JP2016139961A - Image forming apparatus and maintenance management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable a maintenance staff to actively grasp the state of an image processing apparatus while maintaining confidentiality of information on the inside of an image forming apparatus to be maintained stored in the apparatus, so as to determine the cause of abnormality.SOLUTION: An image forming apparatus according to the present invention is an image forming apparatus that is remotely controlled from a connectable maintenance server, and comprises a communication part that can be connected to a network, a display part, and a control part that, when acquiring an access request from the maintenance server through the communication part, displays, on the display part, an access permission/rejection confirmation screen for requesting whether to permit or reject the access request.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an image forming apparatus and a maintenance management system, and can be applied to, for example, an image forming apparatus whose maintenance state is remotely managed and a maintenance management system which remotely manages the image forming apparatus.

  Conventionally, there is a maintenance management system that maintains and manages the state of an image processing apparatus from a remote location. In Patent Document 1, when an abnormality or the like occurs in the image processing apparatus, the image processing apparatus transmits abnormality information to the remote terminal, and the status of the image forming apparatus is based on the abnormality information acquired from the image processing apparatus by the maintenance terminal. And maintaining the image processing apparatus.

JP 2012-222423 A

  However, the conventional maintenance management system acquires and maintains information transmitted from the image processing apparatus to be maintained, and the maintenance terminal actively grasps the state of the image processing apparatus or causes the abnormality. There is a problem that it is not sufficient to discriminate.

  In order to solve the above problems, an image forming apparatus and a maintenance management system according to the present invention have the following configuration.

  An image forming apparatus according to a first aspect of the present invention is an image forming apparatus that is remotely managed from a connectable maintenance server. (1) A communication unit connectable to a network, (2) a display unit, and (3) communication A control unit that displays an access permission confirmation screen requesting whether to permit the access request when the access request is acquired from the maintenance server through the unit.

  A maintenance management system according to a second aspect of the present invention is a maintenance management system having one or a plurality of image forming apparatuses and a maintenance server for remotely managing the state of each image forming apparatus. (1) The maintenance server is a maintenance target. (2) When each image forming apparatus obtains an access request from the maintenance server, whether or not access is permitted is requested. A screen is displayed on the display unit.

  According to the present invention, the maintenance side actively maintains the confidentiality of the in-device information by displaying the access permission confirmation screen requesting whether or not to permit the access request from the maintenance side. The state of the image processing apparatus can be grasped, and the cause of the abnormality can be determined.

3 is a block diagram illustrating an access management function in a control unit of the image forming apparatus according to the first embodiment. FIG. 1 is a configuration diagram showing an overall configuration of a remote maintenance system according to a first embodiment. 1 is a block diagram illustrating an internal configuration of an image forming apparatus according to a first embodiment. It is a block diagram which shows the data structural example of the in-device information of the memory | storage part which concerns on 1st Embodiment. It is a block diagram which shows the structural example of the access control information which concerns on 1st Embodiment. It is a sequence diagram which shows the login process from the maintenance server which concerns on 1st Embodiment. It is a sequence diagram which shows the acquisition request process of the file list from the maintenance server which concerns on 1st Embodiment. It is a sequence diagram which shows the acquisition process of the request data from the maintenance server which concerns on 1st Embodiment. It is explanatory drawing explaining the transition of the confirmation screen of the accessibility of the file displayed on the display part which concerns on 1st Embodiment.

(A) First Embodiment Hereinafter, a first embodiment of an image forming apparatus and a maintenance management system according to the present invention will be described in detail with reference to the drawings.

(A-1) Configuration of First Embodiment FIG. 2 is a configuration diagram showing an overall configuration of a remote maintenance system according to the first embodiment.

  In FIG. 2, the remote maintenance system 100 according to the first embodiment roughly includes a maintenance-side environment 110 and a maintenance-side environment 120. The maintenance-side environment 120 is, for example, an environment such as a maintenance company or a call center that maintains a maintenance target device arranged in the maintenance-target environment 110. The maintenance target environment 110 is an environment on the side where a maintenance service of a state of a maintenance target apparatus is received by a maintenance company, a call center, or the like.

  The maintenance target environment 110 includes at least a telephone 101 and one or a plurality of image forming apparatuses 102 as maintenance target apparatuses. In the maintenance-side environment 120, at least a telephone 105 and a maintenance server 106 are arranged. The maintenance-side environment 110 and the maintenance-side environment 120 are connected by a telephone line 103 and a network line 104 such as the Internet.

  The image forming apparatus 102 is a maintenance target apparatus that is maintained and managed by the maintenance server 106 disposed in the maintenance-side environment 120. The image forming apparatus 102 can be, for example, a multi-function peripheral (MFP), a copier, a printer, a facsimile machine, or the like. In this embodiment, a case where the image forming apparatus 102 is a multifunction peripheral will be described as an example.

  The image forming apparatus 102 includes a non-volatile storage device that stores in-device information related to, for example, network settings, e-mail settings, print settings, facsimile settings, log information, and the like. In response to a user operation, various recording functions such as E-MAIL transmission / reception, printing and facsimile transmission / reception are performed.

