JP2018166008A - Information processing system, information processing method, service use device, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To simplify information input operation to be used for authentication.SOLUTION: In an information processing system, a service use device includes: authentication request means for issuing an authentication request to an information processing apparatus by means of user specifying information input in an input screen, on the basis of an authentication request from a user received in the input screen; acquisition means which acquires related information associated with the user specifying information from the information processing apparatus when the information processing apparatus allows authentication, and stores it in a storage section; receiving means which displays a user list specified from the related information on the input screen when the related information is stored in the storage section, in displaying the input screen, and reads some pieces of user specifying information from the related information corresponding to a user selected from the displayed user list, to receive an input of information excluding the read information, from the input screen.SELECTED DRAWING: Figure 5

Description

  The present application relates to an information processing system, an information processing method, a service using device, and a program.

  In recent years, service provision forms in which only necessary functions are used when a user needs them are increasing. For example, SaaS (Software as a Service), a combination of computing resources on the Internet, a service with high added value for the end user, which is a software usage mode that allows users to freely select only the functions they want Such as cloud computing.

  A method of generating a screen using unique screen definition data associated with a client identifier in order to provide a customized screen to the above-described service user is known (for example, see Patent Document 1). .

  However, the method of Patent Document 1 described above is not related to a user logging in to a cloud service. For example, when logging in to the cloud service, the user must input authentication information necessary for login on the screen. Therefore, for example, when inputting authentication information on a small screen such as an operation panel, there is a problem that it takes time and effort.

  In one aspect, the present invention aims to simplify the input of information used for authentication.

  In one aspect, an information processing system including a service using device and one or more information processing devices providing services to the service using device, wherein the service using device receives an authentication request from a user received on an input screen And authentication request means for making an authentication request to the information processing device based on the user specifying information input on the input screen, and when the information processing device permits authentication, the user specifying information from the information processing device. Acquisition means for acquiring the related information associated with the storage unit and storing it in the storage unit, and when the input screen is displayed, if the related information is stored in the storage unit, from the related information to the input screen A user list to be identified is displayed, and a user is selected from the related information corresponding to the selected user by selecting the user from the displayed user list. Reading a portion of the constant information, the input information is omitted the portion read out and a receiving unit for receiving from the input screen.

  It becomes possible to simplify the input of information used for authentication.

It is a lineblock diagram of an example of an information processing system concerning this embodiment. It is a hardware block diagram of an example of the computer which concerns on this embodiment. 1 is a hardware configuration diagram of an example of an image forming apparatus according to an embodiment. It is a processing block diagram of an example of a service platform providing system. 1 is a processing block diagram of an example of an image forming apparatus according to an embodiment. It is a figure which shows an example of the tenant data in this embodiment. It is a figure which shows an example of the user data in this embodiment. It is a figure which shows an example of the service data in this embodiment. It is a figure which shows an example of the login sequence which concerns on this embodiment. It is a figure which shows an example of an application list screen. It is a figure which shows an example of the login screen which inputs an e-mail address. It is a figure which shows an example of the login screen using a user list. It is a figure which shows the example of data of the user list preserve | saved at a data preservation | save part. It is a figure which shows an example of the sequence which logs in by an e-mail address. It is a figure which shows an example of the sequence which logs in using a user list. It is a figure which shows an example of the screen which sets a user list availability. It is a figure which shows an example of the sequence which sets a user list availability. It is a figure which shows an example of the user list acquisition sequence based on a user list availability. It is a figure which shows an example of the sequence which sets a user list availability in a main body. It is a figure which shows an example of the user list acquisition sequence based on the user list availability of a main body. It is a figure which shows an example of the sequence cooperated with main body authentication. It is a figure which shows an example of the sequence which logs in irrespective of tenant ID.

  Hereinafter, embodiments will be described in detail.

<System configuration>
FIG. 1 is a configuration diagram of an example of an information processing system according to the present embodiment. The information processing system 1 illustrated in FIG. 1 includes a user system 10, an application market providing system 20, a service providing system 30, a service platform providing system 40, and a business platform providing system 50.

  The user system 10, the application market providing system 20, the service providing system 30, and the service platform providing system 40 are connected via a network N1 such as the Internet. The service platform providing system 40 and the business platform providing system 50 are connected by a dedicated line or the like.

  The network N2 of the user system 10 is a private network inside the firewall FW. The firewall FW detects and blocks unauthorized access. An image forming apparatus 12 such as a user terminal 11 or a multifunction peripheral is connected to the network N2. Note that the image forming apparatus 12 is an example of an electronic device on which a user tries or uses a service.

  The user terminal 11 can be realized by an information processing apparatus equipped with a general OS (Operating System) or the like. The user terminal 11 includes a wireless communication unit or a wired communication unit. The user terminal 11 is a terminal that can be operated by a user, such as a smartphone, a mobile phone, a tablet terminal, or a PC (Personal Computer).

  The image forming apparatus 12 is an apparatus having an image forming function such as a multifunction peripheral. The image forming apparatus 12 includes a wireless communication unit or a wired communication unit. The image forming apparatus 12 is an apparatus that performs processing related to image formation, such as a multifunction machine equipped with a browser, a copier, a scanner, a printer, a laser printer, a projector, and an electronic blackboard. In the example of FIG. 1, as an example, the user terminal 11 and the image forming apparatus 12 are each provided as one unit, but a plurality of units may be provided.

  The application market providing server 21 of the application market providing system 20 is connected to the network N1 through the firewall FW. The application market providing server 21 can be realized by one or more information processing apparatuses equipped with a general OS or the like.

  The application market providing system 20 may be provided for each sales area or sales company. The application market providing server 21 provides an application market screen such as a service list screen and an application screen to the user terminal 11 and the image forming apparatus 12, for example.

  The service providing system 30 is connected to the network N1 through the firewall FW. The service providing system 30 provides various services to the user terminal 11 and the image forming apparatus 12. The service providing system 30 can be realized by one or more information processing apparatuses equipped with a general OS or the like.

  The service provided by the service providing system 30 may be a service provided by an external service provider or the like in addition to a service provided by an operator of the service platform providing system 40. The service provided by the service providing system 30 is, for example, a translation service. When using the translation service, the image forming apparatus 12 performs OCR (optical character recognition) on image data scanned from a document, and then transmits it to the service providing system 30, and accesses the service providing system 30 from the user terminal 11. By doing so, the translation result may be viewed, or the translation result may be received by e-mail or the like.

  The service platform providing system 40 is connected to the network N1 through the firewall FW. The service platform providing system 40 can be realized by one or more information processing apparatuses equipped with a general OS or the like.

  The service platform providing system 40 has functions such as authentication / authorization, tenant / user management, license management, and account registration. The service platform providing system 40 accepts account registration and login requests from the user terminal 11 and the image forming apparatus 12. In addition, the service platform providing system 40 receives an authentication ticket confirmation request and a user information acquisition request from the service providing system 30.

