JP2018005379A - Information processing system, information processing apparatus, and information processing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To authenticate a device before executing a series of processing.SOLUTION: An information processing system includes a job information storage unit 150, an authentication service unit 120, an application management unit 111, and a logic processing unit 112. The job information storage unit stores processing flow information in which application ID and an execution order are defined, in association with a job ID, for each of a series of processing using an electronic file. The authentication service unit includes: receiving means of receiving an execution request including user specification information, flow ID, and authentication information, from a device 20; and authentication means of authenticating the device, on the basis of the authentication information included in the execution request. The application management unit acquires processing flow information associated with the flow ID included in the execution request when the authentication means authenticates the device successfully. The logic processing unit executes each of applications identified by the application IDs defined in the processing flow information, in the execution order, to execute the series of processing using the electronic file based on the user specification information.SELECTED DRAWING: Figure 4

Description

  The present invention relates to an information processing system, an information processing apparatus, and an information processing method.

  In recent years, services that provide a function combining a plurality of functions (for example, scanning, printing, mail distribution, etc.) have become known. For example, a service that distributes electronic data generated by scanning is known. Such a service is realized by executing a job as a series of one or more processes for realizing each function.

  There is also known an image forming apparatus that executes a series of processes based on an instruction sheet including processing information representing one or more processes as a series of processes (see, for example, Patent Document 1).

  The service as described above can be used by, for example, executing a series of processes using an application installed in a device. Here, when an application installed in a device executes a series of processes, it is preferable to authenticate the application from the viewpoint of preventing unauthorized use.

  The embodiment of the present invention has been made in view of the above points, and an object thereof is to authenticate a device before executing a series of processes.

  In order to achieve the above object, an embodiment of the present invention is an information processing system that includes one or more information processing apparatuses and includes a plurality of programs that respectively execute predetermined processing, and a series of electronic data For each process, program identification information for identifying one or more of the programs that execute each of the series of processes and flow information in which the execution order of the one or more of the programs is defined are identified. Storage means for storing in association with the flow identification information, information about electronic data from one of the one or more devices connected to the information processing system, the flow identification information, and the one device First receiving means for receiving a first request including authentication information for performing authentication, and the authentication included in the first request received by the first receiving means. Authentication means for authenticating the one device based on the information, and when the authentication by the authentication means is successful, the flow information stored in the storage means is received by the first receiving means. An acquisition unit that acquires the flow information stored in the storage unit in association with the flow identification information included in the first request, and the flow information that is defined by the acquisition unit Each of the programs identified by the program identification information is executed according to the execution order defined in the flow information, so that the electronic data included in the first request received by the first reception unit Execution means for executing the series of processes using electronic data based on information.

  According to the embodiment of the present invention, it is possible to authenticate a device before executing a series of processes.

It is a figure showing the system configuration of an example of the information processing system concerning this embodiment. It is a figure which shows the hardware constitutions of an example of the service provision system which concerns on this embodiment. It is a figure which shows the hardware constitutions of an example of the apparatus which concerns on this embodiment. It is a figure which shows the function structure of an example of the information processing system which concerns on this embodiment. It is a figure which shows the function structure of an example of the logic process part which concerns on this embodiment. It is a figure which shows an example of a type | mold conversion information table. It is a figure which shows the function structure of an example of the job management part which concerns on this embodiment. It is a figure which shows an example of process flow information. It is a sequence diagram which shows an example of the whole process of service utilization. It is a figure which shows an example of a service utilization screen. It is a sequence diagram which shows an example of the execution process of a processing flow. It is a figure which shows an example of job information. It is a sequence diagram which shows an example of the registration process of a referable application. It is a figure which shows an example of reference information. FIG. 10 is a sequence diagram illustrating an example of a job information reference process. It is a figure which shows an example of the reference screen of job information. FIG. 11 is a sequence diagram illustrating another example (part 1) of job information reference processing. It is a figure which shows the other example of job information. FIG. 10 is a sequence diagram illustrating another example (part 2) of the job information reference process.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

<System configuration>
First, the system configuration of the information processing system 1 according to the present embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating a system configuration of an example of an information processing system 1 according to the present embodiment.

  An information processing system 1 shown in FIG. 1 includes a service providing system 10 and a device 20, and is communicably connected via a wide area network N1 such as the Internet.

  The service providing system 10 is realized by one or more information processing apparatuses, and is realized by a series of processes that combine one or more processes among a plurality of processes that realize various functions via the network N1. Provide various services.

  Here, the function is a function related to an electronic file such as a document file or an image file. Functions include, for example, printing, scanning, facsimile transmission, data format conversion, mail delivery, OCR (Optical character recognition) processing, processing, compression / decompression, storage in a repository, and the like.

  Specific examples of services provided by the service providing system 10 according to the present embodiment will be described later. Hereinafter, a series of processing is also referred to as “processing flow”.

  The device 20 is various electronic devices used by the user. That is, the device 20 is, for example, an image forming apparatus such as an MFP (Multifunction Peripheral), a PC (Personal Computer), a projector, an electronic blackboard, a digital camera, or the like. The user can use various services provided by the service providing system 10 using the device 20.

Hereinafter, when distinguishing each of the plurality of devices 20, they are described using a subscript such as “device 20 ₁ ”, “device 20 ₂ ”, and the like.

  The configuration of the information processing system 1 illustrated in FIG. 1 is an example, and other configurations may be used. For example, the information processing system 1 according to the present embodiment includes various devices that perform at least one of input and output of electronic data, and these devices may use services provided by the service providing system 10. .

<Hardware configuration>
Next, the hardware configuration of the service providing system 10 included in the information processing system 1 according to the present embodiment will be described with reference to FIG. FIG. 2 is a diagram illustrating a hardware configuration of an example of the service providing system 10 according to the present embodiment.

  A service providing system 10 illustrated in FIG. 2 includes an input device 11, a display device 12, an external I / F 13, and a RAM (Random Access Memory) 14. The service providing system 10 includes a ROM (Read Only Memory) 15, a CPU (Central Processing Unit) 16, a communication I / F 17, and an HDD (Hard Disk Drive) 18. Each of these hardware is connected by a bus B.

  The input device 11 includes a keyboard, a mouse, a touch panel, and the like, and is used by a user to input each operation signal. The display device 12 includes a display and the like, and displays a processing result by the service providing system 10. Note that at least one of the input device 11 and the display device 12 may be connected to the service providing system 10 when necessary.

  The communication I / F 17 is an interface that connects the service providing system 10 to the network N1. Thereby, the service providing system 10 can perform communication via the communication I / F 17.

  The HDD 18 is a nonvolatile storage device that stores programs and data. The programs and data stored in the HDD 18 include an OS (Operating System) that is basic software for controlling the entire service providing system 10 and application software that provides various functions on the OS.

  The service providing system 10 may use a drive device (for example, a solid state drive: SSD) that uses a flash memory as a storage medium instead of the HDD 18. The HDD 18 manages stored programs and data by a predetermined file system and / or DB.

  The external I / F 13 is an interface with an external device. The external device includes a recording medium 13a. Thereby, the service providing system 10 can read and write to the recording medium 13a via the external I / F 13. Examples of the recording medium 13a include a flexible disk, a CD, a DVD, an SD memory card, and a USB memory.

