JP4121401B2 - Image forming apparatus - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an image forming apparatus that can be operated by authentication of an operator.
[0002]
[Prior art]
An image forming apparatus that checks the user and manages the access authority for each user has existed in the market for a long time (see, for example, Patent Document 1). Furthermore, security has been emphasized in recent years, and it has become difficult to impersonate others. Also, there is a method that manages the execution of printing by determining the match between the creator and the print requester and the security level (see, for example, Patent Document 2).
[Patent Document 1]
Japanese Patent Laid-Open No. 09-097140 [Patent Document 2]
Japanese Patent Laid-Open No. 2002-086840
[Problems to be solved by the invention]
Devices that require authentication include a system that manages users and images by inserting authentication cards, etc., but you want other people to operate when you do not have time It was necessary to lend an authentication card. However, the card for authentication always needs to be carried and may not be lent, and it is necessary to prepare another card, etc., but the card etc. is also used as identification card. Could require illegal management.
In recent years when security is regarded as important, it is no longer possible to lend an authentication card or have a card for lending, and the access rights for each individual are different.
SUMMARY OF THE INVENTION An object of the present invention is to provide an image forming apparatus capable of requesting a trusted person to perform an operation without lending his / her authentication card.
[0004]
[Means for Solving the Problems]
In order to achieve the above object, according to the first aspect of the present invention, in the image forming apparatus that can be operated by the authentication of the operator, when the operation request is made to the other person, the self-authentication by the other person requested for the operation and the operation request. An image forming apparatus including a control unit having a function of determining whether or not a proxy operation is possible from both of the results of reading a proxy sheet by the person who makes the image is the most important feature.
According to a second aspect of the present invention, in the image forming apparatus according to the first aspect, the substitute sheet is mainly characterized by an image forming apparatus that is output after the person who requests the operation is authenticated.
The invention described in claim 3 is the image forming apparatus described in claim 1, in which the range of operations that can be performed is limited, and the image forming apparatus that prohibits operations for operations other than operations that directly handle images is a main feature. And
[0005]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
FIG. 1 is a configuration diagram of a network image forming system. A personal PC 2 is connected on the network 1, and an image forming apparatus 3 is also connected in the same manner. The image forming apparatus 3 is connected with an employee ID reading device 11 for authenticating a user (operator) using an employee ID. Further, an authentication server 4 that manages authentication of users of the image forming apparatus 3 and the PC 2 is connected to the network 1, and the image forming apparatus 3 and the PC 2 can obtain authentication from the authentication server 4. It can not be used without it.
FIG. 2 is a block diagram of the image forming apparatus according to the embodiment of the present invention. The image forming apparatus 3 is controlled by the controller 12. The controller 12 includes a CPU 21 that controls the CPU 21, a ROM 22 that stores the execution program, a RAM 23 that is used to perform execution processing, a frame memory 24 that stores image data, and a large amount of data. The HDD 25 is connected via the ASIC 26.
Further, the ASIC 26 has a communication function, and an employee ID reading device (hereinafter referred to as a reading device) 11, a scanner control unit 13, a plotter control unit 14, and an operation unit control unit 15 are connected to the ASIC 26. The employee ID reading device 11, the scanner control unit 13, the plotter control unit 14, and the operation unit control unit 15 are also connected to the network 1 through the ASIC 26.
[0006]
FIG. 3 shows a basic processing procedure for performing authentication and using the image forming apparatus. The image forming apparatus 3 displays a “card insertion request” when the “employee card” is not inserted in the reading device 11 (S1). Therefore, the user first inserts an “employee card” into the reading device 11 (S2). The reading device 11 reads the “employee information” in the employee ID card and transfers it to the controller 12 (the ASIC 26) (S3).
Further, the user reads the “employee ID” and inputs the “password” on the image forming apparatus 3 (S4). The controller 12 makes an “authentication request” to the authentication server 4 based on the “employee information” transferred from the reading device 11 and the input “password” (S5), and the authentication server 4 performs “employee information” and “password”. "Is verified. When “authentication OK” is transferred from the authentication server 4 to the controller 12 by collation (S6), the controller 12 performs “usable display” through the operation unit control unit 15 (S7).
[0007]
The user performs a copy operation (S8), and when desired processing is completed (S9), instructs the reader 11 to discharge the “employee ID” (S10). The reading device 11 notifies the controller 12 of “authentication end” along with the discharge of the “employee ID” (S11, S12). When the controller 12 determines “end of authentication”, the controller 12 again displays “card insertion request” through the operation unit control unit 15 (S13).
Here, the document data owner and the document data sender in the case of accumulation become an authenticated operator, but when a business (operation) is requested from another person, the business is requested. For example, the business agent is not always trusted by the destination person, and may be inconvenient.
