JP4464309B2 - Image forming system, image forming apparatus, service cooperation processing method, computer-readable storage medium storing program, and program - Google Patents

Description

  The present invention relates to an image forming system in which a plurality of information processing apparatuses on a network and a plurality of image forming apparatuses having different services communicate with each other to perform composite image processing in cooperation with services provided by the respective image forming apparatuses. is there.

  In recent years, a program called a Web service using SOAP (Simple Object Access Protocol) / XML is operated on an information processing apparatus, and data exchange and data processing are performed between information processing apparatuses configured by different architectures.

  Conventionally, data exchange and data processing between information processing apparatuses have been performed by Microsoft (registered trademark) DCOM (Distributed Component Object Model), OMG (Object Management Request Broker) (CORBA (Common Object Request Broker) registered by the United States). It has been performed only between devices that recognize a specific protocol such as a trademark (RMI) (Java (registered trademark) Remote Method Invocation). Web services, on the other hand, can be processed by any device that can interpret text-based data structures called XML and SOAP, and exchange data between different models regardless of the architecture of information processing devices such as OS. It is rapidly becoming popular because it enables it.

  In addition, image forming apparatuses such as printing apparatuses and multi-function apparatuses (MFPs) have come to have data processing capabilities equivalent to those of information processing apparatuses. Data exchange and data processing have been performed with image forming apparatuses.

For example, Japanese Patent Application Laid-Open No. 2004-151867 describes a technology that enables setting of whether a signature of an issuer (user) is requested for data being processed by a cooperation server when processing a service cooperation job.
JP 2004-192273 A

  The Web service is not only for calling a Web service that operates on one of the two information processing apparatuses and performing data processing, but also for processing by linking Web services that operate on a plurality of information processing apparatuses. There is a big feature in that it can be made.

  However, even if a user is permitted to process in a certain service, the process may not be permitted in other services. If all services executed for a series of processes are not permitted, It was common to disallow the entire process.

  In Patent Document 1, when a plurality of services are linked, it is possible to select whether or not a signature is required. By attaching a signature, tampering in the middle of the path is prevented, and the data generation source However, there is no mention of a procedure in the case where there is a service that is not permitted to be accessed along the route.

  The present invention has been made to solve the above-described problems, and an object of the present invention is to provide a user in a case where a specific image processing service requested by the user from the image forming apparatus requires cooperation with another image forming apparatus. Even if the authentication is denied to the other image forming apparatus, the authentication information of the specific image processing service of the requesting image forming apparatus is accompanied and the other image forming apparatus is requested to execute the specific image processing service. When the service authentication in the requesting image forming apparatus can be confirmed by another image forming apparatus, the access right is controlled so that the requested specific image processing service can be executed. In a composite image processing service consisting of a plurality of services that operate on these devices, access restrictions differ for each service for service users. Even when there is a processing request from a user who does not have the authority to execute a part of the processing, a certain access restriction is ensured by using the authority of the calling service based on the trust relationship between services in each image forming device. An image forming system, an image forming apparatus, a service cooperation processing method, and a computer-readable program capable of executing a series of specific image processing services while properly cooperating with each other under a system environment And a storage medium storing the program.

  The image forming system of the present invention that achieves the above object has the following configuration.

  An information terminal that makes an image processing request, an authentication information terminal that authenticates the authority of a user or service provided by each image forming apparatus to a plurality of image forming apparatuses, and an image forming apparatus that can be connected to the information terminal can communicate with each other In this image forming system, the information terminal acquires user authentication information for each user who logs in from the authentication information terminal, and forms an image together with the acquired user authentication information for any image forming apparatus. Service request means for outputting an image processing service request provided by the apparatus, and the authentication information terminal is one of user authentication means for performing user connection authentication from the information terminal or user authority authentication from each image forming apparatus, Service authentication means for authenticating service authority from the image forming apparatus, and any one of the image forming apparatuses includes the information terminal. A first service requesting unit for requesting another image forming apparatus to perform a specific image processing service request accompanied by user authority authentication authenticated by the authentication information terminal with respect to the user authentication information acquired from the first authentication request, and the first service request Based on a specific image processing service request response from another image forming apparatus to the means, the specific image processing service request is re-outputted to the image forming apparatus with the service authentication information of the own apparatus authenticated by the authentication information terminal. A second service request unit; an acquisition unit that acquires output information generated by another image forming apparatus in response to a request from the second service request unit; and an output unit that outputs the output information acquired by the acquisition unit. And any other image forming apparatus authenticates the user authentication information acquired from the image forming apparatus at the authentication information terminal. User authentication requesting means for requesting authentication, service authentication requesting means for requesting authentication at the authentication information terminal for service authentication information acquired from the image forming apparatus, and the user authentication requesting means or the service authentication requesting means by the service authentication requesting means Service execution means for executing a specific image processing service based on an authentication result at the authentication information terminal, and reply means for returning output information generated by the service execution means to an image forming apparatus that is a service request source. Features.

  The image forming apparatus of the present invention that achieves the above object has the following configuration.

  An image forming apparatus capable of processing a specific image processing service from a user who has received an image processing request from an information terminal and authenticated by the authentication information terminal in cooperation with a service provided by another image forming apparatus, from the information terminal First service requesting means for making a request for a specific image processing service with user authority authentication authenticated by the authentication information terminal for the acquired user authentication information to another image forming apparatus; and the first service requesting means In response to a specific image processing service request response from another image forming apparatus to the image forming apparatus, the specific image processing service request is transmitted to the image forming apparatus with the stored service authentication information of the own apparatus authenticated by the authentication information terminal. A second service requesting means for re-outputting, and an output generated by another image forming apparatus in response to the request by the second service requesting means. And having an acquisition unit configured to acquire information, and output means outputting an image output information acquired by the acquisition unit.

  An image forming apparatus that receives an image processing request from an information terminal and can process a specific image processing service from a user who is authenticated by an authentication information terminal in cooperation with a service provided by another image forming apparatus. User authentication request means for requesting authentication at the authentication information terminal for user authentication information to be acquired, and Service authentication request means for requesting authentication at the authentication information terminal for service authentication information acquired from an image forming apparatus A service execution unit for executing a specific image processing service based on an authentication result at the authentication information terminal by the user authentication request unit or the service authentication request unit, and a service request for output information generated by the service execution unit. And a reply means for replying to the original image forming apparatus.

  The service cooperation processing method in the image forming system of the present invention that achieves the above object has the following configuration.

