JP2023078938A - Information processing device, management method, and program - Google Patents

Abstract

To provide an information processing device, a management method, and a program that in a case where management information based on processing performed by an apparatus is output to an administrator, prevent leakage of the management information.SOLUTION: In an apparatus management system, a server 5 which is an information processing device that manages management information based on processing performed by an apparatus includes: a history information collection unit 53 that generates an unspecifiable history for which contents of the processing cannot be specified from processing history information collected from the apparatus and a specifiable history for which the contents of the processing can be specified; an authentication unit 51 that authenticates an administrator in response to a request; and a management information output unit 56 that in accordance with authority of the administrator obtained by authentication, outputs management information including the unspecifiable history or management information including the specifiable history to a request source.SELECTED DRAWING: Figure 4

Description

The present invention relates to an information processing device, management method and program.

A conventional equipment management system collects management information about the contents of processing performed by equipment. The device administrator can view the management information for the purpose of auditing information leakage.

For example, Japanese Patent Application Laid-Open No. 2002-200002 discloses a print log collection system that collects print logs of document data, thereby facilitating investigation of the route and cause of information leakage in the event of information leakage.

However, there is a problem that information leakage may occur when the management information is output to the administrator. For example, in a device usage pattern in which the device administrator and the device user belong to different organizations, if the device administrator can view the management information, there is a risk that the device user's personal information or business content may be leaked to the device administrator. be.

One embodiment of the present invention is to output management information according to the authority of an administrator in view of the above technical problems.

In order to solve the above problems, an information processing apparatus according to one embodiment of the present invention is an information processing apparatus that manages management information based on processing performed by a device, and authenticates an administrator in response to a request. An authentication unit and a management information output unit for outputting management information to a request source according to the authority of the administrator obtained by the authentication are provided.

According to one embodiment of the present invention, management information can be output according to the authority of the administrator.

It is a figure which illustrates the whole structure of the equipment management system in one embodiment. It is a figure which illustrates the hardware constitutions of the computer in one embodiment. 1 is a diagram illustrating the hardware configuration of an MFP in one embodiment; FIG. It is a figure which illustrates the functional composition of the equipment management system in a 1st embodiment. It is a figure which shows an example of the administrator information table in one embodiment. It is a figure which shows an example of the belonging organization management table in one Embodiment. FIG. 4 is a diagram showing an example of an intra-organization ID management table in one embodiment; It is a figure which shows an example of the anonymization ID management table in one Embodiment. It is a figure which illustrates the processing procedure of the management method in 1st Embodiment. FIG. 11 is a diagram showing an example of a history information saving setting table according to one embodiment; FIG. It is a figure which shows an example of the identifiable history and the identifiable history in one embodiment. FIG. 10 is a diagram illustrating an example of a management screen for device administrators in one embodiment; FIG. 4 is a diagram illustrating an example of a management screen for organization administrators in one embodiment; It is a figure which illustrates the functional structure of the equipment management system in 2nd Embodiment. It is a figure which illustrates the processing procedure of the management method in 2nd Embodiment.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the drawings, constituent parts having the same function are denoted by the same numbers, and redundant explanations are omitted.

[First embodiment]
The device management system according to the first embodiment of the present invention controls the contents of the output management information according to the authority of the manager when outputting the management information based on the processing performed by the device to the administrator. do. The device management system according to the first embodiment sets administrator's authority by assigning a role that defines a manageable range to the administrator. That is, by changing the operation according to the administrator's role, control according to the authority of the administrator is realized. The management information output by the device management system includes either or both of status information indicating the state of the device managed by the device management system and history information about the details of processing performed by the device.

In the first embodiment, a device usage pattern is assumed in which the organization that manages the device and the organization that uses the device are different. As such a form of use, for example, there is a co-working space in which a facility in which equipment is installed is rented out to a large number of users to share the equipment. In the coworking space, the device administrator who manages the devices and the device users who use the devices belong to different organizations. Therefore, if the device administrator can view the details of the processing performed by the device, there is a possibility that, for example, the personal information of the device user or information related to the business content will be leaked. Moreover, if the device user can view the status information about the device, it may lead to information security risks, for example.

Therefore, the device management system according to the first embodiment prevents the device manager from viewing history information that can specify the details of the processing performed by the device. In addition, the administrator of the organization to which the device user belongs (hereafter referred to as "organization administrator") is prohibited from viewing status information about the device and history information about device users belonging to other organizations. do.

In the first embodiment, a configuration will be described in which a device administrator and an organization administrator are defined as administrator roles. However, these roles are only examples, and any role may be defined as long as it is desirable to make the management information that can be viewed different.

<Overall Configuration of Device Management System 1>
FIG. 1 is a diagram showing the overall configuration of a device management system 1 that is an embodiment of the invention. As shown in FIG. 1, the device management system 1 includes, for example, a server 5, a PC (Personal Computer) 6 and a plurality of devices 9 (9-1 to 9-5).

