JP4441238B2 - Network-compatible peripheral device and control method thereof - Google Patents

Description

The present invention includes at least one peripheral device capabilities, network-enabled to connect to the network via the network accepts the use of the peripheral device features than the other terminal devices and a network communication function to execute the peripheral function The present invention relates to a peripheral device and a control method thereof.

  Conventionally, as a network-compatible peripheral device having an I / F for connecting to a LAN line as represented by a network printer device / network scanner device / Internet facsimile device, for example, a user code is input from an operation panel. In addition, there is a technique for restricting users for each user or department by using a ID card (see Patent Documents 1 and 2).

  As a result, it was possible to restrict copy colors and fax transmission, printing, scanners, and other usages for each user, and to set usage limits and usage limits for each department to prevent excessive usage.

In addition, there is a technology that makes it possible to integrate device users with those managed on a network (see Patent Document 3).
JP 2002-178567 A JP 2002-240398 A JP 2002-202945 A

  However, in any case, there is only one authentication system (authentication means) for identifying the user, and there is a problem that the alternative means cannot be selected when the authentication system is not operating correctly. It was.

  In addition, since there is only one authentication system, there is a problem that, when a resource restriction occurs in a certain authentication system (for example, the upper limit of accounts that can be registered due to memory restriction), it is difficult to extend the system thereafter.

  The present invention has been made in view of such circumstances, and an object of the present invention is to provide a network-compatible peripheral device and a control method thereof that can appropriately authenticate a user.

The network-enabled peripheral device of the present invention includes at least one peripheral device function, a network communication function for connecting to the network and receiving the use of the peripheral device function from another terminal device via the network and executing the peripheral device function A local authentication unit that realizes a local authentication function for locally authenticating a user, and a plurality of network authentication functions provided in the network, wherein the local authentication is performed on account information input by a user. A network authentication means for authenticating a user using a network authentication function used in common with the function, an authentication type priority table in which priority is set for each type of the local authentication function and the plurality of network authentication functions; The local authentication function and the plurality of network Storage means for storing a registration information table classified by authentication in which registration information of peripheral device functions that are permitted to be used by the user corresponding to each type of network authentication function is stored, and (a) when performing user authentication, Accepts input of account information, (b) selects the local authentication function or any of the network authentication functions according to the authentication type priority table, and (c) if the local authentication function is selected, the local authentication means (D) when any one of the network authentication functions is selected, the network authentication means is used by the network authentication means to make the user authenticate based on the account information received from the user. User authentication is performed based on the received account information, and (e) the local authentication When the user authenticates the user, the user is permitted to use the peripheral device function corresponding to the local authentication function set in the authentication-specific registration information table, and when the network authentication means authenticates the user, the authentication-specific registration information Control means for permitting the user to use the peripheral device function corresponding to the type of the network authentication function for authenticating the user set in the table .

The control means is configured to use the local authentication function or the network authentication function in a state in which the higher priority set in the authentication type priority table among the local authentication function and the plurality of network authentication functions is not available. It is better to temporarily set the priority order of.

The network-enabled peripheral device control method according to the present invention executes at least one peripheral device function and the peripheral device function by connecting to the network and accepting the use of the peripheral device function from another terminal device via the network. A network-compatible peripheral device having a network communication function, wherein the network-compatible peripheral device is a local authentication function for locally authenticating a user and a plurality of network authentication functions provided in the network, An authentication type priority table in which priorities are set for each type of network authentication function that uses the account information input by the user in common with the local authentication function, and each of the local authentication function and the plurality of network authentication functions. Peripheral devices that allow users to use according to type A storage means for storing a registration information table classified by authentication in which function registration information is set; and a local authentication step for realizing the local authentication function in the network compatible peripheral device, and the plurality of network authentication functions. A network authentication step for authenticating a user using (a) receiving user account information when performing user authentication; (b) the local authentication function or any of the networks according to the authentication type priority table; (C) when the local authentication function is selected, the local authentication unit is configured to authenticate the user based on the account information received from the user, and (d) any of the network authentications When a function is selected, the network authentication means Using the authentication function, the user is authenticated based on the account information received from the user. (E) When the local authentication means authenticates the user, the local authentication function set in the authentication-specific registration information table The peripheral device corresponding to the type of the network authentication function for authenticating the user set in the authentication-specific registration information table when the network authentication means authenticates the user when the user is permitted to use the peripheral device function corresponding to And a control step for allowing the user to use the function.

The control step may include the local authentication function or the network authentication function in a state where, of the local authentication function and the plurality of network authentication functions, a higher priority set in the authentication type priority table is not available. It is better to temporarily set the priority order of.

