JP2022022283A - Image processing apparatus, control method thereof, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a mechanism for reducing user operations related to authentication, by suitably requesting setting of authorization information according to a setting state of the authorization information for user authorization and thereby enhancing security.

SOLUTION: There is provided an image processing apparatus which stores setting information per user on whether or not to force the user to set authorization information. Additionally, in the image processing apparatus, when receiving a login request from a user and in the case that the stored setting information indicates forced setting of authorization information, a setting screen for setting authorization information is displayed on a display part to cause the user to set authorization information. Further, the image processing apparatus executes login processing according to a setting state of the authorization information for the user.

SELECTED DRAWING: Figure 11

COPYRIGHT: (C)2022,JPO&INPIT

Description

The present invention relates to an image processing apparatus and a control method and program thereof.

As an image processing device, an MFP (Multifunction Peripheral) is known, which includes an image reading device, a printing device, and a communication device, and has an image processing application such as copying, printing, and transmitting a scanned image. Such an MFP is generally used by a plurality of users, and is provided with a user authentication function for limiting the usage function for each authenticated user and performing personalization. That is, in the MFP, a password (personal identification number) for each user is set for the MFP, and user authentication is performed by requesting the input of the password when the user logs in.

Further, there is known a simple login function in which an icon of a registered user is displayed on the menu screen of the MFP, and when the icon is selected, a login screen customized for the user is displayed. .. The simple login function does not require the input of a password, and the user can log in to the MFP simply by pressing the icon associated with the user. In Patent Document 1, as one function of the simple login function, there is a method of automatically registering a user by using a job owner name added to a print job instructed to print from a PC to a user ID for identifying an MFP user. Proposed.

Japanese Unexamined Patent Publication No. 2012-254618

However, the above-mentioned prior art has the following problems. In the above-mentioned prior art, in the login method of logging in to the information processing device after selecting a user from the user selection screen, it is assumed that each user must uniformly enter a password in order to log in. not. On the other hand, when the password input is mandatory, the password registration work of each user is indispensable, and it becomes necessary to request all users to perform troublesome operations. Therefore, when it is mandatory to enter a password, it is an issue to provide a method for easily performing registration work and the like. In addition, in the above simple login function, the user who has a password is required to enter the password at the time of login, but the user who has not set the password is not required to enter the password. Allows you to log in to. Therefore, there is room for improvement in security with the current simple login function.

The present invention has been made in view of the above-mentioned problems, and by appropriately requesting the setting of the authentication information according to the setting status of the authentication information in the user authentication, the security is improved and the present invention is related to the authentication. The purpose is to provide a mechanism to reduce user operations.

The present invention is an image processing device, which is a storage means for storing setting information as to whether or not to force the setting of authentication information for each user, a reception means for receiving a login request from the user, and a user by the reception means. When the login request from the user is received and the setting information stored in the storage means indicates that the setting of the authentication information is forced, the setting screen for setting the authentication information is displayed on the display unit and the user. The user is provided with a control means for setting the authentication information and an authentication means for executing a login process according to the setting status of the authentication information in the user.

According to the present invention, it is possible to improve security and reduce user operations related to authentication by suitably requesting the setting of the authentication information according to the setting status of the authentication information in the user authentication.

The system block diagram which concerns on the MFP 101 which concerns on one Embodiment. The block diagram which shows the hardware structure of the MFP 101 which concerns on one Embodiment. The block diagram which shows the structure of the software of the MFP 101 which concerns on one Embodiment. The figure which shows the management example of the user in the user authentication unit 302 which concerns on one Embodiment. A flowchart of user authentication according to an embodiment. The figure which shows the example of the user authentication screen which concerns on one Embodiment. The figure which shows the example of the DB of the operation setting of the password / password which concerns on one Embodiment. The figure which shows the example of the setting UI of the personal identification number which concerns on one Embodiment. The figure which shows the flow of the user automatic creation by the print job input which concerns on one Embodiment. The figure which shows the example of the table which manages the possibility of registration without setting the password for each registration entity which concerns on one Embodiment. (1) A flowchart for checking a required item for a personal identification number at the time of user registration according to an embodiment.