Some of the devices 9-1 to 9-3 of the plurality of devices 9 are installed, for example, in the first coworking space 200-1. Some of the devices 9-4 to 9-5 among the plurality of devices 9 are installed in the second coworking space 200-2, for example. The server 5 is installed in a remote location such as a data center, for example, but may be installed in any of the coworking spaces 200 where the devices 9 are installed. The PC 6 is, for example, installed at the same remote location as the server 5, but may be installed either in the coworking space 200 where the device 9 is installed, or may be installed at a location other than these.

Although FIG. 1 shows an example in which there are five devices 9, the number of devices 9 is not limited, and may be any number as long as it is one or more. Also, although FIG. 1 shows an example in which there are two coworking spaces 200, the number of coworking spaces 200 is not limited, and may be any number of places as long as it is one or more. Furthermore, in FIG. 1, three devices 9-1 to 9-3 are installed in the first coworking space 200-1, and two devices 9-4 to 9-3 are installed in the second coworking space 200-2. 5 is installed, the number of devices 9 installed in each coworking space 200 is not limited, and one or more devices 9 may be installed in one coworking space 200. Just do it.

The server 5, PC 6 and device 9 are connected to a communication network 100 respectively. Communication network 100 is configured so that connected devices can communicate with each other. The communication network 100 is constructed by a wired communication network such as the Internet, a LAN (Local Area Network), or a WAN (Wide Area Network). The communication network 100 includes not only wired communication but also wireless communication such as wireless LAN, short-range wireless communication, 3G (3rd Generation), WiMAX (Worldwide Interoperability for Microwave Access), or LTE (Long Term Evolution), or mobile communication. A communication network may be included.

The server 5 and PC 6 are, for example, computers. Here, the server 5 is an example of an information processing device. The device 9 is, for example, an image forming apparatus (for example, MFP (Multifunction Peripheral/Product/Printer)). Note that the server 5 and the PC 6 are not limited to computers as long as they are devices having a communication function. Further, the device 9 is not limited to an image forming device as long as it is a device having a communication function. The server 5, the PC 6, and the device 9 are, for example, a PJ (Projector), an IWB (Interactive White Board: a whiteboard having an electronic blackboard function capable of mutual communication), an output device such as a digital signage, a HUD (Head Up Display) equipment, industrial machinery, imaging equipment, sound collecting equipment, medical equipment, network home appliances, automobiles (connected cars), notebook PCs (personal computers), mobile phones, smartphones, tablet terminals, game consoles, PDA (Personal Digital Assistant) , a digital camera, a wearable PC, a desktop PC, or the like.

<Hardware configuration of each device included in the device management system 1>
<<Computer hardware configuration>>
FIG. 2 is a hardware configuration diagram of the server 5 and the PC 6 when constructed by a computer. As shown in FIG. 2, the server 5 and the PC 6 include a CPU 501, a ROM 502, a RAM 503, an HD 504, a HDD (Hard Disk Drive) controller 505, a display 506, an external device connection I/F (Interface) 508, a network I/ F 509 , bus line 510 , keyboard 511 , pointing device 512 , DVD-RW (Digital Versatile Disk Rewritable) drive 514 and media I/F 516 .

Among these, the CPU 501 controls the operations of the server 5 and the PC 6 as a whole. The ROM 502 stores programs used to drive the CPU 501 such as IPL. A RAM 503 is used as a work area for the CPU 501 . The HD 504 stores various data such as programs. The HDD controller 505 controls reading or writing of various data to/from the HD 504 under the control of the CPU 501 . A display 506 displays various information such as cursors, menus, windows, characters, or images. The external device connection I/F 508 is an interface for connecting various external devices. The external device in this case is, for example, a USB (Universal Serial Bus) memory, a printer, or the like. A network I/F 509 is an interface for data communication using the communication network 100 . A bus line 510 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 501 shown in FIG.

Also, the keyboard 511 is a kind of input means having a plurality of keys for inputting characters, numerical values, various instructions, and the like. A pointing device 512 is a kind of input means for selecting and executing various instructions, selecting a processing target, moving a cursor, and the like. A DVD-RW drive 514 controls reading or writing of various data to a DVD-RW 513 as an example of a removable recording medium. It should be noted that not only DVD-RW but also DVD-R or the like may be used. A media I/F 516 controls reading or writing (storage) of data to a recording medium 515 such as a flash memory.

<<Hardware Configuration of MFP>>
FIG. 3 is a hardware configuration diagram of the device 9 constructed by an MFP. As shown in FIG. 3, the device 9 includes a controller 910, a short-range communication circuit 920, an engine control section 930, an operation panel 940, and a network I/F 950.

Among these, the controller 910 includes a CPU 901, a system memory (MEM-P) 902, a north bridge (NB) 903, a south bridge (SB) 904, an ASIC (Application Specific Integrated Circuit) 906, a storage unit, which is the main part of the computer. A local memory (MEM-C) 907 , an HDD controller 908 , and an HD 909 as a storage unit, and the NB 903 and ASIC 906 are connected by an AGP (Accelerated Graphics Port) bus 921 .