  The image forming apparatus 102 may be maintained by a maintenance person who has visited the maintenance target environment, or may be remotely managed by the maintenance server 106 through the network line 104. In this embodiment, the configuration in which the image forming apparatus 102 is remotely managed by the maintenance server 106 will be mainly described.

  In addition, when the image forming apparatus 102 receives an access request to the in-device information from the maintenance server 106 via the network line 104, the image forming apparatus 102 determines whether or not to permit access for each access request from the maintenance server 106. The information is displayed on the display unit 4 of an operation panel (for example, an operator panel), and an access permission is inquired by an operation of an apparatus manager in the maintenance target environment 110. In other words, the image forming apparatus 102 not only transmits abnormality information to the maintenance server 106 when any abnormality or failure occurs, but also accesses when the maintenance server 106 requests access to in-device information. Ask whether to allow or not. When the access permission is given by the operation of the device manager, the image forming apparatus 102 reads out the in-device information for which access is permitted, and transmits the in-device information to the maintenance server 106. The image forming apparatus 102 is connected to the maintenance server 106 of the maintenance-side environment 120 via the network line 104, and can transmit abnormality information to the maintenance server 106 when any abnormality or failure occurs. It may be.

  The telephone 101 is connected to the telephone 105 of the maintenance side environment 120 through the telephone line 103. When an abnormality or failure occurs in the image forming apparatus 102 that is a maintenance target device, or when maintenance is necessary, the device administrator or the like requests maintenance from the maintenance company or the like, the content of the failure, etc. For example, the telephone set 101 is used by a device manager or the like.

  The telephone 105 is connected to the telephone 101 of the maintenance target environment 120 through the telephone line 103. The telephone 105 is used by a maintenance person, an operator such as a call center, or the like for explaining an explanation of the failure of the image forming apparatus 102 or handling a failure to the apparatus administrator. For example, an operator of a maintenance company or the like who has received a maintenance request examines the failure response while receiving an explanation of the content of the failure to the customer by telephone. At that time, not only the information from the customer himself / herself by telephone but also the in-device information of the customer's image forming apparatus 102 may be heard.

  The maintenance server 106 is a maintenance management device that manages the state of the image forming apparatus 102 based on information acquired from the image forming apparatus 102 as a maintenance target apparatus. The maintenance server 106 obtains information (for example, abnormality information) transmitted from the image forming apparatus 102 in which an abnormality or failure has occurred, or is operated by a maintenance person or the like in order to acquire information necessary for maintenance. In response to the request, an access request is made to the in-device information stored in the image forming apparatus 102, and when the access is permitted, the permitted information is acquired and predetermined maintenance management is performed.

  FIG. 3 is a block diagram illustrating an internal configuration of the image forming apparatus 102 according to the first embodiment. In FIG. 3, the image forming apparatus 102 according to the first embodiment includes a control unit 1, a communication unit 2, a display control unit 3, a display unit 4, a storage unit 5, and an operation input unit 6.

  The control unit 1 is a processing unit or device that controls various functions of the image forming apparatus 102. As a hardware configuration of the control unit 1, a circuit device having a CPU, a RAM, a RAM, an input / output interface, and the like can be applied. When the CPU executes a processing program stored in the ROM, the image forming apparatus 102 Various functions are realized. Further, various functions of the image forming apparatus 102 may be realized by installing a software program in the image forming apparatus 102.

  The communication unit 2 is a processing unit or device that performs information communication processing with the network line 104. The communication unit 2 performs communication processing according to a communication protocol such as TCP / IP, and performs transmission / reception processing of e-mails and transmission / reception processing of facsimiles, and transmission / reception of information to / from the maintenance server 106. To do.

  The display control unit 3 displays various display screens on the display unit 4 included in the image forming apparatus 102 under the control of the control unit 1. The display control unit 3 displays a function menu screen and an operation screen for various functions of the image forming apparatus 102 as a multifunction peripheral on the display unit 4 or acquires an access request for in-device information from the maintenance server 106. Or an inquiry screen as to whether or not to allow access.

  For example, a liquid crystal display panel or the like as an operation panel of the image forming apparatus 102 can be applied to the display unit 4 and a display screen instructed by the display control unit 3 is displayed.

  For example, various buttons as an operation panel of the image forming apparatus 102, touch panel type operation buttons, or the like can be applied to the operation input unit 6. The operation input unit 6 accepts selection of a desired function on the function menu screen displayed on the display unit 4, accepts input information of various functions, and accesses the inquiry screen for accessibility from the maintenance server 106. Accept information about whether to allow or not.

  The storage unit 5 stores in-device information, and a nonvolatile storage device can be applied. The storage unit 5 stores device setting information related to various functions, log information related to operations and failures, data such as folders and files, information set in the phone book function, security information related to access, and the like. is there. The storage unit 5 stores various data in a hierarchical structure such as a directory, for example, and each file is identified by a file path name from the root directory.

  FIG. 4 is a configuration diagram illustrating a data configuration example of the in-device information of the storage unit 5 according to the first embodiment.

  As illustrated in FIG. 4, the in-device information of the storage unit 5 according to the first embodiment is roughly classified into five, and includes a device setting 300, a log 310, a box 320, a phone book 330, and a SecurityDB 340.

