item. Thereby, a process progresses to step S5.

  In step S <b> 5, the Web application 39 acquires the setting item list illustrated in FIG. 6 generated by the setting item list generation unit 55 of the Web browser 19. Thereby, a process progresses to step S6. In step S6, the setting content determination unit 64 of the Web application 39 determines setting items and setting information to be used from the setting item list acquired from the Web browser 19 and the security policy 68 of the Web application 39 itself. Thereby, a process progresses to step S7.

  In step S <b> 7, the Web application 39 acquires setting information of setting items to be used from the Web browser 19. Thereby, a process progresses to step S8. In step S8, the web application 39 makes a setting information update request to the web browser 19 as necessary. As a result, the setting value update unit 54 of the Web browser 19 updates the setting information requested to be updated, and the process of the flowchart of FIG. 7 ends.

  Hereinafter, each process of the update operation of the setting information of the Web browser 19 by the Web application 39 will be described in detail. FIG. 8 shows the detailed flow of the Web application normal determination (authentication determination) using the access token described in step S2 and step S3 of the flowchart of FIG. As described above, when the web application 39 is activated and the web browser 19 acquires an access token from the web application 39, the flowchart of FIG. 8 is started, and the processing is started from step S11.

  In step S <b> 11, the access token determination unit 52 of the Web browser 19 receives an access token that has been subjected to predetermined encryption processing from the Web application 39. Thereby, a process progresses to step S12. In step S <b> 12, the access token determination unit 52 of the web browser 19 analyzes the access token received from the web application 39 by performing a predetermined decryption process. Thereby, a process progresses to step S13.

  In step S <b> 13, the access token determination unit 52 of the Web browser 19 determines whether the access token received from the Web application 39 has been successfully decrypted. If the access token determination unit 52 determines that the access token decryption process is successful (step S13: Yes), the process proceeds to step S14. On the other hand, if the access token determination unit 52 determines that the access token decryption process has failed (step S13: No), the process proceeds to step S17. In step S17, the access token determination unit 52 determines that the access token cannot be decrypted and is therefore an unauthorized Web application 39, and ends the processes of the flowcharts of FIG. 8 and FIG.

  In contrast, when the process proceeds to step S14 due to the successful decryption process of the access token, the setting value reference unit 53 of the Web browser 19 refers to the parameter in the acquired access token and performs the process in step S15. Proceed to In step S15, the access token determination unit 52 determines whether or not the parameter in the access token referenced by the setting value reference unit 53 is appropriate. If the access token determination unit 52 determines that the parameter in the access token is inappropriate (step S15: No), the process proceeds to step S17. In step S17, the access token determination unit 52 determines that the access token includes an improper parameter, so that the access token determination unit 52 is an unauthorized Web application 39, and ends the processes of the flowcharts of FIGS. 8 and 7 described above. To do.

  On the other hand, when the access token determination unit 52 determines that the parameters in the access token are appropriate (step S15: Yes), the acquired access token is a legitimate vendor access token. The process proceeds to step S4 in the flowchart of FIG. 7 via S16, and the setting value update unit 54 updates the setting information included in the access token.

  In the information processing system 100 according to the embodiment, the Web browser 19 performs the first right / no-right determination process based on whether or not the decryption process is possible and the presence / absence of an inappropriate parameter for the access token acquired from the Web application 39. A second-stage correctness determination process is performed.

  By such double correctness determination processing, it is possible to determine the correctness of the Web application 39 more accurately. As a result, the setting of the Web browser 19 can be updated only by the vendor's Web application 39 approved by the manufacturer of the MFP 1. Therefore, it is possible to update the setting information of the Web browser 19 by the Web application 39 while ensuring the safety of the MFP 1. Therefore, when the user of the MFP 1 accesses a Web application that is not approved by the manufacturer of the MFP 1, the setting information of important setting items is rewritten by an unauthorized Web application, and the user suffers an unexpected disadvantage. Inconvenience can be strongly prevented.