  The network N3 of the business platform providing system 50 is a private network inside the firewall FW. A business terminal 51 and a license management server 52 are connected to the network N3. The business terminal 51 and the license management server 52 can be realized by one or more information processing apparatuses equipped with a general OS or the like.

  The business terminal 51 includes a wireless communication unit or a wired communication unit. The business terminal 51 is a terminal that can be operated by a business person such as a smartphone, a mobile phone, a tablet terminal, or a PC. The business person in charge can request the license management server 52 to issue a license from the business terminal 51.

  The license management server 52 has functions such as license management. The license management server 52 receives a request for issuing a license from the service platform providing system 40 and the business terminal 51. The configuration of the information processing system 1 illustrated in FIG. 1 is an example and may be another configuration.

<Hardware configuration of computer>
The user terminal 11, the application market providing server 21, the business terminal 51, and the license management server 52 illustrated in FIG. 1 are realized by a computer having a hardware configuration as illustrated in FIG. Further, the information processing apparatus for realizing the service providing system 30 and the service platform providing system 40 shown in FIG. 1 is realized by a computer having a hardware configuration shown in FIG. 2, for example. FIG. 2 is a hardware configuration diagram of an example of a computer according to the present embodiment.

  2 includes an input device 501, a display device 502, an external I / F 503, a RAM (Random Access Memory) 504, a ROM (Read Only Memory) 505, a CPU (Central Processing Unit) 506, a communication I / F 507, And an HDD (Hard Disk Drive) 508 and the like, which are connected to each other via a bus B. Note that the input device 501 and the display device 502 may be connected and used when necessary.

  The input device 501 includes a keyboard, a mouse, and the like, and is used by a user to input each operation signal. The display device 502 includes a display and the like, and displays a processing result by the computer 500.

  The external I / F 503 is an interface with an external device. The external device includes a recording medium 503a and the like. Accordingly, the computer 500 can read and / or write the recording medium 503a via the external I / F 503. The recording medium 503a includes a flexible disk, a CD (Compact Disk), a DVD (Digital Versatile Disk), an SD memory card (SD Memory card), a USB memory (Universal Serial Bus memory), and the like.

  The RAM 504 is a volatile semiconductor memory (storage device) that temporarily stores programs and data. The ROM 505 is a nonvolatile semiconductor memory (storage device) that can retain programs and data even when the power is turned off. The ROM 505 stores programs and data such as a basic input / output system (BIOS) executed when the computer 500 is started, an OS setting, and a network setting.

  The CPU 506 is an arithmetic unit that realizes control and functions of the entire computer 500 by reading a program and data from a storage device such as the ROM 505 and the HDD 508 onto the RAM 504 and executing processing.

  The communication I / F 507 is an interface that connects the computer 500 to the networks N1, N2, and N3. Thereby, the computer 500 can perform data communication via the communication I / F 507.

  The HDD 508 is a non-volatile storage device that stores programs and data. The stored programs and data are, for example, an OS that is basic software for controlling the entire computer 500, application software that provides various functions on the OS, and the like. The computer 500 may be provided with an SSD (Solid State Drive) instead of the HDD 55.

  The user terminal 11, the application market providing server 21, the business terminal 51, and the license management server 52 according to the present embodiment can implement various processes to be described later by the hardware configuration of the computer 500. In addition, the information processing apparatus that implements the service providing system 30 and the service platform providing system 40 according to the present embodiment can implement various processes described later by the hardware configuration of the computer 500.

<Hardware configuration of image forming apparatus>
The image forming apparatus 12 shown in FIG. 1 is realized by a computer having a hardware configuration as shown in FIG. 3, for example. FIG. 3 is a hardware configuration diagram of an example of the image forming apparatus according to the present embodiment. The image forming apparatus 12 illustrated in FIG. 3 includes a controller 601, an operation panel 602, an external I / F 603, a communication I / F 604, a printer 605, a scanner 606, and the like.

  The controller 601 includes a CPU 611, a RAM 612, a ROM 613, an NVRAM 614, an HDD 615, and the like. The ROM 613 stores various programs and data. The RAM 612 temporarily stores programs and data. The NVRAM 614 stores setting information, for example. The HDD 615 stores various programs and data.

  The CPU 611 implements control and functions of the entire image forming apparatus 12 by reading programs, data, setting information, and the like from the ROM 613, the NVRAM 614, the HDD 615, and the like onto the RAM 612 and executing the processing.

  The operation panel 602 includes an input unit that receives input from the user and a display unit that performs display. The external I / F 603 is an interface with an external device. The external device includes a recording medium 603a. Accordingly, the image forming apparatus 12 can read and / or write the recording medium 603a via the external I / F 603. Examples of the recording medium 603a include an IC card, a flexible disk, a CD, a DVD, an SD memory card, and a USB memory.

  The communication I / F 604 is an interface that connects the image forming apparatus 12 to the network N2. Accordingly, the image forming apparatus 12 can perform data communication via the communication I / F 604. A printer 605 is a printing apparatus that prints print data on paper. A scanner 606 is a reading device that reads image data (electronic data) from a document. Note that the description of the hardware configuration of the firewall FW illustrated in FIG. 1 is omitted.

<Service platform provision system>
The service platform providing system 40 according to the present embodiment is realized by, for example, processing blocks illustrated in FIG. FIG. 4 is a processing block diagram of an example of a service platform providing system according to the present embodiment. The service platform providing system 40 implements a processing block as shown in FIG. 4 by executing the program.

  A service platform providing system 40 shown in FIG. 4 implements an application 101, a common service 102, a database (DB) 103, and a platform API 104.

  The application 101 includes a portal service application 111, a scan service application 112, a print service application 113, and an account registration application 114 as an example.

  The portal service application 111 is an application that provides a portal service. The portal service provides a service serving as an entrance for using the information processing system 1. The scan service application 112 is a UI (user interface) of an application that provides a scan service.

  The print service application 113 is a UI of an application that provides a print service. The account registration application 114 is a UI of an application that provides an account registration service. The application 101 may include other service applications.

  The UIs of the scan service application 112, the print service application 113, and the account registration application 114 include a Native application and HTML / JavaScript (registered trademark) data displayed or executed on the user terminal 11 or the image forming apparatus 12. Also good. The Native application is a type of application that is contrasted with a Web application and performs main processing by the user terminal 11 or the image forming apparatus 12. The web application is a type of application in which main processing is performed by the service platform providing system 40.

  A platform API (Application Programming Interface) 104 is an interface for the application 101 such as the portal service application 111 to use the common service 102.

  The platform API 104 is a predefined interface provided for the common service 102 to receive a request from the application 101, and includes, for example, a function or a class. When the service platform providing system 40 is configured by a plurality of information processing apparatuses, the platform API 104 can be realized by, for example, a Web API that can be used via a network.