  The device setting 300 stores device setting information of various functions of the image forming apparatus 102. The apparatus setting 300 includes a print setting 301, a network setting 302, a FAX setting 303, and a file list 304. The print setting 301 includes setting information related to print processing, and includes settings such as copy designation and tray paper designation. The network setting 302 is information related to a network connection, and includes, for example, information related to TCP / IP settings and information related to an LDAP (Lightweight Directory Access Protocol) server. In the FAX setting 303, information regarding a facsimile is set. The file list 304 is a file list including a list of file paths of a plurality of files stored in the storage unit 5.

  The log 310 stores an operation log, an execution log, a failure log, and the like in the image forming apparatus 102. The log 310 is divided into three internally. An operation / access log 311, a failure log 312, and a print log 313 are included.

  The operation / access log 311 stores history information related to operations performed on the image forming apparatus 102 and history information related to access to in-apparatus information when the in-apparatus information is accessed. For example, the information related to access includes access date / time information, specific information for specifying a person who has accessed, information regarding an access mode, information for specifying data requested to be accessed, and the like. The information relating to the access mode is information for identifying, for example, information that is accessed remotely upon receiving an access request from the maintenance server 106, or information that is accessed by an operation on the operation panel of the image forming apparatus 102. Is included. By storing history information related to access in the operation / access log 311, it is possible to store information such as “when”, “who”, “how”, “what data”, etc. it can.

  The failure log 312 stores history information regarding failures detected in the image forming apparatus 102. In the failure log 312, failure type information detected in the image forming apparatus 102 and occurrence date / time information related to failure occurrence detection are stored in association with each other. The failure log 312 includes, for example, failure information that can be avoided by outputting an alarm such as a paper jam or out of paper, or failure information that requires a relatively heavy failure recovery that requires restart of the image forming apparatus 102 itself. Each of them stores information in which the failure date and time information and the error code indicating the failure type are recorded in association with each other.

  The print log 313 stores history information related to the print function. For example, the print log 313 supports input user identification information, print date / time information, paper size, number of prints, print application code, file name, and the like. The attached history information is stored. This makes it possible to record when and who printed the paper size, the number of copies, the print application name, the file name, and the like.

  A box 320 is a file box for storing file data. The box 320 includes a common folder 321 and a personal folder 322. The common folder 321 stores file data that all users who can use the image forming apparatus 102 have access authority and can be accessed by all users. The personal folder 322 has access authority for a user or a group of a plurality of users, and stores file data that can be accessed only by a user having the access authority.

  The telephone directory 330 is configured with names and names of contacts such as facsimiles and e-mails, telephone numbers, FAX numbers, e-mail addresses, and descriptions regarding contacts. The phone book 330 includes a common phone book 331 and a personal phone book 332. The common telephone directory 331 stores telephone directory data that all users have access authority and can be accessed by all users. The personal folder 332 has access authority for an individual user or a group of a plurality of users, and stores telephone directory data that can be accessed only by a user having the access authority.

  The Security DB 340 stores security information necessary for accessing in-device information stored in the storage unit 5 of the image forming apparatus 102. The SecurityDB 340 is divided into authentication information 341, approval information 342, and user information 343.

  Access to the in-apparatus information is performed according to different access modes such as access from the operation panel of the image forming apparatus 102 and access accompanying an access request from the maintenance server 106, and the like. 342 and user information 343 are provided. These authentication information 341, approval information 342, and user information 343 include access control information for accessing in-device information of the image forming apparatus 102 from the maintenance server 106.

  The authentication information 341 is used when performing user authentication of a person who requests access to in-device information. Information (for example, login ID, password, etc.) for collation with input authentication information acquired from the maintenance server 106 can be applied when an access request is issued from the maintenance server 106. The approval information 342 is information for approving reading or writing of in-device information. As the user information 343, information regarding a user having access authority can be applied.

  FIG. 1 is a block diagram illustrating an access management function in the control unit 1 of the image forming apparatus 102 according to the first embodiment.

  In FIG. 1, the access management function of the control unit 1 according to the first embodiment includes an access authority setting unit 510, a user authentication processing unit 520, a file list processing unit 530, a request data processing unit 540, and an access permission confirmation unit 550. Have.

  The access authority setting unit 510 sets access control information for remotely accessing in-device information from the maintenance server 106. For example, the access control information may be set through a host terminal (for example, a personal computer) connected to the image forming apparatus 102 or an operation panel of the image forming apparatus 102.

  Here, the access control information is information that sets whether or not access from the maintenance server 106 is permitted in units of types of folders and files stored in the storage unit 5.

  FIG. 5 is a configuration diagram illustrating a configuration example of access control information according to the first embodiment. In FIG. 5, the access control information according to the first embodiment includes items of “remote user login name” 510, “read permission” 520, “write permission” 530, and “manager confirmation” 540.

  In the “remote user login name” 510, login information of a user who remotely accesses from the maintenance server 106 is set. The login information of the user who performs remote access can be set by, for example, the apparatus administrator of the image forming apparatus 102 or a maintenance user who performs remote access. As will be described later, when remote access is performed from the maintenance server 106, when the login information derived from the session ID from the maintenance server 106 matches the information set in the “remote user login name” 510, remote access is performed. Allow.