An embodiment of the present invention is shown below. The individual embodiments described below will help to understand various concepts such as superordinate, intermediate and subordinate concepts of the present invention. Further, the technical scope of the present invention is established by the scope of claims, and is not limited by the following individual embodiments.

<System configuration>
Hereinafter, an embodiment of the present invention will be described. First, the system configuration of the present embodiment will be described with reference to FIG. This system includes an MFP (Multifunction Peripheral) 101, which is an example of an image processing device, and a PC (Personal Computer) 102, which is an external device. These devices are communicably connected to each other via the LAN 100. In the present embodiment, the system configuration includes one MFP 101 and one PC 102, but this is merely an example and there is no intention of limiting the present invention. For example, a plurality of MFPs and PCs may be included, and other devices may be included.

The MFP 101 includes a printer, a scanner, and the like, and can print, copy, scan, and store and transmit scanned documents and the like. The PC 102 has access to the MFP 101 and sends a print job to the MFP 101 via the corresponding driver.

<Hardware configuration>
Next, the hardware configuration of the MFP 101 according to the present embodiment will be described with reference to FIG. The MFP 101 includes a control unit 200, an operation unit 209, a printer 210, and a scanner 211. Further, the control unit 200 includes a CPU 201, ROM 202, RAM 203, HDD 204, an operation unit I / F 205, a printer I / F 206, a scanner I / F 207, and a network I / F 208.

The control unit 200 including the CPU 201 controls the operation of the entire MFP 101. The CPU 201 reads a control program stored in the ROM 202 and performs various controls such as reading a document and transmitting image data. The RAM 203 is used as a temporary storage area such as a main memory and a work area of the CPU 201. The HDD 204 stores image data and various programs.

The operation unit I / F 205 connects the operation unit 209 functioning as a reception means and the control unit 200. The printer I / F 206 connects the printer 210 and the control unit 200. The image data to be printed by the printer 210 is transferred from the control unit 200 via the printer I / F 206, and is printed on the recording medium by the printer 210. The scanner I / F 207 connects the scanner 211 and the control unit 200. The scanner 211 reads an image on a document to generate image data, and inputs the image data to the control unit 200 via the scanner I / F 207. The network I / F 208 connects the control unit 200 (MFP101) to the LAN 100. The network I / F 208 transmits and receives various information (for example, receiving a print job from the PC 102) to and from an external device on the LAN 100.

<Software configuration>
Next, the software configuration of the MFP 101 according to the present embodiment will be described with reference to FIG. The MFP 101 includes a screen display management unit 301, a user authentication unit 302, a copy 310, a print 311 and a scan and transmission 312 as software configurations.

The screen display management unit 301 controls the screen displayed on the operation unit 209. The user authentication unit 302 manages a list of users who can use the MFP 101 and provides a UI for user authentication. The user authentication unit 302 has a simple login function. The simple login function is an operation screen customized for the user (after login) when the operation unit 209 displays an icon for each user as shown in FIG. 6 described later and the user presses his / her own icon. Screen) is a function to be displayed. If the selected user has set a password (password), the user is required to enter the password. In other words, users who have not set a password are allowed to log in without being required to enter the password. Therefore, the simple login function according to the present embodiment makes it possible to set whether or not to request the user to enter the password regardless of whether or not the user's password is set.

In addition, the simple login function includes an automatic registration function for automatically registering a logged-in user. The automatic registration function is a function for automatically registering a user corresponding to a user ID included in the job as a login user of the simple login function when a job is submitted to the image processing device. Details of the automatic registration function will be described later with reference to FIGS. 9 to 11.