  The ROM 15 is a non-volatile semiconductor memory that can retain programs and data even when the power is turned off. The ROM 15 stores programs and data such as BIOS (Basic Input / Output System), OS settings, and network settings that are executed when the service providing system 10 is activated. The RAM 14 is a volatile semiconductor memory that temporarily stores programs and data.

  The CPU 16 is an arithmetic device that realizes control and functions of the entire service providing system 10 by reading a program and data from a storage device such as the ROM 15 and the HDD 18 onto the RAM 14 and executing processing.

  The service providing system 10 according to the present embodiment has the hardware configuration shown in FIG.

  Next, a hardware configuration when the device 20 included in the information processing system 1 according to the present embodiment is an image forming apparatus will be described with reference to FIG. FIG. 3 is a diagram illustrating a hardware configuration of an example of the device 20 according to the present embodiment.

  The device 20 illustrated in FIG. 3 includes a controller 21, an operation panel 22, an external I / F 23, a communication I / F 24, a printer 25, and a scanner 26. The controller 21 includes a CPU 31, a RAM 32, a ROM 33, an NVRAM 34, and an HDD 35.

  The ROM 33 is a nonvolatile semiconductor memory that stores various programs and data. The RAM 32 is a volatile semiconductor memory that temporarily stores programs and data. The NVRAM 34 stores setting information, for example. The HDD 35 is a non-volatile storage device that stores various programs and data.

  The CPU 31 is an arithmetic unit that realizes control and functions of the entire device 20 by reading programs, data, setting information, and the like from the ROM 33, the NVRAM 34, the HDD 35, and the like onto the RAM 32 and executing processing.

  The operation panel 22 includes an input unit that receives input from a user and a display unit that performs display. The external I / F 23 is an interface with an external device. The external device includes a recording medium 23a. Thereby, the device 20 can read and / or write the recording medium 23a via the external I / F 23. Examples of the recording medium 23a include an IC card, a flexible disk, a CD, a DVD, an SD memory card, and a USB memory.

  The communication I / F 24 is an interface that connects the device 20 to a network. Thereby, the device 20 can perform communication via the communication I / F 24. The printer 25 is a printing device that prints print data. The scanner 26 is a reading device that reads an original and generates an electronic file (image file).

  The device 20 according to the present embodiment has the hardware configuration shown in FIG.

<Services provided by the service providing system>
Here, services provided by the service providing system 10 according to the present embodiment will be described. In the following description, it is assumed that the device 20 is an image forming apparatus.

  The service providing system 10 according to the present embodiment provides a service that performs OCR processing on an electronic file (image file) generated by scanning a document in the device 20 and distributes the mail to a mail address designated by the user. .

  Hereinafter, the service providing system 10 according to the present embodiment will be described as providing the above-described service (“scan to mail delivery” service).

  However, the service provided by the service providing system 10 is not limited to this. For example, the service providing system 10 may provide a service for compressing an electronic file generated by scanning a document in the device 20 and storing the compressed electronic file. In addition, the service providing system 10 may provide a service for processing an electronic file generated by scanning a document in the device 20 (for example, adding a predetermined word to the electronic file) and transmitting by facsimile. good.

  Further, for example, when the device 20 is an electronic blackboard or the like, the service providing system 10 according to the present embodiment provides a service that processes an electronic file generated by the device 20 that is an electronic blackboard and distributes it by mail. May be provided.

<Functional configuration>
Next, the functional configuration of the information processing system 1 according to the present embodiment will be described with reference to FIG. FIG. 4 is a diagram illustrating a functional configuration of an example of the information processing system 1 according to the present embodiment.

  The apparatus 20 illustrated in FIG. 4 includes a client application 210 that is executed by, for example, the CPU 31 or the like. The client application 210 is an application program for using a service provided by the service providing system 10. The user can use the “scan to mail delivery” service provided by the service providing system 10 using the client application 210 installed in the device 20. Note that an application ID for identifying the client application 210 is assigned to the client application 210.

  The service providing system 10 illustrated in FIG. 4 includes an input / output service processing unit 110, an authentication service unit 120, and a document service unit 130. Each of these functional units is realized by a process that the CPU 16 causes one or more programs installed in the service providing system 10 to execute.

  The service providing system 10 illustrated in FIG. 5 includes an application information storage unit 140, a job information storage unit 150, and a reference information storage unit 160. Each of these storage units can be realized using the HDD 18. Note that at least one of these storage units may be realized by using a storage device or the like connected to the service providing system 10 via the network N1.

  The input / output service processing unit 110 performs processing related to services provided by the service providing system 10. Here, the input / output service processing unit 110 includes an application management unit 111, a logic processing unit 112, and a job management unit 113.

  The application management unit 111 manages application information 1000 stored in the application information storage unit 140 and reference information stored in the reference information storage unit 160.

  The application information 1000 is an application for providing a service realized by a series of processes. In other words, various services provided by the service providing system 10 (for example, “scan to mail delivery” service) are provided by the application information 1000. The reference information is used to determine whether the client application 210, the application information 1000, or the like can refer to information (job information) of a job executed by the other client application 210, the application information 1000, or the like. Information.

  In addition, the application management unit 111 returns processing flow information 1100 included in the application information 1000 in response to a request from the logic processing unit 112. The process flow information 1100 is information that defines a series of processes for realizing a service provided by the application information 1000.

  In response to a request from the client application 210, the logic processing unit 112 acquires processing flow information 1100 included in the application information 1000 from the application management unit 111. Then, based on the processing flow information 1100 acquired from the application management unit 111, the logic processing unit 112 executes a series of processing (processing flow) for realizing the service provided by the application information 1000. Thereby, the service providing system 10 according to the present embodiment can provide various services (for example, “scan to mail delivery” service).

  The job management unit 113 manages job information stored in the job information storage unit 150. Note that the job information is information including various information related to the job (for example, job creation date and status). A job is a concept that uses a series of processing (processing flow) for realizing various services as one execution unit.

  The authentication service unit 120 performs authentication by various authentication methods when the client application 210 makes various requests to the input / output service processing unit 110.

  The document service unit 130 executes predetermined processing included in a series of processing (processing flow) based on the processing flow information 1100. Here, the document service unit 130 includes an OCR processing unit 131 and a mail delivery unit 132.

  The OCR processing unit 131 performs OCR processing on an electronic file (image file). The mail delivery unit 132 creates a mail with an electronic file attached, and delivers the mail to a designated mail address.

  Note that the document service unit 130 may include, for example, a data conversion unit that converts the data format of the electronic file into predetermined data, a compression / decompression unit that compresses or decompresses the electronic file, and the like.

  As described above, the document service unit 130 includes various functional units that execute predetermined processing included in a series of processing (processing flow). Accordingly, the document service unit 130 is realized by a group of programs (modules) that provide these various functions.

  The application information storage unit 140 stores application information 1000. The application information 1000 is stored in the application information storage unit 140 in association with an application ID that identifies the application information 1000. Therefore, the application ID is identification information that identifies the client application 210 and the application information 1000.

  Here, the application information 1000 includes processing flow information 1100. For example, the application information 1000 that provides the “scan to mail delivery” service includes processing flow information 1100 in which a series of processes for realizing the service is defined. That is, the application information 1000 that provides the “scan to mail delivery” service includes processing flow information 1100 in which a process of delivering an email addressed to a specified email address after OCR processing of an electronic file generated by scanning is defined. Is included.

