JP2019055591A - Printer, and control method of printer - Google Patents

Abstract

To make user authentication applicable also for execution of a job which is input from an external device to a compound machine, while maintaining compatibility with conventional driver software as much as possible, to make an authentication method selectable in accordance with an application policy in a user environment in which only user authentication is available, and further, to conform authentication methods between the external device and the compound machine.SOLUTION: In the case that a printer is set to restrict execution of printing processing without performing a first authentication processing, printing processing based on a printing command containing authentication information corresponding to a second authentication method is cancelled.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a technique for causing a multifunction peripheral to execute a job.

  Conventionally, when using an image forming apparatus, there is an office environment using department authentication (department management) for budget management for each group or department. However, with the recent increase in security awareness, the environment in which user authentication is used instead of department authentication is increasing. Further, there are more office environments in which job execution such as copying and scanning is permitted only when user authentication is performed.

  The authentication operation is performed by allowing the user to input authentication information (for example, a user name and a password) using a user interface such as a touch panel of the image forming apparatus and collating with a user information database registered in advance.

  In user authentication using the user interface of the image forming apparatus, first, an authentication screen is displayed, and screen control is performed so that each function screen is displayed after user authentication is completed, so that a job is executed after user authentication is always executed. It was possible.

  For this reason, in order to execute user authentication for a print job transmitted from an external device, the print job is temporarily stored in the image forming apparatus, and after executing user authentication from the user interface of the image forming apparatus, the print job There are also systems that initiate processing. It is also possible to use both user authentication and department authentication (Patent Document 1).

  On the other hand, when a job such as a print job, remote scan job, or fax transmission job is transmitted and executed by driver software from an external device such as a personal computer connected to the image forming apparatus via a network, department authentication is performed. Is used mainly, and user authentication is used in some driver software.

JP 2011-4087 A

  However, the conventional techniques have the following problems. Since the department authentication is performed by comparing the numerical department ID and the password for each department, the total number of combinations is smaller than that of the user authentication, and the security strength is low. On the other hand, conventional driver software that does not support user authentication can only use department authentication. For this reason, in order for the image forming apparatus to execute jobs while maintaining compatibility with conventional driver software, even if the authentication method set in the image forming apparatus is user authentication, the image forming apparatus is transmitted from an external device. Department authentication could be used for execution jobs. For this reason, there is a problem that a job execution path that is not user-authenticated remains. In addition, it is unfavorable in terms of security that the same authentication method as that executed by the user interface of the image forming apparatus cannot be applied to an execution job from an external device.

  The present invention has been made in view of such problems, and allows user authentication to be applied to the execution of a job input from an external device to the multifunction peripheral while maintaining compatibility with conventional driver software as much as possible. Provided is a technique for enabling an authentication method to be selected in accordance with an operation policy in a user environment such that only user authentication can be used. In addition, the authentication method is matched between the external device and the multifunction device.

  One aspect of the present invention is a printing apparatus, a receiving unit that receives a print command from an information processing apparatus via a network, a printing unit that performs a printing process according to the print command received by the receiving unit, and the receiving unit Accordingly, when a print command including authentication information corresponding to the first authentication method is received, a first authentication process corresponding to the first authentication method is executed, and authentication information corresponding to the second authentication method is executed. When the print command including the authentication command is received, the authentication unit that executes the second authentication process corresponding to the second authentication method, and the authentication unit succeeds in the first authentication process or the second authentication process. In this case, a control unit that causes the printing unit to execute a printing process according to the print command received by the receiving unit, and a printing process that is performed without performing the first authentication process. And setting means for setting to restrict, the control means is set by the setting means to restrict the execution of the printing process without performing the first authentication process, A printing process based on a print command including authentication information corresponding to the second authentication method received by the receiving unit is canceled.

  According to the configuration of the present invention, while maintaining compatibility with conventional driver software as much as possible, user authentication can be applied to the execution of a job input from an external device to the MFP, and only user authentication can be used. The authentication method can be selected according to the operation policy in the user environment. In addition, the authentication method can be matched between the external device and the multifunction peripheral.