  Next, the flowchart of FIG. 9 shows a detailed flow of the process of step S4 of the flowchart of FIG. That is, FIG. 9 is a flowchart showing a flow of updating the setting information on the Web browser 19 side when the setting information of the setting item desired by the vendor is included in the access token. As described above, it is determined that the access token acquired from the Web application 39 is a regular access token, and when the process proceeds to step S4, the flowchart of FIG. 9 is started, and the process is started from step S21. In the flowchart of FIG. 9, the processes in steps S21 to S24 are repeatedly executed for the number of setting information included in the access token.

  In step S21, the setting value update unit 54 of the Web browser 19 determines whether the first (first) setting information included in the access token is known setting information (setting information known from before). Determine whether or not. That is, since the Web browser 19 is also updated with version upgrade, setting information of setting items that do not exist in the setting items of the old Web browser 19 may be included in the access token. Since setting items that do not exist in the old Web browser 19 cannot be updated, when the setting information included in the access token is not known setting information (step S21: No), the setting value update unit 54 updates the setting information. Skip processing. Then, the set value update unit 54 returns the process to step S21, and determines whether or not the next setting information is known setting information.

  Next, by determining that the setting information is known (step S21: Yes), when the processing proceeds to step S22, the setting value update unit 54 of the Web browser 19 sets the setting information included in the access token. Acquire and proceed to step S23. In step S23, the setting value update unit 54 determines whether or not the setting information acquired from the access token needs to be replaced with existing setting information. For example, when the setting information acquired from the access token and the existing setting information have the same value, replacement (update) is not necessary. In such a case (step S23: No), the setting value update unit 54 skips the setting information replacement process. Then, the set value update unit 54 returns the process to step S21, and determines whether or not the next setting information is known setting information.

  Next, when the setting value update unit 54 determines that setting information replacement processing is necessary (step S23: Yes), the processing proceeds to step S24. In step S24, the setting value update unit 54 updates the setting information of the web browser 19 to the setting information included in the access token, and returns the process to step S21.

  In the case of the information processing system 100 according to the embodiment, it is possible to update the setting information of the Web browser 19 together with whether the Web application 39 is correct or not with the access token from the Web application 39 as described above. Therefore, it is possible to reduce the trouble of accessing the setting information update API from the Web application 39, and greatly reduce the trouble of developing the Web application 39.

  Next, details of the processing in steps S4 to S8 in FIG. 7 are shown in the flowchart in FIG. The processes in step S4 in FIG. 7 and steps S21 to S24 in FIG. 9 are processes in which the web browser 19 updates the setting information by including the setting information of the desired setting item in the access token. On the other hand, in steps S4 to S8 in FIG. 7 and steps S31 to S39 in FIG. 10, the setting information of the setting items indicated by the setting item list acquired from the Web browser 19 is desired by the Web application 39. It is a process to update to the value of.

  The setting item list generation unit 55 of the Web browser 19 does not include setting items that are not permitted to be updated with respect to the Web application 39 in the setting item list, and creates a setting item list with only setting items that are permitted to be updated. For this reason, even when a setting item that is not included in the access token is updated later, only the setting item that can ensure security can be updated.

  That is, the flowchart of FIG. 10 starts when the Web application 39 acquires the setting item list illustrated in FIG. 6 from the Web browser 19, and the process starts from Step S31. The web application 39 repeatedly executes the processing of step S31 to step S39 for the number of setting items included in the setting item list. The Web application 39 determines whether each setting information of each setting item in the setting item list is the setting information desired by the Web application 39. Then, the web application 39 updates the setting information of the setting item that is not the desired setting information to the desired setting information according to the security policy 68 of the web application 39.

  Specifically, first, in step S31, the Web application 39 determines whether or not the setting information of the first (first) setting item included in the setting item list is known setting information. That is, setting information that is not recognized on the Web application 39 side may be included in the setting information in the setting item due to version upgrade of the Web browser 19 or the like. In this case, the Web application 39 determines that it is not known setting information (step S31: No), and advances the process to step S36. On the other hand, when it is determined that the setting information of the first (first) setting item included in the setting item list is known setting information (step S31: Yes), the web application 39 performs the process. Proceed to S32.