  Note that the application information 1000 may include two or more processing flow information 1100. For example, the application information 1000 that provides “scan to email delivery” includes processing flow information 1100A in which processing for delivering mail is defined after performing OCR processing in English, and processing for delivering email after performing OCR processing in Japanese May be included in the processing flow information 1100B in which is defined.

  As described above, the processing flow information 1100 is information in which a series of processing (processing flow) for realizing the service provided by the application information 1000 is defined. The process flow information 1100 is assigned a flow ID for identifying the process flow information 1100. Details of the processing flow information 1100 will be described later.

  The job information storage unit 150 stores job information. The reference information storage unit 160 stores reference information. Details of the job information and the reference information will be described later.

  The input / output service processing unit 110, the authentication service unit 120, and the document service unit 130 may be realized by different information processing apparatuses.

  Here, a detailed functional configuration of the logic processing unit 112 will be described with reference to FIG. FIG. 5 is a functional configuration diagram of an example of the logic processing unit 112 according to the present embodiment.

  The logic processing unit 112 illustrated in FIG. 5 includes a flow execution unit 301, a component management unit 302, a component group 303, a type conversion management unit 304, and a type conversion group 305. The logic processing unit 112 has a type conversion information table 3000.

  When the flow execution unit 301 receives an application execution request from the client application 210 via the authentication service unit 120, the flow execution unit 301 acquires processing flow information 1100 included in the application information 1000 corresponding to the execution request from the application management unit 111. . The flow execution unit 301 executes a series of processing (processing flow) based on the processing flow information 1100 acquired from the application management unit 111.

  Here, a series of processes based on the process flow information 1100 is executed by combining components for executing each process included in the series of processes. The component is realized by a program, a module, or the like for executing processing for realizing a predetermined function, and is defined by, for example, a class or a function.

  The component management unit 302 manages components. The component management unit 302 generates a component in response to a request from the flow execution unit 301 and returns the generated component to the flow execution unit 301. The generation of a component means that a component defined by, for example, a class or a function is expanded on a memory (for example, the RAM 14).

  The component group 303 is a set of components. The component group 303 includes an OCR component 1310 and a mail delivery component 1320.

  The OCR component 1310 is a component for performing OCR processing on an electronic file. The OCR component 1310 performs OCR processing of an electronic file by requesting the OCR processing unit 131 of the document service unit 130 for OCR processing.

  The mail delivery component 1320 is a component for delivering mail to a designated mail address. The mail delivery component 1320 delivers mail to a designated mail address by requesting mail delivery processing 132 of the document service unit 130 for mail delivery processing.

  In this way, each component uses the document service unit 130 to execute processing for realizing a predetermined function. In addition to the above components, the component group 303 includes various components such as a conversion component for converting the data format of the electronic file into a predetermined data format and a compression component for compressing the electronic file. included.

  Each component included in the component group 303 has a component common I / F 1300. The component common I / F 1300 is an API (Application Programming Interface) commonly defined for each component, and includes an API for generating a component and an API for executing processing of the component.

  As described above, since each component has the component common I / F 1300, it is possible to localize the influence caused by the addition of the component. That is, for example, a component can be added without affecting the flow execution unit 301, the component management unit 302, and the like. Thereby, in the service providing system 10 according to the present embodiment, it is possible to reduce the number of development man-hours associated with the addition of a predetermined function (that is, the addition of a component for executing a process for realizing the function).

  The type conversion management unit 304 manages type conversion of data types. Here, the data type that each component can handle is determined in advance. Therefore, the type conversion management unit 304 generates a type conversion included in the type conversion group 305 with reference to, for example, the type conversion information table 3000 illustrated in FIG. 6 in response to a request from the component.

  Then, the type conversion management unit 304 requests the generated type conversion to execute the type conversion process. The type conversion is realized by a program, a module, or the like that executes a data type type conversion process, and is defined by, for example, a class or a function. The generation of the type conversion is to develop the type conversion defined by, for example, a class or a function in a memory (for example, on the RAM 14).

  The data type includes, for example, a data type “InputStream” indicating stream data, “LocalFilePath” indicating a path (address) of an electronic file stored in a storage device or the like, and “File” indicating an entity of the electronic file. Etc.

  Here, the type conversion information table 3000 will be described with reference to FIG. FIG. 6 is a diagram illustrating an example of the type conversion information table.

  The type conversion information table 3000 shown in FIG. 6 has, as data items, a data type before conversion, a data type after conversion, and a type conversion to be generated. That is, the type conversion information stored in the type conversion information table 3000 is used to convert the data type before conversion into the data type after conversion for each data type before conversion and after conversion. Information associated with type conversion.

  The type conversion group 305 is a set of type conversions. The type conversion group 305 includes a first type conversion 1410 for converting the data type “InputStream” to “LocalFilePath”. In addition, the type conversion group 305 includes, for example, a second type conversion for converting the data type “LocalFilePath” to “File”.

  Each type conversion included in the type conversion group 305 has a type conversion common I / F 1400. The type conversion common I / F 1400 is an API commonly defined for each type conversion, and includes an API for generating type conversion and an API for executing type conversion processing of type conversion.

  As described above, since each type conversion has the type conversion common I / F 1400, it is possible to localize the influence caused by the addition of the type conversion. That is, for example, type conversion can be added without affecting the type conversion management unit 304 or the like. Thereby, in the service providing system 10 according to the present embodiment, it is possible to reduce the development man-hour associated with the addition of type conversion and the like.

  Here, a detailed functional configuration of the job management unit 113 will be described with reference to FIG. FIG. 7 is a diagram illustrating a functional configuration of an example of the job management unit 113 according to the present embodiment.

  The job management unit 113 illustrated in FIG. 7 includes a job information management unit 401 and an access control unit 402.

  Upon receiving the job information registration request from the logic processing unit 112, the job information management unit 401 creates job information and stores it in the job information storage unit 150. As a result, the job information is registered in the service providing system 10.

  When the job information management unit 401 receives a job information acquisition request from the access control unit 402, the job information management unit 401 acquires job information from the job information storage unit 150. Then, the job information management unit 401 returns the acquired job information to the access control unit 402.

  When the access control unit 402 receives a job information reference request from the client application 210 via the authentication service unit 120, the access control unit 402 transmits a job information acquisition request to the job information management unit 401.

  Further, when job information is returned from the job information management unit 401, the access control unit 402 acquires an application ID (referenceable application ID described later) included in the reference information via the application management unit 111. Then, the access control unit 402 performs an access right check for determining whether or not the client application 210 can refer to the job information returned from the job information management unit 401.

  The reference information is associated with the application ID of the client application 210 or the application information 1000 and the application ID (referenceable application ID) of another application that can be referred to by the client application 210 or the application information 1000.

  Accordingly, access control is performed when the client application 210 or the like refers to job information of another application (another client application 210 or other application information 1000).

  Here, the processing flow information 1100 included in the application information 1000 that provides the “scan to mail delivery” service will be described with reference to FIG. FIG. 8 is a diagram illustrating an example of the processing flow information 1100.

  The processing flow information 1100 illustrated in FIG. 8 is information in which a series of processing (processing flow) for realizing the “scan to mail delivery” service is defined. That is, the process flow information 1100 shown in FIG. 8 includes a flow ID 1101 and a process definition 1102 and a process definition 1103 that indicate each process that constitutes a series of processes for realizing the “scan to mail delivery” service. Yes.