  An information terminal that makes an image processing request, an authentication information terminal that authenticates the authority of a user or service provided by each image forming apparatus to a plurality of image forming apparatuses, and an image forming apparatus that can be connected to the information terminal can communicate with each other A service cooperation processing method in an image forming system, in which an information terminal acquires user authentication information for each user who logs in from the authentication information terminal, and acquires the acquired user for any image forming apparatus A service request step for outputting an image processing service request provided by the image forming apparatus together with the authentication information, and the authentication information terminal performs user connection authentication from the information terminal or user authentication from each image forming apparatus. And a service authentication step for authenticating service authority from any of the image forming apparatuses. Any one of the image forming apparatuses performs a specific image processing service request with user authority authentication authenticated by the authentication information terminal with respect to the user authentication information acquired from the information terminal to the other image forming apparatus. The service request step and the specific image processing service request response from another image forming apparatus with respect to the first service request step. A second service request step for re-outputting the image processing service request to the image forming apparatus; an acquisition step for acquiring output information generated by another image forming apparatus in response to the request by the second service request step; An output step of outputting an image of the output information acquired by the acquisition step, any other image forming apparatus, A user authentication requesting step for requesting authentication at the authentication information terminal for user authentication information acquired from the image forming apparatus; and a service authentication requesting step for requesting authentication at the authentication information terminal for service authentication information acquired from the image forming apparatus. A service execution step for executing a specific image processing service based on an authentication result at the authentication information terminal in the user authentication request step or the service authentication request step, and a service request for output information generated by the service execution step. A reply step for replying to the original image forming apparatus.

  The service cooperation processing method in the image forming apparatus of the present invention that achieves the above object has the following configuration.

  A service cooperation processing method in an image forming apparatus that receives an image processing request from an information terminal and can process a specific image processing service from a user who is authenticated by an authentication information terminal in cooperation with a service by another image forming apparatus. A first service requesting step of requesting another image forming apparatus to perform a specific image processing service request accompanied by user authority authentication authenticated by the authentication information terminal with respect to the user authentication information acquired from the information terminal; Based on a specific image processing service request response from another image forming apparatus with respect to one service request step, the specific image processing service request with the stored service authentication information of the own device authenticated by the authentication information terminal A second service request step for re-outputting the image to the image forming apparatus, and the second service request step. And having an acquisition step of acquiring output information generated by another image forming apparatus, and an output step of outputting an image output information acquired by the acquisition step with respect.

  A service cooperation processing method in an image forming apparatus capable of processing a specific image processing service from a user who has received an image processing request from an information terminal and authenticated by the authentication information terminal in cooperation with a service by another image forming apparatus. A user authentication requesting step for requesting authentication at the authentication information terminal for user authentication information acquired from the image forming apparatus, and a service for requesting authentication at the authentication information terminal for service authentication information acquired from the image forming apparatus. An authentication request step, a service execution step for executing a specific image processing service based on an authentication result at the authentication information terminal in the user authentication request step or the service authentication request step, and output information generated by the service execution step A reply step for returning the response to the image forming apparatus of the service request source, Characterized in that it has.

  According to the present invention, in a composite image processing service composed of a plurality of services that operate on a plurality of devices or a single device, access restrictions on each service differ for service users, and a series of processing A system that guarantees certain access restrictions by using the authority of the calling service based on the trust relationship between services in each image forming device even when there is a processing request from a user who does not have the authority to execute in part Under a circumstance, a series of specific image processing services can be executed while properly cooperating with a plurality of image forming apparatuses.

  Next, the best mode for carrying out the present invention will be described with reference to the drawings.

<Description of system configuration>
[First Embodiment]
Embodiments of the present invention will be described below with reference to the drawings.

  FIG. 1 is a diagram illustrating a network configuration of an image processing system to which the image forming apparatus according to the first embodiment of the present invention can be applied. As an example of an image forming apparatus, printers 103 and 104 are connected to a network and each of them is predetermined. Although an example of a system that can communicate with each other using the above protocol is shown, the present invention can be applied even if the image forming apparatus is a complex machine that performs complex image processing in cooperation with a scanner function, a printer function, or the like.

  In FIG. 1, information processing apparatuses 101 and 102 and image forming apparatuses 103 and 104 are connected to a LAN (local area network) 105 such as Ethernet (registered trademark) and can directly communicate with each other.

  In FIG. 1, each image forming apparatus is connected to the same LAN 105. However, a LAN can form a WAN (wide area network) by connecting a plurality of LANs. It goes without saying that the present embodiment can be realized as long as it is connected to such a LAN, and it is not always necessary to connect to the same LAN. Further, the information processing apparatus 102 may be configured as a server apparatus that performs token authentication processing for a specific user or service from the image forming apparatuses 103 and 104 or the information processing apparatus 101 as described later. In the present embodiment, the term token is a kind of authority information on the network, and is registered in the information processing apparatus 102 or the like as authority information set for each user or in the image forming apparatuses 103 and 104. The authentication processing is executed by checking the token authentication request from the image forming apparatuses 103 and 104 with each other.

  FIG. 2 is a block diagram illustrating the configuration of the image forming apparatus according to the first embodiment of the present invention, and is an internal configuration example of the image forming apparatuses 103 and 104 in the image processing system shown in FIG.

  In FIG. 2, the network interface 201 is connected to the LAN 105 shown in FIG. 1, and similarly communicates with a device connected to the LAN 105 or a device connected to another LAN connectable via the LAN 105. Data received from the LAN 105 by the network interface 201 is processed for each protocol by the protocol stack 202, and then sent to the command analysis unit 203 under the arbitration of the device control unit 208 to analyze the contents. .

  When the command analysis unit 203 analyzes that the received data is a print request called a print job, the data management unit 209 stores the print job in a print queue that occupies a certain area under the control of the data management unit 209. .

  Here, the print queue is a FIFO (First In First Out) queue, and printing is generally performed in the order stored in the print queue. However, the print order can be changed by a job control command. .

  The job control unit 211 monitors the print queue of the data storage unit 210. If print jobs are accumulated, the job control unit 211 inquires of the print control unit 214 to check whether print processing is possible. The print data included in the print job placed at the head of the print queue of the data storage unit 210 is transferred to the image processing unit 212.

  The image processing unit 212 performs various image processes and converts print data into a print image. Then, the generated print image for one page is transferred to the page memory 213.

  Upon detecting that the print image is placed in the page memory 213, the print control unit 214 instructs the printer engine 215 to print the contents of the page memory 213 on the print medium.

  In this way, the print request is processed by repeating the image processing in the image processing unit 212, the development to the page memory 213, and the print processing by the printer engine 215 for all pages of the print data in the print job.

  In addition to the network interface 201, the image forming apparatuses 103 and 104 have a local interface 207 such as IEEE1284 or USB (Universal Serial Bus), and can accept processing requests from an information processing apparatus or the like.

  The input / output control unit 206 acquires the state of the image forming apparatus from the device control unit 208, generates a display screen by the screen generation unit 204 based on the acquired state, displays the display screen on the operation panel 205, When notification of contact detection with the finger on the operation panel 205 is notified, processing associated with a screen element such as a button corresponding to the contact position is performed.

