JP2017054402A - Electronic apparatus, setting management method, program, and communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an electronic apparatus, a setting management method, a program, and a communication system that can maintain a desired security level on change of a setting value.SOLUTION: An electronic apparatus comprises: a service control unit for providing a service to change a setting value of a setting item; a display control unit for displaying an approval screen to specify approval or rejection on a display unit when approval to change the setting value is requested; and a setting management unit for setting a setting value after being changed if approval is specified on the approval screen.SELECTED DRAWING: Figure 3

Description

  The present invention relates to an electronic device, a setting management method, a program, and a communication system.

  In the CC (Common Criteria) certification (ISO / IEC15408) evaluation system that evaluates the security functions of IT-related products, set values that change the behavior of the security functions of the evaluation target products in order to guarantee a certain level of safety. It is necessary to limit it within a certain range. When introducing an authentication product into the user's operating environment, if these setting values are set to values outside the specified range, it is determined that there is a vulnerability, and the safety as an authentication product cannot be guaranteed. These setting values are selected within the range defined by the administrator when purchasing and installing the certified product, and these values are obliged to be maintained during operation.

  Patent Document 1 proposes a technique for restricting a range that can be operated by a maintenance person when performing maintenance work in order to achieve both quick maintenance and security improvement.

  However, in the conventional technology, in order to satisfy an evaluation standard such as CC authentication, for example, a function that changes the setting value without the knowledge of the administrator is excluded (operation prohibited). Otherwise, the security level related to the change of the setting value may not be maintained. For example, as in Patent Document 1, only by limiting the operable range, the administrator confirms that the setting value is within the standard certification range, and the administrator is responsible for changing the setting value during maintenance. Could not prove that it was approved.

  The present invention has been made in view of the above, and an object of the present invention is to provide an electronic device, a setting management method, a program, and a communication system that can maintain a desired security level related to a change in a setting value.

  In order to solve the above-described problems and achieve the object, the present invention provides a service control unit that provides a service for changing a setting value of a setting item, and an approval when an approval for the change of the setting value is requested. A display control unit that displays an approval screen for designating whether or not to be displayed on a display unit, and a setting management unit that sets a changed setting value when approval is specified on the approval screen. Prepare.

  According to the present invention, there is an effect that it is possible to maintain a desired security level related to the change of the set value.

FIG. 1 is a diagram illustrating an example of the overall configuration of a communication system according to the present embodiment. FIG. 2 is a block diagram illustrating a hardware configuration example of the MFP according to the present embodiment. FIG. 3 is a block diagram illustrating a functional configuration example of the MFP according to the present embodiment. FIG. 4 is a sequence diagram illustrating an example of the setting change process in the present embodiment. FIG. 5 is a diagram illustrating a configuration example of the approval screen. FIG. 6 is a flowchart illustrating an example of the setting change process according to the present embodiment. FIG. 7 is a flowchart illustrating an example of the setting change process according to the first modification. FIG. 8 is a flowchart illustrating an example of the setting change process according to the second modification. FIG. 9 is a sequence diagram illustrating an example of a setting change process according to the third modification. FIG. 10 is a diagram illustrating an example of a work slip.

  Exemplary embodiments of an electronic device, a setting management method, a program, and a communication system according to the present invention will be explained below in detail with reference to the accompanying drawings.

  In the following, an example using a multifunction peripheral (MFP) as an electronic device will be described. The MFP is an electronic device having at least two functions among a copy function, a printer function, a scanner function, and a facsimile function. Applicable electronic devices are not limited to MFPs, and can be applied to arbitrary devices. For example, the present invention can be applied to an image forming apparatus such as a copying machine, a printer, a scanner device, and a facsimile device.

  In the present embodiment, the change contents are presented to the administrator when the change of the setting value is reflected on the electronic device, the approval of the administrator is required, and the change of the setting value executed as a result of the approval of the administrator In the log. This enables the administrator to confirm that the setting value changes made during maintenance are within the security level of the security standard, and the administrator can respond to changes in the setting values during maintenance. It becomes possible to prove that it is approved. That is, for example, it is possible to maintain the security level regarding the change of the setting value in order to satisfy the evaluation standard such as CC authentication.

[System configuration]
FIG. 1 is a diagram illustrating an example of the overall configuration of a communication system according to the present embodiment. As shown in FIG. 1, the communication system according to the present embodiment includes an MFP 10, a client PC (personal computer) 20, a firewall 30, and a service center 60.