  The flow ID 1101 is a flow ID for identifying the processing flow information 1100 illustrated in FIG.

  The process definition 1102 and the process definition 1103 are defined in the format of “component name: process content? Option parameter”. For example, the option parameter may be defined only when the component indicated by the component name and the processing content is necessary for processing (that is, the option parameter may be defined arbitrarily). In addition, when defining a plurality of option parameters, the option parameters are defined by connecting them with “&”.

  The process definition 1102 defines “ocr: ocr_process”. This means that the OCR component 1310 performs OCR processing. Note that no option parameter is defined in the process definition 1102.

  In the process definition 1103, “mail: send” is defined. This means that the mail distribution component 1320 performs mail distribution processing.

  In the process definition 1103, “? Mail_address = null & filename = null” is defined. This means that the electronic file having the file name specified in “filename” is delivered by mail to the mail address specified in “mail_address”. In the example illustrated in FIG. 8, no value is specified for “mail_address” and “filename” (that is, null).

  As described above, the process definition of each process constituting a series of processes (process flows) is defined in the process flow information 1100. As a result, the service providing system 10 according to the present embodiment performs a series of processing for realizing the service provided by the application information 1000 by performing processing by each component in accordance with each processing definition included in the processing flow information 1100. Can be executed.

  Note that the processes defined in each process definition included in the process flow information 1100 illustrated in FIG. 8 are executed in order from the top. That is, in the series of processes based on the process flow information 1100 illustrated in FIG. 8, the processes defined in the process definition 1102 and the processes defined in the process definition 1103 are executed in this order. However, the present invention is not limited to this, and the process flow information 1100 may define, for example, information indicating the execution order of processes defined in each process definition.

<Details of processing>
Next, details of processing of the information processing system 1 according to the present embodiment will be described. First, the overall process when the user of the device 20 uses the “scan to mail delivery” service will be described with reference to FIG. FIG. 9 is a sequence diagram showing an example of the overall service use process.

  First, the client application 210 displays a service use screen 2100 shown in FIG. 10, for example (step S901). Such a service use screen 2100 is displayed, for example, when the user performs a display operation of the service use screen 2100.

  The service use screen 2100 shown in FIG. 10 includes a file name input field 2101, a mail address input field 2102, and a scan execution button 2103.

  A file name input field 2101 is an input area for the user to specify a file name of an electronic file attached to a mail (that is, an electronic file obtained by performing OCR processing on an electronic file generated by scanning). An e-mail address input field 2102 is an input area for the user to specify an e-mail address as a mail delivery destination. The scan execution button 2103 is a button for executing scanning of a document and starting use of the service.

  Here, in the service use screen 2100 shown in FIG. 10, the user designates the file name and the mail address in the file name input field 2101 and the mail address input field 2102, and then presses the scan execution button 2103 to execute the scan It is assumed that the operation has been performed.

  Then, the client application 210 creates an image file (scanned image file) by reading the document with the scanner 26 (step S902).

  Here, when the authentication method with the authentication service unit 120 is “application authentication”, the client application 210 transmits a processing flow execution request including the client ID and the client secret to the authentication service unit 120 (step S1). S903).

  The client ID is, for example, the application ID of the client application 210. The client secret is a password for the client ID. That is, the processing flow execution request includes a client ID and a client secret as authentication information.

  The processing flow execution request also includes a flow ID, a scanned image file, and user designation information. The user designation information is the file name and mail address designated in the file name input field 2101 and mail address input field 2102, respectively.

  For example, it is assumed that “test.pdf” is specified in the file name input field 2101 and “hoge@hogehoge.co.jp” is specified in the mail address input field 2102. In this case, the user designation information is information including “mail_address=hoge@hogehoge.co.jp” and “filename = test.pdf”.

  Next, when receiving the processing flow execution request, the authentication service unit 120 performs application authentication based on the client ID and the client secret included in the execution request (step S904). That is, the authentication service unit 120 performs application authentication by determining whether or not the combination of the client ID and the client secret included in the execution request matches a predetermined combination of the client ID and the client secret. .

  Then, when the application authentication is successful, the authentication service unit 120 transmits a process flow execution request to the logic processing unit 112 (step S905). The processing flow execution request includes a flow ID, a scanned image file, user-specified information, and an application ID.

  Note that if the application authentication fails in step S904 described above, the authentication service unit 120 returns, for example, a notification indicating that the application authentication has failed to the client application 210.

  When the authentication method with the authentication service unit 120 is “user authentication”, the client application 210 transmits a processing flow execution request including a tenant ID, a user ID, and a password to the authentication service unit 120 ( Step S906).

  The tenant ID is, for example, identification information for identifying an organization such as a group or a company to which the user of the device 20 on which the client application 210 is installed belongs. The user ID is identification information for identifying the user of the device 20 on which the client application 210 is mounted, for example. That is, the processing flow execution request includes the tenant ID, user ID, and password as authentication information.

  For example, the tenant ID, the user ID, and the password may be input by the user on the service use screen 2100 illustrated in FIG. The processing flow execution request includes a flow ID, a scanned image file, and user-specified information, as described above.

  Next, when receiving the processing flow execution request, the authentication service unit 120 performs user authentication based on the tenant ID, user ID, and password included in the execution request (step S907). That is, the authentication service unit 120 determines whether the set of tenant ID, user ID, and password included in the execution request matches a predetermined set of tenant ID, user ID, and password. Then, user authentication is performed.

  If the user authentication is successful, the authentication service unit 120 transmits a process flow execution request to the logic processing unit 112 (step S908). The processing flow execution request includes a flow ID, a scanned image file, user designation information, and a user ID.

  Note that if the user authentication fails in step S907 described above, the authentication service unit 120 returns, for example, a notification indicating that the user authentication has failed to the client application 210.

  When the authentication method with the authentication service unit 120 is “access token authentication”, the client application 210 transmits a process flow execution request including the access token to the authentication service unit 120 (step S909).

  The access token is a token used for authentication by OAuth, for example. That is, the processing flow execution request includes an access token as authentication information. The processing flow execution request includes a flow ID, a scanned image file, and user-specified information, as described above.

  Next, when receiving the execution request for the processing flow, the authentication service unit 120 performs access token authentication based on the access token included in the execution request (step S910). That is, the authentication service unit 120 performs access token authentication by determining whether or not the access token included in the execution request is valid.

  If the access token authentication is successful, the authentication service unit 120 transmits a processing flow execution request to the logic processing unit 112 (step S911). The process flow execution request includes a flow ID, a scanned image file, user designation information, and a user ID associated with an access token.

  Note that if the access token authentication fails in step S910 described above, the authentication service unit 120 returns, for example, a notification indicating that the access token authentication has failed to the client application 210.

  Finally, the logic processing unit 112 performs processing flow execution processing (step S9126). That is, the logic processing unit 112 executes a series of processing based on the processing flow information 1100 of the flow ID included in the execution request.

  Then, the logic processing unit 112 returns the processing result of the processing flow execution process to the client application 210. Thereby, the service providing system 10 according to the present embodiment can provide the “scan to mail delivery” service to the device 20.