  A scanner control unit 216 controls the scanner 217 to acquire document image data, and stores it in the data storage unit 210 under the control of the data management unit 209.

  FIG. 3 is a block diagram illustrating an example of an internal configuration of the information processing apparatuses 101 and 102 illustrated in FIG.

  In FIG. 3, the CPU 301 executes a program stored in a RAM 302 or the like, or stores a program stored in a floppy (registered trademark) disk 310 or a hard disk (HD) 312 inserted in a floppy (registered trademark) disk drive 310. Data is loaded into the RAM 302, or conversely, the contents of the RAM 302 are stored in the FD 310 or the HD 312.

  Reference numeral 303 denotes a video controller that projects processing information and the like on a connected display 304. Reference numeral 306 denotes an input device such as a keyboard and a mouse. Input from these devices is processed by a program running on the CPU via the controller 305. The network controller 307 is connected to the LAN 105 in FIG. 1 via the HUB 308 and communicates with devices on the network. The CPU 301, the RAM 302, and each controller are connected to the internal bus 313, and exchange control information and data.

  FIG. 4 is a block diagram for explaining a module of a system including the information processing apparatuses 101 and 102 and the image forming apparatuses 103 and 104 shown in FIG.

  In FIG. 4, a user (User-A) requests login to the login service 401 operating on the information processing apparatus 101 called a client by passing authentication information including a login name and a password.

  The login service 401 of the information processing apparatus 101 transfers the authentication information to an authentication / authorization service (AAS) 406 operating on the information processing apparatus 102 called an authentication server, and registration information (in which authentication information is registered in advance) ( For example, authentication processing is performed to determine whether or not it matches (stored in the hard disk 312 or the like shown in FIG. 3).

  When the authentication / authorization service (AAS) 406 of the information processing apparatus 102 determines that the authentication information matches the registration information, the AAS 406 gives an affirmative response, and if it does not match, it gives a negative response. Return to 401.

  In response to this, the login service 401 permits the user who provided the authentication information to access the information processing apparatus 101 when an affirmative response is returned from the AAS 406, and if a negative response is returned, The user is prompted again for authentication information, and access to the information processing apparatus 101 is not permitted.

  Then, User-A that is permitted to access the information processing apparatus 101 by the login service 401 of the information processing apparatus 101 can execute a program such as the PDF application 402 and perform a desired operation.

  Here, the PDF application is Adobe System Inc. Is a program that can display, edit, print, etc., a PDF (Portable Document File) document file that has been developed and published specifications.

  Then, when User-A instructs the PDF application 402 to print the contents of the PDF document file currently displayed on the display 304 from the image forming apparatus (MFP) 103, the PDF application 402 displays the token of User-A. At the same time, a PDF print service (hereinafter referred to as PDFP-S) 404 of the image forming apparatus 103 is called via the SOAP handler 403. The SOAP handler is a module that analyzes a SOAP message having an XML format data structure, executes a Web service corresponding to the SOAP message, and converts an execution result of the Web service into a SOAP message.

  Note that PDF-S 404 is a Web service executed by a SOAP message.

  Here, the PDF-S 404 registers the PDF-S 404 with the AAS 406 of the information processing apparatus 102 before being installed in the image forming apparatus 103 by the administrator.

  Here, the registration process is generally performed from a management program activated on the information processing apparatus 102. By this registration process, the AAS 406 registers the authentication information composed of the user name and password of the PDF-S404 in the management database (corresponding to data stored in the HD 312 in FIG. 3), and at the same time installs the PDFP-S404. The image forming apparatus 103 is registered as a reliable apparatus.

  Further, when the administrator installs PDFP-S 404 in the image forming apparatus 103, it is necessary to convert the received PDF data into PCL (Printer Control Language) that can be interpreted by the print engine 405. Is not equipped with a module for performing the conversion process, it is necessary to use a PDF-PCL conversion service (hereinafter referred to as PDF to PCL-S) 408 operating on the image forming apparatus 104 capable of the conversion process. The user name and password registered in the AAS 406 are input to the AAS 406, and an authentication token is acquired from the AAS 406.

  At the same time, the user name and password are encrypted and stored in the data storage unit 210 of the image forming apparatus 103.

  Next, the PDF-S 404 transmits a call permission request for PDF to PCL-S 408 to the SOAP handler 407 of the image forming apparatus 104 via the SOAP handler 403 together with the previously acquired token to the image forming apparatus 104 that is the call destination. .

  Upon receiving the service call request, the SOAP handler 407 of the image forming apparatus 104 passes the authentication token and the IP address to the image forming apparatus 103 to the AAS 406 to request token authentication and reliability check. In the case of OK, a pair of identification information (IP address) of the image forming apparatus 103 and identification information of PDFP-S404 is registered in the call permission service list as shown in FIG. The permission response is returned to the PDF-S 404 of the image forming apparatus 103 via the SOAP handler 403.

  With the above processing, the image forming apparatus 103 that has received the call permission response is configured to call PDF to PCL-S 408 of the image forming apparatus 104 in response to the subsequent call of PDF-S 404.

  That is, the PDF-S 404 of the image forming apparatus 103 called from the PDF application 402 in response to a print request from the image forming apparatus 103 to the PDF application 402 by User-A described above converts PDF data to PCL data. For processing, the PDF to PCL-S 408 of the image forming apparatus 104 is called, and the PCL data received as a response to the call is passed to the print engine 405 to perform printing processing.

  In the image processing system configured as described above, in the present embodiment, the administrator of the image forming apparatus 104 uses the image forming apparatus 103 as a trusted device for the authentication authorization service (hereinafter, AAS) 406 of the information processing apparatus 102. sign up. Then, the administrator of the image forming apparatus 103 registers user information of the PDF print service (hereinafter, PDFP-S) 404 in the AAS 406. When the PDF-S 404 is installed in the image forming apparatus 103, a PDF-to-PCL data conversion service (hereinafter, PDF to PCL-S) 408 called from the PDF-S 404 is designated.

  For example, when specifying PDF to PCL-S 408 of the image forming apparatus 104, the authentication token of the PDF-S 404 of the image forming apparatus 103 is acquired from the information processing apparatus 102 (at this time, the administrator is required to input a password or the like, The password is securely stored in the HDD or the like), and a service call permission request including an authentication token is transmitted to PDF to PCL-S408 of the image forming apparatus 104.

  In response to this request, the PDF to PCL-S 408 of the image forming apparatus 104 inquires of the AAS 406 and determines whether or not the image forming apparatus 103 as the request transmission source is reliable. If it is determined that the information is reliable (registered in the device to be trusted), a pair of identification information of PDFP-S 404 and identification information of the image forming apparatus 103 is stored in the data storage unit 210 as a call permission service list.