  The common service 102 includes a scan service unit 121, a print service unit 122, an account registration unit 123, an authentication / authorization unit 131, a tenant management unit 132, a user management unit 133, a license management unit 134, a device management unit 135, and a temporary image storage unit. 136, a data storage unit 137, an image processing workflow control unit 138, and a log collection unit 139. Further, the image processing workflow control unit 138 includes a message queue 141 and one or more workers (workers) 142. The worker 142 implements functions such as image conversion and image transmission.

  The scan service unit 121 functions as a logic (API) of the scan service application 112. The print service unit 122 functions as a logic (API) of the print service application 113. The account registration unit 123 functions as a logic (API) of the account registration application 114.

  The authentication / authorization unit 131 executes authentication / authorization based on a login request from an office device such as the user terminal 11 or the image forming apparatus 12. Office equipment is a generic term for the user terminal 11, the image forming apparatus 12, and the like.

  For example, the authentication / authorization unit 131 accesses the user information storage unit 153, the license information storage unit 154, and the like to authenticate and authorize the user. The authentication / authorization unit 131 accesses the tenant information storage unit 152, the license information storage unit 154, the device information storage unit 155, and the like, for example, and performs client authentication of the image forming apparatus 12 and the like.

  The tenant management unit 132 manages tenant information stored in the tenant information storage unit 152. The user management unit 133 manages user information stored in the user information storage unit 153.

  The license management unit 134 manages license information stored in the license information storage unit 154. The device management unit 135 manages device information stored in the device information storage unit 155. The temporary image storage unit 136 stores the temporary image in the temporary image storage unit 156 and acquires the temporary image from the temporary image storage unit 156. The data storage unit 137 stores data in the job information storage unit 157 and the like.

  The image processing workflow control unit 138 controls a workflow related to image processing based on a request from the application 101. The message queue 141 has a queue corresponding to the type of processing. The image processing workflow control unit 138 puts a request message related to processing (job) into a queue corresponding to the type of the job.

  Worker 142 is monitoring the corresponding queue. When a message is input to the queue, the worker 142 performs processing such as image conversion and image transmission according to the type of the corresponding job. The message put in the queue may be read by the worker 142 (Pull) or may be provided from the queue to the worker 142 (Push). The log collection unit 139 stores the collected log information in the log information storage unit 151, for example.

  The database 103 includes a log information storage unit 151, a tenant information storage unit 152, a user information storage unit 153, a license information storage unit 154, a device information storage unit 155, a temporary image storage unit 156, a job information storage unit 157, and an application-specific storage. A setting information storage unit 158 is included.

  The log information storage unit 151 stores log information. The tenant information storage unit 152 stores tenant information. The user information storage unit 153 stores user information. The license information storage unit 154 stores license information. The device information storage unit 155 stores device information. The temporary image storage unit 156 stores a temporary image. The temporary image is a file or data such as a scanned image processed by the worker 142, for example.

  The job information storage unit 157 stores request information (job information) related to processing (job). The application-specific setting information storage unit 158 stores setting information specific to the application 101.

  The service platform providing system 40 functions as an integrated platform that provides common services such as workflows related to authentication / authorization and image processing, and a service group that provides application services such as scan services and print services using the functions of the integrated platform. To do.

  The integration platform is configured by, for example, the common service 102, the database 103, and the platform API 104. The service group is configured by the application 101, for example. As described above, the service platform providing system 40 shown in FIG. 4 has a configuration in which the service group and the integrated platform are separated.

  The service platform providing system 40 shown in FIG. 4 can easily develop the application 101 that uses the platform API 104 by separating the service group and the integrated platform. In addition, the service platform providing system 40 shown in FIG. 4 can easily develop the service providing system 30 that uses the platform API 104.

  Note that the processing block classification form of the service platform providing system 40 shown in FIG. 4 is an example, and it is not essential that the application 101, the common service 102, and the database 103 are classified in the hierarchy shown in FIG. For example, as long as the processing of the service platform providing system 40 can be performed, the hierarchical relationship shown in FIG. 4 is not limited to a specific one.

<Processing Block of Image Forming Apparatus 12>
The image forming apparatus 12 described above is realized by, for example, the functional configuration shown in FIG. FIG. 5 is a processing block diagram of an example of the image forming apparatus according to the present embodiment. The browser of the image forming apparatus 12 illustrated in FIG. 5 includes, for example, a display / input unit 201, a screen generation unit 202, a script analysis unit 203, a data storage unit 204, and a communication unit 205.

  The display / input unit 201 receives an input instruction by a user operation from an operation panel or the like, or displays a login screen or the like generated by the screen generation unit 202 on the operation panel.

  The screen generation unit 202 performs rendering processing of an HTML file or the like acquired from the service platform providing system 40 via the communication unit 205. The screen generation unit 202 generates a login screen based on the JavaScript data analyzed by the script analysis unit 203.

  The script analysis unit 203 analyzes, for example, JavaScript obtained from the service platform providing system 40 via the communication unit 205. The data storage unit 204 includes, for example, a local storage and a session storage, and stores HTML / Java Script data acquired from the service platform providing system 40 via the communication unit 205.

  The communication unit 205 transmits a login request to the service platform providing system 40 and acquires various files from the service platform providing system 40.

<Example of tenant data>
Next, an example of tenant information stored in the tenant information storage unit 152 of the service platform providing system 40 described above will be described. FIG. 6 is a diagram illustrating an example of tenant data in the present embodiment.

  The tenant data illustrated in FIG. 6 includes data items such as “tenant ID” and “license”, but is not limited thereto. “Tenant ID” represents information for identifying a group (organization) such as a company or a department. The “tenant ID” is not limited to the tenant language, and may be tenant information for identifying a contract, for example. The “tenant ID” is unique.

  “License” represents information of a service for which a license is issued. The example in FIG. 6 indicates whether or not a license is issued for services such as “translate (translation service)” and “signage”.

  For example, in the example of FIG. 6, the license for the “translate” service is issued to the tenant ID “600000000”, but the license for the “signage” service is not issued.

<Example of user data>
Next, an example of user information stored in the user information storage unit 153 of the service platform providing system 40 described above will be described. FIG. 7 is a diagram showing an example of user data in the present embodiment.

  The user data shown in FIG. 7 has data items such as “email address”, “tenant ID”, “user name”, “service use authority”, but is not limited thereto. “Mail address” represents, for example, information of a login mail address set corresponding to the user name. The “tenant ID” corresponds to the tenant ID shown in FIG. “User name” represents the name of the user. “Service usage authority” represents, for example, information on services for which the user has usage authority.

  In the example of FIG. 7, the user name “Taro Yamada” belongs to the tenant ID [600000000] and can log in with the mail address “taro_yamada@example.com”. Further, the user name “Taro Yamada” has the authority to use the service “translate”.

<Example of service class>
Next, an example of a service class set in association with the tenant data and user data described above will be described. FIG. 8 is a diagram illustrating an example of service data in the present embodiment.