  Here, whether the authentication method between the client application 210 and the authentication service unit 120 is “application authentication”, “user authentication”, or “access token authentication” is determined for each client application 210 in advance, for example. It has been. Therefore, for example, the client application 210 transmits a processing flow execution request including designation of an authentication method to the authentication service unit 120. However, for example, the user may be able to select which authentication method to use on the service use screen 2100 shown in FIG.

  As described above, in the information processing system 1 according to the present embodiment, before the service providing system 10 provides a service to the device 20, authentication is performed with the device 20 by various authentication methods. In other words, in the information processing system 1 according to the present embodiment, the client application 210 installed in the device 20 authenticates the client application 210 before executing a series of processes. Thereby, the service providing system 10 according to the present embodiment can provide a service only to an authorized user (the client application 210 installed in the device 20 or the user of the device 20).

  Hereinafter, the details of the process flow execution process (the process of step S912 in FIG. 9) will be described with reference to FIG. FIG. 11 is a sequence diagram illustrating an example of processing flow execution processing according to the present embodiment.

  Upon receiving the processing flow execution request, the flow execution unit 301 transmits a job information registration request to the job information management unit 401 (step S1101). When the authentication method between the client application 210 and the authentication service unit 120 is “application authentication”, the job information registration request includes an application ID and a flow ID. On the other hand, when the authentication method between the client application 210 and the authentication service unit 120 is “user authentication” or “access token authentication”, the job information registration request includes a user ID and a flow ID. .

  Upon receiving the job information registration request, the job information management unit 401 creates job information and stores it in the job information storage unit 150 (step S1102). Then, the job information management unit 401 returns the registration result to the flow execution unit 301. As a result, the job information is registered in the service providing system 10. The registration result returned from the job information management unit 401 includes a job ID.

  Here, the job information stored in the job information storage unit 150 will be described with reference to FIG. FIG. 12 is a diagram illustrating an example of job information.

  As shown in FIG. 12, the job information includes a job ID, an application name, a flow ID, a creation date, a state, an application ID, and a user ID.

  The job ID is identification information for identifying a job. The application name is the name of the application (client application 210 or application information 1000) corresponding to the application ID. The flow ID is a flow ID included in the job information registration request. The creation date is the date on which the job information is created.

  The status is the status of the job. The status includes, for example, “accepted” indicating that the job is not being executed and “processing” indicating that the job is being executed. The status includes, for example, “error” indicating that an error has occurred during execution of the job, “completed” indicating that execution of the job has ended normally, and the like. Note that the job information management unit 401 creates job information with the state “accepted”.

  The application ID is an application ID included in the job information registration request. If the application ID is not included in the job information registration request (that is, if the authentication method between the client application 210 and the authentication service unit 120 is “application authentication”), the application ID is not set.

  The user ID is a user ID included in the job information registration request. Note that when the user ID is not included in the job information registration request (that is, when the authentication method between the client application 210 and the authentication service unit 120 is “user authentication” or “access token authentication”), the user The ID is not set.

  As described above, the job information management unit 401 creates job information including a job ID, an application name, a flow ID, a creation date, a state, an application ID, a user ID, and the like. Then, the job information management unit 401 stores the created job information in the job information storage unit 150.

  Next, the flow execution unit 301 transmits a process flow information acquisition request to the application management unit 111 (step S1103). The process flow information acquisition request includes a flow ID.

  Upon receiving the processing flow information acquisition request, the application management unit 111 acquires the processing flow information 1100 of the flow ID included in the acquisition request from the application information storage unit 140 (step S1104). Then, the application management unit 111 returns the processing flow information 1100 acquired from the application information storage unit 140 to the flow execution unit 301. Hereafter, description will be made assuming that the application management unit 111 returns the processing flow information 1100 illustrated in FIG. 8 to the flow execution unit 301.

  Next, the flow execution unit 301 transmits a component acquisition request to the component management unit 302 based on the processing flow information 1100 returned from the application management unit 111 (step S1105). That is, the flow execution unit 301 transmits a component acquisition request including “ocr: ocr_process” defined in the process definition 1102 of the process flow information 1100 illustrated in FIG. 8 to the component management unit 302.

  Upon receiving the component acquisition request, the component management unit 302 generates an OCR component 1310 corresponding to “ocr: ocr_process” included in the acquisition request (step S1106). The OCR component 1310 can be generated using the component common I / F 1300.

  Then, the component management unit 302 returns the generated OCR component 1310 to the flow execution unit 301. That is, for example, the component management unit 302 returns the address on the memory (for example, the RAM 14) in which the OCR component 1310 is expanded to the flow execution unit 301.

  When the OCR component 1310 is returned, the flow execution unit 301 transmits a component processing execution request to the OCR component 1310 (step S1107). The component processing execution request includes data and parameters.

  Here, in step S1107, the data is an electronic file (scanned image file included in the execution request for the processing flow) received from the authentication service unit 120 as the data type “InputStream”. That is, the flow execution unit 301 simply transmits the scan image file included in the processing flow execution request to the OCR component 1310 as “data” (without considering the data type). Hereinafter, an electronic file or the like that is not conscious of the data type is simply represented as “data”.

  Since no option parameter is defined in the process definition 1102, null is designated as the parameter in step S1107.

  Upon receiving the component processing execution request, the OCR component 1310 transmits a type conversion request to the type conversion management unit 304 (step S1108). The type conversion request includes data and designation of “LocalFilePath” indicating a data type that can be handled by the OCR component 1310.

  When receiving the type conversion request, the type conversion management unit 304 checks whether or not the data type of the data included in the type conversion request matches the designated data type (step S1109).

  Here, the data type of the data included in the type conversion request is “InputStream”, while the designated data type is “LocalFilePath”. Therefore, the type conversion management unit 304 determines that the data type of the data included in the type conversion request does not match the specified data type.

  Then, the type conversion management unit 304 refers to the type conversion information table 3000 and specifies type conversion for converting the data type “InputStream” to “LocalFilePath” (here, the first type conversion 1410 specifies). .) Then, the type conversion management unit 304 generates the identified first type conversion 1410 (step S1110). The first type conversion 1410 can be generated using the type conversion common I / F 1400.

  Next, the type conversion management unit 304 transmits an execution request for the type conversion process to the first type conversion 1410 (step S1111). The execution request includes data.

  Upon receiving the type conversion execution request, the first type conversion 1410 performs a type conversion process for converting the data type of the data included in the execution request from “InputStream” to “LocalFilePath” (step S1112). Then, the first type conversion 1410 returns the data whose data type has been converted to the type conversion management unit 304.

  When receiving the data from the first type conversion 1410, the type conversion management unit 304 transmits the data to the OCR component 1310 (step S1113).

  When the OCR component 1310 receives data from the type conversion management unit 304, the OCR component 1310 executes processing on the data (step S1114). That is, the OCR component 1310 uses the OCR processing unit 131 of the document service unit 130 to perform OCR processing of the scanned image file indicated by the data (data type “LocalFilePath”).

  Then, the OCR component 1310 returns data indicating the processing result to the flow execution unit 301. Note that the data returned here is data (data type “LocalFilePath”) indicating a scanned image file that has been OCR processed by the OCR component 1310.

  Next, the flow execution unit 301 transmits a component acquisition request to the component management unit 302 based on the processing flow information 1100 (step S1115). That is, the flow execution unit 301 transmits a component acquisition request including “mail: send” defined in the process definition 1103 of the process flow information 1100 illustrated in FIG. 8 to the component management unit 302.