  Hereinafter, a case will be described as an example where User-A calls a PDF print service 404 of the image forming apparatus 103 from a PDF application (Adobe Acrobat Reader, etc.) 402 operating on the information processing apparatus 101 to perform printing.

  (1) When User-A issues a login request to the information processing apparatus 101, the login service 401 passes authentication information such as a user name / password to the AAS 406 of the information processing apparatus 102 (2). The resources of the device 101 become available.

  When a PDF print request is made to the image forming apparatus 103 by operating the PDF application 402 of the information processing apparatus 101, a User-A authentication token is first acquired from the information processing apparatus 102 via the login service 401 (3). .

  Next, PDFFP-S404 of the image forming apparatus 103 is called together with the authentication token acquired from the information processing apparatus 102 (4). In response, the PDF-S 404 sends the received User-A authentication token to the AAS 406 of the information processing apparatus 102, and determines whether access is permitted (5).

  If the access is permitted, the PDF to PCL-S408 of the image forming apparatus 104 is called together with the PDF data for printing the User-A token (6).

  Here, the PDFtoPCL-S408 sends the User-A token to the AAS 406, and determines whether or not there is an access right (7). If there is an access right, the image forming apparatus 104 performs PDF to PCL conversion, and returns the processing result to the PDF-S 404 of the image forming apparatus 103.

  On the other hand, if there is no access right, a response indicating no access right is returned to the image forming apparatus 103 (8).

  The image forming apparatus 103 that has received the response without access right acquires the authentication token of the PDF-S 404 from the AAS 406 using the password for the PDF-S 404 stored in the HDD (9), and PDFtoPCL-S408 together with the acquired token. (10).

  Then, the PDF to PCL-S 408 sends the received authentication token to the AAS 406, and when the token is authenticated, the service and the calling device associated with the authentication token are equal to the trusted service and device pair stored in the HDD. The PDF to PCL-S 408 determines whether or not (11). If they are equal, the PDF to PCL process is performed, and the result (PCL data) is returned to the PDF-S 404 of the image forming apparatus 103 (12). The PDFP-S 404 that has received the processing result performs other processing, and finally sends PCL data to the print engine 405 for printing (13).

  As described above, the image forming apparatus 104 determines whether or not the processing can be performed when the request service token is passed depending on whether the service requesting device and the service match the registered service and the device. Even if the password of the requested service is stolen, if a request is issued from a different device, the request is rejected, so that a service delegation process with a high security level can be performed. Hereinafter, the details of the service delegation process in the present embodiment will be described.

  FIG. 5 is a diagram illustrating an example of a SOAP message transmitted / received between the information processing apparatus 101 illustrated in FIG. 1 and the service of the image forming apparatus 103 and between the service of the image forming apparatus 103 and the service of the image forming apparatus 104.

  As shown in FIG. 5, the SOAP message is divided into a header and a body part, an authentication token 701 for identifying a user or service desired to execute the service is set in the header part, and a service to be executed is set in the body part. Identifier and processing data 702.

  6 is a diagram showing an example of access control information managed by the information processing apparatus 102 shown in FIG. 1. The information processing apparatus 102 shown in FIG. 1 functions as an authentication authorization server and is set for each service. This is an example of managing access control information.

  In FIG. 6, reference numeral 801 denotes access control information of a PDF print service (PDFP-S404) executed by the image forming apparatus 103, which indicates that access to both User-A and User-B is permitted. Yes.

  802 is access control information of a PDF-PCL conversion service (PCL to PDF-S408) executed by the image forming apparatus 104. Access to User-A is not permitted, and access to User-B and PDFP-S is performed. Indicates that it is allowed.

  FIG. 7 is a diagram showing an example of a call permission service list managed by the image forming apparatus 104 shown in FIG.

  As shown in FIG. 7, when a service registers with a device, service identification information is passed to the information processing apparatus 102 functioning as an authentication authorization server, and the service is registered. And the identification information (IP address) of the image forming apparatus that executes the service are set in association with each other. As a result, it is possible to avoid unauthorized access from a service operating on another image forming apparatus by eavesdropping the authentication token on the network.

  Reference numeral 901 denotes registration information related to PDF-S404 executed by the image forming apparatus 103 (IP address: 192.168.1.1).

  8 and 9, an application program that allows user A (User-A) to operate on the information processing apparatus 101 in the system configured by the information processing apparatus and the image forming apparatus as shown in FIG. The user authentication of each service in the image forming apparatus 103 and the image forming apparatus 104 when the image forming apparatus 103 performs print output by the above operation will be described.

  FIG. 8 is a flowchart illustrating an example of a first data processing procedure in the image processing system according to the present invention. The user of the information processing apparatus 101 having authority over the image forming apparatus 103 performs authentication processing in the information processing apparatus 102. Then, when the image forming apparatus 103 is instructed to print a PDF file, the image forming apparatus 104 is requested to perform PDF to PCL conversion processing that is not held by the image forming apparatus 103 through service authentication of the information processing apparatus 102. This corresponds to a series of processing procedures in which the converted PCL data is acquired and the image forming apparatus 103 performs print processing. Note that S601 to S609 indicate each step, and each step is performed by reading the control program from the corresponding memory and executing it by the device control unit 208 of the image forming apparatus 103 or the CPU 301 of the information processing apparatuses 101 and 102. Realized.

  The PDF application 402 instructed to print from the User-A to the image forming apparatus 103 receives the authentication authorization service (AAS) of the information processing apparatus 102 functioning as an authentication server via the login service 401 of the information processing apparatus 101. The authentication token of User-A is acquired from 406, attached to PDF data, and the PDF print service (PDFP-S) 404 of the image forming apparatus 103 is called.

  As shown in FIG. 5, this call is based on the SOAP 1.2 specification of the W3C recommendation. The PDF data is encoded in Base64 format and inserted into the Body, and the authentication token is added to the OASIS Web Services Security 1.0 specification. Is sent to the image forming apparatus 103 as a SOAP message inserted into the SOAP Header.

  In response to this call, the SOAP handler 403 of the image forming apparatus 103 transmits the authentication token attached to the SOAP message to the AAS 406 of the information processing apparatus 102 in step S601 shown in FIG. It is checked whether it is a legitimate one issued by the AAS 406 and whether or not the calling permission for the PDF-S 404 is granted is checked with reference to the access control information 802 shown in FIG.

  Call permission is determined in steps S501 to S504 and S510 shown in FIG.

  In step S602, it is determined whether or not the content returned from the AAS 406 indicates that the authentication token is valid and the calling permission of the PDFP-S404 is given. The authentication token is valid and the PDFP- If it is determined that the calling permission of S404 is given, the process proceeds to step S603, and if it is determined that the authentication token is invalid or the calling permission of PDFP-S404 is not given, this process is terminated. .