The figure which shows the structural example of an information processing system. 2 is a block diagram illustrating a configuration example of an MFP 101. FIG. The block diagram which shows the structural example of PC102. 5 is a flowchart of processing performed by the MFP 101. The figure which shows the structural example of GUI500. The figure which shows the structural example of GUI600. 6 is a diagram illustrating an example of job execution permission control by the MFP 101. FIG. The figure which shows the structural example of GUI800. The flowchart of the process which PC102 performs.

  Preferred embodiments of the present invention will be described below with reference to the accompanying drawings. The embodiment described below shows an example when the present invention is specifically implemented, and is one of the specific examples of the configurations described in the claims.

[First Embodiment]
First, a configuration example of the information processing system according to the present embodiment will be described with reference to FIG. As shown in FIG. 1, the information processing system according to the present embodiment includes a PC (personal computer) 102 that functions as an information processing apparatus, and an MFP (Multi Function Peripheral) 101 that is a multifunction machine having a printer and a scanner. . The PC 102 and the MFP 101 are connected via the network 110 and can perform data communication with each other. This network 110 may be wired or wireless.

  Next, a configuration example of the MFP 101 will be described with reference to the block diagram of FIG.

  The communication unit 201 includes a known communication interface, and performs data communication with the PC 102 via the network 110 described above. For example, the communication unit 201 receives from the PC 102 a print job including a print command and print data, a scan job including a scan parameter, a FAX transmission job including FAX transmission destination information, and the like.

  The reading unit 202 reads information printed on a recording medium such as paper and outputs the result of the reading as an image.

  The control unit 203 has a configuration for storing computer programs and data, such as a CPU, RAM, ROM, HDD (hard disk drive) (not shown), a configuration for executing processing using the computer programs and data, Have For example, the CPU controls the operation of each functional unit constituting the MFP 101 by developing and executing computer programs and data stored in the ROM and HDD on the RAM, and performs processing described below as what the MFP 101 performs. Realize.

  The input image processing unit 204 performs various image processing (for example, shading correction processing, MTF correction processing, etc.) on the image output as a reading result from the reading unit 202, and outputs an image processed image.

  The output image processing unit 205 performs various image processes on the image processed by the input image processing unit 204 and the print data in the print job received by the communication unit 201 from the PC 102. Examples of the image processing by the output image processing unit 205 include rasterization processing, monochrome processing, monocolor processing, additional image composition processing, and halftone processing.

  The operation unit 206 includes a functional unit for displaying a processing result by the control unit 203 as an image or a character, such as a touch panel screen or a hard key, a functional unit that a user operates to input various operation instructions, Have

  The printing unit 207 performs printing on a recording medium such as paper based on a print job. The printing unit 207 may use ink or may use toner. In other words, in the present embodiment, the printing unit 207 may have any configuration as long as printing can be performed on a recording medium such as paper.

  The authentication unit 208 performs user authentication, which is authentication using information unique to the user, and authentication using information specific to the group to which the user belongs (hereinafter referred to as “department”) (eg, department ID and password). One of the group authentications selected by processing to be described later is executed.

  A FAX communication unit 209 performs FAX communication through a telephone line or the like, and transmits / receives a FAX document to / from a communication partner apparatus.

  Next, a configuration example of the PC 102 will be described with reference to the block diagram of FIG.

  The communication unit 301 includes a known communication interface, and performs data communication with the MFP 101 via the network 110 described above. For example, the communication unit 301 transmits a print job including a print command and print data, a scan job including a scan parameter, a FAX transmission job including FAX transmission destination information, and the like to the MFP 101.

  The control unit 302 has a configuration for storing computer programs and data, such as a CPU, RAM, ROM, HDD (hard disk drive) (not shown), a configuration for executing processing using the computer programs and data, Have For example, the CPU controls the operation of each functional unit constituting the PC 102 by executing the computer program and data stored in the ROM or HDD on the RAM, and executes each process described later as what the PC 102 performs. Realize. This computer program includes driver software for the MFP 101.