According to the present embodiment, when a user is newly registered by the automatic registration function, the user is newly registered without setting a password even if the password (password) setting in the simple login function is ON. Tolerate. Then, when the new user logs in, the user is requested to set a password (S505 in FIG. 5). In addition, even when the administrator newly registers a user, it is allowed to newly register the user without setting a password. As in the case of the automatic registration function, when the new user logs in for the first time, the user is requested to set a password. On the other hand, when a user who is not an administrator manually registers a new user, it is required to set a password at the time of user registration. As described above, in the present invention, when the registration method of the new user is the registration by the administrator or the automatic registration, the password setting is not required at the timing of the registration of the new user, and the registration by the general user is new. A password setting is also required at the time of user registration.

Copy 310, print 311 and scan and transmit 312 are examples of applications running on the MFP 101. The copy 310 is an application that prints according to the image data obtained by scanning the original. The print 311 is an application that receives and holds a print job submitted from the PC 102, displays a list of jobs submitted by the logged-in user, and causes the user to confirm the contents and print. The scanning and transmitting 312 is an application for transmitting an image scanned by the scanner 211 to the outside by e-mail or the like.

<User table>
Next, the user table 400 managed by the user authentication unit 302 will be described with reference to FIG. The user table shown in FIG. 4 is an example, and there is no intention of limiting the present invention.

In the user table 400, a user ID (uid), a personal identification number, a password, an authority, an e-mail address (e-mail), and information on the last login date and time are defined for each registered user. "UID" is a user name for uniquely identifying the user. The "PIN" is a character string composed of only numbers used when performing user authentication when using the MFP 101 via the operation unit 209. The "password" is a character string used for user authentication when using the MFP 101 via the network. Although terms different from the personal identification number and password are used here, they are substantially the same quality and are authentication information for performing user authentication. The operation settings of the password and password are managed in the setting DB as shown in FIG.
"Authority" is information that controls the availability of functions that can be operated by the user. An administrator or the general public is registered in the "authority" information. "E-mail" indicates an e-mail address. "Last login date and time" indicates the date and time when the corresponding user logged in last time.

As shown in FIG. 4, in the user whose user ID is "suzuki", the password is not set and the user has not logged in yet, so the "last login date and time" is also blank.

<User authentication processing procedure>
Next, the user authentication processing procedure according to the present embodiment will be described with reference to FIG. The process described below is realized, for example, by the CPU 201 reading the control program stored in the ROM 202 or the HDD 204 into the RAM 203 and executing the control program.

In S501, when the screen display management unit 301 receives the login request to the MFP 101 from the user, the screen display management unit 301 displays the authentication screen provided by the user authentication unit 302 on the operation unit 209. When the user is accessing the MFP 101 via the PC 102 which is an external device, the screen may be displayed on the display unit of the PC 102. FIG. 6 shows an example of an authentication screen displayed on the operation unit 209 of the MFP 101 according to the present embodiment. On the user authentication screen 600, a button displaying the user ID of the user managed by the user authentication unit 302 is displayed so as to be selectable. The user authentication screen 600 is created based on the information in the user table 400 shown in FIG. Therefore, the buttons 601 to 603 corresponding to the user IDs registered in the user table 400 are included and displayed.

Next, in S502, the user authentication unit 302 accepts the user's selection for the buttons 601 to 603 via the user authentication screen 600 displayed on the operation unit 209. When the button is selected in S502, the process proceeds to S503, and the user authentication unit 302 determines whether or not the password has not been set. Specifically, the user authentication unit 302 determines that the personal identification number has not been set unless the personal identification number of the user corresponding to the selected button is defined in the user table 400. If the password is not set, the process proceeds to S504, and if it is set, the process proceeds to S508.