  The service data shown in FIG. 8 has data items such as “service class”, but is not limited to this. The “service class” represents information specifying a service such as “translate (translation service)” and “signage”.

<Login sequence>
In the information processing system 1 described above, for example, the image forming apparatus 12 logs in to the service platform providing system 40 when using a service provided by the service providing system 30. FIG. 9 is a diagram illustrating an example of a login sequence according to the present embodiment.

  In the example of FIG. 9, for example, the image forming apparatus 12 stores the tenant ID of the tenant to which the user who has successfully logged in belongs, and displays the login screen depending on the presence of the stored tenant ID when the login screen is displayed. Control the display. If the tenant ID is stored, the login has already been successful, and a login screen displaying a list of users belonging to the tenant is displayed. If the tenant ID has not been saved, the login has not been successful, and a login screen for inputting user identification information (for example, an email address and a password) is displayed.

  Specifically, the sequence shown in FIG. 9 includes a display / input unit 201, a screen generation unit 202, a script analysis unit 203, a data storage unit 204, a communication unit 205, and a service platform provided in the image forming apparatus 12. Executed by the system 40.

  As illustrated in FIG. 9, the display / input unit 201 of the image forming apparatus 12 receives a service selection (S10) from the application list screen of the application market and a request to display a login screen of the selected service, for example. (S11). Upon receiving a login screen generation request from the display / input unit 201 (S12), the screen generation unit 202 issues a login screen acquisition request to the communication unit 205 (S13).

  When the service platform providing system 40 receives an acquisition request for a login screen as resource acquisition via the communication unit 205 of the image forming apparatus 12 (S14), the service platform providing system 40 transmits the generated HTML data to the image forming apparatus 12. The image forming apparatus 12 makes a script execution request to the script analysis unit 203 by the screen generation unit 202 based on the HTML data acquired from the service platform providing system 40 (S15).

  The script analysis unit 203 acquires the service class of the service selected in the process of S10 (S16). In the process of S16, the script analysis unit 203 identifies a service set as a query in the URL of the service selected in the process of S10 (for example, http://example.com/login?service_class=translate). (In the case of “translation service”, the service class is acquired from “translate”).

  Further, the script analysis unit 203 sends a tenant ID acquisition request to the data storage unit 204 (S17). If the tenant ID is not stored in the data storage unit 204, the script analysis unit 203 generates an email address / password input screen as the first input screen (S18).

  On the other hand, when the tenant ID is stored in the data storage unit 204, the script analysis unit 203 specifies the service class acquired in the process of S16 to the data storage unit 204 and acquires the user list. A request is made (S19). In the process of S19, the script analysis unit 203 can acquire only the user having the authority to use the specified service by specifying the service class when acquiring the user list.

  If there is no user list in the data storage unit 204 or there are less than one, the script analysis unit 203 designates the tenant ID and service class to the communication unit 205 and makes a user list acquisition request ( S20).

  The service platform providing system 40 receives a user list acquisition request specifying a tenant ID and a service class as resource acquisition via the communication unit 205 of the image forming apparatus 12 (S21). In the process of S21, the service platform providing system 40 refers to the user data shown in FIG. 7 described above, and transmits a user list of users belonging to the designated tenant ID and service class to the image forming apparatus 12.

  The image forming apparatus 12 stores the user list acquired from the service platform providing system 40 in the data storage unit 204 by the script analysis unit 203 (S22), and selects a user from the user list as a second input screen ( A user list screen is generated (S23).

  According to the above-described sequence, since the user list is not stored in the data storage unit 204 at the first login, a user list belonging to the specified tenant ID and having the authority to use the specified service is acquired. . In the second and subsequent logins, a login screen is generated using the user list stored in the data storage unit 204. As a result, it is possible to reduce the requests to the service platform providing system 40 and improve the screen display performance.

<App list screen>
Next, an application list screen displayed on the operation panel 602 of the image forming apparatus 12 described above will be described. FIG. 10 is a diagram illustrating an example of the application list screen. An application list screen 210 illustrated in FIG. 10 illustrates an example of a screen that allows the user to select a service to be used. The application list screen 210 has a button 211 for the user to select a service to be used.

<Example of login screen for entering email address>
When the “XXX service” button 211 to be used is selected from the application list screen 210 shown in FIG. 10 described above, the image forming apparatus 12 displays the following two patterns of login screens depending on whether or not the tenant ID is stored. Is displayed. The first pattern is a login screen (first input screen) for inputting an email address when the tenant ID is not stored. FIG. 11 is a diagram illustrating an example of a login screen for inputting a mail address.

  A login screen 220 shown in FIG. 11 is displayed on the operation panel 602 of the image forming apparatus 12. The login screen 220 shown in FIG. 11 includes an email address and password input field 221 and a “login” button 222. When the e-mail address and password are input to the input field 221 of the login screen 220 and the “login” button 222 is selected, the image forming apparatus 12 specifies the input e-mail address and password as user identification information, A login request is made to the service platform providing system 40.

<Example of login screen using user list>
Next, as a second pattern, the image forming apparatus 12 displays a login screen (second input screen) using a user list when the tenant ID is stored. FIG. 12 is a diagram illustrating an example of a login screen using a user list. Login screens 230 to 232 shown in FIGS. 12A to 12C are displayed on the operation panel 602 of the image forming apparatus 12.

  The login screen 230 shown in FIG. 12A displays a user list, a button 233 for selecting a user from the user list, a “login with email address and password” button 234, and an “update list to latest” button. 235. In the user list displayed on the login screen 230, for example, user names of users who belong to the saved tenant ID and have the service use authority of the specified service class are displayed.

  When acquiring the user list from the service platform providing system 40, the image forming apparatus 12 acquires related information associated with the user specifying information of the user who has successfully logged in from the user data shown in FIG. . The image forming apparatus 12 acquires, as related information, for example, the tenant ID of a user who has successfully logged in, the service class, the user name of the user belonging to the tenant ID and the service class, the mail address, and the like.

  When the button 233 for selecting a user is selected from the user list on the login screen 230, the image forming apparatus 12 transitions to the login screen 231 shown in FIG. Further, when the “log in with email address and password” button 234 on the login screen 230 is selected, the image forming apparatus 12 transitions to a login screen 232 shown in FIG. Further, when the “update list to latest” button 235 on the login screen 230 is selected, the image forming apparatus 12 requests the service platform providing system 40 to acquire a user list, and the user list shown in FIG. Update.

  The login screen 231 shown in FIG. 12B has a display field 236 for displaying the user name of the user selected from the user list, a password input field 237, and a “login” button 238.

  When the password is input to the input field 237 of the login screen 231 and the “login” button 238 is selected, the image forming apparatus 12 reads the user's mail address displayed in the display field 236 from the data storage unit 204, A login request is made to the service platform providing system 40 by designating the read mail address and the input password.