According to the network-compatible peripheral device and the control method thereof of the present invention as described above, the user authentication performance can be improved when user authentication can be performed using the local authentication function and a plurality of network authentication functions, and the operation mode is free. The effect of increasing the degree is obtained.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 shows a network system according to an embodiment of the present invention.

  In the figure, a plurality of workstation devices WS1 to WSn, a server device SM, a network multifunction peripheral MFP, and a network scanner device SC are connected to the local area network LAN and to the Internet via a router device RT. It is connected. Therefore, the workstation devices WS1 to WSn, the server device SM, the network MFP MFP, and the network scanner device SC can exchange data with other appropriate terminal devices via the Internet.

  Here, the server device SM collects network authentication (remote authentication) and e-mail for the user using the workstation devices WS1 to WSn connected to the local area network LAN and the network network MFP MFP. And various network services of distribution service. The server device SM also includes a SAM (security account manager) database SMd that stores user account information and group information. Each terminal (workstation devices WS1 to WSn, network multifunction peripheral MFP, And an external authentication server function for providing a remote authentication function to the network scanner device SC).

  Here, for example, when the operating system installed in the server device SM is an OS for Microsoft Windows NT server, the (external) authentication server function provided by the server device SM is, for example, so-called NT. Authentication function can be applied. As other authentication server functions, for example, a user authentication function provided in the directory server function such as LDAP (Lightweight Directory Access Protocol) can be applied. Also, by using this authentication server function and logging in to the server device SM from each terminal on the network, it can be operated so that any terminal can be recognized as the same user account.

  In addition, the workstation devices WS1 to WSn include document processing software having document creation and document printing functions, e-mail processing software having functions for creating and transmitting / receiving e-mails, and a local area network LAN. Various programs such as driver software for appropriately using the network MFP MFP are installed and used by a specific user. Here, the specific user may be one or a plurality of users.

  Further, the network MFP MFP is connected to an analog e-mail processing network PSTN, an e-mail processing function for exchanging image information and various reports as e-mails, and uses this public network as a transmission path to perform a group 3 facsimile transmission procedure. Facsimile communication function for image information transmission by the network, network printer function for processing document print jobs requested from the workstations WS1 to WSn via the local area network LAN, and the read original image data by e-mail (e-mail ( = E-mail)), and various other functions such as a scan-to-email function for transmitting to a destination specified.

  In other words, this network MFP MFP has three peripheral device functions as an electronic mail processing function, a facsimile communication function, a network printer function, and a scan-to-email function as network-compatible peripheral device functions.

  The network MFP MFP also has a local authentication function, and also includes a SAM database MFPd that stores user account information.

  Further, the network scanner device SC has a scan-to-email function for transmitting the read document image data to a specified destination using an electronic mail as its peripheral device function. That is, this network scanner device SC has one peripheral device function as a network peripheral device function.

  The network scanner device SC also has a local authentication function, and also includes a SAM database SCd that stores user account information.

  Here, the user account information is usually registered by combining a user name and a password, and is created for each registered user. In the SAM databases MFPd and SCd, user accounts for a plurality of users are registered. Information is registered.

  FIG. 2 shows a configuration example of the network MFP MFP.

  In the figure, a system control unit 1 performs various control processes such as control processes for each part of the MFP MFP, facsimile communication function control process, copy function control process, scan-to-email function control process, network printer function, and the like. The system memory 2 stores a control processing program executed by the system control unit 1 and various data necessary for executing the processing program, and constitutes a work area of the system control unit 1 The parameter memory 3 is for storing various types of information unique to the network MFP MFP, and the clock circuit 4 is for outputting current time information.

  The scanner 5 is for reading an original image with a predetermined resolution, the plotter 6 is for recording and outputting an image with a predetermined resolution, and the operation display unit 7 operates the network MFP MFP. It consists of various operation keys and various displays.

  The encoding / decoding unit 8 encodes and compresses the image signal, and also decodes the encoded and compressed image information into the original image signal. The image storage device 9 performs encoding and compression. This is for storing a large number of image information in the selected state.

  The group 3 facsimile modem 10 is for realizing the modem function of the group 3 facsimile, and is a low-speed modem function (V.21 modem) for exchanging transmission procedure signals, and mainly for exchanging image information. A high-speed modem function (V.17 modem, V.34 modem, V.29 modem, V.27ter modem, etc.) is provided.

  The network control apparatus 11 is for connecting the network MFP MFP to the analog public line network PSTN, and has an automatic outgoing / incoming function.