  Upon receiving the component acquisition request, the component management unit 302 generates a mail delivery component 1320 corresponding to “mail: send” included in the acquisition request (step S1116). The mail delivery component 1320 can be generated using the component common I / F 1300.

  Then, the component management unit 302 returns the generated mail delivery component 1320 to the flow execution unit 301. That is, for example, the component management unit 302 returns the address on the memory (for example, the RAM 14) where the mail delivery component 1320 is expanded to the flow execution unit 301.

  When the mail delivery component 1320 is returned, the flow execution unit 301 transmits a component processing execution request to the mail delivery component 1320 (step S1117). The component processing execution request includes data and parameters.

  Here, in step S 1117, the parameters include an optional parameter “mail_address = null & filename = null” of the process definition 1103 and user designation information.

  Upon receiving the component processing execution request, the mail delivery component 1320 transmits a type conversion request to the type conversion management unit 304 (step S1118). The type conversion request includes data and designation of “LocalFilePath” indicating a data type that can be handled by the mail delivery component 1320.

  When receiving the type conversion request, the type conversion management unit 304 checks whether or not the data type of the data included in the type conversion request matches the designated data type (step S1119).

  Here, the data type of the data included in the type conversion request is “LocalFilePath”, and the specified data type is also “LocalFilePath”. Therefore, the type conversion management unit 304 determines that the data type of the data included in the type conversion request matches the designated data type.

  Then, the type conversion management unit 304 transmits data included in the type conversion request to the mail delivery component 1320 (step S1120). As described above, in the data type check (processing in step S1118), when it is determined that the data type of the data matches the designated data type, the type conversion management unit 304 generates the type conversion. Not performed.

  When the mail delivery component 1320 receives data from the type conversion management unit 304, the mail delivery component 1320 executes processing on the data based on the parameters (step S1121). That is, the mail delivery component 1320 delivers the electronic file indicated by the data by the mail delivery unit 132 of the document service unit 130 based on the parameters.

  More specifically, the mail delivery component 1320 first defines user designation information in the option parameter included in the parameter, and sets it as “mail_address=hoge@hogehoge.co.jp&filename=test.pdf”. Next, the mail delivery component 1320 causes the mail delivery unit 132 to attach an electronic file with the file name “test.pdf” of the electronic file indicated by the data (that is, the scanned image file after the OCR process). Create Finally, the mail delivery component 1320 delivers (sends) the created mail to “hoge@hogehoge.co.jp” by the mail delivery unit 132.

  Then, the mail delivery component 1320 returns data indicating the processing result to the flow execution unit 301. Note that the data returned here is, for example, information indicating that the mail is normally distributed by the mail distribution component 1320.

  When receiving data from the mail delivery component 1320, the flow execution unit 201 transmits a job information update request to the job information management unit 401 (step S1122). The job information update request includes the job ID returned in step S1102.

  When receiving the job information update request, the job information management unit 401 updates the job information of the job ID included in the update request among the job information stored in the job information storage unit 150 (step S1123). That is, the job information management unit 401 updates the state included in the job information of the job ID to “completed”. As a result, it is managed that the job execution has ended normally.

  As described above, the service providing system 10 according to the present embodiment executes a series of processing (processing flow) by performing processing by each component based on the processing flow information 1100. Thereby, the service providing system 10 according to the present embodiment can provide a service realized by the series of processes.

  For example, when an error or the like occurs during the execution of a series of processing, the flow execution unit 301 transmits a job information update request to the job information management unit 401 and updates the status of the job information to “error”. To do.

  Hereinafter, a case where the client application 210 refers to job information will be described. By referring to the job information, the client application 210 can analyze the cause of the error, for example.

  First, a process of registering an application (other client application or application information 1000) that can reference job information will be described with reference to FIG. FIG. 13 is a sequence diagram illustrating an example of registration processing of a referable application.

  First, the client application 210 transmits a registration request for a referable application to the authentication service unit 120 (step S1301). Such a registration request can be transmitted, for example, when a user performs a registration operation of a referable application.

  The registration request for the referenceable application includes the application ID of the client application 210, the application ID of the application that can refer to the job information (referenceable application ID), the tenant ID, the user ID, and the password. Is included.

  When receiving the registration request for the referable application, the authentication service unit 120 performs user authentication based on the tenant ID, the user ID, and the password included in the registration request (step S1302). That is, the authentication service unit 120 determines whether the set of tenant ID, user ID, and password included in the registration request matches a predetermined set of tenant ID, user ID, and password. Then, user authentication is performed.

  If the user authentication is successful, the authentication service unit 120 transmits a request for registering a referenceable application to the application management unit 111 (step S1303). The registration request for the referenceable application includes the application ID of the client application 210 and the referenceable application ID.

  Upon receiving the request for registering a referenceable application, the application management unit 111 creates reference information in which the application ID included in the registration request is associated with the referenceable ID, and stores the reference information in the reference information storage unit 160 (step S1304). . Then, the application management unit 111 returns the registration result to the client application 210. Thereby, the reference information is registered in the service providing system 10.

  Here, reference information stored in the reference information storage unit 160 will be described with reference to FIG. FIG. 14 is a diagram illustrating an example of reference information.

  As illustrated in FIG. 14, the reference information includes an application ID and a referenceable application ID. The application ID is an application ID of an application (client application 210 or application information 1000) that refers to job information. The referable application ID is an application ID of another application (client application 210 or application information 1000) that can refer to the job information.

  As described above, the reference information stored in the reference information storage unit 160 is associated with the application ID and the application ID of another application with which the application with the application ID can refer to the job information. Thereby, as will be described later, it is possible to perform access control when the client application 210 refers to the job information of another client application 210 or the application information 1000.

  Next, processing when the client application 210, the application information 1000, and the like refer to job information will be described. First, processing when a client application 210 whose authentication method with the authentication service unit 120 is “application authentication” refers to job information will be described with reference to FIG. 15. FIG. 15 is a sequence diagram illustrating an example of a job information reference process.

  First, the client application 210 transmits a job information reference request to the authentication service unit 120 (step S1501). Such a reference request can be made by, for example, pressing a reference button 3102 after the user inputs a job ID in the job ID input field 3101 on the job information reference screen 3100 shown in FIG.

  Note that the job information reference request includes the job ID input in the job ID input field 3101 and the client secret.

  Upon receiving the job information reference request, the authentication service unit 120 performs application authentication based on the client ID and the client secret included in the reference request (step S1502). That is, the authentication service unit 120 performs application authentication by determining whether or not the combination of the client ID and the client secret included in the reference request matches a predetermined combination of the client ID and the client secret. .

  Then, when the application authentication is successful, the authentication service unit 120 transmits a job information reference request to the access control unit 402 (step S1503). The job information reference request includes a job ID and an application ID.

  Note that if the application authentication fails in step S1502 described above, the authentication service unit 120 returns, for example, a notification indicating that the application authentication has failed to the client application 210.

  Upon receiving the job information reference request, the access control unit 402 transmits a job information acquisition request to the job information management unit 401 (step S1504). The job information acquisition request includes a job ID.

  Upon receiving the job information acquisition request, the job information management unit 401 acquires job information of the job ID included in the acquisition request from the job information storage unit 150 (step S1505). For example, when the job ID included in the job information acquisition request is “job 4”, the job information management unit 401 acquires the job information of the job ID “job 4” from the job information storage unit 150. When a plurality of job IDs are included in the job information acquisition request, the job information management unit 401 acquires a plurality of job information from the job information storage unit 150.