  “Read permission” 520 is set as to whether or not to permit reading of the remote access request data by the remote access user. When “permitted” is set, reading of the request data is permitted by the remote access user, and when “not permitted” is set, reading of the request data by the remote access user is not permitted.

  In the “write permission” 530, whether or not to permit writing of data for the remote access request data is set by the remote access user. When “permitted” is set, writing to the request data is permitted by the remote access user, and when “not permitted” is set, writing to the request data is not permitted by the remote access user.

  “Administrator confirmation” 540 is set to determine whether or not it is necessary to confirm whether or not access is possible to the apparatus administrator of the image forming apparatus 102 when the maintenance server 106 requests access to in-apparatus information.

  For example, as illustrated in FIG. 5, a case where “RemoteMaintenance1” is set as the remote user login name 510 is illustrated. In this case, since “permission” is set in the read permission 520, reading of data by the remote access user is permitted. However, since “not permitted” is set in the write permission 530, writing of data by the remote access user is prohibited. Furthermore, since “required” is set in the administrator confirmation 540, when an access request is received from the maintenance server 106, an inquiry screen asking whether or not to access the apparatus administrator is displayed on the display unit 4 of the image forming apparatus 102. Displayed, and it is necessary for the device administrator to check whether access is possible.

  Further, for example, in FIG. 5, a case where “RemoteMaintenance2” is set as the remote user login name 510 is illustrated. In this case, since “not permitted” is set in the read permission 520, reading of data by the remote access user is prohibited. However, since “not permitted” is set in the write permission 530, writing of data by the remote access user is prohibited. Furthermore, since “unnecessary” is set in the administrator confirmation 540, when an access request is issued from the maintenance server 106, an inquiry as to whether or not the device administrator can be accessed is not performed.

  The user authentication processing unit 520 performs user authentication processing using the acquired authentication information when there is a request for access to in-device information. The user authentication processing unit 520 includes a user authentication unit 521 and a session ID issue unit 522.

  The user authentication unit 521 performs user authentication by comparing authentication information related to an access request to in-device information with authentication information stored in the storage unit 5. As the user authentication method, for example, a method for determining whether or not a login name and a password match a preset login name and password can be applied.

  Further, when the user authentication unit 521 is an access request from the maintenance server 106 and the user authentication is successful, the user authentication unit 521 refers to the access control information set in advance and logs in to the remote user login name of the access control information. It is determined whether the name is registered.

  When a login name is registered in the remote user login name 510 of the access control information, the user authentication unit 521 determines whether or not the user is a maintenance user using the login name. If the user authentication unit 521 is a maintenance user, the user authentication unit 521 determines that “necessary” or “unnecessary” is set in the administrator confirmation 540 of the access control information. When “necessary” is set in the administrator confirmation 540, it is necessary to confirm whether or not the image forming apparatus 102 can access. Therefore, the user authentication unit 521 requests the access permission / non-permission confirmation unit 550 to confirm access permission. As a result, the access permission confirmation unit 550 causes the display unit 4 to display an access permission inquiry screen by the device administrator.

  Whether or not remote access is possible needs to be confirmed by an authorized person (in this example, a device administrator). Accordingly, when the apparatus administrator is logged in to the image forming apparatus 102, the access permission confirmation unit 550 displays an access permission inquiry screen on the display unit 4, and the apparatus administrator logs in to the image forming apparatus 102. If not, the access permission confirmation unit 550 may display a login screen of the device administrator on the display unit 4.

  On the other hand, when the login name is not registered in the remote user login name 510 of the access control information despite the access request from the maintenance server 106, the user authentication unit 521 does not permit the login.

  The session ID issuing unit 522 issues a session ID for allowing access to the in-device information when the user authentication by the user authentication unit 521 is successful.

  The file list processing unit 530 confirms the validity of the session ID acquired from the maintenance server 106, and transmits a file list including the file path of the file stored in the storage unit 5 of the image forming apparatus 102 to the maintenance server 106. To do. The file list processing unit 530 includes a session ID confirmation unit 531, a file list creation unit 532, and a file list transmission unit 533.

  The session ID confirmation unit 531 confirms whether or not the session ID is a session ID issued by the session ID issuing unit 522 using the session ID acquired from the maintenance server 106. When the session ID acquired from the maintenance server 106 is not correct, the session ID confirmation unit 531 determines that the session ID is not a correct session ID, so that the file list is not transmitted to the maintenance server 106.

  The session ID confirmation unit 531 requests the access permission confirmation unit 533 to confirm whether the device administrator can access. As a result, the access permission confirmation unit 550 causes the display unit 4 to display an access permission inquiry screen by the device administrator.

  The file list creation unit 532 creates a file list stored in the storage unit 5 when the session ID confirmation unit 531 confirms that the session ID is correct. For example, since each file has high confidentiality, a flag for prohibiting access from the outside may be attached. The file list creation unit 532 creates a file list including a file path for files accessible from the outside. More specifically, the file list creation unit 532 creates a file list in which file names are associated with file paths. The file list may include file creation date / time information, file last storage date / time information, file access history information, and the like.

  The file list transmission unit 533 transmits the file list created by the file list creation unit 532 to the maintenance server 106.