Therefore, it is necessary for the person who has requested the business to be able to set the sender. However, if it can be set easily, it will be possible to impersonate, so it should not be easy to set for security. Therefore, the present invention makes it possible to have a client perform work as document data of a requester by using a sheet obtained by authenticating the requesting person.
[0008]
FIG. 4 is a flowchart of a first control example of the present invention, and FIG. 5 is an operation unit display example. On the main body (image forming apparatus 3), a card (employee card in the embodiment) is displayed (S11). When the card is inserted and the password is entered, authentication OK is determined (S12 to S14). The authentication can be performed on the authentication server 4 or on the main body. If the card is not inserted (“N” in S12) or the password is not entered correctly (“N” in S13), the display returns to the card insertion display (S11).
If the authentication is NG (“N” in S14), the authentication NG is displayed for 3 seconds (S15), and the reader 11 ejects the card (S16). In the case of authentication OK (“Y” in S14), it is determined whether or not it is a proxy (S17), and in the case of proxy (“Y” in S17) on the DF (automatic document feeder) or on the contact glass Whether or not there is a document is determined (S18). If there is a document, reading is performed as a substitute sheet ("Y" in S18, S19). Whether or not it is a proxy is determined when the “substitute” button is pressed on the operation unit of FIG. If there is no document, a document request is displayed ("N" in S18, S20).
On the other hand, if it is not a substitute (“N” in S17), application processing is enabled with “user” = “operator” and “substitute” = “none” in the data processing inside the controller 12 ( S21). Even if the authentication of the read proxy sheet is NG (“N” in S22), a message indicating that the document is NG is displayed (S23), and a document request is displayed. When the “end” button is pressed in the document request display (S24), the card is ejected (S25), and the display returns to the card request display again.
[0009]
FIG. 6 shows a display example of the operation unit when the substitute sheet cannot be recognized. If the authentication of the substitute sheet is OK (“Y” in S22), management is performed as “user” = “substitute sheet owner” and “substitute” = “operator” in the data processing inside the controller 11. Application processing is enabled (S26, S27). An operation unit screen display example of the copy application is shown in FIG. 7, an operation unit screen display example of the scanner application is shown in FIG. 8, and an operation unit usage example of the stored document is shown in FIG. Moreover, the Example of a substitute sheet | seat is shown in FIG.
On the sheet of FIG. 10, the region data from A to G and the expiration date of the substitute sheet are described. Data for recognizing the substitute sheet is described in the area A, data for recognizing the owner ID of the person who requested the work is described in the area B, and owner ID is described in the area C. In the area D, the data indicating the substitute operator ID requested for the work is described, and in the area E, the expiration date data indicating the expiration date of the substitute sheet is described. In the area F, a proxy management ID for managing the proxy sheet is described. In the area G, data unrelated to the present invention is described.
Each described data can be a simple barcode or the like, but for security reasons, it cannot be easily duplicated by encryption or complicated replacement of data arrangement.
[0010]
In the flowcharts of the second control example of FIGS. 11 and 12, the authentication processing portion of the substitute sheet is shown. First, the information A is decoded to determine whether it is a substitute sheet (S31). If the substitute sheet cannot be recognized, a message to that effect is set, and the process ends as substitute sheet authentication NG (“N” in S32, S33, S34). A display example in that case is shown in FIG. After recognizing the substitute sheet, information: B and information: C are decoded, and the owner ID and password information are acquired (“Y” in S32, S35, S36).
Then, the authentication server 4 is requested to authenticate the owner ID, and if the over ID authentication is NG, a message to that effect is set, and the process ends as proxy sheet authentication NG (“N” in S37, S38) , S34). If the owner ID authentication is OK, the information: D is decoded to obtain the proxy operator ID, and the proxy operator ID that has been decoded with the operator is collated ("Y" in S37, S39, S40). If the interpreted operator ID is different from the operator, a message to that effect is set, and the process is terminated as a substitute sheet authentication NG (“N” in S40, S41, S34).
[0011]
If the operator and the substitute operator match ("Y" in S40), the information: E is decoded and the expiration date information is acquired (S42). Thereafter, the current time is compared with the expiration date, and if it has already expired, a message to that effect is set, and the process ends as proxy sheet authentication NG (“N” in S43, S44, S34). If it is within the expiration date, the information: F is decrypted, and a proxy management ID for each owner is acquired (“Y” in S43, S45).
The proxy management ID is managed by the image forming apparatus 3 or the authentication server 4. If the proxy management ID is NG, a message to that effect is set, and the process ends as proxy sheet authentication NG (“S46”). N ″, S47, S34). If the proxy management ID is OK, the decrypted proxy management ID is set to “in use”, and this proxy sheet is authenticated as OK, and the proxy sheet authentication process is terminated (“Y” in S46, S48, S49).