  The local area network interface circuit 12 is for connecting the MFP MFP to the local area network LAN, and the local area network transmission control unit 13 is connected to other data terminal devices via the local area network LAN. It is for executing communication control processing of various predetermined protocol suites for exchanging various data between them.

  The authentication service processing unit 14 realizes an authentication function for authenticating a user who operates the network MFP MFP, and has a local authentication function and a remote authentication function performed by referring to the SAM database MFPd. In addition, the authentication service processing unit 14 requests remote authentication from the server device SM via the local area network LAN as necessary.

  The system control unit 1, system memory 2, parameter memory 3, clock circuit 4, scanner 5, plotter 6, operation display unit 7, encoding / decoding unit 8, image storage device 9, group 3 facsimile modem 10, network The control device 11, the local area network transmission control unit 13, the authentication service processing unit 14, and the SAM database MFPd are connected to the internal bus 15, and data exchange between these elements is mainly performed in the internal bus. 15 is done.

  Data exchange between the network control device 11 and the group 3 facsimile modem 10 is performed directly.

  FIG. 3 shows a configuration example of the network scanner device SC.

  In the figure, a system control unit 21 performs various control processes such as a control process for each part of this network scanner device SC and a scan-to-email function control process. The control processing program executed by the unit 21 and various data necessary for executing the processing program are stored, and the work area of the system control unit 21 is configured. The parameter memory 23 is a network scanner. The clock circuit 24 is for storing various types of information unique to the device SC, and the clock circuit 24 outputs current time information.

  The scanner 25 is for reading a document image with a predetermined resolution, and the operation display unit 26 is for operating the network scanner device SC, and includes various operation keys and various displays. .

  The encoding / decoding unit 27 encodes and compresses the image signal and also decodes the encoded and compressed image information into the original image signal. The image storage device 28 encodes and compresses the image information. This is for storing a large number of image information in the selected state.

  The local area network interface circuit 29 is for connecting the network scanner device SC to the local area network LAN, and the local area network transmission control unit 30 is connected to other data terminal devices via the local area network LAN. It is for executing communication control processing of various predetermined protocol suites for exchanging various data between them.

  The authentication service processing unit 31 realizes an authentication function for authenticating a user who operates the network scanner device SC, and has a local authentication function and a remote authentication function performed by referring to the SAM database MFPd. In addition, the authentication service processing unit 31 requests remote authentication from the server device SM via the local area network LAN as necessary.

  These are the system control unit 21, system memory 22, parameter memory 23, clock circuit 24, scanner 25, operation display unit 26, encoding / decoding unit 27, image storage device 28, local area network transmission control unit 30, authentication service The processing unit 31 and the SAM database SCd are connected to an internal bus 32, and data exchange between these elements is mainly performed via the internal bus 32.

  Here, in the present embodiment, basically, data exchange between terminals connected to the local area network LAN is a transmission protocol up to a transport layer called TCP / IP, and more. This is performed by applying a combination with a higher layer communication protocol (so-called protocol suite). For example, in the exchange of e-mail data, a communication protocol called SMTP (Simple Mail Transfer Protocol) is applied as an upper layer communication protocol.

  Further, as a protocol applied to each mail terminal device SM for confirmation of receiving or obtaining an e-mail addressed to the user, a so-called POP (Post Office Protocol) can be applied.

  Further, communication protocols such as TCP / IP, SMTP, POP, and data format and data structure of e-mail are defined by RFC documents issued from IETF. For example, RFC is defined as RFC 793, IP as RFC 793, SMTP as RFC 821, and e-mail format as defined in RFC 822, RFC 1521 and RFC 1522 (MIME (Multipurpose Mail Extension) format).

  In the present embodiment, first, a user who uses this network is registered with a user name and an authentication password. Then, in the network MFP MFP and the network scanner device SC, when the user turns on one of the operation keys of the operation display units 7 and 26, an authentication screen as shown in FIG. A user is requested to input a name and password, perform a predetermined authentication operation, and only a user who has passed the authentication is permitted to operate the terminal.

  It should be noted that the setting registration of whether or not to use the authentication function of the network MFP MFP and the network scanner device SC is made by system setting.

  FIG. 5 shows an example of processing executed by the system control unit 1 of the network MFP MFP in the user operation standby state. The system control unit 21 of the network scanner device SC performs the same process.

  First, a normal state display screen is displayed until any of the operation keys of the operation display unit 7 is turned on (processing 101, NO loop of determination 102).

  When the user turns on one of the operation keys of the operation display unit 7 and the result of determination 102 is YES, the system checks whether or not the use of the authentication function is set systematically (determination 103). .