  The request data processing unit 540 confirms the file path and session ID of the request data acquired from the maintenance server 106 (file data requested by the maintenance server 106), and searches for a file (request data) associated with the file path. The request data is transmitted to the maintenance server B106. The request data processing unit 540 includes a file path confirmation unit 541, a request data search unit 542, and a request data transmission unit 543.

  The file path confirmation unit 541 acquires the file path and the session ID from the maintenance server 106 and confirms the validity of the session ID.

  The request data search unit 542 searches the storage unit 5 using the file path acquired from the maintenance server 106 and searches for a file associated with the file path. The request data search unit 542 requests the access confirmation unit 533 to confirm whether the device administrator can access. As a result, the access permission confirmation unit 550 causes the display unit 4 to display an access permission inquiry screen by the device administrator.

  The request data transmission unit 543 transmits the file searched by the request data search unit 542 to the maintenance server 106.

  Upon receiving an access confirmation request from the device administrator from the user authentication processing unit 520, the file list processing unit 530, and the request data processing unit 540, the access permission confirmation unit 550 displays a screen for inquiring whether the device administrator can access or not. 4 is displayed. When the access permission confirmation unit 550 obtains access OK from the device administrator through the operation input unit 6, the access permission confirmation unit 550 notifies the user authentication processing unit 520, the file list processing unit 530, and the request data processing unit 540 that access is OK. On the other hand, when the access permission confirmation unit 550 obtains the information indicating that access is not permitted, the access authentication unit 550 notifies the user authentication processing unit 520, the file list processing unit 530, and the request data processing unit 540 that access is not permitted. To do.

  As described above, it is possible to prevent leakage or prevention of highly confidential files by asking whether the apparatus administrator can access each request stage of the access request from the maintenance server 106.

(A-2) Operation of the First Embodiment Next, the operation of the maintenance management process of the maintenance management system according to the first embodiment will be described in detail with reference to the drawings.

  FIG. 6 is a sequence diagram illustrating a login process from the maintenance server 106 according to the first embodiment. FIG. 7 is a sequence diagram illustrating processing for requesting acquisition of a file list from the maintenance server 106 according to the first embodiment. FIG. 8 is a sequence diagram illustrating processing for acquiring request data from the maintenance server 106 according to the first embodiment.

  First, in the maintenance-side environment 120, when it is necessary to acquire in-device information from the image forming apparatus 102 that is a maintenance target apparatus, the maintenance server 106 sends a signal including authentication information input by a maintenance person or the like to the image forming apparatus. (S101).

  In the user authentication processing unit 520 of the image forming apparatus 102, the user authentication unit 521 compares the authentication information acquired from the maintenance server 106 with the authentication information stored in the storage unit 5 to verify the validity of the authentication information. It judges and performs user authentication (S102).

  Here, the authentication information is information including a login name, a password, and the like, for example. The login name and password of the maintenance server 106 are registered in the storage unit 5 in advance. The user authentication unit 521 searches for a password associated with the login name acquired from the maintenance server 106, and determines that the user authentication is successful if the passwords match. Note that the password registered in the storage unit 5 does not have to be the password itself set by the maintenance company or the like, and may be a hash value uniquely specified.

  When the user authentication by the user authentication unit 521 is successful (S103), the process proceeds to S104. On the other hand, when the user authentication by the user authentication unit 521 fails, the user authentication unit 521 transmits a signal including a login failure to the maintenance server 106 when the user authentication fails (S103). In this case, the process ends.

  If the user authentication is successful, the user authentication unit 521 determines whether or not the user who operates the maintenance server 106 is a maintenance user (S104). For example, the authentication information from the maintenance server 106 includes a remote user login name as the maintenance user login information, and the user authentication unit 521 has the remote user login name and the remote registered in the access control information. By determining whether or not the user login name matches, it is determined whether or not the user is a maintenance user.

  If it is determined that the user is a maintenance user, the user authentication unit 521 confirms permission / non-permission of login of the maintenance user on the display unit 4 with respect to the access permission confirmation unit 550. Receiving this, the access permission confirmation unit 550 displays a maintenance user login permission / denial confirmation screen on the display unit 4 (S105).

  Specifically, the login permission / non-permission confirmation is performed by causing the display unit 4 of the operation panel to select that a maintenance user login request has been made remotely and whether the apparatus administrator is permitted to log in or not. Show button. Since it is necessary to be an apparatus administrator for permitting login, when the state of the operator panel of the image forming apparatus 102 is login to the apparatus administrator, the permission is permitted by pressing the permission button. On the other hand, when the device administrator is not logged in, the screen may be switched to a screen for requesting login by the device administrator.

  If the apparatus administrator does not permit the maintenance user login request in S106, the access permission confirmation unit 550 notifies the user authentication unit 521 that the maintenance user login is not permitted, and the user authentication unit 521 Notifies the maintenance server of the login failure (S106).

  On the other hand, when permission is granted by the apparatus administrator (S106), the access permission confirmation unit 550 notifies the session ID issuing unit 522 that the maintenance user is permitted to log in. Then, the session ID issuing unit 522 issues a session ID, and notifies the maintenance server of the login success together with the session ID (S107).