  The MFP 10, the client PC 20, and the firewall 30 are connected by a network 40 such as a LAN (local area network). The service center 60 is connected to the network 40 via the network 50 such as the Internet and the firewall 30.

  The MFP 10 is an electronic device to be managed by an administrator (MFP administrator). The MFP 10 is a target of remote operation from the service center 60. The administrator has at least an authorization authority to change the setting values of the setting items of the MFP 10.

  The client PC 20 is used, for example, for an administrator to manage settings of the MFP 10 using a WEB browser or the like. The client PC 20 can be realized by a general-purpose personal computer, for example.

  The firewall 30 prevents unauthorized access to each device such as the MFP 10 connected to the network 40 via the network 50.

  The service center 60 is an information processing apparatus that is used, for example, for an operator other than the administrator (such as a maintenance person of the MFP 10) to perform a state monitoring function of the MFP 10 and a remote operation for managing settings of the MFP 10. The maintenance staff can change the setting value of the MFP 10 by remote operation, but does not have the authority to approve the change of the setting value.

  The system configuration in FIG. 1 is an example, and the present invention is not limited to this. For example, the service center 60 may be connected to the same network 40 as the MFP 10 or the like. In FIG. 1, one device is shown, but a plurality of devices may be provided.

  Next, an outline of the operation of the communication system of this embodiment will be described. In the present embodiment, the function of remotely operating management settings from the service center 60 is permitted only under the management of the administrator. The management setting is a setting for determining the behavior of each function of the MFP 10 (copy function, scanner function, fax function, document storage function, etc.). The management setting represents setting a setting value of a setting item (management setting item) dedicated to the administrator, for example. In CC authentication or the like, there are cases where management setting by remote operation in a situation that is not managed by an administrator is prohibited. The management setting is a setting that should be permitted only to a trusted administrator and is a restriction on CC authentication based on the viewpoint that it cannot be permitted to a third party.

In order to permit remote operation under the management of the administrator, the present embodiment implements the following functions.
(1) A function in which the setting value of the management setting item changed by remote operation from the service center 60 cannot be reflected unless the administrator logs in to the MFP 10 as the administrator (identification authentication of the administrator) and approves the change contents. .
(2) When changing the management settings by remote operation from the service center 60, the contents of the change operation are displayed on the MFP 10 or a PC (client PC 20 or the like) operated by the administrator, and a record (log) of the change operation is accumulated. Function.

[Hardware configuration]
Next, a hardware configuration of the MFP 10 according to the present embodiment will be described. FIG. 2 is a block diagram illustrating a hardware configuration example of the MFP 10 according to the present embodiment.

  As shown in FIG. 2, the MFP 10 includes a CPU (Central Processing Unit) 101, a ROM (Read Only Memory) 102, a RAM (Random Access Memory) 103, an HDD (Hard Disk Drive) 104, an engine 105, An operation panel 106 and a communication I / F (interface) 107 are provided. The above units are connected to each other via a system bus 121.

  The CPU 101 comprehensively controls the operation of the MFP 10. The CPU 101 controls the overall operation of the MFP 10 by executing a program stored in the ROM 102 or the HDD 104 using the RAM 103 as a work area, and performs various functions such as the copy function, the scanner function, the fax function, and the printer function described above. Various functions to be described later are realized. The communication I / F 107 is an interface for connecting to the network 40. The engine 105 is an image forming engine or the like, and is, for example, a black and white plotter, a drum color plotter, a scanner, or a fax unit. The operation panel 106 includes a touch screen, a keyboard, and the like. For example, the touch screen is a liquid crystal display (LCD) equipped with a touch panel function or an organic EL (Electro Luminescence) display. A keyboard is a collection of hardware keys. Note that the operation panel 106 is merely a display device for displaying a screen, and may include a keyboard having an input function.

[Function configuration]
Next, a functional configuration of the MFP 10 according to the present embodiment will be described. FIG. 3 is a block diagram illustrating a functional configuration example of the MFP 10 according to the present embodiment. As shown in FIG. 3, the MFP 10 includes a communication control unit 11, a service control unit 12, an authentication unit 13, a display control unit 14, a setting management unit 15, a display operation unit 16, a storage unit 17, It has.

  The communication control unit 11 controls communication via the network 40. For example, the communication control unit 11 controls communication when a setting value is changed by remote operation from the service center 60. The communication control unit 11 controls communication when various functions of the MFP 10 such as a copy function, a scanner function, a fax function, and a document storage function are executed.