  When the process proceeds to step S32 by determining that the setting information is known, the Web application 39 acquires the access authority and setting information for the role registered in the setting item of the setting item list. Specifically, for the setting items of the cookie shown in FIG. 6, for each security policy such as “secure id =“ High ””, “secure id =“ Middle ””, “secure id =“ Low ””, etc. In addition, roles such as an administrator (role id = "Manager") and a general user (role id = "User") are registered. For each role, access authority and setting information such as "role id =" Manager "read =" true "write =" true "" and "role id =" User "read =" false "write =" false "" Is stipulated. In step S32, the Web application 39 acquires the access authority and setting information for each of these roles from the setting items.

  Next, in step S33, the web application 39 acquires the current setting information of the web browser 19 corresponding to the setting item that is currently being updated, and the process proceeds to step S34. In step S34, the Web application 39 determines whether or not the setting information needs to be replaced (updated). For example, there are setting items that may be updated depending on the user authority of the current operator of the MFP 1 (such as an administrator or general user), and setting items that are not preferable to be updated. In step S34, the Web application 39 refers to the user authority of the current operator of the MFP 1, the security level of the setting item desired to be updated, and the access authority and setting information for each role acquired in step S32. Determine whether a replacement is necessary.

  When it is not necessary to replace the setting information (step S34: No), the Web application 39 returns the process to step S31, and determines whether the setting information of the next setting item is the setting information of the known setting item. To do. On the other hand, when the setting information needs to be replaced (step S34: Yes), the web application 39 transmits a setting information update request to the web browser 19 in step S35. As a result, the setting value update unit 54 of the Web browser 19 updates the setting information of the setting item requested to be updated from the Web application 39. When the setting information is updated in this way, the Web application 39 returns the process to step S31, and determines whether or not the setting information of the next setting item is known setting information.

  On the other hand, if the setting information of the setting item desired to be updated does not exist in the setting item of the setting item list acquired from the Web browser 19 (No at Step S31), the Web application 39 advances the process to Step S36. Steps S36 to S39 are for setting setting information that is not recognized on the Web application 39 side, such as setting information added later in the setting item on the Web browser 19 side, to appropriate setting information. It is processing.

  That is, in step S36, the Web application 39 detects the recommended security level of the setting item in the setting item list. In the example shown in FIG. 6, the recommended security level is “high (attribute id =“ Cookie Setting ”secure =“ High ”)”. Then, the web application 39 determines whether or not the detected recommended security level matches the security level desired by the web application 39. If the two match, the Web application 39 advances the process to step S37, acquires and registers the access authority to the role corresponding to the detected recommended security level and the initial value of the setting, and advances the process to step S33. . In the example of FIG. 6, the access authority of the administrator role with the recommended security level of “High” is “role id =” Manager ”read =“ true ”write =“ true ””, and the access authority of the general user role Is "role id =" User "read =" false "write =" false "". In the example of FIG. 6, the initial value of the recommended security level setting “high” is “do not save cookies (select default =“ doNotSave ”)”. The Web application 39 sets the access authority and setting initial values of the role of such a recommended security level in the Web browser 19 in the above-described steps S33 to S35.

  On the other hand, when the detected recommended security level and the security level desired by the Web application 39 do not match (step S36: No), the Web application 39 advances the process to step S38. In step S38, the Web application 39 determines whether to give priority to the detected recommended security level. That is, in the case of the example in FIG. 6, the Web application 39 determines whether to give priority to the “high” recommended security level. If it is determined that the detected recommended security level is prioritized (step S38: Yes), the web application 39 advances the process to step S37. Then, as described above, the Web application 39 sets the access authority of the role of the recommended security level and the initial value of the setting in the Web application 39 as described above.

  If it is determined that the detected recommended security level is not prioritized (step S38: No), the web application 39 advances the process to step S39. In step S39, the Web application 39 acquires the access authority for the role of the security level corresponding to the recommended security level that the Web application 39 desires to set, and the initial value of the setting. Referring to the example of FIG. 6, when the recommended security level that the web application 39 desires to set is “medium”, for example, the web application 39 displays “medium security level (secure id = "Middle") role access rights (role id = "Manager" read = "true" write = "true", role id = "User" read = "true" write = "false") and initial settings Get the value (select default = "doSave"). As a result, in step S <b> 33 to step S <b> 35 described above, the access authority and the initial setting value for the role of the “medium” recommended security level desired by the web application 39 are set in the web browser 19.