  In step S603, as described above, the SOAP message for calling the PDF to PCL conversion service (PDF to PCL-S) 408 including the received PDF data and the authentication token is configured to be called in advance as described above. Send.

  Next, in step S604, it is determined whether or not the call is normally completed. If it is determined that the call is normally completed, the process proceeds to step S609. If it is determined that the call is not normally completed, the process proceeds to step S605. move on.

  Here, with reference to FIG. 9, processing by the information processing apparatuses 101 and 102 and the image forming apparatus 104 will be described.

  FIG. 9 is a flowchart showing an example of a second data processing procedure in the image processing system according to the present invention. The response processing procedure by the image forming apparatus 104 for the call permission request from the image forming apparatus 103 shown in FIG. In addition, it corresponds to the PDF to PCL conversion process. S501 to S510 indicate each step. Each step is realized by the device control unit 208 of the image forming apparatus 104 reading and executing a control program from the corresponding memory.

  First, in step S501, it is determined whether a call permission request is received from the image forming apparatus 103. If a call permission request is received, in step S502, the AAS 406 of the information processing apparatus 102 functioning as an authentication server is received. In response, the authentication token included in the call permission request and the IP address of the image forming apparatus 103 are transmitted. Upon receiving the authentication token and the IP address, the AAS 406 checks whether the service indicated by the authentication token is valid and checks whether the IP address is registered in the trusted device list.

  If the authentication token received as a result of the check is valid and the IP address is of a trusted device, authentication OK is returned, and if it is not valid, authentication NG is returned. In step S503, it is determined whether or not the authentication is OK. If it is determined that the authentication is OK, a call permission response is returned to the image forming apparatus 103 in step S504, and the process is terminated.

  On the other hand, if authentication NG (error) is determined in step S503, it is determined that the user is not authorized to call the service, and in step S510, an error response is returned to the image forming apparatus 103, and the process is terminated. .

  Through the processes in steps S501 to S504 and S510 described above, when there is a call request for PDF to PCL-S408 operating on the image forming apparatus 103 and the image forming apparatus 104, the authentication token associated with the call request is operated on the information processing apparatus 102. When the AAS 406 is transmitted to the AAS 406 and receives the authentication token, the AAS 406 determines whether the authentication token is valid, returns the determination result to the image forming apparatus 104, and the determination is that the authentication token is valid The image forming apparatus 104 refers to the call permission service list and determines whether to permit or reject the service call request based on whether the call request is transmitted from a service registered to permit the request. Either response is sent to the calling image forming apparatus 103. And it will be returned to. It should be noted that the calling source of PDF to PCL-S408 is not limited to the image forming apparatus 103, and it is needless to say that calling from a service executed by any image forming apparatus or information processing apparatus is possible. However, the service call request is permitted only for services registered in the call permission service list managed by the data storage unit 210 of the image forming apparatus 104.

  On the other hand, if it is determined in step S501 that the request is not a call permission request, the process proceeds to step S505 and subsequent steps, for example, it is determined whether a call to PDFtoPCL-S408 is received, and it is determined that a call to PDFtoPCL-S408 has been received. In other words, the SOAP handler 407 of the image forming apparatus 104 that has received the call in step S505 shown in FIG. 9 proceeds to step S506 in the flowchart shown in FIG. 9, and first refers to the call permission service list in FIG. It is determined whether or not the call source device and service are registered. If not registered, a call rejection error is returned and the process is terminated. If registered in the call permission service list, the received authentication token is transmitted to the AAS 406 of the information processing apparatus 102 functioning as the authentication server, and the validity of the authentication token and whether PDF to PCL-S408 call is permitted. To check. The check is made by referring to the access control information shown in 802 of FIG. 6 and if access to the user or service corresponding to the authentication token is permitted (the item described as OK in 802 of FIG. 6). If the access is prohibited (corresponding to the item described as NG in 802 in FIG. 6), the authentication NG is returned to the SOAP handler 407 of the image forming apparatus 104.

  Then, as a result of the check, it is determined whether or not the authentication is OK in step S507. If it is determined that the authentication is OK, in step S508, the PDF to PCL conversion process in PDF to PCL-S408 is executed, and then the generated PCL data is converted. It returns to the image forming apparatus 103, and this process is complete | finished.

  On the other hand, if it is determined in step S507 that the authentication has failed, a non-authoritative error is returned to the image forming apparatus 103 in step S509, and the process related to calling PDF to PCL-S408 of the image forming apparatus 104 is ended.

  Returning to FIG. 8, if the image forming apparatus 103 determines in step S604 that the PDF to PCL-S408 call result is normal termination, the process proceeds to step S609, and the PDF data returned from the image forming apparatus 104 is used as the print engine 405. To print, and this processing ends.

  On the other hand, if it is determined in step S604 that a value other than normal termination has been returned, it is determined in step S605 whether an unauthorized error has been returned. If a value other than an unauthorized error has been returned (in the case of NO) ) Ends this processing.

  If it is determined in step S605 that an unauthorized error is returned (in the case of YES), the data storage unit 210 of the image forming apparatus 103 is installed when the PDF-S 404 is installed in the image forming apparatus 103 in step S606. The user name and password of the PDF-S404 stored in the above are taken out and transmitted to the AAS 406 of the information processing apparatus 102 as an authentication server, thereby acquiring the authentication token of the PDFP-S404.

  In step S 607, a SOAP message for calling PDF to PCL-S 408 of the image forming apparatus 104 to which the authentication token of PDF-S 404 acquired from the information processing apparatus 102 and the PDF data are attached is sent to the image forming apparatus 104 via the SOAP handler 403. Send.

  In response to this, the SOAP handler 407 of the image forming apparatus 104 that has received the calling SOAP message of PDF to PCL-S 408 executes the processing after step S 506 in the flowchart shown in FIG. 9, but the PDF-S 404 is sent to the image forming apparatus 103. At the time of installation, since PDF-to-PCL-S408 of the image forming apparatus 104 is permitted to be called to PDFP-S404 (see access control information 802 shown in FIG. 6), it is determined that authentication is OK in step S507, and step The PDF data received together with the service call in S508 is converted into PCL data, and the call process is completed as normal termination.

  Returning to step S608 shown in FIG. 8, if the PDF to PCL-S408 call is normally completed, the PCL data converted by the image forming apparatus 104 is printed in step S609. If the error ends, The calling process of PDFP 404 is terminated.

  When calling PDF to PCL-S 408 of the image forming apparatus 104 from the PDF-S 404, it is possible to always attach the authentication token of the PDF-S 404 without using the user authentication token. When the configuration is changed from the device 104 to execute a service that operates on another device, the authority to execute the service is not given to the authentication token of the PDF-S 404, and the user-A's authority Since there is a possibility that execution authority may be granted to the authentication token, first try to execute the service with the user's authentication token, and if there is no authority, set the service authentication token and execute the service is there.