  The command processing unit 303 generates a command for causing the MFP 101 to execute a print job, a scan job, and a FAX transmission job, and interprets the command received from the MFP 101 by the communication unit 301.

  The operation unit 305 is configured by a mouse, a keyboard, and the like, and can input various instructions to the control unit 302 when operated by the user of the PC 102. The display unit 306 is configured by a CRT, a liquid crystal screen, or the like, and can display a processing result by the control unit 302 with an image, text, or the like.

  Next, processing performed by the PC 102 for transmitting various jobs as described above to the MFP 101 will be described with reference to FIG. 9 showing a flowchart of the processing. The process according to the flowchart of FIG. 9 is a process performed when the control unit 302 executes the driver software of the MFP 101 described above.

  Here, before performing the processing according to the flowchart of FIG. 9, the MFP 101 performs the following settings in advance using the GUI (Graphical User Interface) shown in FIGS.

Setting whether or not user authentication is essential to execute a job transmitted from the PC 102 (first setting)
Setting whether or not group authentication is essential to execute a job sent from the PC 102 (second setting)
A GUI 500 illustrated in FIG. 5 is a GUI for performing the second setting. When the user inputs an instruction to perform the second setting by operating the operation unit 206, the control unit 203 illustrated in FIG. The GUI 500 is displayed on the operation unit 206 (touch panel screen).

  When the user operates the operation unit 206 to set the check box 501 on the GUI 500 to a check state (validate), the control unit 203 sets to prohibit group authentication. On the other hand, when the user operates the operation unit 206 to uncheck (invalidate) the check box 501 on the GUI 500, the control unit 203 sets to permit group authentication.

  In the initial setting, even when the authentication method set in the MFP 101 is user authentication, the check box 501 is not checked and group authentication is permitted, with an emphasis on compatibility with driver software running on the PC 102. In general, department authentication, which is group authentication, is authentication using a department ID and a personal identification number. For example, compared to user authentication using a user name and password including alphanumeric characters and symbols, the security strength related to authentication is low. Therefore, the check box 501 can be checked to increase the security strength of authentication.

  It should be noted that activation of the GUI 500 and operation input to the GUI 500 can be performed only when there is an administrator authority of the MFP 101. Further, it is assumed that the PC 102 can acquire the result set using the GUI 500 via the network 110.

  A GUI 600 illustrated in FIG. 6 is a GUI for performing the first setting, and when the user inputs an instruction to perform the first setting by operating the operation unit 206, the control unit 203 illustrated in FIG. The GUI 600 is displayed on the operation unit 206 (touch panel screen).

  When the user operates the operation unit 206 to set the check box 601 on the GUI 600 to the checked state (validate), the control unit 203 indicates that “user authentication is essential to execute the job received from the PC 102. Is set. On the other hand, when the user operates the operation unit 206 to uncheck (invalidate) the check box 601 on the GUI 600, the control unit 203 indicates that “user authentication is not required to execute the job received from the PC 102. "Is set. If the check box 601 is enabled and a job that cannot be authenticated by the user is received from the PC 102, the control unit 203 sets the job process to an error and records an error history.

  Note that activation of the GUI 600 and operation input to the GUI 600 can be performed only when there is an administrator authority of the MFP 101. Further, it is assumed that the PC 102 can acquire the result set using the GUI 600 via the network 110.

  In step S <b> 1101, the control unit 302 determines whether the content (device configuration information) set on the MFP 101 using the GUIs 500 and 600 has already been acquired from the MFP 101. As a result of this determination, if it has been acquired, the process proceeds to step S1102, and if it has not been acquired, the process proceeds to step S1105.

  Note that the device configuration information is not limited to the contents set using both the GUIs 500 and 600, and any of the contents set in each of the GUIs 500 and 600 is valid (check box is validated). It does not matter if this is shown. Further, the device configuration information may further include other information, and may include information such as the paper feed tray configuration and option configuration, and setting values related to the authentication method and authentication algorithm.