  When the result of determination 103 is YES, an authentication screen as shown in FIG. 4 is displayed, the user is requested to enter a user name and password, and the user is prompted to enter the user name and password (processing) 104).

  Next, the authentication service processing unit 14 is caused to perform local authentication using the user name and password input in processing 104 (processing 105). In this local authentication, the authentication service processing unit 14 refers to the stored contents of the SAM database MFPd and checks whether the user account information of the input user name is registered. Read the password from the account information and compare it with the entered password. If the password comparisons match, it is determined that the authentication result is OK (that is, login is successful).

  Here, it is checked whether or not the authentication service processing unit 14 determines that the authentication result is OK (determination 106). When the result of determination 106 is YES, a normal operation screen (not shown) is displayed (processing 107). ), Move on to the next process.

  If the result of local authentication is not OK and the result of determination 106 is NO, the authentication service processing unit 14 transmits the user name and password to the external authentication server of the server device SM and requests authentication (processing 108). ).

  As a result, an authentication request is issued to the authentication server function of the server apparatus SM via the local area network LAN, whereby the server apparatus SM performs user authentication with reference to the SAM database SMd, This is sent to the MFP MFP as the authentication request source.

  As a result, the network MFP MFP receives the authentication result from the server device SM. Therefore, it is checked whether or not the reception result is authentication OK (determination 109). The process proceeds to display a normal operation screen (not shown) and proceeds to the next process.

  Further, when the result of determination 109 is NO, the user account cannot be confirmed by the local authentication of the own terminal or the remote authentication of the server device SM, and the user cannot log in to the local area network LAN. Therefore, for example, an error screen for displaying an error message such as “cannot log in” is displayed (processing 110), and the process returns to processing 101 to display the initial screen.

  Further, when it is set that the authentication function is not used systematically and the result of determination 103 is NO, the process proceeds to process 110, an error screen is displayed, and the process returns to process 101 to display the initial screen. indicate.

  In this way, in this embodiment, since the remote authentication system is used when there is no account information in the local authentication system (local authentication means), the authentication system will not function due to various reasons such as power failure or hardware failure. It can be used even when

  When the network MFP MFP or the network scanner device SC has a local authentication system, the user authentication of the network MFP MFP or the network scanner device SC can use an authentication server function. It is possible to reduce the number of account information held in the network, and as a result, it is possible to reduce the cost of the network MFP MFP or the network scanner device SC. In this case, for example, only the account information of the administrator who can manage the settings of the network MFP MFP or the network scanner device SC is registered as a local account, and other general user account information is used as the authentication system of the server device SM. It is possible to operate such as using.

  By the way, when a plurality of authentication systems (authentication means) are provided in the local area network LAN, it is possible to set priorities in the authentication systems used in the network MFP MFP or the network scanner device SC.

  For example, when local authentication, NT authentication, and LDAP authentication can be used in the network MFP MFP or the network scanner device SC, a priority order selection screen as shown in FIGS. 6A and 6B is displayed. The priority order of the authentication can be appropriately set and operated.

  For example, in FIG. 6A, “local authentication”, “NT authentication”, and “LDAP authentication” are arranged in this order, and the priority is set in this order. That is, in this case, local authentication is set to the first priority, NT authentication is set to the second priority, and LDAP authentication is set to the third priority.

  On this screen, when local authentication is selected (the selected item is highlighted in italics) and the keyed down arrow symbol is operated, as shown in FIG. Is lowered by one, and the display changes to a mode in which the priority order of NT authentication, which was the second, is raised by one. In this state, when the “set” button is operated, the contents of the change operation are confirmed, NT authentication is set to the first priority, local authentication is set to the second priority, and LDAP authentication is set to the third priority. Is done.

  If the up arrow symbol with key is operated in the state shown in FIG. 5B, the state changes to the state shown in FIG. 5A. In this state, if the “set” button is operated, the content of the change operation is confirmed. Then, local authentication is set to (first) priority, NT authentication is set to second priority, and LDAP authentication is set to third priority.

  Then, the network MFP MFP or the network scanner device SC stores the priority order setting information for such authentication types in an authentication type priority table as shown in FIG. In this authentication type priority table, three pieces of authentication type information are arranged according to the priority order.

  FIG. 8 shows an example of processing executed by the system control unit 1 of the network MFP MFP in the user operation standby state in this case. The system control unit 21 of the network scanner device SC performs the same process.

  First, a normal state display screen is displayed until any of the operation keys of the operation display unit 7 is turned on (processing 201, NO loop of determination 202).