  As described above, selecting a user from the user list and entering a password logs in the service platform providing system 40 using the same user identification information (user email address and password) as the first pattern. Requests can be made. Further, since it is only necessary to input only a password without inputting some information (user's e-mail address) among user-specific information necessary for login, the effort of inputting information used for user login is reduced. It becomes possible.

  The login screen 232 shown in FIG. 12C includes an email address and password input field 240, a “login” button 241, and an “add account” button 242. When the e-mail address and password are input in the input field 240 of the login screen 232 and the “login” button 241 is selected, the image forming apparatus 12 specifies the e-mail address, password, and saved tenant ID, A login request is made to the platform providing system 40. Here, since the tenant ID is specified, even when the email address and the password simply match, the login from the user of another tenant ID fails.

  The image forming apparatus 12 inputs the email address and password on the login screen 232, and when the “add account” button 243 is selected, specifies the email address, password, service class, tenant ID, and the service platform. An account addition request is made to the providing system 40. The service platform providing system 40 receives an account addition request from the image forming apparatus 12 and performs account registration based on the specified user identification information. As a result, when the “update list to latest” button 235 shown in FIG. 12A is selected, the account registered user is added to the user list shown in FIG. Become.

<List of users stored in data storage unit 204>
FIG. 13 is a diagram illustrating a data example of a user list stored in the data storage unit. The user list data shown in FIG. 13 includes items such as “user name” and “mail address”.

  The user list data shown in FIG. 13 includes, from the service platform providing system 40, the user name of the user who matches the tenant ID and the service usage authority (service class) of the user who has successfully logged in among the user data shown in FIG. Generated by obtaining an email address. Note that the user list data shown in FIG. 13 is generated for each service class, for example.

  Of the data in the user list shown in FIG. 13, “user name” is displayed on the login screen shown in FIG. “Mail address” corresponds to the name of the user displayed in the display field 236 of FIG. 12B when the “login” button 238 of the login screen 231 shown in FIG. 12B is selected. Read as an email address.

<Sequence for logging in with an email address>
Next, a description will be given of a sequence for logging in by inputting the e-mail address described above. FIG. 14 is a diagram illustrating an example of a sequence for logging in with a mail address. In the example of FIG. 14, login is performed using the email address and password (user identification information) input on the login screen or the like generated in the process of S <b> 18 of FIG. 9 described above.

  The sequence shown in FIG. 14 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 in the image forming apparatus 12. Is done.

  As shown in FIG. 14, the display / input unit 201 of the image forming apparatus 12 accepts input of an email address and password to the login screen shown in FIG. 11 (S30) and pressing of a login button by the user (S31). . When the screen generation unit 202 receives a press of a login button from the display / input unit 201 (S32), the screen generation unit 202 requests the script analysis unit 203 to execute a script (S33).

  The script analysis unit 203 makes a login request to the communication unit 205 by specifying an email address and a password (S34). In the process of S34, when the tenant ID is stored in the data storage unit 204, for example, when an e-mail address and password are input from the login screen shown in FIG. Send.

  The service platform providing system 40 receives a mail address login request specifying a mail address and a password as resource generation via the communication unit 205 of the image forming apparatus 12 (S35).

  Here, the service platform providing system 40 authenticates the user with reference to the user data shown in FIG. 7 using the mail address and password received in the process of S35, and sends the authentication result to the image forming apparatus 12. Notice. When the user authentication is successful, the service platform providing system 40 transmits the tenant ID to which the user specified by the e-mail address and the password belongs together with the authentication OK notification. Also, the service platform providing system 40 transmits an authentication NG (error) notification when the user authentication fails.

  When the service platform providing system 40 receives a tenant ID together with an email address and a password, if the tenant ID of the user specified by the email address and the password is different from the received tenant ID, an authentication error is generated. Send notifications.

  Based on the authentication result notified from the service platform providing system 40, the image forming apparatus 12 stores the tenant ID in the data storage unit 204 in the case of authentication OK (S36). Further, the image forming apparatus 12 redirects to the application (service) selected from the application list screen by the user in the process of S10 of FIG. 9 described above (S37).

  After the tenant ID is saved in the process of S36 described above, even if the newly received e-mail address and password are correct, if the user does not belong to the tenant of the set tenant ID, the service platform providing system An authentication error is transmitted from 40. As described above, once the tenant ID is stored, the user belonging to another tenant can control to log in and cannot use the application.

<Example of sequence for logging in from user list>
Next, a sequence for logging in from the login screen using the above-described user list will be described. FIG. 15 is a diagram illustrating an example of a sequence for logging in from the user list. The sequence shown in FIG. 15 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, and the data storage unit 204 in the image forming apparatus 12.

  As shown in FIG. 15, the display / input unit 201 of the image forming apparatus 12 selects a user name to log in from, for example, a user list displayed on the login screen shown in FIG. 12A (S40). . When receiving the user name selected from the display / input unit 201 (S41), the screen generation unit 202 requests the script analysis unit 203 to execute a script (S42).

  When the script analysis unit 203 acquires the mail address corresponding to the user name selected from the user list from the data storage unit 204 and stores it internally (S43), the script analysis unit 203 inputs the password shown in FIG. A login screen (password input screen) is generated and displayed (S44).

  The display / input unit 201 accepts an input of a password and a press of a login button on the login screen displayed in the process of S44 by the user (S45). When the screen generation unit 202 receives a press of the login button from the display / input unit 201 (S46), the screen generation unit 202 requests the script analysis unit 203 to execute a script (S47).

  When acquiring the tenant ID stored in the data storage unit 204 (S48), the script analysis unit 203 designates the email address, password entered by the user, and tenant ID stored in S43, and the communication unit 205 Via the above, a login request is made to the service platform providing system 40. Since the subsequent processing is the same as the processing after S35 shown in FIG. 14, the description thereof is omitted here.

  The login process shown in FIG. 15 is the same as the login process shown in FIG. 14 because the mail address and password are used for the service platform providing system 40, but the user does not have to input the email address. It becomes possible to simplify time and labor.

<Screen to set user list availability>
The login process from the user list described above is performed by using the login screen 232 in FIG. 12C by selecting the “login with email address and password” button 234 shown in the login screen 230 in FIG. You may log in with your email address and password. In the login process using the user list, information related to the users belonging to the tenant and the authority to use the service will be known to the user who wants to log in, so the login process from the user list will not be executed. You may do it.

  FIG. 16 is a diagram illustrating an example of a screen for setting user list availability. The setting screen 250 illustrated in FIG. 16 includes, for example, a check box 251 corresponding to “Allow login from user list” and an “OK” button 252. For example, whether or not the user list can be used can be set by changing whether or not the check box 251 is checked and selecting an “OK” button 252.

<Sequence for setting user list availability>
Next, a sequence for executing the above-described setting of availability of the user list for the service platform providing system 40 will be described. FIG. 17 is a diagram illustrating an example of a sequence for setting whether or not the user list can be used.

  The sequence illustrated in FIG. 17 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 of the image forming apparatus 12. Is done.