  As described above, according to the present embodiment, in an image processing system including a plurality of information processing apparatuses and image forming apparatuses, a certain service is configured to call another service. A user who has an execution authority for the service to be executed is another service (in this embodiment, the user of the information processing apparatus 101 receives the authentication service in the information processing apparatus 102 and performs the PDF print service of the image forming apparatus 103). Even if the user does not have the authority to execute the PDF to PCL conversion service of the image forming apparatus 104 (for example, the user does not have the authority to execute the PDF to PCL conversion service), instead of the user authentication token, By using an authentication token, a series of services can be executed.

  In this embodiment, the case where the PDF print service 404 and the PDF to PCL conversion service 408 are arranged in different image forming apparatuses has been described. However, the case where the PDF print service 404 and the PDF to PCL conversion service 408 are arranged in the same image forming apparatus, or both, or either one. It goes without saying that the present embodiment can be realized even when the information is arranged on the information processing apparatus.

[Second Embodiment]
In the first embodiment, when User-A does not have an access right to PDF to PCL-S 408 operating on the image forming apparatus 104, the user-A operates on the image forming apparatus 103 and is configured to permit the access right on User-A. Although the case where access to PDFtoPCL-S408 is made possible by attaching the authentication token of PDFPS404 that has been described has been described, in this case, the access right to PDFtoPCL-S408 is not given to User-A As long as the first call from PDF-S404 to PDFtoPCL-S408 always fails with an unauthorized error (in step S605 shown in FIG. 8, it becomes unauthorized).

  Therefore, in this embodiment, when the PDF-S 404 detects that the PDF to PCL-S 408 call has failed, the user name corresponding to the authentication token used for the call is stored in the data storage unit 210 of the image forming apparatus 103. Subsequently, when calling PDF to PCL-S408, if the user corresponding to the authentication token received from the information processing apparatus 101 matches the user name previously stored in the data storage unit 210 of the image forming apparatus 103, If it is determined in step S602 of the flowchart shown in FIG. 8 that the authentication token is valid and the user indicated by the authentication token does not have access authority, the process proceeds to step S606, where the authentication token of the PDFPS 404 is acquired from the AAS 406 of the information processing apparatus 102. This is attached to the image forming apparatus 104. DFtoPCL-S408 may call.

  As described above, according to the second embodiment of the present invention, when a user who does not have the authority to execute the call destination service is detected in advance and a call from the user is received, a token of the call source service is acquired. By making a service call with this attached, it is possible to avoid a request from a user who does not have the authority to execute the service at the call destination from failing with an error without authority and to increase the processing speed.

  In this way, when a user who has an unauthorized error is detected in the image forming apparatus 103 and a service call including this user token is received, a token of PDFP-S 404 is acquired from the beginning, and this is image-formed. By attaching it to the PDF to PCL service 104 call of the device 104, it is possible to eliminate the verification overhead when there is no authority.

[Third Embodiment]
In the above embodiment, when User-A does not have the access right to PDF to PCL-S 408, the case where the access to PDF to PCL-S 408 is made possible by attaching the authentication token of PDFPS 404 has been described. The present invention can be applied to the case where group authentication is performed in units of groups assigned to a plurality of users instead of the user level.

[Fourth Embodiment]
In the above-described embodiment, when User-A does not have the access right to PDFtoPCL-S408, the case where access to PDFtoPCL-S408 is enabled by attaching the authentication token of PDFP-S404 has been described. However, when the image forming apparatus 104 denies the specific image processing service request with the first user authentication information, instead of the authentication token of the PDFP-S 404, authentication information as a device (previously registered in the information processing apparatus 102). The image forming apparatus 104 is requested to request the same image processing service, and the authentication information as the device is collated with the device information registered in the reliability device table stored in the information processing apparatus 102. To decide whether or not to request the specific image processing service. Doing, it may be configured to obtain the same result of the authentication.

  As a result, not only the specific image processing service request but also the access right management for each image forming apparatus on the network using authentication information as a device can be performed.

[Fifth Embodiment]
The configuration of a data processing program that can be read by the printing apparatus according to the present invention will be described below with reference to the memory map shown in FIG.

  FIG. 10 is a diagram illustrating a memory map of a storage medium that stores various data processing programs readable by the printing apparatus according to the present invention.

  Although not particularly illustrated, information for managing a program group stored in the storage medium, for example, version information, creator, etc. is also stored, and information depending on the OS on the program reading side, for example, a program is identified and displayed. Icons may also be stored.

  Further, data depending on various programs is also managed in the directory. In addition, a program for installing various programs in the computer, and a program for decompressing when the program to be installed is compressed may be stored.

  The functions shown in FIGS. 8 and 9 in this embodiment may be performed by a host computer by a program installed from the outside. In this case, the present invention is applied even when an information group including a program is supplied to the output device from a storage medium such as a CD-ROM, a flash memory, or an FD, or from an external storage medium via a network. Is.

  As described above, a storage medium storing software program codes for realizing the functions of the above-described embodiments is supplied to the system or apparatus, and the computer (or CPU or MPU) of the system or apparatus stores the storage medium in the storage medium. It goes without saying that the object of the present invention can also be achieved by reading and executing the programmed program code.

  In this case, the program code itself read from the storage medium realizes the novel function of the present invention, and the storage medium storing the program code constitutes the present invention.

  Therefore, as long as it has the function of the program, the form of the program such as an object code, a program executed by an interpreter, or script data supplied to the OS is not limited.

  As a storage medium for supplying the program, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, MO, CD-ROM, CD-R, CD-RW, magnetic tape, nonvolatile memory card, ROM, DVD, etc. Can be used.

  In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the storage medium storing the program code constitutes the present invention.

  As another program supply method, a browser of a client computer is used to connect to a homepage on the Internet, and the computer program itself of the present invention or a compressed file including an automatic installation function is stored on a recording medium such as a hard disk from the homepage. It can also be supplied by downloading. It can also be realized by dividing the program code constituting the program of the present invention into a plurality of files and downloading each file from a different homepage. That is, a WWW server, an ftp server, and the like that allow a plurality of users to download a program file for realizing the functional processing of the present invention on a computer are also included in the claims of the present invention.

  In addition, the program of the present invention is encrypted, stored in a storage medium such as a CD-ROM, distributed to users, and key information for decryption is downloaded from a homepage via the Internet to users who have cleared predetermined conditions. It is also possible to execute the encrypted program by using the key information and install the program on a computer.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) or the like running on the computer based on the instruction of the program code. It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Further, after the program code read from the storage medium is written to a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function expansion is performed based on the instruction of the program code. It goes without saying that the case where the CPU or the like provided in the board or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  The present invention is not limited to the above embodiments, and various modifications (including organic combinations of the embodiments) are possible based on the spirit of the present invention, and these are excluded from the scope of the present invention. is not.