  When the user turns on one of the operation keys of the operation display unit 7 and the result of determination 202 is YES, the system checks whether or not the use of the authentication function is set systematically (determination 203). .

  When the result of determination 203 is YES, an authentication screen as shown in FIG. 4 is displayed, the user is requested to input a user name and password, and the user is prompted to input a user name and password (processing) 204).

  Next, the value of the counter n is initialized to 1 (process 205), the nth authentication type is determined from the authentication type priority table (process 206), and an authentication process corresponding to the authentication type determined in process 206 is performed. (Processing 207). In the case of local authentication, the authentication service processing unit 14 is caused to perform local authentication using the user name and password input in processing 204. In the case of NT authentication or LDAP authentication, it is remote authentication. The NT authentication server or LDAP authentication server is notified of the user name and password input in the process 204 and requests authentication, and the NT authentication server or LDAP is requested. Receive the authentication result from the authentication server.

  As a result of the authentication process performed in the process 207, it is checked whether or not the authentication is OK (successful login) (decision 208),

  When the result of determination 208 is YES, a normal operation screen (not shown) is displayed (process 209), and the process proceeds to the next process.

  Further, when the result of the authentication in step 207 is not authentication OK and the result of determination 208 is NO, it is checked whether there is another authentication type that can be tried (determination 210), and the result of determination 210 is YES. In some cases, the value of the counter n is incremented by 1 (process 211), and the process returns to process 206 to perform an authentication operation for the next authentication type.

  Further, when the authentication is NG for all the authentication types, that is, when any of the authentication types does not result in authentication OK (login success), and the result of the determination 210 is NO, For example, an error screen for displaying an error message such as “cannot log in” is displayed (process 212), and the process returns to process 201 to display the initial screen.

  If it is set that the authentication function is not used systematically and the result of determination 203 is NO, the process proceeds to process 212, an error screen is displayed, the process returns to process 201, and the initial screen is displayed. indicate.

  In this way, in this embodiment, the priority of the authentication type (authentication means) to be tried can be set, so that operability with higher performance can be realized according to the use environment. For example, most users have account information in the server device SM on the network, and only a specific user (for example, an administrator of the device) has account information locally in the network MFP MFP or the network scanner device SC. In such an environment, it is usually better to obtain authentication from a server on the network first, with less processing overhead and better response. The same applies to a case where a plurality of remote authentications are performed. Usually, the environment of the peripheral device user is various, and it becomes possible to obtain the optimum performance for the environment by using this embodiment.

  By the way, when a failure occurs in the authentication system and it cannot be used, it is preferable to use another authentication system. As described above, when a priority is set for the authentication type, the time required for the next authentication work can be shortened by temporarily lowering the priority of the authentication type in which a failure has occurred. it can. In addition, when the failure that has occurred is resolved and the authentication system is restored, it is possible to return to the original operation mode of the authentication system by returning to the original priority.

  Therefore, in this case, first, as shown in FIGS. 9A and 9B, a reference authentication type priority table storing priority levels of the set authentication types, and a priority level of the current authentication type. Is provided with a reference authentication type priority order table.

  Then, in the initial state, the contents of the reference authentication type priority table are copied to the contents of the reference authentication type priority table. Thereafter, when a failure occurs in the authentication system, the contents of the reference authentication type priority table are appropriately changed. change.

  After this, for example, the status of each authentication system is checked at a fixed time period, and if the failure has been recovered, the priority stored in the reference authentication type priority table for the authentication type of the authentication system concerned The contents of the reference authentication type priority order table are returned to the order.

  FIG. 10 shows an example of processing executed by the system control unit 1 of the network MFP MFP in the user operation standby state in this case. The system control unit 21 of the network scanner device SC performs the same process.

  First, a normal state display screen is displayed until any one of the operation keys on the operation display unit 7 is turned on (NO loop of processing 301 and determination 302).

  When the user turns on one of the operation keys of the operation display unit 7 and the result of determination 302 is YES, the system checks whether or not the use of the authentication function is set systematically (determination 303). .

  When the result of determination 303 is YES, an authentication screen as shown in FIG. 4 is displayed, the user is requested to input a user name and password, and the user is prompted to input a user name and password (processing) 304).

  Next, the value of the counter n is initialized to 1 (process 305), the nth authentication type is determined from the reference authentication type priority table (process 306), and the authentication corresponding to the authentication type determined in process 306 is performed. Processing is performed (processing 307). That is, in the case of local authentication, the authentication service processing unit 14 is caused to perform local authentication using the user name and password input in processing 304. In the case of NT authentication or LDAP authentication, it is remote authentication. The NT authentication server or LDAP authentication server is notified of the user name and password input in the process 304 and requests for authentication, and the NT authentication server or LDAP is requested. Receive the authentication result from the authentication server.