  In step S1102, the control unit 302 refers to the device configuration information and determines whether the first setting is valid (user authentication is required to execute a job received from the PC 102). Determine whether. If the result of this determination is that it is valid, the process proceeds to step S1103, and if it is not valid, the process proceeds to step S1104.

  In step S1103, the control unit 302 selects user authentication as an authentication method to be performed before job execution on the MFP 101 side, and causes the display unit 306 to display the GUI 800 illustrated in FIG. The GUI 800 is a GUI for setting a user name and a password used for user authentication.

  An area 801 is an area for inputting a user name, and the user can input a desired user name in the area 801 by operating the operation unit 305. An area 802 is an area for inputting a password, and the user can input a desired password in the area 802 by operating the operation unit 305.

  In addition, when the user operates the operation unit 305 to instruct the button 803, the control unit 302 acquires the ID (department ID) of the department corresponding to the user name (the department to which the user belongs) from the MFP 101. Display on the GUI 800. In FIG. 8, the department ID acquired and displayed is “1111”.

  Then, when the user operates the operation unit 305 to input a user name and password on the GUI 800 and designates an “OK” button, the control unit 302 controls the command processing unit 303 to execute the command {authentication method = user Authentication, user name = user name input in area 801, password = password input in area 802} is generated. Then, the control unit 302 controls the communication unit 301 to transmit this command to the MFP 101 to make a job execution request accompanied by user authentication processing.

  Note that there are two types of execution timing of authentication processing exchanged between the PC 102 and the MFP 101. One is for the MFP 101 to perform authentication processing when a job is received. The other is to perform authentication processing prior to job execution. In the latter case, since the authentication result is obtained before the job submission is executed, it is possible to avoid job submission that causes authentication failure. However, in this case, since it is assumed that the authentication result for the authentication command is notified from the MFP 101, the MFP 101 is not used in an environment where communication from the MFP 101 to the PC 102 is difficult.

  However, the configuration of the command to be transmitted may be changed as appropriate according to the case. Further, a part or all of the command may be encoded or encrypted before being transmitted to the MFP 101.

  The setting of the user name and password using the GUI 800 is not limited to being performed at this time, but may be performed immediately before the transmission of the job, or may be performed in advance before starting the processing according to the flowchart of FIG. It does not matter if you leave it. Note that the department ID is associated with the user name input in the area 801 of the GUI 800 by the job processing in the MFP 101 and counted up to the department counter.

  On the other hand, in step S1104, the control unit 302 refers to the device configuration information and determines whether the second setting is valid (group authentication is prohibited). If the result of this determination is that it is valid, the process proceeds to step S1103, and if it is not valid, the process proceeds to step S1105.

  In step S1105, the control unit 302 displays a GUI (not shown) for selecting either user authentication or group authentication on the display unit 306, and waits for a selection instruction from the user. If the user operates the operation unit 305 to select user authentication, the process proceeds to step S1103 via step S1106. If group authentication is selected, the process proceeds to step S1107 via step S1106. move on.

  In step S1107, the control unit 302 selects group authentication as an authentication method to be performed before job execution on the MFP 101 side, and displays a GUI (authentication information input GUI) (not shown) for setting authentication information used for group authentication. It is displayed on the display unit 306. When the user operates the operation unit 305 to input authentication information on the authentication information input GUI and then designates an “OK” button, the control unit 302 controls the command processing unit 303 to execute the command {authentication method. = Group authentication, authentication information = authentication information input using the authentication information input GUI} is generated. Then, the control unit 302 controls the communication unit 301 to transmit this command to the MFP 101 to make a job execution request with group authentication.

  The setting of the authentication information using the authentication information input GUI is not limited to being performed at this time, and may be performed immediately before the transmission of the job, and may be performed in advance before starting the processing according to the flowchart of FIG. You may make it go.

  Note that step S1105 and step S1106 may be omitted from the flowchart of FIG. In such a case, if the second setting is not valid as a result of the determination in step S1104, the process proceeds to step S1107.

  Next, processing performed by the MFP 101 that has received the command transmitted by the PC 102 will be described with reference to FIG. 4 showing a flowchart of the processing. Note that the command received by the MFP 101 is not necessarily the command generated by the PC 102 according to the flowchart of FIG.