In S504, the user authentication unit 302 determines whether or not to force the user whose personal identification number has not been set to set the personal identification number. Specifically, the user authentication unit 302 refers to the setting table 700 shown in FIG. 7 in order to determine whether or not to force the setting of the personal identification number. The value is set in the setting table 700 for each of the plurality of setting items 701 to 704. In the setting item 701, whether or not to force the setting of the password is set. In the setting item 702, whether or not to allow the use of the default password is set. The minimum number of characters in the password is set in the setting item 703. In the example shown in FIG. 7, it is set to 8 characters. The password validity period is set in the setting item 704. It should be noted that these setting information can be performed by, for example, by an administrator, and a screen for accepting these settings may be displayed on the operation unit 209 and performed in advance. Although not shown, the setting screen may be any screen as long as it is possible to select whether or not to force the setting of the authentication information (password or password). Therefore, the operation unit 209 is an example of the setting means. Further, it is desirable that these setting information are preset as default values at the time of factory shipment of the product. In the example shown in FIG. 7, 90 days is set. The user authentication unit 302 refers to the setting item 701 and determines whether or not the setting for forcing the setting of the personal identification number is made. If you want to force the setting of the password, proceed to S505. If not, proceed to S507.

In S507, the user authentication unit 302 determines whether or not this is the first login. Specifically, the user authentication unit 302 determines that the last login date and time of the user is not defined in the user table 400, proceeds to S505, and if it is defined, the first login. It is determined that this is not the case, and the process proceeds to S508.

In S505, the screen display management unit 301 displays the password setting screen on the operation unit 209. FIG. 8 shows a password setting screen 800 displayed on the operation unit 209. The password setting screen 800 includes a password input area 801, a cancel button 802, and an OK button 803. The password is input to the password input area 801 by user input via a hardware key (not shown) or the like.
If the cancel button 802 is operated with the password input in the password input area 801, the screen of the operation unit 209 returns to the screen before displaying the password setting screen 800 without registering the password. On the other hand, if the OK button 803 is operated with the password entered in the password input area 801, the entered password is confirmed. According to the present embodiment, at the time of the first login or the like, the personal identification number setting screen 800 is displayed in S505 and the setting of the personal identification number (password) is requested. As a result, even if the registration entity omits the setting of the personal identification number or the like at the time of user registration in the automatic registration by the simple login function described later, it is possible to request the setting of the personal identification number or the like at the time of later login (S505). ).

Returning to the description of FIG. In S506, the user authentication unit 302 stores the password received via the password setting screen 800 in the user table 400, and proceeds to the process in S508. If it is determined in S507 that it is not the first login and the transition is made to S508, the input of the password is not required in the login process. Such a case is a case where the password is not set at the first login, and after that, the password and the password are not required to be entered at the time of login. The present invention is not limited to such control, and control may be performed so as to prohibit not setting a personal identification number or the like at the time of the first login.

In addition, when forcing the setting of the security code (password), it is controlled so that the "OK" button 803 cannot be selected in the state where the security code is not input in the security code input area 801 on the security code setting screen 800. You may.

Finally, in S508, the user authentication unit 302 executes the login process according to the set password and ends the process. The user authentication unit 302 requests the user to input authentication information such as a set password in the login process. In the present embodiment, it is determined whether or not the login is the first time when the setting of the password is not forced (S507), and the process is branched, but the present invention is not limited to this. For example, if the setting of the password is not forced, the setting and control may be provided so as to proceed to the login process of S508 as it is. In this case, the user authentication unit 302 does not require the input of the personal identification number (password) in the login process. Further, the user authentication unit 302 may control the login process so as not to allow the user to log in if the personal identification number or the like is required to be set but not set. It should be noted that such control may be switched according to the setting information.

<User registration when submitting a print job>
Next, with reference to FIGS. 9 to 11, user registration at the time of submitting a print job according to this embodiment will be described. The user authentication unit 302 provides a plurality of methods as a user registration method. For example, the user authentication unit 302 provides a function of performing user registration via an interface displayed on the operation unit 209 or an interface provided via the Web (input from the operation unit UI / Web UI). Further, as a function included in the simple login function, the user authentication unit 302 automatically uses a function for registering a user by importing user data and user information included in a print job received from an external device such as a PC 102. Provides the ability to register with.