  Then, the job information management unit 401 returns the acquired job information to the access control unit 402.

  Next, the access control unit 402 performs access right check (step S1506). In other words, the access control unit 402 determines whether or not the application ID included in the job information reference request matches the application ID included in the job information acquired in step S1502.

  If the access control unit 402 determines that the application ID included in the job information reference request matches the application ID included in the job information acquired in step S1502, the access control unit 402 sends the job information to the client application 210. Send back.

  On the other hand, if the access control unit 402 determines that these application IDs do not match, the access control unit 402 transmits an acquisition request for a referenceable application ID to the application management unit 111 (step S1508). The acquisition request for the referenceable application ID includes the application ID included in the job information reference request.

  If a plurality of pieces of job information are acquired in step S1502, the job information determined in step S1506 that the application IDs do not match among these pieces of job information can be processed in steps S1508 and subsequent steps. good.

  Next, when receiving an acquisition request for a referenceable application ID, the application management unit 111 acquires reference information for an application ID included in the acquisition request (step S1508). Then, the application management unit 111 returns a referenceable application ID included in the acquired reference information to the access control unit 402.

  Next, the access control unit 402 performs access right check (step S1509). That is, the access control unit 402 determines whether or not the application ID included in the job information acquired in step S1502 matches at least one referenceable application ID of the referenceable application IDs.

  If the access control unit 402 determines that the application ID matches at least one of the referable application IDs, the access control unit 402 returns job information to the client application 210.

  On the other hand, if the access control unit 402 determines that the application ID and all referenceable application IDs do not match, the access control unit 402 returns a notification indicating that reference to job information is not permitted to the client application 210. Therefore, in this case, the client application 210 cannot refer to the job information.

  When job information is returned from the access control unit 402, the client application 210 displays the job information, for example, in the job information column 3103 of the job information reference screen 3100 shown in FIG. 16 (step S1510). Accordingly, the client application 210 can display job information including the application ID of the client application 210 and job information including the referable application ID. Accordingly, by referring to the job information displayed by the client application 210, the user of the device 20 can perform error cause analysis of a job in which an error has occurred, for example.

  As described above, in the information processing system 1 according to the present embodiment, when the client application 210 installed in the device 20 refers to the job information, it is determined whether or not there is an authority to refer to the job information. Thereby, in the information processing system 1 according to the present embodiment, the service providing system 10 can display only the job information having the reference authority on the client application 210.

  Next, processing when the client application 210 whose authentication method with the authentication service unit 120 is “user authentication” refers to job information will be described with reference to FIG. FIG. 17 is a sequence diagram illustrating another example (part 1) of the job information reference process.

  First, the client application 210 transmits a job information reference request to the authentication service unit 120 (step S1701). The job information reference request includes a job ID, a tenant ID, a user ID, and a password. The tenant ID, user ID, and password may be input by the user on the job information reference screen 3100 shown in FIG. 16, for example.

  Upon receiving the job information reference request, the authentication service unit 120 performs user authentication based on the tenant ID, user ID, and password included in the reference request (step S1702). That is, the authentication service unit 120 determines whether the set of tenant ID, user ID, and password included in the reference request matches a predetermined set of tenant ID, user ID, and password. Then, user authentication is performed.

  If the user authentication is successful, the authentication service unit 120 transmits a job information reference request to the access control unit 402 (step S1703). The job information reference request includes a job ID and a user ID.

  If the user authentication fails in step S1702 described above, the authentication service unit 120 returns, for example, a notification indicating that the user authentication has failed to the client application 210.

  Upon receiving the job information reference request, the access control unit 402 transmits a job information acquisition request to the job information management unit 401 (step S1704). The job information acquisition request includes a job ID.

  Upon receiving the job information acquisition request, the job information management unit 401 acquires job information of the job ID included in the acquisition request from the job information storage unit 150 (step S1705). Then, the job information management unit 401 returns the acquired job information to the access control unit 402.

  Next, the access control unit 402 performs access right check (step S1706). That is, the access control unit 402 determines whether or not the user ID included in the job information reference request matches the user ID included in the job information acquired in step S1702.

  If the access control unit 402 determines that the user ID included in the job information reference request matches the user ID included in the job information acquired in step S1702, the access control unit 402 sends the job information to the client application 210. Send back.

  On the other hand, when the access control unit 402 determines that these user IDs do not match, the access control unit 402 returns a notification indicating that reference to the job information is not permitted to the client application 210. Therefore, in this case, the client application 210 cannot refer to the job information.

  When the job information is returned from the access control unit 402, the client application 210 displays the job information (step S1707). Accordingly, the client application 210 can display job information including the user ID of the user of the device 20.

  In FIG. 17, the case where the authentication method between the client application 210 and the authentication service unit 120 is “user authentication” has been described. However, after step S1703, the authentication method is “access token authentication”. Can be applied similarly. In this case, the job information reference request in step S1701 includes a job ID and an access token, and the point that access token authentication is performed in step S1702 is different from FIG.

  Here, as shown in FIG. 12, the job information stored in the job information storage unit 150 includes a user ID, but instead of the user ID (or in addition to the user ID), the tenant ID May be included. That is, for example, as shown in FIG. 18, the job information stored in the job information storage unit 150 may include a tenant ID instead of the user ID.

  In this case, processing when the client application 210 whose authentication method with the authentication service unit 120 is “user authentication” refers to job information will be described with reference to FIG. FIG. 19 is a sequence diagram illustrating another example (part 2) of the job information reference process.

  First, the client application 210 transmits a job information reference request to the authentication service unit 120 (step S1901). The job information reference request includes a job ID, a tenant ID, a user ID, and a password. The tenant ID, user ID, and password may be input by the user on the job information reference screen 3100 shown in FIG. 16, for example.

  Upon receiving the job information reference request, the authentication service unit 120 performs user authentication based on the tenant ID, user ID, and password included in the reference request (step S1902). That is, the authentication service unit 120 determines whether the set of tenant ID, user ID, and password included in the reference request matches a predetermined set of tenant ID, user ID, and password. Then, user authentication is performed.

  If the user authentication is successful, the authentication service unit 120 transmits a job information reference request to the access control unit 402 (step S1903). The job information reference request includes a job ID and a tenant ID.

  If the user authentication fails in step S1702 described above, the authentication service unit 120 returns, for example, a notification indicating that the user authentication has failed to the client application 210.

  Upon receiving the job information reference request, the access control unit 402 transmits a job information acquisition request to the job information management unit 401 (step S1904). The job information acquisition request includes a job ID.

  Upon receiving the job information acquisition request, the job information management unit 401 acquires job information of the job ID included in the acquisition request from the job information storage unit 150 (step S1905). Then, the job information management unit 401 returns the acquired job information to the access control unit 402.

  Next, the access control unit 402 performs access right check (step S1906). In other words, the access control unit 402 determines whether or not the tenant ID included in the job information reference request matches the tenant ID included in the job information acquired in step S1902.

  If the access control unit 402 determines that the tenant ID included in the job information reference request matches the tenant ID included in the job information acquired in step S1902, the job control unit 402 sends the job information to the client application 210. Send back.