  As shown in FIG. 17, the display / input unit 201 of the image forming apparatus 12 receives a display request for the setting screen 250 shown in FIG. 16, for example, by the user (S50). When receiving the generation request for the setting screen 250 from the display / input unit 201 (S51), the screen generation unit 202 makes an acquisition request for the setting screen 250 to the communication unit 205 (S52).

  When the service platform providing system 40 receives an acquisition request for the setting screen 250 as resource acquisition via the communication unit 205 of the image forming apparatus 12 (S53), the service platform providing system 40 transmits the generated HTML data to the image forming apparatus 12. The image forming apparatus 12 makes a script execution request to the script analysis unit 203 by the screen generation unit 202 based on the HTML data acquired from the service platform providing system 40 (S54).

  The script analysis unit 203 acquires the tenant ID from the data storage unit 204, and requests the communication unit 205 to acquire the user list availability by specifying the tenant ID (S55). When the service platform providing system 40 receives an acquisition request for availability of a user list as resource acquisition via the communication unit 205 of the image forming apparatus 12 (S56), the service platform providing system 40 notifies the image forming apparatus 12 of availability of the user list.

  The image forming apparatus 12 updates the setting screen 250 by the script analysis unit 203 based on the user list availability information notified from the service platform providing system 40 (S57). Based on the user list availability information notified from the service platform providing system 40, the script analysis unit 203 checks the check box 251 on the setting screen 250 when the user list is available, and checks the check box when the user list is unavailable. Uncheck 251.

  The display / input unit 201 of the image forming apparatus 12 sets whether or not the check box 251 is checked from the setting screen 250 by the user (S58), and accepts pressing of the OK button 252 (S59). When the screen generation unit 202 receives a press of the OK button 252 from the display / input unit 201 (S60), it makes a script execution request to the script analysis unit 203 (S61).

  When the script analysis unit 203 acquires the state of the check box 251 on the setting screen 250 (S62), the script analysis unit 203 designates the tenant ID and the availability set by the user to the communication unit 205 and makes a user list availability update request. (S63). When receiving the resource update request via the communication unit 205 of the image forming apparatus 12 (S64), the service platform providing system 40 updates the user list availability corresponding to the tenant ID.

<User list acquisition sequence based on user list availability>
Next, a sequence for acquiring a user list based on the availability of the user list set in the service platform providing system 40 in the sequence shown in FIG. 17 will be described.

  FIG. 18 is a diagram illustrating an example of a user list acquisition sequence based on availability of the user list. The sequence shown in FIG. 18 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 in the image forming apparatus 12. Is done. Note that the processing in S70 to S77 shown in FIG. 18 is the same as the processing in S10 to S17 shown in FIG.

  In the example of FIG. 18, in response to a login screen display request from the user, the script analysis unit 203 of the image forming apparatus 12 sends an e-mail address and a tenant ID when the data storage unit 204 does not store the tenant ID in the process of S77. A password entry screen is generated (S78).

  On the other hand, when the tenant ID is stored in the data storage unit 204, the script analysis unit 203 designates the tenant ID to the communication unit 205 and makes an acquisition request for availability of the user list (S79). ). When the service platform providing system 40 receives a user list availability acquisition request as resource acquisition via the communication unit 205 of the image forming apparatus 12 (S80), the service platform providing system 40 notifies the image forming apparatus 12 of availability of the user list.

  Based on the availability of the user list notified from the service platform providing system 40, the script analysis unit 203 designates the service class acquired in the process of S76 to the data storage unit 204 in the case of the user list use permission. Then, a user list acquisition request is made (S81). If the user list cannot be used, the script analysis unit 203 generates the above-described mail address / password input screen shown in FIG. 11 (S82). In the process of S82, for example, control is performed so as not to display a switching link with the login screen on which the user list shown in FIG.

  In the sequence shown in FIG. 18 and FIG. 19 described above, since the user list availability is set in the service platform providing system 40, the user list availability setting can be managed for each tenant ID, for example.

<Sequence for setting the user list availability on the main unit>
Next, a sequence for executing the above-described user list availability setting in the main body of the image forming apparatus 12 will be described. FIG. 19 is a diagram showing an example of a sequence for setting whether or not the user list can be used on the main body.

  The sequence shown in FIG. 19 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 of the image forming apparatus 12. Is done. Note that the processing in S90 to S94 shown in FIG. 19 is the same as the processing in S50 to S54 shown in FIG.

  In the example of FIG. 19, in response to a display request for the user list availability setting screen 250, the script analysis unit 203 of the image forming apparatus 12 requests the data storage unit 204 to acquire the user list availability (S95). ). The script analysis unit 203 updates the setting screen 250 based on the user list availability information notified from the data storage unit 204 (S96). In the process of S96, in the first time, since the information on whether or not the user list can be used is not stored in the data storage unit 204, the checkbox of the setting screen 250 is checked as “usable” or “unusable”. Put in.

  The display / input unit 201 of the image forming apparatus 12 is set by the user as to whether or not the check box 251 is checked from the setting screen 250 (S97), and accepts pressing of the OK button 252 (S98). When the screen generation unit 202 receives a press of the OK button 252 from the display / input unit 201 (S99), it makes a script execution request to the script analysis unit 203 (S100).

  When the script analysis unit 203 obtains the state of the check box 251 of the setting screen 250 described above (S101), the script analysis unit 203 designates the use / non-use set by the user to the data storage unit 204, and requests to set whether to use the user list. (S102).

<User list acquisition sequence based on availability of user list set in the main unit>
Next, a sequence for acquiring the user list based on the user list availability set in the main body of the image forming apparatus 12 in the sequence shown in FIG. 19 will be described. FIG. 20 is a diagram showing an example of a user list acquisition sequence based on whether or not the user list of the main body can be used.

  The sequence shown in FIG. 20 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 in the image forming apparatus 12. Is done. Note that the processing of S110 to 117 shown in FIG. 20 is the same as the processing of S10 to S17 shown in FIG.

  In the example of FIG. 20, in response to a login screen display request from the user, the script analysis unit 203 of the image forming apparatus 12 receives an e-mail address / address when the tenant ID is not stored in the data storage unit 204 in the process of S117. A password input screen is generated (S118).

  On the other hand, when the tenant ID is stored in the data storage unit 204, the script analysis unit 203 requests the data storage unit 204 to acquire availability of the user list (S119).

  Based on the availability of the user list acquired from the data storage unit 204, the script analysis unit 203 specifies the service class acquired in the process of S116 to the data storage unit 204 when the user list is available, and the user A list acquisition request is made (S121). If the user list cannot be used, the script analysis unit 203 generates the above-described mail address / password input screen shown in FIG. 11 (S122). In the process of S122, control is performed so as not to display a switching link with the login screen on which the user list is displayed.

  In the sequence shown in FIGS. 20 and 21 described above, since the user list availability is set on the main body of the image forming apparatus 12, the user list availability setting can be managed for each image forming apparatus 12. .