  As a result of the authentication process performed in the process 307, it is checked whether or not the authentication is OK (login success) (decision 308),

  When the result of determination 308 is YES, a normal operation screen (not shown) is displayed (process 309), and the process proceeds to the next process.

  Further, when the result of the authentication in step 307 is not authentication OK and the result of determination 308 is NO, it is checked whether a failure has occurred in the authentication system attempted at that time (determination 310). The determination as to whether or not a failure has occurred in the authentication system can be performed by an appropriate well-known method unique to the authentication system, and thus description thereof is omitted here.

  When the result of determination 310 is YES, the priority of the authentication type in the reference authentication type priority table is changed to the lowest order (process 311). Further, when the result of determination 310 is NO, processing 311 is not performed.

  Next, it is checked whether there are other authentication types that can be tried (decision 312). When the result of determination 312 is YES, the value of the counter n is incremented by one (processing 313), and the processing returns to processing 306. The authentication operation for the authentication type is performed.

  Further, when all the authentication types are authenticated NG, that is, when any of the authentication types is tried and the authentication is not OK (successful login), and the result of the determination 312 is NO, For example, an error screen for displaying an error message such as “cannot log in” is displayed (process 314), and the process returns to process 301 to display the initial screen.

  If it is set that the authentication function is not used systematically and the result of determination 303 is NO, the process proceeds to process 314, an error screen is displayed, the process returns to process 301, and the initial screen is displayed. indicate.

  FIG. 11 shows an example of processing for restoring the contents of the changed reference authentication type priority table when a failure that has occurred in the authentication system is recovered. This process is performed periodically, for example, at regular time intervals (one day, one hour, etc.).

  First, the contents of the reference authentication type priority table and the contents of the reference authentication type priority table are compared (process 401), and it is checked whether they match (decision 402). When the result of determination 402 is YES, this process ends.

  When the result of determination 402 is NO, the value of the counter n is set to 1 (process 403), the nth authentication type in the reference authentication type priority table is determined (process 404), and the authentication type The authentication system is inspected (process 405). Since this inspection method of the authentication system can be performed by an appropriate well-known method unique to the authentication system, description thereof is omitted here.

  Then, the inspection result at that time is stored (process 406), and it is checked whether or not there is the next authentication type (determination 407). When the result of determination 407 is YES, the value of the counter n is increased by 1 (process). 408) Returning to the processing 404, the authentication system of the next authentication type is inspected.

  When the verification of the authentication system is completed for all the authentication types and the result of determination 407 is NO, the reference authentication type priority table based on the verification results for the confirmation certificate system stored in process 406 Is changed (processing 409). In this case, for example, for the authentication type that is normal in the inspection result, the priority in the reference authentication type priority table is set to the priority in the standard authentication type priority table.

  In this way, in this embodiment, since the priority order of the failed authentication system is temporarily changed to the lowest order, a more efficient authentication response can be obtained.

  A backup function of the authentication system can also be realized by separating the authentication system used at normal time and the authentication system used at abnormal time.

  By the way, as described above, when a plurality of authentication systems are used properly, the functions usable by the user can be restricted or set for each authentication system in which the user is authenticated.

  For example, when only the administrator user account information is registered in the SAM databases MFPd and SCd used for local authentication and the general user account information is registered in the SAM database SMd of the server device SM, the network composite It is local authentication that the administrator user of the MFP or network scanner device SC is authenticated, and remote authentication is that the general user is authenticated.

  Therefore, registration information of a function permitted to be used for each authentication system is created and stored in the network MFP MFP or the network scanner device SC, and the operation user at that time is authenticated by local authentication. The operation is permitted based on the registration information registered in the local authentication, and when the operation user at that time is authenticated by the remote authentication, the operation is performed based on the registration information registered in the remote authentication. to approve.

  An example of the authentication-specific registration information table referred to at this time is shown in FIG. This authentication-specific registration information table is for the network MFP MFP. In the case of the network scanner SC, only initial settings and scanner-related information are registered.

  This authentication-specific registration information table includes “initial setting authority information” indicating whether or not the initial setting operation of the network MFP MFP is permitted, and “copy usage authority” indicating whether or not the copying function of the network MFP MFP is allowed. "Information", "Copy usage registration information" for setting various functions that can be used when using the copying function, and "whether to allow use of the scan-to-email function of the network MFP MFP" "Scanner usage authority information", "Scanner usage registration information" for setting various functions that can be used when using the scan-to-email function, whether to allow the use of the fax transmission function of the MFP MFP "Fax transmission authority information" indicating whether or not, and "Fax transmission use registration information" for setting various functions that can be used when using the fax transmission function "Printer use authority information" indicating whether or not to allow use of the network printer function of the network MFP MFP, and "Printer use" for setting various functions usable when using the network printer function Registration information ".