  On the other hand, if the access control unit 402 determines that these tenant IDs do not match, the access control unit 402 returns a notification indicating that reference to job information is not permitted to the client application 210. Therefore, in this case, the client application 210 cannot refer to the job information.

  When the job information is returned from the access control unit 402, the client application 210 displays the job information (step S1907). Accordingly, the client application 210 can display job information including the tenant ID of the user of the device 20.

<Summary>
As described above, the information processing system 1 according to the present embodiment authenticates the client application 210 when the client application 210 executes a series of processes for realizing a service. Moreover, in the information processing system 1 according to the present embodiment, authentication can be performed by various authentication methods according to the client application 210.

  Therefore, in the information processing system 1 according to the present embodiment, only a legitimate user (a user of the client application 210 or the device 20) can use a service provided by the service providing system 10.

  In the information processing system 1 according to the present embodiment, the client application 210 and the like can refer to job information of a series of processes executed by other applications (the other client application 210 and the application information 1000 and the like). . Moreover, in the information processing system 1 according to the present embodiment, access control is performed by determining whether or not the client application 210 or the like has the authority to refer to job information. Thereby, in the information processing system 1 according to the present embodiment, only legitimate users (such as the client application 210 and the application information 1000) can be permitted to refer to job information.

  The present invention is not limited to the specifically disclosed embodiments, and various modifications and changes can be made without departing from the scope of the claims.

DESCRIPTION OF SYMBOLS 1 Information processing system 10 Service provision system 20 Apparatus 110 Input / output service processing part 111 Application management part 112 Logic processing part 113 Job management part 120 Authentication service part 130 Document service part 140 Application information storage part 150 Job information storage part 160 Reference information storage Unit 210 client application 301 flow execution unit 302 component management unit 303 component group 304 type conversion management unit 305 type conversion group 401 job information management unit 402 access control unit

Japanese Patent No. 4039191

Claims (9)

An information processing system that includes one or more information processing apparatuses and includes a plurality of programs that respectively execute predetermined processes,
Flow information in which, for each series of processes using electronic data, program identification information for identifying one or more of the programs that execute each of the series of processes and the execution order of the one or more of the programs are defined. Storing means in association with the flow identification information for identifying the flow information;
1st including the information regarding electronic data, the said flow identification information, and the authentication information for authenticating the said one apparatus from one apparatus of the one or more apparatuses connected to the said information processing system First receiving means for receiving the request;
Authentication means for authenticating the one device based on the authentication information included in the first request received by the first receiving means;
When the authentication by the authentication means is successful, the flow information stored in the storage means is associated with the flow identification information included in the first request received by the first receiving means. Obtaining means for obtaining the flow information stored in the storage means;
By causing each program identified by the program identification information defined in the flow information obtained by the obtaining means to be executed according to the execution order defined in the flow information, the first receiving means Execution means for executing the series of processes using electronic data based on information related to the electronic data included in the first request received by:
An information processing system having The authentication information is:
Including application identification information for identifying an application program installed in the one device and transmitting the first request, and a first password for the application identification information,
The authentication means includes
The information processing system according to claim 1, wherein authentication of the one device is performed based on the application identification information included in the authentication information and the first password. The authentication information is:
User identification information for identifying a user who uses the one device, group identification information for identifying a group to which the user belongs, and a second password for the user identification information and the group identification information,
The authentication means includes
The information processing system according to claim 1, wherein authentication of the one device is performed based on the user identification information, the group identification information, and the second password included in the authentication information. The authentication information is:
Including an access token by OAuth,
The authentication means includes
The information processing system according to claim 1, wherein authentication of the one device is performed based on an access token included in the authentication information. Job information storage means for storing job information including job identification information of the job indicating the series of processes and an execution state of the job;
Second receiving means for receiving a second request including the job identification information and the authentication information from one of the one or more devices connected to the information processing system;
Job information acquisition means for acquiring the job information of the job identification information included in the second request received by the second reception means;
Transmission means for transmitting the job information acquired by the job information acquisition means to the one device requesting the second request,
The authentication means includes
Based on the authentication information included in the second request received by the second receiving means, the one device is authenticated,
The job information acquisition unit includes:
5. The job information of the job identification information included in the second request received by the second receiving unit is acquired when the authentication by the authenticating unit is successful. 6. Information processing system according to item. The job information further includes first application identification information for identifying an application program that has executed the series of processes among application programs installed in one or more devices connected to the information processing system. Included,
The second receiving means includes
Second application identification information for identifying the job identification information, the authentication information, and an application program installed in the one device from one of the one or more devices connected to the information processing system Receives a second request containing
The transmission means includes
When the first application identification information included in the job information acquired by the job information acquisition unit matches the second application identification information included in the second request, the job information is The information processing system according to claim 5, wherein the information is transmitted to the one device that is a request source of the second request. Reference for storing reference information including application identification information for identifying an application program installed in the device and referenceable application identification information for identifying another application program with which the application program can refer to the job information Having information storage means;
The transmission means includes
When the first application identification information included in the job information acquired by the job information acquisition unit matches the second application identification information included in the second request, or the first If the application identification information of the second application identification information matches the referenceable application identification information included in the reference information corresponding to the second application identification information, the job information is changed to the one of the request sources of the second request. The information processing system according to claim 6, wherein the information processing system is transmitted to the device. An information processing apparatus having a plurality of programs for executing predetermined processes,
Flow information in which, for each series of processes using electronic data, program identification information for identifying one or more of the programs that execute each of the series of processes and the execution order of the one or more of the programs are defined. Storing means in association with the flow identification information for identifying the flow information;
1st including the information regarding electronic data, the said flow identification information, and the authentication information for authenticating the said one apparatus from one apparatus of the one or more apparatuses connected to the said information processing apparatus First receiving means for receiving the request;
Authentication means for authenticating the one device based on the authentication information included in the first request received by the first receiving means;
When the authentication by the authentication means is successful, the flow information stored in the storage means is associated with the flow identification information included in the first request received by the first receiving means. Obtaining means for obtaining the flow information stored in the storage means;
By causing each program identified by the program identification information defined in the flow information obtained by the obtaining means to be executed according to the execution order defined in the flow information, the first receiving means Execution means for executing the series of processes using electronic data based on information related to the electronic data included in the first request received by:
An information processing apparatus. An information processing method used in an information processing system including a plurality of programs each including one or more information processing apparatuses and executing predetermined processing, wherein each series of processing using electronic data Flow information in which program identification information for identifying one or more of the programs executing the respective processes and the execution order of the one or more of the programs are defined is stored in association with the flow identification information for identifying the flow information. In an information processing system having storage means,
1st including the information regarding electronic data, the said flow identification information, and the authentication information for authenticating the said one apparatus from one apparatus of the one or more apparatuses connected to the said information processing system A first receiving procedure for receiving the request;
An authentication procedure for authenticating the one device based on the authentication information included in the first request received by the first reception procedure;
When the authentication by the authentication procedure is successful, the flow information stored in the storage unit is associated with the flow identification information included in the first request received by the first reception procedure. An acquisition procedure for acquiring the flow information stored in the storage means;
By causing each program identified by the program identification information defined in the flow information acquired by the acquisition procedure to be executed according to the execution order defined in the flow information, the first reception procedure An execution procedure for executing the series of processes using electronic data based on information related to the electronic data included in the first request received by:
An information processing method comprising:

Images