  Next, a file list acquisition process from the maintenance server 106 to the image forming apparatus 102 after successful login will be described with reference to FIG.

  In FIG. 7, the maintenance server 106 transmits a file list acquisition request including the session ID acquired from the image forming apparatus 102 to the image forming apparatus 102 (S201).

  In the image forming apparatus 102, the session ID confirmation unit 531 of the file list processing unit 530 searches for the login name of the requester from the acquired session ID, and determines whether the login name has authority to acquire a file list. (S202).

  Here, as a determination method of the file list acquisition authority, a method of using access control information associated with the file list 304 (see FIG. 4) stored in the storage unit 5 can be applied. That is, the session ID confirmation unit 531 confirms whether or not the login name derived from the session ID is registered in the “remote user login name” of the access control information associated with the file list 304.

  If there is registration (S202), it is determined that there is a right to acquire the file list of the hit person (maintenance user), and the process proceeds to S203.

  On the other hand, if there is no registration (S202), it is determined that there is no right to acquire the file list, and the process proceeds to S203.

  In S203, the session ID confirmation unit 531 confirms the necessity / unnecessity of the “manager confirmation” 540 for obtaining the file list with reference to the access control information (S203).

  That is, the maintenance user login name (remote user login name) is not registered in the access control information in the process of S202, and “unnecessary” is set in the “manager confirmation” 540 of the access control information in S203. If so, the session ID confirmation unit 531 notifies the maintenance server 106 of failure to acquire the file list and completes the processing (S203).

  On the other hand, if the maintenance user login name (remote user login name) is not registered in the access control information in S202, but “necessary” is set in the “manager confirmation” 540 of the access control information in S203, The session ID confirmation unit 531 confirms permission / non-permission of file list acquisition on the display unit 4 with respect to the access permission confirmation unit 550. In response to this, the access permission / non-permission confirmation unit 550 causes the display unit 4 to display a confirmation screen for permission / non-permission of file list acquisition (S204).

  The confirmation of permission / non-permission of file list acquisition allows the apparatus administrator to select whether or not to permit the acquisition of the file list from the maintenance user, as in the case of confirmation of permission / non-permission of login. If the administrator is in the panel login, the selection is valid as it is. If the administrator is not in the panel login, the screen is switched to a screen prompting the administrator to log in, and is confirmed by the administrator login.

  In S205, when the apparatus administrator does not permit the maintenance user file list acquisition login request, the access permission confirmation unit 550 notifies the session ID confirmation unit 531 that the file list acquisition is not permitted. The session ID confirmation unit 531 notifies the maintenance server of the failure to obtain the file list (S205).

  On the other hand, when permission is granted by the device administrator (S205), the access permission confirmation unit 550 notifies the file list creation unit 532 that the maintenance user is allowed to acquire the file list. Then, the file list creation unit 532 creates a file list, and notifies the maintenance server of the successful file list acquisition together with the file list and session ID (S206). The file list is configured for each actual file path and data type. The data type can be the type described in the in-device information example illustrated in FIG.

  Next, a process for acquiring request data from the maintenance server 106 to the image forming apparatus 102 after permitting file list acquisition will be described with reference to FIG.

  The maintenance server 106 specifies a file path of a desired file based on the file list acquired from the image forming apparatus 102 and transmits a request data acquisition request including the file path and the session ID to the image forming apparatus 102. (S301).

  In the image forming apparatus 102, the file path confirmation unit 541 of the request data processing unit 540 identifies a file corresponding to the file path acquired from the maintenance server 106, and limits the file type. The file path confirmation unit 541 confirms the access control information of the file type of the request file, and confirms whether the maintenance user has the authority to acquire the request file (S302).

  As a method for determining whether or not the user has the authority to acquire the requested file, a method using access control information associated with the file type of the requested file stored in the storage unit 5 can be applied. That is, the file path confirmation unit 541 confirms whether or not the login name derived from the session ID is registered in the “remote user login name” of the access control information associated with the file type of the request file.

  If there is registration (S302), it is determined that the hit person (maintenance user) has the right to acquire the file type, and the process proceeds to S306. That is, if there is a file acquisition right, data sending processing is executed (S306), and file data sending of the requested file is executed to the maintenance server.

  On the other hand, when there is no registration (S302), it is determined that there is no right to acquire the file, and the process proceeds to S303.

  In S303, the file path confirmation unit 541 refers to the access control information and confirms whether the “administrator confirmation” 540 for obtaining the requested file is necessary or unnecessary (S303).

  In other words, the maintenance user login name (remote user login name) is not registered in the access control information in the processing in S302, and “unnecessary” is set in the “manager confirmation” 540 of the access control information in S303. If so, the file path confirmation unit 541 notifies the maintenance server 106 of the file acquisition failure and completes the processing (S303).

  On the other hand, if the maintenance user login name (remote user login name) is not registered in the access control information in S302, but “necessary” is set in the “manager confirmation” 540 of the access control information in S303, The file path confirmation unit 541 confirms permission / non-permission of file acquisition on the display unit 4 with respect to the access permission confirmation unit 550. In response to this, the access permission / non-permission confirmation unit 550 causes the display unit 4 to display a file acquisition permission / non-permission confirmation screen (S304).