  The service control unit 12 controls a service provided to a maintenance person (service center 60). For example, the service control unit 12 receives a request from the service center 60 and provides a service (remote operation service) for changing the setting value of the setting item. The form of service provision (such as an interface) may be any form. For example, the service control unit 12 provides a service that allows a setting value of a management setting item to be specified using a WEB browser as an interface. The service control unit 12 stores, for example, a log indicating the change history of the setting item setting value in the storage unit 17.

  The authentication unit 13 executes an authentication process for authenticating the user of the MFP 10. For example, the authentication unit 13 authenticates a maintenance person who uses the MFP 10 by remote operation from the service center 60. When authenticated as a maintenance person, a management setting item changing operation by remote operation is permitted. The authentication unit 13 authenticates an administrator who uses the MFP 10 via the client PC 20 or the operation panel 106. When authenticated as an administrator, the use of a management function for changing the setting of management setting items is permitted.

  The display control unit 14 controls display of various types of information on the display operation unit 16. For example, the display control unit 14 displays an approval screen on the display operation unit 16 for designating whether or not to approve the setting change of the management setting item. The display control unit 14 may display information on a display device included in an external device such as the client PC 20 instead of the display operation unit 16 or together with the display operation unit 16.

  The setting management unit 15 executes the management function described above. Various settings of the MFP 10 are managed by storing them in the storage unit 17, for example. For example, when the setting change of the management setting item is approved on the approval screen, the setting management unit 15 sets the changed setting value in the storage unit 17.

  The display operation unit 16 displays various information according to instructions from the display control unit 14. Further, the display operation unit 16 accepts various inputs according to user operations. The display operation unit 16 is realized by, for example, the operation panel 106 in FIG. Note that a function for displaying information (display unit) and a function for receiving an input corresponding to an operation (operation unit) may be separated.

  The storage unit 17 stores various information used for each function of the MFP 10. For example, the storage unit 17 stores a setting value of the management setting item and a log of a change operation of the setting value of the management setting item. The storage unit 17 is realized by, for example, the RAM 103 and the HDD 104 in FIG.

  The communication control unit 11, the service control unit 12, the authentication unit 13, the display control unit 14, and the setting management unit 15 are realized by causing a processing device such as the CPU 101 to execute a program, that is, by software. Alternatively, it may be realized by hardware such as an IC (Integrated Circuit) or may be realized by using software and hardware together.

  Next, setting change processing by the MFP 10 according to the present embodiment configured as described above will be described with reference to FIG. FIG. 4 is a sequence diagram illustrating an example of the setting change process in the present embodiment.

  First, a setting change operation for management setting items is executed by remote operation from the service center 60 (step S101). For example, an operation request from the service center 60 is received by the communication control unit 11 and transferred to the service control unit 12 or the like. The service control unit 12 provides a remote operation service in response to a request. At the start of the remote operation service, the authentication unit 13 may execute an authentication process for a maintenance person in the service center 60. The contents of the remote operation service changing operation may be displayed on the display operation unit 16 of the MFP 10 or the client PC 20 in real time.

In this step, an operation for changing the setting value of the management setting item is possible, but the process of reflecting the changed setting value as the setting value of the actual management setting item is not executed. The process of reflecting the changed setting value is executed when the administrator approves the setting change. The method of reflecting the set value is arbitrary, but for example, the following method can be applied.
During the change operation, the changed setting value is temporarily stored in the storage unit 17 (for example, the RAM 103), and after the approval, the setting value before the change is updated with the changed setting value temporarily stored.
・ Allows remote changes to the settings managed by the database, commits the changes if approved, and rolls back the changes if not approved.

  After executing the necessary change by remote operation, the maintenance staff performs an operation (for example, pressing a button on the screen) that requests the approval of the change. As a result, the service center 60 transmits an approval request to the MFP 10. The communication control unit 11 of the MFP 10 receives the transmitted approval request (step S102).

  The communication control unit 11 transfers the approval request to the service control unit 12 (step S103). The service control unit 12 further transfers the transferred approval request to the authentication unit 13 (step S104). For example, the service control unit 12 analyzes the transferred message, determines that the administrator authentication is necessary when the message is an approval request, and transfers the approval request to the authentication unit 13 for the administrator authentication. .

  The approval request does not need to be received from outside the MFP 10 (such as the service center 60). For example, the approval request may be generated inside the MFP 10. For example, the MFP 10 may internally generate an approval request for each change operation of each setting item in accordance with the change operation of the setting value of each setting item. Further, the MFP 10 may internally generate an approval request in response to the completion of the operation for changing the setting values of one or more setting items.