  Further, the registration information table for each authentication is registered by operating the operation display unit 7 of the network MFP MFP.

  For example, when an available function is registered for authentication type A (local authentication), the initial screen of the registration screen is as shown in FIG. 13A, and “initial setting” is set as a usable function. Therefore, when the button “initial setting” is turned on, the display of the button “initial setting” is in a registered state (displayed in bold italic in the figure) as shown in FIG. “Initial setting” is registered as a function.

  Normally, for “initial setting”, only a group having administrator authority is registered to be usable.

  In addition, when registering available functions for authentication type B (remote authentication), the initial screen of the registration screen is as shown in FIG. 5C, and the “copy” function is available as a usable function. When the button “Copy” is turned on in order to set an image, a screen for registering setting conditions and the like that can be further used in the copy function is displayed as shown in FIG. 14A. By appropriately operating the item, the registration contents to the copy use registration information are designated. When the registration is completed and the button “SET” is operated, the registration content in the copy usage registration information is determined, and the screen returns to the screen as shown in FIG. On this screen, the button “Copy” that has already been registered is in a registered state.

  As a result, information representing “copy usage permission” is registered in the copy usage authority information of the registration information table classified by authentication, and various information applicable when using the determined copy function is registered in the copy usage registration information. Is done.

  Similarly, when registering the scan-to-email function, operate the button “scanner”, register the available functions on the registration screen that follows, and register the network printer function. The button “printer” is operated, and predetermined usable functions and the like are registered on the subsequent registration screen.

  On the screen after registering these three functions, the display forms of the button “copy”, the button “scanner”, and the button “printer” are registered as shown in FIG.

  Similarly, when the button “fax transmission” is operated, information related to the fax transmission is stored, and the display form of the button “fax transmission” is in a registered state on the subsequent registration screen.

  In addition, as the use registration information, for example, in the case of copy use registration information, as described above, the print color, the number of prints, the paper feed tray, and the like are registered. In the case of printer use registration information, the print color, the number of printed sheets, the paper feed tray, and the like are registered. In the case of scanner use registration information and facsimile transmission use registration information, information for restricting output destinations, usable paper sizes, encoding method designation information, and the like are registered. The information for limiting the output destination is, for example, “unlimited”.

  In addition, as the registration information table classified by authentication, for example, as shown in FIG. 12B, usable time zone information for designating a usable time zone can be added. In this case, the network MFP MFP can restrict the use so as to permit the use of the user only in the available time zone set for the authentication type to which the user is applied.

  FIG. 15 shows an example of processing when a user operation is input from the normal operation screen in this case.

  When a user operation input is performed (process 501), the function input at that time and the authentication type of the user are determined (process 502), and the function is determined from the authentication-specific registration information table corresponding to the authentication type. The usage authority information and usage registration information corresponding to the above are read out (process 503), and it is checked whether the user can use the function (determination 504). When the result of determination 504 is YES, according to the content of the usage registration information Then, the operation screen is edited (process 505), and the selected function process (peripheral device function process) is executed (process 506).

  If the result of determination 504 is NO, for example, an error message such as “no use authority” is displayed (process 507), and this process ends.

In this way, in this embodiment, users can be restricted for each system for which authentication has been obtained. For example, the authentication system is divided between external visitors and in-house users, and usage restrictions are applied to each. It is also possible to apply, and the degree of freedom of operation form increases.
In addition, since the priority order of the authentication system can be set, it is possible to realize operability with higher performance according to the use environment.
In addition, by setting the priority of authentication means that are determined to be faulty temporarily to a lower order, it is possible to avoid the situation of using authentication means that cause a failure and the response time is greatly delayed. An efficient authentication response can be obtained.

  Each embodiment described above is applied to the network MFP MFP or the network scanner device SC. However, the present invention relates to other network compatible peripheral devices such as a network printer device, a network compatible copy device, and the like. Can be applied in the same manner.

  Further, the network system to which the present invention is applied is not limited to the above-described embodiment. Further, the type of authentication server existing on the network, the type of basic software (operating system) to be introduced, and the like are not limited to those of the above-described embodiments.