In the following, the control and processing procedure of the automatic registration function in the simple login function will be described in detail. According to the present embodiment, the subject that can be registered can be different for each registration method. For example, all users can register themselves by "input from the operation unit UI / Web UI". Further, a user having the authority of "administrator" can register the user by "input from the operation unit UI / Web UI" and "import of user data". The "automatic registration using the user information included in the print job" is automatically performed by the user authentication unit 302 without the user performing an explicit registration operation. The registration procedure at the time of submitting the print job will be described later with reference to FIG.

Here, with reference to FIG. 9, "automatic registration using the user information included in the print job" will be described. The submitter information is added to the print job submitted from the PC 102 to the MFP 101. Upon receiving the print job, the print 311 transmits the inputter information to the user authentication unit 302 before processing the held print. The user authentication unit 302 registers the user with the received inputter information as the user ID. At the time of user registration, an item (essential item) that does not allow duplication with other users is checked (for example, a user ID).

In the setting table 700 shown in FIG. 7, when it is set to force the setting of the personal identification number, the personal identification number is a required item. However, the personal identification number should be set by the user. Therefore, according to the present embodiment, the user authentication unit 302 controls whether or not the personal identification number must be assigned to each registered entity at the time of registration operation according to the table 1000 shown in FIG. As shown in FIG. 10, the types of registered subjects include "administrator", "general user", and "system". In FIG. 10, when the "administrator" and the "system" are the registration bodies, the automatic registration is permitted without setting the password, and when the "general user" is the registration body, the registration body is set. Automatic registration is not possible. It should be noted that these settings can be performed by, for example, by an administrator, and a screen for accepting these settings is displayed on the operation unit 209 and performed in advance.

With reference to FIG. 11, a procedure for automatically registering the simple login function at the time of receiving a print job in the present embodiment will be described. The process described below is realized, for example, by the CPU 201 reading the control program stored in the ROM 202 or the HDD 204 into the RAM 203 and executing the control program.

In S1101, the user authentication unit 302 receives the user registration request. Subsequently, in S1102, the user authentication unit 302 determines whether or not the user authentication unit 302 is a registration entity that needs to set a personal identification number. For example, the user authentication unit 302 refers to the authority of the user, the setting table 700, and the table 1000, and determines whether or not the user is a user who needs to set a personal identification number. If it is not necessary to set the password (when the registration entity is the "administrator" or "system"), the process proceeds to S1103, and if necessary (when the registration entity is the "general user"), the process proceeds to S1104.

In S1103, the user authentication unit 302 automatically registers the user as a new registered user in the user table 400 by using the user information included in the print job without setting the password, and ends the process. do. On the other hand, in S1104, the user authentication unit 302 executes error processing and ends the processing without registering the user. In the error processing, the PC 102 may be notified that the user corresponding to the user information included in the print job cannot be registered.

As described above, the image processing apparatus according to the present embodiment stores the setting information of whether or not to force the setting of the authentication information for each user. Further, when the image processing device receives a login request from the user and indicates that the stored setting information forces the setting of the authentication information, the image processing device displays a setting screen for setting the authentication information on the display unit. And let the user set the authentication information. In addition, the image processing device executes a login process according to the setting status of the authentication information of the user. Further, the image processing device controls whether or not to automatically register the user according to the authority of the user who is the registration subject when the simple login function is automatically registered when the print job is received. As described above, according to the present embodiment, it is possible to suitably request the setting of the authentication information according to the setting status of the authentication information in the user authentication, and the user operation related to the authentication is reduced while improving the security. can do. Further, according to the present embodiment, it is possible to set to force all users to set the authentication information even in the case of the simple login function.