  The authentication unit 13 transmits a login screen display request for authenticating the administrator to the display control unit 14 (step S105). The display control unit 14 displays a login screen (step S106).

  The service center 60 and the administrator may contact each other in advance, and the login screen may be displayed in a state where the administrator is in front of the MFP 10. The administrator may be notified that the approval request has been transmitted, for example, by outputting sound from a speaker or the like provided in the MFP 10, lighting a lamp provided in the MFP 10, and mail notification. The display control unit 14 may display a login screen on the MFP 10 (display operation unit 16) or may be displayed on the client PC 20 (for example, an application such as a WEB browser).

  When the administrator inputs login information via the display operation unit 16, the display control unit 14 transmits the input login information to the authentication unit 13 (step S107). The authentication unit 13 executes an administrator authentication process using the login information (step S108). The authentication unit 13 transmits the authentication result to the service control unit 12 (step S109). If authentication as an administrator fails, an error message or the like may be displayed to end the process.

  When the authentication as the administrator is successful, the service control unit 12 transmits an approval screen display request to the display control unit 14 (step S110). The display control unit 14 displays an approval screen (step S111).

  FIG. 5 is a diagram illustrating a configuration example of the approval screen. As shown in FIG. 5, the approval screen 1001 includes a setting display field 1002, an approval button 1003, and a non-approval button 1004. The setting display column 1002 displays setting items for which approval for change is requested. FIG. 5 shows an example of a setting display field 1002 including an item number (No.), operation date and time, operation content, a value before change, a value after change, and a security determination. .

  The operation date / time indicates the date / time when the remote operation was executed. The operation content indicates a management setting item to be set and an operation for the management setting item.

The management setting item may be any item. For example, the following items can be used as management setting items.
(Management setting item): (Example of setting value)
TCP / IP: Enabled (ON) or Disabled (OFF)
SSH (Secure Shell): Valid or invalid IPSec (Security Architecture for Internet Protocol): Valid or invalid Minimum password length: 8 characters or more Login attempts: 1-5 times Auto logout time: 3-60 minutes

  The security determination indicates a determination result as to whether or not the changed value satisfies a security level defined by an evaluation standard such as CC authentication. For example, when it is required to invalidate the SSH to satisfy the security level, the security judgment is “OK” if the SSH setting value is “invalid”, and the security is determined if the SSH setting value is “valid”. The determination is “NG”. Also, for example, when a value outside the range that can be set as the number of login attempts (such as “6 times” in the above example) is set, the security judgment is “NG”. For example, the setting management unit 15 executes such a security determination process.

  The administrator refers to the displayed approval screen and designates approval or non-approval of the requested setting value. In the screen example of FIG. 5, the administrator presses the approval button 1003 when approving, and presses the non-approval button 1004 when not approving. The approval screen in FIG. 5 is an example, and the present invention is not limited to this. In the approval screen of FIG. 5, approval or non-approval is collectively specified for a plurality of setting value changes. For example, an approval screen in which approval or non-approval can be specified for each setting value may be used.

  Returning to FIG. 4, the display control unit 14 transmits the approval result designated on the approval screen to the service control unit 12 (step S112). When non-approval is designated as the approval result, an error message or the like may be displayed to end the process.

  When the approval is designated as the approval result, the service control unit 12 transmits an approved setting value change request to the setting management unit 15 (step S113). In accordance with the change request, the setting management unit 15 updates the management setting item to the set value after the change (step S114). The setting management unit 15 transmits the result of the update process to the service control unit 12 (step S115).

  The service control unit 12 transmits the processing result to the requesting service center 60 via the communication control unit 11 (steps S116 to S117).

  Each function (copy function, scanner function, fax function, document storage function, etc.) of the general user MFP 10 from the start of remote operation from the service center 60 to the completion of all changes to the setting values of the management setting items is completed. ) May be prohibited.

  FIG. 6 is a flowchart illustrating an example of the setting change process according to the present embodiment.

  The service control unit 12 of the MFP 10 determines whether an approval request is received via the communication control unit 11 (step S201). If an approval request has not been received (step S201: No), the process ends.

  When the approval request is received (step S201: Yes), the display control unit 14 displays a login screen on the display operation unit 16 (step S202). The display control unit 14 acquires login information input using the display operation unit 16 (step S203). The login information is passed to the authentication unit 13.

  The authentication unit 13 executes an authentication process using the login information and determines whether or not the authentication is successful (step S204). If the authentication fails (step S204: No), the process ends.