  Next, the flowchart of FIG. 11 shows a flow of setting the setting information of the selection candidate selected by the user from the plurality of setting candidates in the Web browser 19. When setting information of selection candidates selected by the user from among a plurality of setting candidates is set in the Web browser 19, the Web application 39 and the Web browser 19 perform steps for the number of setting items that the Web application 39 desires to set. The processes from S41 to S46 are repeatedly executed. When the selection screen for all setting items is formed, the Web application 39 and the Web browser 19 execute the processing of Steps S47 to S49 and set the setting information selected by the user in the Web browser 19.

  That is, in step S41, the setting item display determination unit 62 of the Web application 39 determines whether or not the setting item includes a plurality of setting information that can be selected by the user. When the setting item includes a plurality of setting information that can be selected by the user, it is preferably displayed on the operation panel 27 to prompt the user to select desired setting information. In this case (step S41: Yes), the Web application 39 advances the process to step S42. In the case of setting items that do not include a plurality of setting information that can be selected by the user, there is no need to display them on the operation panel 27, so the Web application 39 performs the process of step S41 on the next setting item.

  In step S42, the setting item display determination unit 62 of the Web application 39 determines whether to generate a selection screen on the Web application 39 side or to request the Web browser 19 to generate a selection screen. For example, when it is a known setting item and the Web application can specify the screen layout, the setting screen generation unit 63 of the Web application 39 generates a selection screen and transmits it to the Web browser 19. On the other hand, if the Web application 39 cannot specify the screen layout, for example, if it is not a known setting item, the setting item display determination unit 62 of the Web application 39 via the remote communication unit 61 in step S44. Request to generate selection screen. The setting screen generation unit 56 of the Web browser 19 is an example of a display control unit. When the generation of the selection screen is requested, the setting item requested to generate the selection screen is the setting of the Web browser 19 in step S45. It is determined whether or not the setting item exists as an item. When it is determined that the setting item requested to generate the selection screen does not exist as the setting item of the Web browser 19 (step S45: No), the setting screen generation unit 56 of the Web browser 19 passes through the remote communication unit 51. Then, information indicating that it does not exist as a setting item is returned to the Web application 39. In this case, the generation of the selection screen is skipped.

  On the other hand, when it is determined that the setting item requested to generate the selection screen exists as the setting item of the Web browser 19 (step S45: Yes), the setting screen generation unit 56 of the Web browser 19 proceeds to step S46. Proceed with the process. In step S46, the setting screen generation unit 56 of the Web browser 19 generates a setting item selection screen in the drawing area of the Web application 39 using, for example, an object-oriented script language or the like.

  Next, when the selection screen for all setting items is formed, the process proceeds to step S47. The user visually operates the selection screen displayed on the operation panel 27 and then operates the operation panel 27 to select and operate desired setting information. In step S47, the Web application 39 acquires the setting information selected by the user via the selection screen, and the process proceeds to step S48.

  In step S <b> 48, the web application 39 updates the setting information held by the web application 39 itself, and issues a setting information update request to the web browser 19. In step S49, the Web browser 19 updates the setting information of the setting items of the MFP 1 requested to be updated, and the processing of the flowchart of FIG.

  As is clear from the above description, the information processing system 100 according to the embodiment issues an access token in advance to the Web application 39 that has been properly authenticated on the MFP 1 side. When updating the setting of the web browser 19, the web application 39 presents an access token to the web browser 19 of the MFP 1. The web browser 19 analyzes the presented access token to determine whether or not it is a legitimate web application 39. When the setting information of the setting item that the Web application 39 desires to update is included in the access token, the Web browser 19 updates the setting information of the Web browser 19 to the setting information included in the access token. To do.