Among these, the CPU 901 is a control unit that performs overall control of the device 9 . The NB 903 is a bridge for connecting the CPU 901, the MEM-P 902, the SB 904, and the AGP bus 921, and is a memory controller that controls reading and writing with respect to the MEM-P 902, a PCI (Peripheral Component Interconnect) master, and an AGP target. have

The MEM-P 902 is composed of a ROM 902a, which is a memory for storing programs and data for realizing each function of the controller 910, and a RAM 902b, which is used as a drawing memory for expanding the programs and data and for memory printing. The program stored in the RAM 902b is configured to be provided by being recorded in a computer-readable recording medium such as a CD-ROM, CD-R, DVD, etc. as a file in an installable format or an executable format. You may

SB 904 is a bridge for connecting NB 903 with PCI devices and peripheral devices. The ASIC 906 is an image processing IC (Integrated Circuit) having hardware elements for image processing, and serves as a bridge that connects the AGP bus 921, PCI bus 922, HDD 908 and MEM-C 907, respectively. This ASIC 906 includes a PCI target and AGP master, an arbiter (ARB) that forms the core of the ASIC 906, a memory controller that controls the MEM-C 907, and multiple DMACs (Direct Memory Access Controllers) that perform image data rotation, etc. by hardware logic. , and a PCI unit that transfers data between the scanner unit 931 and the printer unit 932 via the PCI bus 922 . Note that the ASIC 906 may be connected to a USB (Universal Serial Bus) interface or an IEEE 1394 (Institute of Electrical and Electronics Engineers 1394) interface.

MEM-C 907 is a local memory used as an image buffer for copying and an encoding buffer. The HD 909 is a storage for accumulating image data, accumulating font data used for printing, and accumulating forms. The HD 909 controls reading or writing of data to or from the HD 909 under the control of the CPU 901 . The AGP bus 921 is a bus interface for graphics accelerator cards proposed to speed up graphics processing, and can speed up the graphics accelerator card by directly accessing the MEM-P 902 with high throughput. .

The near field communication circuit 920 also includes a near field communication circuit 920a. The short-range communication circuit 920 is a communication circuit for NFC, Bluetooth, or the like.

Furthermore, the engine control section 930 is configured by a scanner section 931 and a printer section 932 . The operation panel 940 displays a current setting value, a selection screen, and the like, and a panel display unit 940a such as a touch panel for receiving input from an operator, and setting values for image forming conditions such as density setting conditions. An operation panel 940b is provided which includes a numeric keypad for accepting a copy start instruction, a start key for accepting a copy start instruction, and the like. The controller 910 controls the entire device 9, such as drawing, communication, and input from the operation panel 940, for example. The scanner unit 931 or printer unit 932 includes an image processing part such as error diffusion and gamma conversion.

Note that the device 9 can switch and select the document box function, the copy function, the printer function, and the facsimile function in sequence using the application switching key on the operation panel 940 . The document box mode is set when the document box function is selected, the copy mode is set when the copy function is selected, the printer mode is set when the printer function is selected, and the facsimile mode is set when the facsimile mode is selected.

Network I/F 950 is an interface for data communication using communication network 100 . A short-range communication circuit 920 and a network I/F 950 are electrically connected to the ASIC 906 via a PCI bus 922 .

<Functional configuration of each device included in the device management system 1 in the first embodiment>
FIG. 4 is a diagram showing the functional configuration of each device included in the device management system 1 according to the first embodiment.

<<Functional configuration of server 5>>
As shown in FIG. 4, the server 5 in the first embodiment includes a user information storage unit 50A, a status information storage unit 50B, an identifiable history storage unit 50C, an identifiable history storage unit 50D, and a Management information storage unit 50E, management information storage unit for organization administrator 50F, authentication unit 51, status information collection unit 52, history information collection unit 53, management information generation unit for device administrator 54, management information generation unit for organization administrator 55 and a management information output unit 56 .

In the first embodiment, a device administrator and an organization administrator are defined as administrator roles. 50E and the management information storage unit 50F for organization administrators are provided, but when defining roles of other administrators, management information generation units and management information storage units corresponding to the roles may be provided.

Each unit of the server 5 (excluding each storage unit) executes various commands on the data loaded onto the RAM 503 according to the program loaded onto the RAM 503 from the HD 504 by the CPU 501 shown in FIG. It is a function or a means of functioning realized by Each storage unit provided in the server 5 is a function or a means for functioning by reading or writing data to the HD 504 via the HDD controller 505 shown in FIG.

The user information storage unit 50A stores user information regarding administrators and device users who use the device management system 1 . User information includes, for example, an administrator information table, an affiliated organization management table, an intra-organization ID management table, and an anonymized ID management table.