  When the authentication is successful (step S204: Yes), the display control unit 14 displays an approval screen on the display operation unit 16 (step S205). The service control unit 12 acquires the approval result input on the approval screen via the display control unit 14 (step S206).

  The service control unit 12 refers to the approval result and determines whether or not the change of the setting value has been approved (step S207). If not approved (step S207: No), the process is terminated. If approved (step S207: Yes), the setting management unit 15 updates the setting value before the change with the setting value after the change (step S208).

(Modification 1)
The administrator who logs in to the MFP 10 may permit remote operation from the service center 60, specify a time limit for remote operation, and allow remote operation within the time limit.

  FIG. 7 is a flowchart showing an example of the setting change process of Modification 1 configured as described above. In FIG. 7, it is assumed that an administrator first logs in to the MFP 10, permits remote operation from the service center 60, and specifies a time limit. Thereafter, for example, a setting change process by remote operation as shown in step S101 of FIG. 4 is executed. The starting point of the time limit may be the time when the administrator logs in or the time when remote operation is permitted.

  The service control unit 12 of the MFP 10 determines whether or not a management setting item change request has been received via the communication control unit 11 (step S301).

  When the management setting item change request is received (step S301: Yes), the service control unit 12 determines whether or not the specified time limit has elapsed (step S302). When the time limit has elapsed (step S302: Yes), the display control unit 14 displays a login screen for authenticating the administrator on the display operation unit 16 (step S303). The display control unit 14 acquires administrator login information input using the display operation unit 16 (step S304). The administrator login information is passed to the authentication unit 13. The authentication unit 13 executes authentication processing using the login information of the administrator, and determines whether or not the authentication is successful (step S305). If the authentication fails (step S305: No), the process ends.

  In this way, when the time limit has elapsed, the login screen is displayed again to prompt the administrator to input login information. This ensures that the MFP 10 is under the management of the administrator (the management function is being operated under monitoring) when the management function is executed remotely. When the administrator is not authenticated on the login screen displayed after the time limit has elapsed, subsequent setting change requests for the MFP 10 may be rejected.

  If the management setting item change request has not been received (step S301: No), the time limit has not elapsed (step S302: No), and the authentication has succeeded (step S305: Yes), service control The unit 12 determines whether an approval request has been received via the communication control unit 11 (step S306). When the approval request has not been received (step S306: No), the process returns to step S301 and is repeated.

  When the approval request is received (step S306: Yes), the display control unit 14 displays an approval screen (step S307). Steps S308 to S310 are the same as steps S206 to S208 in FIG.

(Modification 2)
It is determined whether or not the administrator is logged in to the MFP 10 (whether or not the administrator is authenticated). If the administrator is logged in, the process proceeds to the approval screen display process without displaying the login screen. May be. FIG. 8 is a flowchart showing an example of the setting change process of Modification 2 configured as described above.

The service control unit 12 of the MFP 10 determines whether an approval request has been received via the communication control unit 11 (step S401). If an approval request has not been received (step S401: No), the process ends.
When the approval request is received (step S401: Yes), the service control unit 12 determines whether the administrator is logged in to the MFP 10 (step S402). When not logged in (step S402: No), the display control unit 14 displays a login screen on the display operation unit 16 (step S403). Steps S404 to S405 are the same as steps S203 to S204 in FIG.

  When logged in (step S402: Yes), or when authentication is successful in step S405 (step S405: Yes), the display control unit 14 displays an approval screen on the display operation unit 16 (step S406). Steps S407 to S409 are the same as steps S206 to S208 in FIG.

(Modification 3)
In the third modification, the administrator requests maintenance from the service center 60 from the MFP 10, for example, by operating the operation panel 106 or pressing a predetermined button on the MFP 10. As a result, for example, it is not necessary to contact the service center 60 and the administrator in advance and to notify by sound or the like. FIG. 9 is a sequence diagram showing an example of the setting change process of Modification 3 configured as described above.

  The display control unit 14 displays a login screen in response to an operation by the administrator (step S501). When the administrator inputs login information via the display operation unit 16, the display control unit 14 transmits the input login information to the authentication unit 13 (step S502).

  The authentication unit 13 executes an administrator authentication process using the login information. When authentication as an administrator succeeds and a maintenance request is instructed by the administrator, the authentication unit 13 sends a maintenance request (service use start) to the service center 60 via the service control unit 12 and the communication control unit 11. Request) is transmitted (steps S503 to S505). The maintenance person in charge of the service center 60 receives the maintenance request and starts changing the setting of the management setting item by remote operation (step S506).