  In a web application other than the regular web application 39 authenticated by the access token, the setting information of the web browser 19 cannot be updated. For this reason, the update of the setting information of the Web browser 19 can be permitted while ensuring security. Further, the Web application 39 presents to the Web browser 19 including setting information of setting items desired to be updated in the access token issued from the Web browser 19. Thus, when the Web browser 19 authenticates the access token, the setting information of the Web browser 19 is updated to the setting information of the setting item that is desired to be updated by the Web application 39. For this reason, the setting information of the Web browser 19 can be updated more easily.

  In the information processing system 100 according to the embodiment, the Web browser 19 of the MFP 1 presents a setting item list that is a list of settable items to the Web application 39. The setting item list includes information constituting the screen such as item names, options that can be set, and ranges. The setting item list includes a recommended security level, an access right for each role (administrator and general user), and an initial value of the setting. For the setting items newly added to the Web browser 19, the Web application 39 also includes UI information and security information for the settings provided from the Web browser 19, and the security policy of the vendor that developed the Web application 39 itself or the Web application 39. Therefore, it is possible to easily define the behavior (operation) for the newly added setting item. That is, if the setting information is known, it can be changed with the above-described access token, and a newly added setting item can be easily set using the setting item list.

  The above-described embodiments are presented as examples, and are not intended to limit the scope of the present invention. The novel embodiment can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention.

  For example, the MFP 1 in the embodiment is an example of a device to which the present invention is applied. Therefore, the present invention may be applied to devices other than the MFP 1 such as a projector device, a video conference system, or a digital camera device.

  The embodiments and modifications of the embodiments are included in the scope and gist of the invention, and are also included in the invention described in the claims and the equivalents thereof.

1 MFP (MFP)
10 Body 11 CPU
12 ROM
13 RAM
14 HDD
15 Communication I / F
16 Connection I / F
17 Engine part 18 System bus 19 Web browser 20 Operation part 21 CPU
22 ROM
23 RAM
24 Flash memory 25 Communication I / F
26 Connection I / F
27 Operation panel 28 System bus 30 Communication path 31 CPU
32 ROM
33 RAM
34 HDD
35 Communication I / F
38 System Bus 39 Web Application 40 Network 51 Remote Communication Unit 52 Access Token Determination Unit 53 Setting Value Reference Unit 54 Setting Value Update Unit 55 Setting Item List Generation Unit 56 Setting Screen Generation Unit 57 Setting Item 58 Screen Configuration Information 59 Setting Information 60 Security Information 61 Remote communication unit 62 Setting item display determination unit 63 Setting screen generation unit 64 Setting content determination unit 65 Access token authentication unit 66 Unique setting value 67 Setting information 68 Security policy 100 Information processing system

JP 2012-063813 A

Claims (18)