  In step S1201, the control unit 203 controls the communication unit 201 to receive a command transmitted from the PC 102, and determines whether the authentication method in the received command is “user authentication”. If the result of this determination is “user authentication”, the process proceeds to step S1202, and if it is not “user authentication”, the process proceeds to step S1203.

  When the process proceeds from step S1201 to step S1202, in step S1202, the control unit 203 controls the authentication unit 208, and the user name and password in the command are registered in advance in the control unit 203. A so-called user authentication process for determining whether or not the passwords match each other is executed. If they match as a result of the user authentication process, the control unit 203 determines that the user authentication is successful, and executes a job attached to the command or a job transmitted from the PC 102 following the command. When a job is executed by user authentication, the department counter is counted up using a department ID preset for the authenticated user. On the other hand, if they do not match, the control unit 203 determines that the user authentication has failed, and controls the communication unit 201 to notify the PC 102 that the user authentication has failed.

  On the other hand, in step S1203, the control unit 203 determines whether or not the authentication method in the command received in step S1201 is “group authentication”. If the result of this determination is “group authentication”, processing proceeds to step S1204. On the other hand, if it is not “group authentication”, since authentication is not specified in this command, or an authentication method other than user authentication and group authentication is specified, the process advances to step S1202.

  When the process proceeds from step S1203 to step S1202, in step S1202, the control unit 203 executes a job attached to the command or a job transmitted from the PC 102 following the command. Of course, the processing content in step S1202 in this case is not limited to this. Authentication is performed according to the authentication method specified in the command, and if the authentication is successful, the job is executed. You may make it notify to.

  In step S1204, the control unit 203 has the first setting set using the GUI 600 of FIG. 6 valid (set to require user authentication to execute a job received from the PC 102). Determine whether or not. As a result of this determination, if it is valid, the process proceeds to step S1206, and if not valid, the process proceeds to step S1205.

  In step S <b> 1206, the control unit 203 cancels the error without executing the job because the job execution in which the authentication method restricted as the setting of the MFP 101 is specified is requested. Then, the control unit 203 controls the communication unit 201 to notify the PC 102 that the job cannot be executed.

  In step S1205, the control unit 203 determines whether or not the second setting set using the GUI 500 of FIG. 5 is valid (group authentication is prohibited). If the result of this determination is that it is valid, the process proceeds to step S1206, and if it is not valid, the process proceeds to step S1202.

  When the process proceeds from step S1205 to step S1202, in step S1202, the control unit 203 controls the authentication unit 208, and group authentication authentication information in the command is registered in the control unit 203 in advance. So-called group authentication processing is executed to determine whether or not the authentication information matches. As a result of the group authentication process, if they match, the control unit 203 determines that the group authentication is successful, and executes a job attached to the command or a job transmitted from the PC 102 following the command. On the other hand, if they do not match, the control unit 203 determines that group authentication has failed, and controls the communication unit 201 to notify the PC 102 that group authentication has failed.

  Next, job execution enable / disable control by the MFP 101 corresponding to the combination of settings using the GUIs 500 and 600 on the MFP 101 side and the authentication method specified by the command generated on the PC 102 side will be described with reference to FIG. .

  If the first setting set using the GUI 600 is valid, the MFP 101 executes the job if the command from the PC 102 specifies user authentication regardless of the second setting set using the GUI 500. Is permitted (acceptable), and if the command from the PC 102 specifies group authentication, job execution is prohibited (not acceptable).

  If the first setting set using the GUI 600 is invalid and the second setting set using the GUI 500 is also invalid, the MFP 101 has specified either user authentication or group authentication as a command from the PC 102. The job execution is permitted (accepted).

  If the first setting set using the GUI 600 is invalid and the second setting set using the GUI 500 is valid, the MFP 101 executes a job when the command from the PC 102 specifies user authentication. Is permitted (acceptable), and if the command from the PC 102 specifies group authentication, job execution is prohibited (not acceptable).