FIG. 5 shows an example of the administrator information table. The administrator information table is a table that associates administrator IDs, roles, and affiliated organizations. The administrator ID is an identifier that identifies an administrator within the device management system. The role is information indicating the role of the administrator using the administrator ID. Affiliated organization is information indicating the organization to which the organization administrator belongs when the administrator using the administrator ID is the organization administrator. In the example of FIG. 5, the administrator using the administrator ID "S000001" is the "equipment administrator", and the administrator using the administrator ID "A000001" belongs to the organization "A company". It indicates that you are an "organization administrator". The administrator information table is managed by the equipment administrator.

FIG. 6 shows an example of the belonging organization management table. The affiliated organization management table is a table that associates a user ID, an affiliated organization, and the presence or absence of a contract. A user ID is an identifier that identifies a user within the device management system. The affiliated organization is information indicating the organization to which the device user using the user ID belongs. The presence or absence of a contract is information indicating whether or not a contract has been concluded with the organization to present management information that can identify the device user and the print content. In the example of FIG. 6, a device user with a user ID of "0000001" belongs to an organization of "A company", and "A company" presents management information that can identify the device user and print content. It means that you have a contract to The belonging organization management table is managed by the equipment administrator based on the application from the organization administrator.

FIG. 7 shows an example of the intra-organization ID management table. The intra-organization ID management table is a table that links user IDs, employee IDs, and department codes. The employee ID is an identifier assigned within the affiliated organization to the device user who uses the user ID. The department code is an identifier representing the department to which the device user using the user ID belongs. In the example of FIG. 7, a device user with a user ID of "0000001" is assigned an employee ID of "a111111" in "Company A" and belongs to a department of "000aaaa". represents. The intra-organization ID management table is managed by an organization administrator.

FIG. 8 shows an example of an anonymized ID management table. The anonymized ID management table is a table that associates user IDs and anonymized IDs. The anonymized ID is a dummy identifier used to anonymize the user ID so that the device user cannot be identified. The example of FIG. 8 indicates that the anonymization ID "soteo90753sa" is used to anonymize the user ID "0000001". The anonymized ID management table may be automatically generated when a new user ID becomes available, or a sufficient number of combinations of user IDs and anonymized IDs may be generated in advance. good.

Authentication unit 51 receives a signal requesting authentication from PC 6 (hereinafter referred to as an “authentication request signal”). The authentication request signal includes information indicating the administrator who requests authentication (eg, administrator ID) and authentication information (eg, password) entered by the administrator. The authentication unit 51 authenticates the administrator based on the authentication information included in the authentication request signal. If the authentication is successful, the authentication unit 51 refers to the administrator information table and acquires the role of the administrator. Authentication unit 51 transmits the authentication result to PC 6 .

The state information collection unit 52 collects state information generated by the device 9 .

The history information collection unit 53 collects history information generated by the device 9 . The history information collecting unit 53 generates, from the collected history information, an unidentifiable history in which the details of the processing performed by the device 9 cannot be specified and an identifiable history in which the details of the processing performed by the device 9 can be specified.

The state information storage section 50B stores the state information collected by the state information collection section 52 .

The identification-impossible history storage unit 50C stores the identification-impossible history generated by the history information collecting unit 53 .

The identifiable history storage unit 50D stores the identifiable history generated by the history information collecting unit 53. FIG.

The equipment administrator management information generation unit 54 generates equipment administrator management information. The management information for the equipment administrator is management information output by the management information output unit 56 when the role of the administrator is the equipment administrator.

The organization administrator management information generating unit 55 generates management information for the organization administrator. The management information for the organization administrator is management information output by the management information output unit 56 when the role of the administrator is organization administrator.

The device manager management information storage unit 50E stores the device manager management information generated by the device manager management information generation unit 54 .

The organization administrator management information storage unit 50F stores the organization administrator management information generated by the organization administrator management information generation unit 55 .

The management information output unit 56 receives a signal requesting management information from the PC 6 (hereinafter referred to as a “management information request signal”). The management information request signal includes information indicating the role of the administrator who logs into the PC6. If the role of the administrator logged in to the PC 6 is that of the device administrator, the management information output unit 56 outputs the management information for the device administrator stored in the management information storage unit 50E for the device administrator to the requesting PC 6. Output to Further, when the role of the administrator logged in to the PC 6 is that of the organization administrator, the management information output unit 56 outputs the management information for the organization administrator stored in the management information storage unit 50F for the organization administrator at the request source. Output to a certain PC6.

≪Functional configuration of PC6≫
As shown in FIG. 4, the PC 6 in the first embodiment has a user information management section 61, an authentication request section 62, and a management information display section 63. FIG.

Each unit provided in the PC 6 is implemented or functions by executing various commands on the data loaded onto the RAM 503 according to the program developed on the RAM 503 from the HD 504 by the CPU 501 shown in FIG. It is a means.