  FIG. 9 is an explanatory diagram for explaining the transition of the confirmation screen for file access permission displayed on the display unit 4 according to the first embodiment. Note that the display screen illustrated in FIG. 9 may be a screen that occupies all or part of the screen area of the display unit 4 of the operation panel, or may be a hop-up display screen.

  As shown in FIG. 9, a screen 601 is displayed on the display unit 4 when requesting access permission from the apparatus administrator. The screen 601 displays a guidance display for inquiring whether access is possible, such as “a remote maintenance user is requesting data access permission from the device administrator”, and displays a “permit” button and a “not permit” button. Have.

  At this time, the person who determines whether or not access is permitted is the person who has the authority to determine whether or not access is possible. Here, the device administrator has the authority to determine whether access is possible. Accordingly, when the apparatus administrator is not logged in to the image forming apparatus 102, after pressing the “permit” button on the screen 601, the administrator login screen 602 is displayed on the display unit 4 and requests the apparatus administrator to log in. Then, when the login of the device manager is confirmed, the screen 603 changes.

  Here, when a person other than the device administrator is logging in and the “permit” button is pressed on the screen 601, the currently logged-in person is automatically logged out. Then, after logging out, a login screen 602 of the device administrator may be displayed on the display unit 4 to request the login of the device administrator.

  On the other hand, when the apparatus administrator is logging in to the image forming apparatus 102, the administrator login screen 602 is not displayed on the display unit 4 after the “permit” button is pressed on the screen 601. That is, a screen 603 having the same screen configuration as the screen 601 is displayed on the display unit 4.

  In S305, when the apparatus administrator does not permit the maintenance user's file acquisition login request, the access permission confirmation unit 550 notifies the file path confirmation unit 541 that the file list acquisition is not permitted. The file path confirmation unit 541 notifies the maintenance server 106 of failure to acquire the file list (S305).

  On the other hand, when the permission is granted by the device administrator (S305), the access permission confirmation unit 550 notifies the request data search unit 542 that the maintenance user is allowed to acquire the file. Then, the request data search unit 542 searches the storage unit 5 for file data of the request file, and the request data transmission unit 543 transmits the file data of the request file to the maintenance server 106 (S306).

  As described above, when there is an access request from the maintenance server 106 to the image forming apparatus 102, whether or not to allow access by the apparatus administrator is performed for each access request.

  This is because the storage unit 5 of the image forming apparatus 102 stores not only apparatus setting information and log information such as abnormality and failure, but also customer information and confidential information such as e-mail information and important data. Yes. On the other hand, in recent years, under the influence of the Personal Information Protection Law, awareness of information leakage countermeasures in companies and the like is increasing.

  Therefore, even if the maintenance side enters into a confidentiality agreement with the maintenance side, since data that cannot be disclosed is stored in the image forming apparatus 102, the stored data must be handled with care. In addition, maintenance management of multifunction peripherals and printers can be performed by a maintenance company specializing in maintenance management for fault diagnosis and recovery by remote access using an infrastructure such as a network.

  Therefore, the first embodiment has been made in view of the above circumstances. Access control information for maintenance users that can be remotely accessed in units of data types such as folders and files can be given, and the conventional "read permission", "read prohibition", and "write permission" in the access control information In addition to “write prohibition”, permission is added by “administrator confirmation”.

  In principle, access to a remote user is prohibited for a file for which “required” for confirmation is set in “administrator confirmation”. However, the device administrator confirms whether or not access is possible, and file data access is permitted on condition that the device administrator permits access.

  Further, when the maintenance server 106 acquires the request data by the sequence shown in FIG. 8, the control unit 1 of the image forming apparatus 102 performs maintenance while referring to the information set to “write permission” of the access control information. The user may control writing.

(A-3) Effect of First Embodiment As described above, according to the first embodiment, access confirmation information associated with each type of folder, file, data, etc. By setting the necessity, even if there is an access request for data containing confidential information with access restrictions, a screen indicating whether the device administrator can be accessed is displayed on the display unit each time an access request is made. Can do.

  Further, according to the first embodiment, access permission or disapproval can be determined by a simple operation through a screen displayed on the display unit by an operation of the apparatus administrator.

  Furthermore, according to the first embodiment, since the device administrator can grasp the data requested to be accessed, it is possible to recognize which data is currently being accessed by the remote user, and to manage the device. Can give people a sense of security.

(B) Other Embodiments Although various modified embodiments are mentioned in the first embodiment described above, the present invention can also be applied to the following modified embodiments.

  (B-1) Access control information can be individually set for each folder or file. In the first embodiment, it may be considered that the maintenance server has many access requests to data such as folders and files stored in the “log 310” and “apparatus setting 300” in FIG. In this case, “unnecessary” is set in “manager confirmation” of the access control information of these “log 310” and “apparatus setting 300”. However, on the other hand, “necessary” should be set in “administrator confirmation” of access control information of “operation / access log 311” stored in “log 310” and “box 320” and “phone book 330”. Thus, leakage of confidential information and customer information can be prevented.