1 is a block diagram showing a network system according to an embodiment of the present invention. FIG. 3 is a block diagram showing a configuration example of a network MFP MFP. The block diagram which showed the structural example of the network scanner apparatus SC. Schematic which showed an example of the authentication screen. 6 is a flowchart showing an example of processing executed by the system control unit 1 of the network MFP MFP in a user operation standby state. Schematic which showed an example of the priority order selection screen. Schematic which showed an example of the authentication classification priority table. 12 is a flowchart showing another example of processing executed by system control unit 1 of network multifunction peripheral MFP in a user operation standby state. Schematic which showed an example of the reference | standard authentication classification priority table and the reference authentication classification priority table. 12 is a flowchart showing still another example of processing executed by the system control unit 1 of the network MFP MFP in a user operation standby state. The flowchart which showed an example of the process in the case of recovering the content of the changed reference authentication classification priority table when the failure which generate | occur | produced in the authentication system recovered. Schematic which showed an example of the registration information table classified by authentication. Schematic which showed an example of the registration screen. Schematic which showed the other example of the registration screen. The flowchart which showed an example of the process when a user operation is input from the normal operation screen.

Explanation of symbols

MFP network MFP SC network scanner device SM server device MFPd, SCd, SMd SAM database LAN Local area network

Claims (4)

And at least one peripheral device function, in the network corresponding peripheral device and a network communication function to execute the peripheral function accepts the use of the peripheral device features than the other terminal devices via the connected to the network the network,
A local authentication means for realizing a local authentication function for authenticating a user locally;
A plurality of network authentication functions provided in the network, network authentication means for authenticating a user using a network authentication function that uses account information input by the user in common with the local authentication function;
An authentication type priority table in which priorities are set for the respective types of the local authentication function and the plurality of network authentication functions, and a user corresponding to each type of the local authentication function and the plurality of network authentication functions. A storage means for storing a registration information table classified by authentication in which registration information of peripheral device functions permitting is set;
(A) when performing user authentication, accepts input of user account information, (b) selects the local authentication function or any one of the network authentication functions according to the authentication type priority table, and (c) the local authentication When the function is selected, the local authentication unit is allowed to authenticate the user based on the account information received from the user. (D) When any one of the network authentication functions is selected, the network authentication unit is The network authentication function is used to authenticate the user based on the account information received from the user, and (e) when the local authentication means authenticates the user, the local information set in the authentication-specific registration information table The user is allowed to use the peripheral device function corresponding to the authentication function, and the network When the authentication means authenticates the user, and set in the authentication by the registration information table, that the use of peripheral function corresponding to the type of network authentication function authenticates the user and control means for permitting the user A network-enabled peripheral device. The control unit is configured to use the local authentication function or the network authentication function in a state in which the higher priority set in the authentication type priority table among the local authentication function and the plurality of network authentication functions is not available. 2. The network compatible peripheral device according to claim 1 , wherein the priority order is temporarily set to the lowest order . Control of a network-enabled peripheral device having at least one peripheral device function and a network communication function for connecting to a network and receiving the use of the peripheral device function from another terminal device via the network and executing the peripheral device function A method,
The network-compatible peripheral device includes a local authentication function for locally authenticating a user and a plurality of network authentication functions provided in the network, wherein the network authentication function uses the account information input by the user in common with the local authentication function An authentication type priority table in which priorities are set for each type, and registration information of peripheral device functions that are allowed to be used by the user corresponding to each type of the local authentication function and the plurality of network authentication functions are set. Storage means for storing the registration information table classified by authentication,
In the network compatible peripheral device,
A local authentication step for realizing the local authentication function;
A network authentication step of authenticating a user using the plurality of network authentication functions;
(A) when performing user authentication, accepts input of user account information, (b) selects the local authentication function or any one of the network authentication functions according to the authentication type priority table, and (c) the local authentication When the function is selected, the local authentication unit is allowed to authenticate the user based on the account information received from the user. (D) When any one of the network authentication functions is selected, the network authentication unit is The network authentication function is used to authenticate the user based on the account information received from the user, and (e) when the local authentication means authenticates the user, the local information set in the authentication-specific registration information table The user is allowed to use the peripheral device function corresponding to the authentication function, and the network When the authentication unit authenticates the user, a control step of permitting the user to use a peripheral device function corresponding to the type of the network authentication function for authenticating the user set in the authentication-specific registration information table is executed. A method for controlling a network-enabled peripheral device. The control step may include the local authentication function or the network authentication function in a state where the higher priority set in the authentication type priority table among the local authentication function and the plurality of network authentication functions is not available. 4. The method for controlling a network-enabled peripheral device according to claim 3, wherein the priority order is temporarily set to the lowest order.

Images