The user information management section 61 manages user information stored in the user information storage section 50A provided in the server 5 . The user information that can be managed by the user information management unit 61 differs depending on the role of the administrator logging into the PC 6 . When the role of the administrator logged in to the PC 6 is that of the device administrator, the user information management section 61 can manage the administrator information table and the affiliated organization management table. When the role of the administrator who logs in to the PC 6 is the organization administrator, the user information management section 61 can manage the intra-organization ID management table.

Authentication requesting unit 62 transmits an authentication request signal to server 5 . Also, the authentication requesting unit 62 receives the authentication result from the server 5 .

The management information display unit 63 displays the management information output by the management information output unit 56 included in the server 5 on the management screen. The management information and management screen displayed by the management information display unit 63 differ depending on the role of the administrator who logs in to the PC 6 . When the administrator logging in to the PC 6 is the equipment administrator, the management information display section 63 displays the management information for the equipment administrator on the management screen for the equipment administrator. When the administrator logging in to the PC 6 is the organization administrator, the management information display section 63 displays the management information for the organization administrator on the management screen for the organization administrator.

<<Functional configuration of device 9>>
As shown in FIG. 4, the device 9 according to the first embodiment includes a state information generator 91 and a history information generator 92 .

Each unit provided in the device 9 has a function or functions realized by executing various commands on data read on the RAM 902b according to a program developed on the RAM 902b from the HD 909 by the CPU 901 shown in FIG. It is a means to

The state information generator 91 generates state information representing the state of the device 9 .

The history information generation unit 92 generates history information about the content of processing performed by the device 9 .

<Processing Procedure of Device Management System 1 in First Embodiment>
FIG. 9 is a diagram showing a processing procedure of a management method executed by the device management system 1 according to the first embodiment.

In step S<b>62 , the authentication requesting section 62 provided in the PC 6 transmits an authentication request signal to the server 5 according to the operation of the administrator using the PC 6 . The authentication request signal includes information indicating an administrator requesting authentication and authentication information input by the administrator. The information indicating the administrator is, for example, the administrator ID input to the PC 6 by the administrator. The authentication information is, for example, a password entered into the PC 6 by the administrator.

In step S<b>51 , the authentication unit 51 provided in the server 5 receives an authentication request signal from the PC 6 . Authentication unit 51 performs authentication based on the authentication information included in the authentication request signal. When the authentication is successful, the authentication unit 51 refers to the administrator information table stored in the user information storage unit 50A and determines the role of the administrator. If the role of the administrator is organization administrator, the authentication unit 51 acquires the organization to which the administrator belongs. Authentication unit 51 transmits the authentication result to PC 6 .

In step S<b>91 , the state information generator 91 provided in the device 9 generates state information representing the state of the device 9 . The state information includes, for example, a device ID that identifies the device, a device state that indicates the current state of the device, a current counter value of the device, and application information that indicates applications installed on the device. . The device status is information indicating whether the device is normal or abnormal. Abnormal conditions include conditions that require manual intervention, such as out of toner, out of paper, and paper jams, for example.

A trigger for the state information generation unit 91 to generate the state information can be determined arbitrarily. For example, the state information generating unit 91 may generate the state information after the transition at the timing when the device state transitions, or may generate the state information at that time at regular time intervals, or both. State information may be generated.

In step S<b>52 , the state information collection unit 52 provided in the server 5 acquires state information from the device 9 . The state information collection unit 52 stores the acquired state information in the state information storage unit 50B.

The method for collecting the state information of the device 9 by the state information collecting unit 52 may be a push type in which the state information is transmitted from the device 9 to the server 5 or a pull type in which the server 5 acquires the state information from the device 9 . When the state information is collected by the push type, the timing for the state information generation unit 91 to transmit the state information can be determined arbitrarily. For example, the state information generating unit 91 may transmit the state information after the transition at the timing when the device state transitions, or may transmit the state information at that time at regular time intervals, or both. State information may be sent. When the state information is collected by the pull type, the state information collection unit 52 may acquire the state information at that time at regular time intervals.

In step S92, the history information generation unit 92 provided in the device 9 generates history information representing the details of the processing performed by the device 9 when the device 9 is used. When the device 9 is constructed with an MFP, the history information includes, for example, date and time of execution, printing device identification information, operation type (for example, printing, copying, FAX, scanning, etc.), paper size, paper type, number of prints, user ID, and print file name. As in this example, the history information may include information (user ID, etc.) that can identify the personal information of the device user and information (print file name, etc.) that can identify the business content of the device user. Also, the history information may include information (printing device identification information, etc.) that is required only when managing devices.

In step S<b>53 , the history information collection unit 53 included in the server 5 acquires history information from the device 9 .

The method for collecting the history information of the device 9 by the history information collecting unit 53 is the same as the method for collecting the state information of the device 9 by the state information collecting unit 52, and may be a push type in which the history information is transmitted from the device 9 to the server 5. Alternatively, a pull type in which the server 5 acquires history information from the device 9 may be used.