<Other embodiments>
The present invention supplies a program that realizes one or more functions of the above-described embodiment to a system or device via a network or storage medium, and one or more processors in the computer of the system or device reads and executes the program. It can also be realized by the processing to be performed. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.

100: LAN, 101: MFP, 102: PC, 200: Control unit, 201: CPU, 202: ROM, 203: RAM, 204: HDD, 205: Operation unit I / F, 206: Printer I / F, 207: Scanner I / F, 208: Network I / F, 209: Operation unit 209, 210: Printer, 211: Scanner

The present invention is an image processing device, and has a receiving means for receiving a login request from a user and a storage means for storing setting information as to whether or not to force the setting of authentication information, and the receiving means is used. When the login request is received, the display control of the setting screen for setting the authentication information is performed based on the setting information stored by the storage means.

Claims (12)

It is an image processing device
A storage means for storing the setting information of whether or not to force the setting of the authentication information for each user,
A reception means for accepting login requests from users,
When the reception means receives a login request from the user and indicates that the setting information stored in the storage means forces the setting of the authentication information, the setting screen for setting the authentication information is displayed on the display unit. A control means for displaying and causing the user to set the authentication information,
An image processing device including an authentication means for executing a login process according to a setting status of the authentication information in the user. When a print job for printing in the image processing device is received from an external device, a registration means for automatically registering the user according to the user information included in the print job is further provided.
The image processing apparatus according to claim 1, wherein the registration means controls whether or not to register the user according to the authority of the user. The storage means further stores information on whether or not to allow automatic registration by the registration means for each user's authority.
The registration means automatically registers the user when the information stored in the storage means permits the automatic registration for the authority of the user, and if not, the registration means automatically registers the user. The image processing apparatus according to claim 2, wherein the image processing apparatus is not automatically registered. Even if the setting information stored in the storage means does not indicate that the setting of the authentication information is forced, the control means displays the setting screen on the setting screen when the user is logged in for the first time. The image processing apparatus according to claim 2 or 3, wherein the image processing device is displayed on a display unit to cause the user to set the authentication information. The image processing apparatus according to claim 3, wherein the user's authority is set according to the type of the user. The claim means that the receiving means displays an icon for logging in for each registered user on the display unit, and receives a login request from a corresponding user by selecting the icon. The image processing apparatus according to any one of 1 to 5. The image processing according to any one of claims 1 to 6, wherein the authentication means requests a user to which the authentication information is set to input the authentication information in the login process. Device. The image processing apparatus according to claim 7, wherein the authentication means permits a user to whom the authentication information is not set to log in without requesting input of the authentication information in the login process. .. The authentication means does not allow a user to whom the authentication information is not set to log in when the setting information stored in the storage means forces the setting of the authentication information. The image processing apparatus according to claim 7. The image processing apparatus according to any one of claims 1 to 9, further comprising a setting means for setting whether or not to force the setting of authentication information for each user. It is a control method of an image processing device provided with a storage means for storing setting information of whether or not to force the setting of authentication information for each user.
The reception process for receiving login requests from users and the reception process
When the control means receives a login request from the user in the reception process and indicates that the setting information stored in the storage means forces the setting of the authentication information, the setting screen for setting the authentication information. Is displayed on the display unit to cause the user to set the authentication information, and
A control method for an image processing device, wherein the authentication means executes an authentication step of executing a login process according to a setting status of the authentication information in the user. A program for causing a computer to execute each step in a control method of an image processing apparatus including a storage means for storing setting information of whether or not to force the setting of authentication information for each user.
The reception process for receiving login requests from users and the reception process
When the control means receives a login request from the user in the reception process and indicates that the setting information stored in the storage means forces the setting of the authentication information, the setting screen for setting the authentication information. Is displayed on the display unit to cause the user to set the authentication information, and
A program characterized in that the authentication means executes an authentication process that executes a login process according to the setting status of the authentication information in the user.

Images