  Although various examples and embodiments of the present invention have been shown and described, those skilled in the art will recognize that the spirit and scope of the present invention are not limited to the specific descriptions in the present specification, but the following embodiments. Needless to say, is also included.

  The image forming system according to the first embodiment includes an information terminal that makes an image processing request, an authentication information terminal that authenticates the authority of a user or a service provided by each image forming apparatus to a plurality of image forming apparatuses, and the information terminal. An image forming system in which a connectable image forming apparatus can communicate with each other, and an information terminal (for example, the information processing apparatus 101 shown in FIG. 1) acquires user authentication information for each user who logs in from the authentication information terminal. Service request means (login service 401) for outputting an image processing service request provided by the image forming apparatus together with the acquired user authentication information to any of the image forming apparatuses, and an authentication information terminal (for example, The information processing apparatus 102) shown in FIG. 1 authenticates the user connection from the information terminal or the user from each image forming apparatus. User authentication means (for example, AAS 406 shown in FIG. 4) for performing authority authentication and service authentication means (for example, AAS 406 shown in FIG. 4) for performing service authority authentication from any of the image forming apparatuses are provided. The apparatus (for example, the image forming apparatus 103 shown in FIG. 1) sends a specific image processing service request accompanied by user authority authentication authenticated by the authentication information terminal to the user authentication information acquired from the information terminal. Based on first service requesting means (for example, SOAP handler 403 shown in FIG. 4) to be performed on the apparatus and a specific image processing service request response from another image forming apparatus to the first service requesting means, the authentication information terminal Second output of the specific image processing service request to the image forming apparatus again with the service authentication information of the own apparatus authenticated in Service request means (for example, the SOAP handler 403 shown in FIG. 4) and acquisition means for acquiring output information generated by another image forming apparatus in response to the request from the second service request means (for example, the SOAP handler shown in FIG. 4) Handler 403) and output means (for example, the printer engine 405 shown in FIG. 4) for outputting the output information acquired by the acquisition means, and any other image forming apparatus (for example, the image forming apparatus shown in FIG. 4). 104) User authentication request means (for example, SOAP handler 407 shown in FIG. 4) for requesting authentication at the authentication information terminal for user authentication information acquired from the image forming apparatus, and service authentication information acquired from the image forming apparatus. Service authentication request means for requesting authentication at the authentication information terminal (for example, a SOAP handler 407 shown in FIG. 4). ), A service execution unit (for example, PDF to PCL-S shown in FIG. 4) that executes a specific image processing service based on an authentication result at the authentication information terminal by the user authentication request unit or the service authentication request unit, and the service A reply unit (for example, a SOAP handler 407 shown in FIG. 4) that returns output information generated by the execution unit to the image forming apparatus that is a service request source may be provided.

  As a result, when the image forming apparatus receives a request accompanied by the specific image processing service from the information processing apparatus, the user authentication of the specific image processing service does not have the user authority for the specific image processing service. Even if the transfer cannot be delegated, if the other image forming apparatus is authenticated based on the service authentication information set in the specific image processing service registered in the requesting image forming apparatus, the required specific By executing the image processing service, it is possible for the image forming apparatuses to cooperate to continue the composite image processing. Therefore, even if an image forming apparatus cannot be used with user authority over the image forming apparatus on the network, if the user is authenticated by one of the image forming apparatuses, the image forming apparatus recognizes a certain level of reliability. By using the service authentication information in and authenticating with the image forming apparatus that cooperates with the use authority, it is possible to perform image processing using network resources effectively.

  In the image forming system according to the first embodiment, when it is authenticated that the user cannot execute the specific image processing service based on a user authentication result by the user authentication request unit, a reply is sent from another image forming apparatus. Data storage means (for example, the data storage unit 210 shown in FIG. 2) for storing the user authentication information to be stored, and the second service requesting means replaces the first service requesting means with the other image forming unit. A specific image processing service with the service authentication information may be requested from the apparatus.

  Thus, when a similar specific image processing service is received from a user that cannot be used for user authentication, service authentication information is included from the beginning without performing authentication processing that cannot be used for similar user authentication from other image forming apparatuses. It becomes possible to make a request for a specific image processing service to another image forming apparatus, and promptly request another specific image processing service from the other image processing apparatus without performing unnecessary traffic. It is possible to efficiently perform composite image processing in cooperation with.

  In the image forming system according to the first embodiment, the image forming apparatus may receive an execution request for a specific image processing service from an information terminal in a predetermined message format.

  As a result, it is possible to construct a system that links image processing services without being affected by restrictions on communication protocols between devices on the network.

  In the image forming system according to the first embodiment, the predetermined message format may be a SOAP message format.

  Thereby, it is possible to freely construct a highly versatile system for linking image processing services without being affected by restrictions on communication protocols between devices on the network.

  In the image forming system according to the first embodiment, when the service request unit executes a predetermined application (for example, the PDF application 402 shown in FIG. 4), user authentication information for each user who logs in is transmitted from the authentication information terminal. The image processing service request provided by the image forming apparatus may be output together with the acquired user authentication information to any of the image forming apparatuses.

  This makes it possible to reliably output an image processing service request to the image forming apparatus when executing a predetermined application accompanied by user authentication information acquired at the time of login.

  The image forming apparatus of the image forming system in the first embodiment receives a specific image processing service from a user who receives an image processing request from an information terminal and is authenticated by the authentication information terminal as a service by another image forming apparatus. An image forming apparatus capable of cooperating and processing a specific image processing service request accompanied by user authority authentication authenticated by the authentication information terminal with respect to the user authentication information acquired from the information terminal. Based on the first service request means (for example, the SOAP handler 403 shown in FIG. 4) and the specific image processing service request response from the other image forming apparatus to the first service request means. The specific image processing service request is re-outputted to the image forming apparatus together with the stored service authentication information of the own device to be authenticated. Second service request means (for example, the SOAP handler 403 shown in FIG. 4) and acquisition means for acquiring output information generated by another image forming apparatus in response to a request from the second service request means (for example, FIG. 4). And the output means (for example, the printer engine 405 shown in FIG. 4) for outputting the output information acquired by the acquisition means.

  As a result, when the image forming apparatus receives a request accompanied by the specific image processing service from the information processing apparatus, the user authentication of the specific image processing service does not have the user authority for the specific image processing service. Even if the transfer cannot be delegated, if the other image forming apparatus is authenticated based on the service authentication information set in the specific image processing service registered in the requesting image forming apparatus, the required specific By executing the image processing service, it is possible for the image forming apparatuses to cooperate to continue the composite image processing. Therefore, even if an image forming apparatus cannot be used with user authority over the image forming apparatus on the network, if the user is authenticated by one of the image forming apparatuses, the image forming apparatus recognizes a certain level of reliability. By using the service authentication information in and authenticating with the image forming apparatus that cooperates with the use authority, it is possible to perform image processing using network resources effectively.