Next, the history information collecting unit 53 processes the history information acquired from the device 9 so that the content of the process cannot be specified, thereby generating an unidentifiable history. Further, the history information collecting unit 53 generates an identifiable history by processing the history information acquired from the device 9 so that the content of the process can be specified.

Whether or not to generate an identifiable history may be determined based on a contract with the organization using the device. In this case, if there is a contract with the organization that uses the equipment to present history information that can identify the equipment user and the printed content, the history information collecting unit 53 collects the non-identifiable history and the identifiable history. Generate. If a contract has been signed with an organization that uses the equipment to the effect that history information that can identify the equipment user and the print content will not be presented, the history information collecting unit 53 generates only unidentifiable history.

The history information collecting unit 53 processes the history information according to a preset history information storage setting table to generate the non-identifiable history and the identifiable history. The history information storage setting table is a table that defines, for each item of history information generated by the device 9, the details of processing in the unidentifiable history and the details of processing in the identifiable history.

FIG. 10 shows an example of the history information saving setting table. As shown in FIG. 10, the user ID of history information is defined such that non-identifiable history is anonymized and stored, and identifiable history is replaced and stored. Here, "anonymize and save" means replacing the user ID in the device management system with an anonymized ID based on the anonymized ID management table. Also, "replace and save" means replacing the user ID in the device management system with the employee ID in the belonging organization based on the intra-organization ID management table.

Further, according to the history information storage setting table shown in FIG. 10, the print file name of the history information is discarded in the identifiable history and saved in the identifiable history. Further, the printing device identification information in the history information is saved in the identifiable history and discarded in the identifiable history.

The reason why user IDs are anonymized and stored instead of being discarded is that the device administrator needs to understand the usage status of each user in order to optimize the placement of devices, but it is also possible to identify individual device users. This is because storing information is not preferable from the viewpoint of personal information protection. In addition, the reason why printing device identification information is not included in the identifiable history is that printing device identification information is information that does not need to be known in order to use the device, and it is not desirable from the viewpoint of information security that the organization administrator can view it. is.

The setting contents in the history information storage setting table may be determined based on the contract with the organization to which the device user belongs. For example, if a contract has been signed with a certain organization to present history information that identifies the device user, but does not present history information that identifies the print content, the user ID is set to "replace and save", and the print file name is set to "discard".

FIG. 11 is a diagram showing a specific example of generating an identifiable history and an identifiable history from history information according to the history information storage setting table shown in FIG. In the history information, the user ID is set to "0000001", which is the user ID in the device management system (No. 7). The anonymized ID "soteo90753sa" is set (No. 7A), and in the identifiable history, the employee ID "a111111" corresponding to the user ID "0000001" is set in the intra-organization ID management table. (No. 7B). Furthermore, it can be seen that although the history information includes the print file name (No. 8), it is not included in the unidentifiable history. Also, it can be seen that although the history information includes the printing device identification information (No. 2), it is not included in the identifiable history.

A procedure for generating the identification-impossible history shown in FIG. 11 will be described. Upon acquiring the history information shown in FIG. 11, the history information collecting unit 53 refers to the anonymized ID management table shown in FIG. 8 and replaces the user ID in the history information with the anonymized ID. Then, the history information collection unit 53 collects non-identifiable history including execution date and time, printing device identification information, operation type, paper size, paper type, number of prints, and anonymization ID according to the history information storage setting table shown in FIG. Generate.

A procedure for generating the identifiable history shown in FIG. 11 will be described. Upon acquiring the history information shown in FIG. 11, the history information collecting unit 53 refers to the organization organization management table shown in FIG. 6 and determines the organization to which the user belongs from the user ID of the history information. It also determines whether or not there is a contract with the affiliated organization. If there is no contract, the history information collection unit 53 does not generate an identifiable history, so the process ends. If there is a contract, the history information collection unit 53 refers to the intra-organization ID management table shown in FIG. 7 and replaces the user ID in the history information with the employee ID. Then, the history information collection unit 53 generates an identifiable history including execution date and time, operation type, paper size, paper type, number of prints, employee ID, and print file name, according to the history information storage setting table shown in FIG. .

Subsequently, the history information collection unit 53 stores the generated identification-impossible history in the identification-impossible history storage unit 50C. The history information collecting unit 53 also stores the generated identifiable history in the identifiable history storage unit 50D. Finally, the history information collection unit 53 discards the history information received from the device 9. FIG.

Returning to FIG. 9, description will be made. In step S54, the equipment administrator management information generation unit 54 provided in the server 5 uses the status information stored in the status information storage unit 50B and the specification failure history stored in the specification failure history storage unit 50C to Generates management information for the device administrator to be output when the role of is the device administrator. The device manager management information generation unit 54 stores the generated device manager management information in the device manager management information storage unit 50E.

In step S55, the organization administrator management information generation unit 55 provided in the server 5 uses the identifiable history stored in the identifiable history storage unit 50D and the user information stored in the user information storage unit 50A to Generate management information for organization administrators to output when the role of the administrator is organization administrator. The organization administrator management information generation unit 55 stores the generated organization administrator management information in the organization administrator management information storage unit 50F.