[0012]
FIG. 13 shows an example of proxy printing application display on the PC 2, and FIG. 14 shows an example of the operation unit when proxy printing is performed from the image forming apparatus 3. FIG. 15 shows a flowchart of the third control example.
First, an owner ID, a password, a substitute ID, the number of sheets, and an expiration date are input from the PC 2 or the image forming apparatus 3. In the case of the image forming apparatus 3, since the owner ID has already been input by the card and the password in order to enable the proxy printing, the input items of the owner ID and the password are displayed on the input screen of FIG. Is gone.
When the input is performed and “print execution” is pressed (“Y” in S51 and S52), the input data is transferred to the authentication server 4, the authentication server 4 performs the authentication process, and the authentication response indicates that the authentication is NG. In such a case, an authentication NG message is displayed on the screen of the PC 2 or the image forming apparatus 3, and the process ends ("Y" in S53 and S54, "N" in S55, S56). On the other hand, if the authentication result is OK, print data is acquired from the input data, and the printing process is executed (“Y” in S53 and S54, “Y” in S55, S57, and S58).
FIGS. 16 and 17 are flowcharts of a fourth control example related to the authentication process for proxy sheet printing on the authentication server side 4. When the owner ID, password, agent ID, number of issued cards, and expiration date are received, first the existence of the over ID is confirmed. If there is no over ID, an authentication NG reason to that effect is set and the process ends (“N” in S61 and S62). ", S63, S64). If the existence of the owner ID is confirmed, the password is verified, and if the passwords do not match, the authentication NG reason to that effect is set and the process ends ("Y" in S61, S62, "N" in S65, S66, S64). .
[0013]
If the password verification is OK (“Y” in S65), the presence of the agent ID is confirmed. If there is no agent ID, an authentication NG reason is set and the process is terminated (“N” in S67, S68, S64). ). When the existence of the agent ID is confirmed, the expiration date is compared with the current time, and if it is invalid, an authentication NG reason is set and the process ends (“Y” in S67, “N” in S69, S70, S64).
If it is within the valid period ("Y" in S69), the counter of the number of issuing agency IDs managed by the authentication server 4 is compared with the maximum number of issued management (S71, S72, S73), and the maximum If the issuance management number is exceeded, an authentication NG reason to that effect is set and the process ends ("N" in S73, S74, S64). If it can be issued ("Y" in S73), the proxy ID issuance counter M is incremented, the proxy management ID for the necessary number of sheets is issued, and the proxy management ID is set in the transfer data for printing. Set (S75, S76, S77). Thereafter, step S75 to step S79 are repeated for the number of issued sheets, and authentication OK and printing data are transferred to the image forming apparatus 3 (S80, S81).
[0014]
FIG. 18 shows a flowchart of the fifth control example, FIG. 17 shows an initial setting screen for an operation that does not directly handle an image, and FIG. 19 shows a display example of the operation unit when a substitute tries to operate the initial setting screen. Show.
Normally, the application can be operated, but the initial settings can be changed if the agent is changed by the requester's authority without permission. For example, the IP address can be changed without permission. Anyone may not be able to print to the printer.
Therefore, the initial setting screen is not accessible in the case of an agent's operation. In the flowchart of FIG. 18, whether the user is operating directly or on behalf of the machine is managed by managing the data “user” and “substitute” on the flowchart of FIG. 4. Judgment is possible. If it is not “no proxy”, it means that the proxy operation is being performed, and thus the proxy inaccessible display as shown in FIG. 20 is displayed and the process is terminated (“N” in S91, S92). In the case of “no proxy”, the access authority of the initial setting of the operator is determined, and if it is OK, it can be accessed and can be operated on the screen as shown in FIG. 19 (“Y” in S91, in S93) “Y”, S94). If access is impossible, a message to that effect is displayed ("N" in S93, S95).
[0015]
The proxy management ID table is shown in FIG. On the authentication server 4, a table indicating the status of the issue counter and proxy management ID is managed for each owner ID. In the example of FIG. 21, owner IDs are managed from 00000001 to 00000009, and up to 99 proxy management IDs are managed. The initial value of the issue counter is 0, and the maximum issue management number is 99.
The proxy management ID has four states (“unused”, “issued”, “in use”, “used”), and the initial state is “unused”. When the issued processing of the proxy management ID in the flowcharts of FIGS. 16 and 17 is executed, the state is “issued”.
Further, when using a substitute sheet, the substitution management ID of “OK” in the flowcharts of FIGS. 11 and 12 indicates the “issued” state. ”State. As described above, once issued sheets are not in the “issued” state when a substitute sheet is recognized, they cannot be used again.