<An example of a sequence linked with main unit authentication>
Next, a sequence when linked with the main body authentication of the image forming apparatus 12 will be described. When linked with the main body authentication, the user who has logged in to the image forming apparatus 12 can use the above-described application without performing the login process again. FIG. 21 is a diagram illustrating an example of a sequence linked with main body authentication.

  The sequence shown in FIG. 21 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 of the image forming apparatus 12. Is done.

  In the sequence shown in FIG. 21, for example, an on-premises ID or the like is added to the data item of the user data shown in FIG. 7, and user information (for example, user ID) used for main body authentication of the image forming apparatus 12 is registered in the data item. deep. When the login request using the on-premises ID is made from the image forming apparatus 12, the service platform providing system 40 may authenticate the user with reference to the user information of the user data shown in FIG.

  21 are the same as the processes of S10 to S15 shown in FIG. 9, and thus the description thereof is omitted here. In the example of FIG. 21, the script analysis unit 203 of the image forming apparatus 12 requests the data storage unit 204 to acquire a tenant ID in response to a login screen display request from the user (S136). If the tenant ID is not stored in the data storage unit 204, the script analysis unit 203 generates a mail address / password input screen (S137). On the other hand, when the tenant ID is stored in the data storage unit 204, the script analysis unit 203 acquires user information (body authentication information) for body authentication (S138).

  When the body authentication information is acquired in the process of S138 (with body authentication information), the script analysis unit 203 authenticates the communication unit 205 with the tenant ID acquired in the process of S136 and the body authentication acquired in the process of S138. The user information (user ID) is designated, and a login request is made with the on-premises ID (S139).

  The service platform providing system 40 specifies a tenant ID and a user ID that is authenticated as a resource generation via the communication unit 205 of the image forming apparatus 12, and accepts an on-premises ID login request (S140). The service platform providing system 40 authenticates the user by using the tenant ID received in the processing of S140 and the user ID that has been authenticated, and notifies the image forming apparatus 12 of the authentication result.

  If the authentication result notified from the service platform providing system 40 is authentication OK (success), the script analysis unit 203 of the image forming apparatus 12 redirects to the application (service) selected from the application list screen (S141). . In the case of authentication NG (failure), the script analysis unit 203 generates a mail address / password input screen (S142). If the main body authentication information cannot be acquired (no main body authentication information), the script analysis unit 203 generates a user list screen shown in FIG. 12 (S143).

  In addition, in the case of the above-mentioned user authentication failure with the on-premises ID, the case where the user ID authenticating the main body is not set in the data item of the on-premises ID of the user data shown in FIG. 7 described above is also included. Therefore, after the process of S142, when the user authentication using the e-mail address and password is successful, the script analysis unit 203 designates the user ID for which the main body is authenticated to the communication unit 205, and A principal information setting request is made (S144).

  When the service platform providing system 40 receives a resource update request via the communication unit 205 of the image forming apparatus 12 (S145), the user ID authenticating itself in the data item of the on-premises ID of the user data shown in FIG. It is good to set.

  As described above, when the user is logged in to the image forming apparatus 12, the application (service) can be used without performing the login process for the service platform providing system 40 again.

<Device authentication>
In each sequence described above, a user list is acquired using a tenant ID. That is, based on the tenant ID, it is possible to acquire information regarding users belonging to the tenant. Therefore, the service platform providing system 40 may perform device authentication so as to limit the use from the image forming apparatus 12 set in advance to the user list acquisition request.

  As device authentication, for example, SSL (Secure Sockets Layer) client authentication can be used, or authentication can be performed by embedding a preset password in a browser or the like.

  Further, a device authentication password is generated by the script analysis unit 203 or the like of the image forming apparatus 12, and a device authentication ticket is generated with the device authentication password obtained from the image forming apparatus 12 by the authentication / authorization unit 131 or the like of the service platform providing system 40. Is generated and transmitted to the image forming apparatus 12. When receiving a user list acquisition request from the image forming apparatus 12, the service platform providing system 40 may restrict access for acquiring the user list depending on the presence / absence of the device authentication ticket.

<When tenant ID is not specified>
Next, a sequence for logging in without using the above tenant ID will be described. For example, by using the setting screen 250 shown in FIG. 16 described above, it is possible to set whether to log in by specifying a tenant ID, and control to log in without using the tenant ID by setting.

  FIG. 22 is a diagram illustrating an example of a login sequence regardless of the tenant ID. The sequence shown in FIG. 22 is executed by the display / input unit 201, the screen generation unit 202, the script analysis unit 203, the data storage unit 204, the communication unit 205, and the service platform providing system 40 in the image forming apparatus 12. Is done.

  As shown in FIG. 22, the display / input unit 201 of the image forming apparatus 12 receives, for example, an input of an email address and password to the login screen shown in FIG. 11 (S150) and a press of a login button by the user (S151). When the screen generation unit 202 receives a press of a login button from the display / input unit 201 (S152), the screen generation unit 202 requests the script analysis unit 203 to execute a script (S153).

  The script analysis unit 203 makes a login request to the communication unit 205 by specifying an email address and a password (S154). The service platform providing system 40 receives a mail address login request specifying a mail address and a password as resource generation via the communication unit 205 of the image forming apparatus 12 (S155).

  The service platform providing system 40 authenticates the user using the mail address and password received in the process of S155, and notifies the image forming apparatus 12 of the authentication result. When the user authentication is successful, the service platform providing system 40 transmits the tenant ID to which the user specified by the e-mail address and the password belongs together with the authentication OK notification. Also, the service platform providing system 40 transmits an authentication NG (error) notification when the user authentication fails.

  The image forming apparatus 12 stores the tenant ID notified from the service platform providing system 40 in the data storage unit 204 (S156). Further, the image forming apparatus 12 redirects to the application (service) selected from the application list screen by the user in the process of S10 of FIG. 9 described above (S157).

  In the above-described sequence, since the tenant ID is not specified when making a login request, if the e-mail address and password are correct in the subsequent login requests, the authentication is successful. In this case, when a user of a tenant different from the tenant ID stored in the image forming apparatus 12 logs in, a new tenant ID is stored.

<User list stored in data storage unit 204>
In the present embodiment, a means for deleting the user list stored in the data storage unit 204 described above, for example, periodically or explicitly may be provided. As described above, by deleting the user list stored periodically, the latest user list is acquired, and therefore it is possible to cope with the increase / decrease / change of the users registered in the service platform providing system 40. It becomes possible.

  According to the above-described embodiment, it is possible to simplify the input of information used for authentication.

  The present invention is not limited to the specifically disclosed embodiments, and various modifications and changes can be made without departing from the scope of the claims. The image forming apparatus 12 is an example of a service using apparatus. The script analysis unit 203 is an example of an authentication request unit, an acquisition unit, a setting unit, a password generation unit, and an authentication unit. The display / input unit 201 is an example of a reception unit or a switching unit. The service platform providing system 40 is an example of one or more information processing apparatuses. The authentication / authorization unit 131 is an example of a ticket generation unit and an access restriction unit.