In step S63-1, the management information display section 63 provided in the PC 6 transmits a management information request signal to the server 5 according to the operation of the administrator who logs in to the PC 6. FIG. The management information request signal is a signal for requesting management information to be displayed on the management screen, and includes information (for example, administrator ID) indicating an administrator who has logged into the PC 6 .

In step S56-1, the management information output unit 56 provided in the server 5 receives the management information request signal from the PC 6, and determines the role of the administrator based on the information indicating the administrator included in the management information request signal. do. If the role of the manager is device manager, the process proceeds to step S56-2. If the administrator's role is organization administrator, the organization to which the organization administrator belongs is identified, and the process proceeds to step S56-3.

In step S56-2, the management information output unit 56 provided in the server 5 transmits the management information for the equipment administrator stored in the management information storage unit for equipment administrator 50E to the PC 6 which is the source of the request.

In step S56-3, the management information output unit 56 provided in the server 5 selects, out of the management information for organization administrators stored in the management information storage unit 50F for organization administrators, The management information is sent to the PC 6 which is the source of the request.

In step S63-2, the management information display section 63 provided in the PC 6 receives the management information for the device manager or the management information for the organization manager from the server 5. FIG. If the administrator logged in to the PC 6 is the equipment administrator, the management information display unit 63 sets and displays the received management information for the equipment administrator on the management screen for the equipment administrator. Also, if the administrator logging in to the PC 6 is the organization administrator, the management information display unit 63 sets and displays the received management information for the organization administrator on the management screen for the organization administrator.

FIG. 12 shows an example of a management screen for device administrators. As shown in FIG. 12, the device manager management screen 600 includes, for example, a device information summary display area 601, a device information display area 602, and a usage status display area 603. FIG. The device information summary display area 601 displays, for example, information for notifying a device that is currently in a state that needs to be dealt with. The device information display area 602 displays, for example, information representing the status of all devices to be managed. The usage status display area 603 displays, for example, statistical information, such as by function or by device, that is required without specifying the individual device user. Information displayed in the device information summary display area 601 and the device information display area 602 can be generated based on the state information. The information to be displayed in the usage display area 603 can be generated based on the unidentifiable history.

FIG. 13 shows an example of a management screen for organization administrators. As shown in FIG. 13 , the organization administrator management screen 610 includes, for example, a usage display area 611 and a user ID management area 612 . The usage status display area 611 displays statistical information obtained by specifying an individual device user, such as by user or by department. A user ID management area 612 displays user IDs, employee IDs, department codes, and the like of equipment users who belong to the organization, and manages additions, changes, deletions, etc. of them according to the operation of the administrator. The information displayed in the usage display area 611 can be generated based on the identifiable history. Information displayed in the user ID management area 612 can be generated based on user information.

Note that if whether or not to generate an identifiable history is determined based on the contract with the organization that uses the device, when the contract with that organization ends, the identifiable history is stored in the identifiable history storage unit 50D. , delete any identifiable history for that organization. Also, in this case, the management information for the organization administrator regarding the organization stored in the management information storage unit 50F for the organization administrator is also deleted.

<Effects of the first embodiment>
The device management system 1 according to the first embodiment outputs management information for the device manager generated based on the state information and the unidentifiable history when the administrator has the role of device manager. If it is the administrator, it outputs the management information for the organization administrator generated based on the identifiable history regarding the organization. That is, the device management system 1 according to the first embodiment can control the content of management information to be output according to the authority of the administrator.

[Second embodiment]
The device management system 1 according to the first embodiment is configured such that the history information collection unit 53 provided in the server 5 uses the history information acquired from the device 9 to generate the non-identifiable history and the identifiable history. In the device management system 1 according to the second embodiment, the device 9 is configured to generate an identifiable history and an identifiable history.

The device management system 1 according to the second embodiment will be described below, focusing on differences from the first embodiment.

<Functional configuration of each device included in the device management system 1 in the second embodiment>
FIG. 14 is a diagram showing the functional configuration of each device included in the device management system 1 according to the second embodiment.

<<Functional configuration of device 9>>
As shown in FIG. 14, the device 9 in the second embodiment includes a state information generator 91 as in the first embodiment, and further includes an unidentifiable history generator 93 and an identifiable history generator 94. .

The identification-impossible history generation unit 93 generates an identification-impossible history in which the content of the processing performed by the device 9 cannot be identified from the history information regarding the content of the processing performed by the device 9 .

The identifiable history generation unit 94 generates an identifiable history that can identify the details of the process performed by the device 9 from the history information about the details of the process performed by the device 9 .

<Processing Procedure of Device Management System 1 in Second Embodiment>
FIG. 15 is a diagram showing a processing procedure of a management method executed by the device management system 1 according to the second embodiment.