  Steps S507 to S508 are the same as steps S102 to S103 in FIG.

  In this modification, since the administrator is logged in (step S501), the service control unit 12 transmits a display request for an approval screen instead of the login screen to the display control unit 14 (step S509). Step S510 and subsequent steps are the same as step S111 and subsequent steps in FIG.

  In each process executed in the embodiment and the modification, a log indicating the process content is recorded. The log includes, for example, a setting value changed by remote operation and a change history of setting values such as a setting value approved by the administrator. The log recording process is executed by, for example, the service control unit 12 and the setting management unit 15 according to the content to be recorded. The recorded log may be displayed or printed according to the operation of the administrator. The log may be stored in the storage unit 17 or may be stored in an external storage device other than the storage unit 17.

  FIG. 10 is a diagram illustrating an example of a work slip of the service center 60 displayed or printed. As shown in FIG. 10, the work slip includes an administrator approval result and an approval date and time in addition to the display content of the approval screen of FIG. 5. By recording the log and outputting the work slip, it is possible to prove that the administrator approves the setting value change during the maintenance.

  Note that a program executed by the electronic apparatus (MFP 10) of the present embodiment is provided by being incorporated in advance in the ROM 102 or the like.

  A program executed by the electronic device of the present embodiment is an installable or executable file and is read by a computer such as a CD-ROM, a flexible disk (FD), a CD-R, or a DVD (Digital Versatile Disk). It may be configured to be recorded on a possible recording medium and provided as a computer program product.

  Further, the program executed by the electronic device of the present embodiment may be provided by being stored on a computer connected to a network such as the Internet and downloaded via the network. The program executed by the electronic device of the present embodiment may be configured to be provided or distributed via a network such as the Internet.

  The program executed by the electronic device of the present embodiment has a module configuration including the above-described units. As actual hardware, the CPU 101 reads the program from the ROM 102 and executes the program so that the above-described units are stored on the main storage device. Each unit is generated on the main storage device.

10 MFP
DESCRIPTION OF SYMBOLS 11 Communication control part 12 Service control part 13 Authentication part 14 Display control part 15 Setting management part 16 Display operation part 17 Memory | storage part 20 Client PC
30 Firewall 40 Network 50 Network 60 Service Center

JP 2004-303215 A

Claims (10)

A service control unit that provides a service for changing the setting value of the setting item;
A display control unit for displaying an approval screen on the display unit for designating whether to approve or not when approval for the change of the setting value is requested;
A setting management unit configured to set a changed setting value when it is designated to be approved on the approval screen;
Electronic equipment comprising. The service control unit provides the service to an operator other than an administrator who has an authorization authority to change the setting value,
The display control unit displays the approval screen for designating whether or not the manager approves the display unit,
The electronic device according to claim 1. An authentication unit for authenticating an administrator who has an authority to approve the setting value change;
The display control unit displays, on the display unit, the approval screen for designating whether or not the administrator approves the authenticated administrator.
The electronic device according to claim 1. The display control unit displays the approval screen on the display unit when the approval is requested before the specified time limit elapses.
The electronic device according to claim 1. An authentication unit for authenticating an administrator who has an authority to approve the setting value change;
The display control unit displays the approval screen on the display unit when the approval is requested while the administrator is authenticated.
The electronic device according to claim 1. The service control unit stores a change history of the set value in a storage unit;
The electronic device according to claim 1. An authentication unit that authenticates an administrator who has authorization to change the setting value and transmits a use start request for the service in response to an instruction from the administrator;
The electronic device according to claim 1. A service control step for providing a service for changing the setting value of the setting item;
A display control step for displaying an approval screen on the display unit for designating whether or not to approve when approval for the change of the set value is requested;
A setting management step for setting a changed setting value when it is designated to approve on the approval screen;
Management method including settings. On the computer,
A service control step for providing a service for changing the setting value of the setting item;
A display control step for displaying an approval screen on the display unit for designating whether or not to approve when approval for the change of the set value is requested;
A setting management step for setting a changed setting value when it is designated to approve on the approval screen;
A program for running A communication system comprising an information processing device and an electronic device,
The electronic device is
A service control unit for providing a service for changing a setting value of a setting item to the information processing apparatus;
A display control unit for displaying an approval screen on the display unit for designating whether or not to approve when an approval for the change of the setting value is requested from the information processing device;
A setting management unit configured to set a changed setting value when it is designated to be approved on the approval screen,
Communications system.

Images