  As described above, according to the present embodiment, the MFP 101 can suppress the execution of jobs that are not user-authenticated according to the settings by the GUIs 500 and 600. Therefore, the user authentication method set in the MFP 101 and the authentication method applied to job execution from the PC 102 can be matched.

  Further, the PC 102 can select an appropriate authentication method according to the contents set using the GUI 500 or 600 on the MFP 101 side, generate a command indicating the authentication method, and transmit the command to the MFP 101. Furthermore, compatibility with conventional driver software that can use only group authentication can be maintained by changing the setting of the MFP 101.

(Other examples)
The present invention can also be realized by executing the following processing. That is, software (program) that realizes the functions of the above-described embodiments is supplied to a system or apparatus via a network or various storage media, and a computer (or CPU, MPU, or the like) of the system or apparatus reads the program. It is a process to be executed.

  201: Communication unit 202: Reading unit 203: Control unit 204: Input image processing unit 205: Output image processing unit 206: Operation unit 207: Printing unit 208: Authentication unit 209: FAX communication unit

Claims (9)

A printing device,
Receiving means for receiving a print command from the information processing apparatus via a network;
Printing means for performing a printing process in accordance with the print command received by the receiving means;
When the receiving unit receives a print command including authentication information corresponding to the first authentication method, the first authentication process corresponding to the first authentication method is executed, and the second authentication method is supported. An authentication unit that executes a second authentication process corresponding to the second authentication method when a print command including authentication information to be received is received;
Control means for causing the printing means to execute a printing process in accordance with a print command received by the receiving means when the first authentication processing or the second authentication processing is successful by the authentication means;
Setting means for setting to restrict execution of print processing without performing the first authentication processing;
When the setting unit is set to restrict the execution of the printing process without performing the first authentication process, the control unit receives the second authentication received by the receiving unit. A printing apparatus that cancels a print process based on a print command including authentication information corresponding to a method.   The printing apparatus according to claim 1, wherein the first authentication method is user authentication, and the second authentication method is group authentication. The authentication information corresponding to the first authentication method includes user identification information for identifying a user,
The printing apparatus according to claim 2, wherein the authentication information corresponding to the second authentication method includes group identification information for identifying a group.   The control unit is set by the setting unit to restrict execution of the printing process without performing the first authentication process, and corresponds to the second authentication method by the receiving unit. The printing apparatus according to claim 1, wherein the second authentication process is executed when a print command including authentication information to be received is received.   The printing apparatus according to claim 1, wherein the receiving unit receives print data together with a print command, and the printing unit performs print processing based on the print data.   The printing apparatus according to claim 1, wherein the control unit cancels the printing process when the first authentication process or the second authentication process fails.   When the print command received by the receiving unit includes neither authentication information corresponding to the first authentication method nor authentication information corresponding to the second authentication method, the control unit prints The printing apparatus according to claim 1, wherein the processing is cancelled. A method for controlling a printing apparatus,
A receiving step in which the receiving unit of the printing apparatus receives a print command from the information processing apparatus via a network;
A printing step in which the printing means of the printing apparatus performs a printing process in accordance with the print command received in the receiving step;
When the authentication unit of the printing apparatus receives a print command including authentication information corresponding to the first authentication method in the receiving step, the first authentication process corresponding to the first authentication method is executed. An authentication step of executing a second authentication process corresponding to the second authentication method when a print command including authentication information corresponding to the second authentication method is received;
Control for causing the printing unit to execute a printing process according to the print command received in the receiving step when the control unit of the printing apparatus succeeds in the first authentication process or the second authentication process in the authentication step. Process,
A setting step for setting that the setting unit of the printing apparatus restricts execution of the printing process without performing the first authentication process,
In the control step, the second authentication received in the reception step when the setting step is set to restrict the execution of the printing process without performing the first authentication process. A printing apparatus control method, comprising: canceling a printing process based on a print command including authentication information corresponding to a method.   A computer program for causing a computer of a printing apparatus to execute each step of the printing apparatus control method according to claim 8.

Images