1 Information processing system 10 User system 11 User terminal 12 Image forming apparatus 20 Application market providing system 21 Application market providing server 30 Service providing system 40 Service platform providing system 50 Business platform providing system 51 Business terminal 52 License management server 101 Application 102 Common service 103 Database (DB)
104 Platform API
111 Portal Service Application 112 Scan Service Application 113 Print Service Application 114 Account Registration Application 121 Scan Service Unit 122 Print Service Unit 123 Account Registration Unit 131 Authentication / Authorization Unit 132 Tenant Management Unit 133 User Management Unit 134 License Management Unit 135 Device Management Unit 136 Temporary image storage unit 137 Data storage unit 138 Image processing workflow control unit 139 Log collection unit 141 Message queue 142 Worker 151 Log information storage unit 152 Tenant information storage unit 153 User information storage unit 154 License information storage unit 155 Device information storage unit 156 Temporary Image storage unit 157 Job information storage unit 158 Application-specific setting information storage unit 201 Display / input unit 202 Screen generation unit 203 Script analysis 204 data storage unit 205 communication unit 500 the computer 501 input device 502 display device 503 external I / F
503a recording medium 504 RAM
505 ROM
506 CPU
507 Communication I / F
508 HDD
601 Controller 602 Operation panel 603 External I / F
603a Recording medium 604 Communication I / F
605 Printer 606 Scanner 611 CPU
612 RAM
613 ROM
614 NVRAM
615 HDD
FW firewall N1-N3 network

JP 2010-186264 A

In one aspect, an information processing system including a service using device and one or more information processing devices that provide a service to the service using device, wherein the service using device accepts input of user identification information. a first authentication screen display means for displaying an authentication screen, the authentication requesting means for performing the authentication request to the thus the information processing apparatus the user identification information inputted to said first authentication screen, the authentication by the information processing apparatus Is permitted, storage control means for receiving relevant information corresponding to the user identification information from the information processing apparatus and storing it in a storage unit, and when receiving a display request for the first authentication screen, if the relevant information in the storage unit is stored, a user list display means for displaying a user list screen including a user list that is specified from the related information Depending on the user selected from the user list displayed by the user list display means, a second authentication for displaying the second authentication screen for receiving input of a partially omitted information of the user identification information Screen display means .

Claims (11)

An information processing system including a service using device and one or more information processing devices that provide services to the service using device,
The service using device is:
An authentication request means for making an authentication request to the information processing apparatus based on the user identification information input on the input screen based on the authentication request from the user received on the input screen;
An acquisition means for acquiring related information associated with the user identification information from the information processing apparatus and storing it in a storage unit when authentication is permitted by the information processing apparatus;
When the input screen is displayed, if the related information is stored in the storage unit, a user list specified from the related information is displayed on the input screen, and the user is selected from the displayed user list. And a receiving unit that reads out a part of the user identification information from the related information corresponding to the selected user, and receives from the input screen input of the read out information with the part omitted. system. The service using device is:
A first input screen for inputting the user identification information in accordance with the selection content from the user on the input screen, and a second input for displaying the user list and accepting a user selection from the displayed user list The information processing system according to claim 1, further comprising switching means for switching between screens. The service using device is:
Setting means for setting availability of the user list;
The switching means is
The information processing system according to claim 2, wherein when the user list is set to be unusable by the setting unit, only the first input screen is used. The accepting means is
Accept an account addition request from the first input screen,
The information processing apparatus includes:
The information processing system according to claim 2, wherein user identification information corresponding to the account addition request obtained by the accepting unit is registered and the user list is updated. The service using device is:
Having a password generation means for generating a device authentication password;
The information processing apparatus includes:
Ticket generating means for generating a device authentication ticket from the device authentication password generated by the password generating means;
5. An access restriction unit that restricts access for acquiring the user list by the acquisition unit using the device authentication ticket generated by the ticket generation unit. The information processing system according to one item. The service using device is:
An authentication unit that receives an authentication request from the user and authenticates the user;
The information processing apparatus includes:
The information processing system according to any one of claims 1 to 5, wherein a service is provided to the service using device based on user information of a user permitted to be authenticated by the authentication unit. The service using device is:
The information processing system according to claim 1, wherein the stored user list is deleted periodically or according to an instruction. An information processing system including a service using device and one or more information processing devices that provide services to the service using device,
The service using device is:
An authentication request means for making an authentication request to the information processing apparatus based on the address information and password information input on the input screen based on the authentication request from the user received on the input screen;
When authentication is permitted by the information processing device, as related information associated with the address information and password information from the information processing device, tenant information, a user name of a user belonging to the tenant of the tenant information, and Acquisition means for acquiring the address information of the user and storing it in a storage unit;
When the input screen is displayed, if the related information is stored in the storage unit, a user list using the user name is displayed on the input screen, and the user name is selected from the displayed user list. An information processing system comprising: an accepting unit that reads out the address information corresponding to the selected user name, accepts input of password information from the input screen without inputting the read address information . An information processing method executed by an information processing system including a service using device and one or more information processing devices that provide services to the service using device,
The service using device is
An authentication request step for making an authentication request to the information processing apparatus based on user identification information input on the input screen based on an authentication request from a user received on the input screen;
An acquisition step of acquiring related information associated with the user identification information from the information processing apparatus and storing it in a storage unit when authentication is permitted by the information processing apparatus;
When the input screen is displayed, if the related information is stored in the storage unit, a user list specified from the related information is displayed on the input screen, and the user is selected from the displayed user list. A receiving step of reading out a part of the user identification information from the related information corresponding to the selected user and receiving from the input screen an input of the read out information. Processing method. An authentication request means for making an authentication request to one or more information processing devices based on the user identification information input on the input screen based on the authentication request from the user received on the input screen;
An acquisition means for acquiring related information associated with the user identification information from the information processing apparatus and storing it in a storage unit when authentication is permitted by the information processing apparatus;
When the input screen is displayed, if the related information is stored in the storage unit, a user list specified from the related information is displayed on the input screen, and the user is selected from the displayed user list. And a reception unit that reads out a part of the user identification information from the related information corresponding to the selected user, and accepts input of the read out information from the input screen. Use device. Computer
Authentication request means for making an authentication request to one or more information processing devices based on the user identification information input on the input screen based on the authentication request from the user received on the input screen;
An acquisition unit that acquires related information associated with the user identification information from the information processing apparatus and stores the information in a storage unit when authentication is permitted by the information processing apparatus;
When the input screen is displayed, if the related information is stored in the storage unit, a user list specified from the related information is displayed on the input screen, and the user is selected from the displayed user list. A program for reading out a part of the user specifying information from the related information corresponding to the selected user and functioning as an accepting unit that accepts input of the read information omitted from the input screen.

Images