[0016]
FIG. 22 is a flowchart of the sixth control example of the present invention. When the job management unit of the system receives a job end notification from each application, it is determined whether or not the job is by a substitute (“Y” in S101, S102). Whether or not the job is performed by the agent can be determined because the data “user” and “agent” are managed on the flowchart of FIG.
If it is not the job by the agent, the process is terminated without doing anything (“N” in S102). However, if the job is by the agent, the agent management ID on the table in FIG. The display requesting the substitute sheet is made again ("Y" in S102, S103, S104). If the operator presses the end button, the card is ejected and the process ends ("Y" in S105, S106).
[0017]
FIG. 23 shows data management of history information. In the image forming apparatus, “date and time” every time a job ends, “job ID” counted up for each job, “machine ID” unique to the machine, “application ID” indicating the application type, and application In addition to the “operation type” indicating the processing type, if there is a person who acts as an “owner ID” indicating who the job belongs to, the “representative ID” is recorded in the HDD.
As history information, “number of originals”, number of copies, job “counter at start and end”, and N “application-specific data” are stored. Since the owner ID and the agent ID manage the data of “user” and “agent” on the flowchart of FIG. 4, they can be managed by replacing the user with an over ID.
When there is no substitute ID, the operator himself is the owner. When there is no substitute ID, as an example on FIG. 23, the job ID = 00000010 is an ID of 00001772. It can be seen that the work of 00000002 people was performed on behalf of them.
[0018]
【The invention's effect】
As described above, in the image forming apparatus that can be operated by the authentication of the operator, when the operation (business) is requested to another person, the authentication of the other person (representative) requested by the operation is performed. Since the control means having the function of determining whether or not the proxy operation is possible from both the results of reading the proxy sheet by the requesting person, it is possible to request only his / her work from a reliable person.
According to the second aspect, since the substitute sheet is output after the person who requests the operation is authenticated, the reliability of the substitute request is increased.
In claim 3, since the initial setting or the like is made inaccessible by the agent, the person without access authority inadvertently obtains the access authority and changes the state of the machine. It is possible to prevent a situation in which it cannot be used.
In the above description, since a substitute sheet once used cannot be used again, it is possible to prevent misuse by others even if the substitute is accidentally left behind. Further, since the use of the substitute sheet is limited to the use of only one job, it can be used only for a job that has been reliably requested, so that it is possible to prevent inadvertent use.
[Brief description of the drawings]
FIG. 1 is a configuration diagram of a network image forming system.
FIG. 2 is a block diagram of an image forming apparatus according to an embodiment of the present invention.
FIG. 3 is a diagram illustrating a basic processing procedure when authentication is performed and the image forming apparatus is used.
FIG. 4 is a flowchart of a first control example of the present invention.
FIG. 5 is a diagram illustrating a display example of an operation unit.
FIG. 6 is a diagram illustrating a display example of an operation unit.
FIG. 7 is a diagram illustrating a display example of an operation unit.
FIG. 8 is a diagram illustrating a display example of an operation unit.
FIG. 9 is a diagram illustrating a display example of an operation unit.
FIG. 10 is a diagram showing a substitute sheet.
FIG. 11 is a flowchart (first stage) of a second control example of the present invention.
FIG. 12 is a flowchart (second stage) of a second control example of the present invention.
FIG. 13 is a diagram illustrating a display example of a PC.
FIG. 14 is a diagram illustrating a display example of an operation unit.
FIG. 15 is a flowchart of a third control example of the present invention.
FIG. 16 is a flowchart (previous stage) of a fourth control example of the present invention.
FIG. 17 is a flowchart (second stage) of the fourth control example of the present invention.
FIG. 18 is a flowchart of a fifth control example of the present invention.
FIG. 19 is a diagram illustrating a display example of an operation unit.
FIG. 20 is a diagram illustrating a display example of an operation unit.
FIG. 21 is a diagram showing a proxy management table.
FIG. 22 is a flowchart of a sixth control example of the present invention.
FIG. 23 is a diagram showing data management contents of history information.
[Explanation of symbols]
11 Employee ID Reading Device, 12 Controller, 21 CPU (Control Device Component), 26 ASIC (Control Device Component)

Claims (3)

  In the image forming apparatus that can be operated by the authentication of the operator, when requesting the operation to another person, whether or not the proxy operation can be performed based on both the authentication of the other person requested by the operation and the result of reading the proxy sheet by the requesting user. An image forming apparatus comprising a control unit having a function of determining.   2. The image forming apparatus according to claim 1, wherein the substitute sheet is output after the person who requests the operation is authenticated.   2. The image forming apparatus according to claim 1, wherein the range of operations that can be performed is limited, and operations other than operations that directly handle images are prohibited.

Images