An acquisition unit for acquiring security identification information from a first application program used via a network;
A determination unit configured to determine whether the first application program is correct using the acquired security identification information;
An update unit that updates setting information of a second application program that operates in a device in cooperation with the first application program to setting information requested by the first application program determined to be correct by the determination unit. A device having and. The security identification information includes setting information of the first application program,
The device according to claim 1, wherein the update unit updates the setting information of the second application program to the setting information of the first application program included in the security identification information. The security identification information has been subjected to a predetermined encryption process,
The determination unit determines the first application program as a regular first application program when the security identification information that has been encrypted can be decrypted and the setting information has an appropriate value. The device according to claim 2, wherein: A setting information generation unit that generates one or more setting information of the second application program that can be set and presents the setting information to the first application program;
The update unit updates setting information of the second application program requested from the first application program among the presented setting information. A device according to any one of the above. In the first application program, the presented setting information is setting information that does not exist on the first application program side, and a recommended security level on the second application program side corresponding to the setting information that does not exist If the security level matches the recommended security level on the first application program side corresponding to the non-existing setting information, the access authority and the setting information matching the recommended security level on the second application program side are presented. Obtained from the set information and request the update to the update unit,
The update unit updates the non-existing setting information to setting information including an access right that matches the recommended security level on the second application program side acquired from the presented setting information. The device according to claim 4. In the first application program, the presented setting information is setting information that does not exist on the first application program side, and a recommended security level on the second application program side corresponding to the setting information that does not exist And the recommended security level on the first application program side corresponding to the non-existing setting information does not match, and the first application program side gives priority to the recommended security level on the first application program side. Obtaining access authority and setting information suitable for the recommended security level from the presented setting information and requesting the updating unit to update,
The update unit updates the non-existing setting information to setting information including an access right that matches the recommended security level on the first application program side acquired from the presented setting information. The device according to claim 4 or 5. When there are a plurality of selectable setting information, the first application program generates a selection screen of any setting information or makes a generation request for the selection screen,
A display control unit that generates the selection screen generated by the first application program or the selection screen requested to be generated and controls display on the display unit;
The update unit updates the setting information of the second application program to the setting information selected via the selection screen. 7. The equipment described. 8. The first application program according to claim 1, wherein the first application program is a network application program, the second application program is a local application, and the setting information includes a setting value. The device according to any one of the above. An acquisition unit for acquiring security identification information from a first application program used via a network;
A determination unit configured to determine whether the first application program is correct using the acquired security identification information;
An update unit that updates setting information of a second application program that operates in a device in cooperation with the first application program to setting information requested by the first application program determined to be correct by the determination unit. An image forming apparatus comprising: An acquisition step in which the acquisition unit acquires security identification information from a first application program used via a network;
A determination step in which the determination unit determines whether the first application program is correct using the acquired security identification information;
The setting information of the second application program that operates in the device in cooperation with the first application program is added to the setting information requested by the first application program that is determined to be correct by the determination unit. An information processing method comprising: an updating step for updating. Computer
An acquisition unit for acquiring security identification information from a first application program used via a network;
A determination unit configured to determine whether the first application program is correct using the acquired security identification information;
An update unit that updates setting information of a second application program that operates in a device in cooperation with the first application program to setting information requested by the first application program determined to be correct by the determination unit. Information processing program characterized by functioning as The security identification information includes setting information of the first application program,
12. The information processing according to claim 11, wherein the update unit updates the setting information of the second application program to the setting information of the first application program included in the security identification information. program. The security identification information has been subjected to a predetermined encryption process,
The determination unit determines the first application program as a regular first application program when the security identification information that has been encrypted can be decrypted and the setting information has an appropriate value. The information processing program according to claim 12, wherein: As a setting information generation unit that generates one or more setting information of the second application program that can be set and presents the setting information to the first application program, the computer is further functioned,
The update unit updates the setting information of the second application program requested from the first application program among the presented setting information. The information processing program as described in any one of Claims. In the first application program, the presented setting information is setting information that does not exist on the first application program side, and a recommended security level on the second application program side corresponding to the setting information that does not exist If the security level matches the recommended security level on the first application program side corresponding to the non-existing setting information, the access authority and the setting information matching the recommended security level on the second application program side are presented. Obtained from the set information and request the update to the update unit,
The update unit updates the non-existing setting information to setting information including an access right that matches the recommended security level on the second application program side acquired from the presented setting information. The information processing program according to claim 14. In the first application program, the presented setting information is setting information that does not exist on the first application program side, and a recommended security level on the second application program side corresponding to the setting information that does not exist And the recommended security level on the first application program side corresponding to the non-existing setting information does not match, and the first application program side gives priority to the recommended security level on the first application program side. Obtaining access authority and setting information suitable for the recommended security level from the presented setting information and requesting the updating unit to update,
The update unit updates the non-existing setting information to setting information including an access right that matches the recommended security level on the first application program side acquired from the presented setting information. The information processing program according to claim 14 or 15. When there are a plurality of selectable setting information, the first application program generates a selection screen of any setting information or makes a generation request for the selection screen,
As a display control unit that generates a selection screen generated by the first application program or the selection screen requested to be generated and controls display on a display unit, the computer is further functioned,
The update unit updates the setting information of the second application program to the setting information selected via the selection screen. 17. The information processing program described. An acquisition unit for acquiring security identification information from a first application program used via a network;
A determination unit configured to determine whether the first application program is correct using the acquired security identification information;
An update unit that updates setting information of a second application program that operates in a device in cooperation with the first application program to setting information requested by the first application program determined to be correct by the determination unit. And an information processing system.

Images