In step S93, the identification-impossible history generation unit 93 provided in the device 9 generates an identification-impossible history from the history information according to the history information storage setting table set in advance. The procedure for generating the unidentifiable history is the same as in the first embodiment. The affiliated organization management table and the anonymized ID management table used to generate the unidentifiable history may refer to the user information storage unit 50A provided in the server 5, or may be transferred from the server 5 to the device 9 in advance. You can

In step S94, the identifiable history generation unit 94 provided in the device 9 generates an identifiable history from the history information according to a history information storage setting table set in advance. A procedure for generating an identifiable history is the same as in the first embodiment. The intra-organizational ID management table used to generate the identifiable history may refer to the user information storage unit 50A provided in the server 5, or may be transferred from the server 5 to the device 9 in advance.

In step S<b>53 , the history information collection unit 53 provided in the server 5 acquires the unidentifiable history and the identifiable history from the device 9 . The history information collection unit 53 stores the identification-impossible history acquired from the device 9 in the identification-impossible history storage unit 50C. Also, the history information collecting unit 53 stores the identifiable history acquired from the device 9 in the identifiable history storage unit 50D.

As in the first embodiment, the device management system 1 in the second embodiment may determine whether to generate an identifiable history based on a contract with an organization that uses the device. In this case, the device 9 generates an identifiable history and a non-identifiable history from the history information about the user ID belonging to the organization that has a contract to generate the identifiable history, and from the history information about the other user ID produces only non-identifiable history.

<Effects of Second Embodiment>
In the device management system 1 according to the second embodiment, the device 9 generates the non-identifiable history and the identifiable history. Therefore, the server 5 does not acquire the history information itself generated by the device 9 . Therefore, according to the device management system 1 of the second embodiment, it is possible to further reduce the risk of leakage of the device user's personal information or business content to the device manager.

[supplement]
Each function of the embodiments described above may be implemented by one or more processing circuits. Here, the "processing circuit" in this specification means a processor programmed by software to perform each function, such as a processor implemented by an electronic circuit, or a processor designed to perform each function described above. devices such as ASICs (Application Specific Integrated Circuits), DSPs (digital signal processors), FPGAs (field programmable gate arrays) and conventional circuit modules.

Although the embodiments of the present invention have been described in detail above, the present invention is not limited to these embodiments, and various modifications or Change is possible.

1 device management system 5 server 6 PC
9 Equipment 50A User information storage unit 50B Status information storage unit 50C Non-identifiable history storage unit 50D Identifiable history storage unit 50E Management information storage unit for device administrators 50F Management information storage unit for organization administrators 51 Authentication unit 52 Status information collection Unit 53 History information collection unit 54 Management information generation unit for device administrator 55 Management information generation unit for organization administrator 56 Management information output unit 61 User information management unit 62 Authentication request unit 63 Management information display unit 91 Status information generation unit 92 History information generation unit 93 Non-identifiable history generation unit 94 Identifiable history generation unit 100 Communication network 200 Coworking space

JP 2009-37425 A

Claims (9)

An information processing device that manages management information based on processing performed by a device,
an authentication unit that authenticates an administrator upon request;
a management information output unit that outputs the management information to a requester according to the authority of the administrator obtained by the authentication;
Information processing device. The information processing device according to claim 1,
further comprising a history information collecting unit that generates an unidentifiable history in which the content of the process cannot be specified and an identifiable history in which the content of the process can be specified from the history information of the process collected from the device;
The management information output unit outputs the management information including the non-identifiable history or the management information including the identifiable history according to the authority of the administrator.
Information processing equipment. The information processing device according to claim 2,
In the non-identifiable history, information indicating the device user who used the device is anonymized.
Information processing equipment. The information processing device according to claim 2,
The non-identifiable history does not include information indicating files processed by the device,
Information processing equipment. The information processing device according to claim 2,
The authority of the administrator includes authority as a device administrator who manages the device and authority as an organization manager belonging to an organization using the device,
The management information output unit outputs the management information including the unidentifiable history when the authority of the administrator is the authority as the equipment administrator, and the authority of the administrator is the authority as the organization administrator. , outputting the management information including the identifiable history related to the organization to which the organization administrator belongs;
Information processing equipment. The information processing device according to claim 5,
The history information collecting unit generates the identifiable history and the non-identifiable history when the device user who used the device belongs to a predetermined organization, and generates the identifiable history and the non-identifiable history when the device user does not belong to the predetermined organization. , generating only said non-identifiable history;
Information processing equipment. The information processing device according to claim 6,
The identifiable history is deleted when the predetermined organization finishes using the device,
Information processing equipment. A management method for managing management information based on processing performed by a device,
an authenticator authenticating an administrator upon request;
a step in which the management information output unit outputs the management information to the requester according to the authority of the administrator obtained by the authentication;
management methods, including; A program for managing management information based on processing performed by a device,
the computer,
an authentication unit that authenticates an administrator in response to a request; and a management information output unit that outputs the management information to a requester according to the authority of the administrator obtained by the authentication;
A program to function as

Images