  (B-2) Regarding the access to the image forming apparatus by the maintenance server, it is not preferable from the viewpoint of security to make it accessible for a long time. On the other hand, the data requested by the maintenance server may differ from the required data after grasping the state of the image forming apparatus.

  Therefore, the data requested by the maintenance server to the image forming apparatus is not limited to one, and may be plural. In that case, for example, in FIG. 8, when the maintenance server transmits a request data acquisition request, a plurality of request data file paths may be set.

  Further, when the maintenance server makes an access request to the image forming apparatus multiple times, if the initial user authentication is successful, the maintenance server can access the image forming apparatus within a predetermined time after the user authentication. You may do it. In this case, a different session ID may be issued for each session ID. Alternatively, the session ID may be valid within a predetermined time. For example, the predetermined time can be set as a time required for grasping the state of the image forming apparatus, and can be set to, for example, 1 minute, 10 minutes, 30 minutes, 1 hour, or the like.

  (B-3) In the first embodiment, a case has been illustrated in which when an access request from the maintenance server is requested, confirmation of access permission by the device administrator is requested. However, when a session between the maintenance server and the image forming apparatus is completed, an access completion confirmation screen may be displayed on the display unit. As a result, since the device administrator can also know that the connection with the maintenance server is completed, the device administrator can have a sense of security against leakage of confidential information and the like.

  For example, the maintenance server transmits a session completion notification to the image forming apparatus. In the image forming apparatus, the control unit determines the session ID included in the session completion notification from the maintenance server, displays a session end confirmation screen on the display unit, and is permitted by the operation of the apparatus administrator. The session may be terminated.

  Further, for example, the control unit may display a confirmation screen for session end after determining the presence or absence of access control information. That is, the control unit determines the login name from the session ID included in the session completion notification. Then, after determining the presence or absence of access control information corresponding to the login name, a confirmation screen for session termination is displayed on the display unit, and the session is terminated when permitted by the operation of the device administrator. good.

  (B-4) In the user authentication in the first embodiment, the case where the authentication information is a login name and a password has been exemplified, but various information may be used as long as the user can be specified, and the authentication method is wide. Can be applied.

  (B-5) In the first embodiment, access restriction is applied for each data type, but the unit for applying access restriction may be for each file.

  DESCRIPTION OF SYMBOLS 100 ... Maintenance management system, 101 and 105 ... Telephone, 102 ... Image forming apparatus, 106 ... Maintenance server, 1 ... Control part, 2 ... Communication part, 3 ... Display control part, 4 ... Display part, 5 ... Storage part, 6 ... operation input unit, 510 ... access authority setting unit, 520 ... user authentication processing unit, 521 ... user authentication unit, 522 ... session ID issuing unit, 530 ... file list processing unit, 531 ... session ID confirmation unit, 532 ... file list Creation unit, 533 ... file list transmission unit, 540 ... request data processing unit, 541 ... file path confirmation unit, 542 ... request data search unit, 543 ... request data transmission unit, 550 ... access permission confirmation unit.

Claims (8)

In an image forming apparatus managed remotely from a connectable maintenance server,
A communication unit connectable to the network;
A display unit;
A control unit that, when acquiring an access request from the maintenance server through the communication unit, causes the display unit to display an access permission confirmation screen requesting whether or not to permit the access request. Image forming apparatus. A storage unit for storing in-device information;
For each user information of a user who allows access to the in-device information stored in the storage unit, at least access control information including whether or not it is necessary to confirm whether to access the in-device information is set An access control information setting unit, and
When the control unit refers to the access control information corresponding to the user information acquired from the maintenance server and the necessity for checking whether access is permitted is set, the confirmation screen for the access permission is displayed on the display unit. The image forming apparatus according to claim 1, wherein the image forming apparatus is displayed.   3. The control unit according to claim 1, wherein the control unit causes the display unit to display the access permission confirmation screen according to each processing step for each step processing related to the access request from the maintenance server. The image forming apparatus described.   When the control unit obtains access permission from the operation input unit, it permits an access request from the maintenance server, and when it obtains an access disapproval, does not permit an access request from the maintenance server. The image forming apparatus according to claim 1.   5. The image formation according to claim 2, wherein the access control information is set for each in-device information and / or for each type of in-device information stored in the storage unit. apparatus. The access control information is set to access-restricted information among the in-device information,
The control unit permits access to the in-device information even when the in-device information is restricted in access when the access permission is obtained for the access permission confirmation screen. The image forming apparatus according to claim 4 or 5. The control unit is
A user authentication processing unit for performing user authentication based on authentication information acquired from the maintenance server;
A list information provision processing unit for transmitting storage location list information of in-device information stored in the storage unit to a maintenance server that has been successfully authenticated by the user authentication processing unit;
A request information provision processing unit that transmits the in-device information read from the storage unit to the maintenance server based on storage destination information of in-device information requested from the maintenance server. Item 4. The image forming apparatus according to Item 2 or 3. In a maintenance management system having one or a plurality of image forming apparatuses and a maintenance server for remotely managing the state of the image forming apparatus,
The maintenance server makes an access request to each image forming apparatus to be maintained,
When each of the image forming apparatuses acquires an access request from the maintenance server, an access permission confirmation screen for requesting whether or not to permit the access request is displayed on a display unit. .

Images