  The image forming apparatus of the image forming system in the first embodiment receives a specific image processing service from a user who receives an image processing request from an information terminal and is authenticated by the authentication information terminal as a service by another image forming apparatus. An image forming apparatus that can process in cooperation with user authentication request means (for example, a SOAP handler 407 shown in FIG. 4) that requests authentication at the authentication information terminal for user authentication information acquired from the image forming apparatus. Service authentication requesting means (for example, SOAP handler 407 shown in FIG. 4) for requesting authentication at the authentication information terminal with respect to service authentication information acquired from the image forming apparatus, and user authentication requesting means or service authentication requesting means. Service execution means for executing a specific image processing service based on an authentication result at the authentication information terminal For example, it has a PDF to PCL-S408 shown in FIG. 4 and a return means (for example, a SOAP handler 407 shown in FIG. 4) for returning output information generated by the service execution means to the image forming apparatus as a service request source. It is good also as a structure.

  As a result, when the image forming apparatus receives a request accompanied by the specific image processing service from the information processing apparatus, the user authentication of the specific image processing service does not have the user authority for the specific image processing service. Even if the transfer cannot be delegated, if the other image forming apparatus is authenticated based on the service authentication information set in the specific image processing service registered in the requesting image forming apparatus, the required specific By executing the image processing service, it is possible for the image forming apparatuses to cooperate to continue the composite image processing. Therefore, even if an image forming apparatus cannot be used with user authority over the image forming apparatus on the network, if the user is authenticated by one of the image forming apparatuses, the image forming apparatus recognizes a certain level of reliability. By using the service authentication information in and authenticating with the image forming apparatus that cooperates with the use authority, it is possible to perform image processing using network resources effectively.

  Further, the image forming apparatus of the image forming system according to the first embodiment, when authenticated as a user who cannot execute the specific image processing service based on a user authentication result by the user authentication request unit, A data storage unit (for example, the data storage unit 210 shown in FIG. 2) for storing user authentication information returned from the forming apparatus, wherein the second service request unit replaces the first service request unit with the other The specific image processing service with the service authentication information may be requested to the image forming apparatus.

  Thus, when a similar specific image processing service is received from a user that cannot be used for user authentication, service authentication information is included from the beginning without performing authentication processing that cannot be used for similar user authentication from other image forming apparatuses. It becomes possible to make a request for a specific image processing service to another image forming apparatus, and promptly request another specific image processing service from the other image processing apparatus without performing unnecessary traffic. It is possible to efficiently perform composite image processing in cooperation with.

The image forming apparatus of the image forming system according to the first embodiment may be configured such that the image forming apparatus receives an execution request for a specific image processing service from an information terminal in a predetermined message format. As a result, it is possible to construct a system that links image processing services without being affected by restrictions on communication protocols between devices on the network.

  The image forming apparatus of the image forming system according to the first embodiment may be configured such that the predetermined message format is a SOAP message format.

  Thereby, it is possible to freely construct a highly versatile system for linking image processing services without being affected by restrictions on communication protocols between devices on the network.

  The service cooperation processing method in the image forming system according to the first embodiment includes an information terminal that makes an image processing request, and authentication that authenticates a user or a service provided by each image forming apparatus with respect to a plurality of image forming apparatuses. A service cooperation processing method in an image forming system in which an information terminal and an image forming apparatus connectable to the information terminal can communicate with each other, and the information terminal acquires user authentication information for each logged-in user from the authentication information terminal And a service requesting step for outputting an image processing service request provided by the image forming apparatus together with the acquired user authentication information to any of the image forming apparatuses. A user authentication step for performing user connection authentication or user authority authentication from each image forming apparatus; A service authentication step of performing service authority authentication from any one of the image forming apparatuses, and any one of the image forming apparatuses is authenticated by the authentication information terminal with respect to the user authentication information acquired from the information terminal. A first service request step (step S603 shown in FIG. 8) for making a specific image processing service request with authority authentication to another image forming apparatus, and a specific image from another image forming apparatus for the first service request step Based on the processing service request response, a second service request step (shown in FIG. 8) for re-outputting the specific image processing service request to the image forming apparatus with the service authentication information of the own device authenticated by the authentication information terminal. Output generated by another image forming apparatus in response to the request in step S607) and the second service request step. Any other image forming apparatus comprising an acquisition step (step S609 shown in FIG. 8) for acquiring information and an output step (step S607 shown in FIG. 8) for outputting the output information acquired by the acquisition step. Is a user authentication request step (step S506 shown in FIG. 9) for requesting authentication at the authentication information terminal for user authentication information acquired from the image forming apparatus, and service authentication information acquired from the image forming apparatus. Service authentication request step (step S506 shown in FIG. 9) for requesting authentication at the authentication information terminal, and specific image processing based on the authentication result at the authentication information terminal in the user authentication request step or the service authentication request step A service execution step for executing a service (step S508 shown in FIG. 9); A reply step of returning the output information generated in the service execution step to the image forming apparatus as the service request source.

  As a result, when the image forming apparatus receives a request accompanied by the specific image processing service from the information processing apparatus, the user authentication of the specific image processing service does not have the user authority for the specific image processing service. Even if the transfer cannot be delegated, if the other image forming apparatus is authenticated based on the service authentication information set in the specific image processing service registered in the requesting image forming apparatus, the required specific By executing the image processing service, it is possible for the image forming apparatuses to cooperate to continue the composite image processing. Therefore, even if an image forming apparatus cannot be used with user authority over the image forming apparatus on the network, if the user is authenticated by one of the image forming apparatuses, the image forming apparatus recognizes a certain level of reliability. By using the service authentication information in and authenticating with the image forming apparatus that cooperates with the use authority, it is possible to perform image processing using network resources effectively.

  Further, in the service cooperation processing method in the image forming system, when it is authenticated that the user cannot execute the specific image processing service based on the user authentication result in the user authentication request step, a reply is sent from another image forming apparatus. Stored in a data storage means (for example, the data storage unit 210 shown in FIG. 2), and the second service request step replaces the first service request means with the other The image forming apparatus may be configured to request a specific image processing service with the service authentication information.

  Thus, when a similar specific image processing service is received from a user that cannot be used for user authentication, service authentication information is included from the beginning without performing authentication processing that cannot be used for similar user authentication from other image forming apparatuses. It becomes possible to make a request for a specific image processing service to another image forming apparatus, and promptly request another specific image processing service from the other image processing apparatus without performing unnecessary traffic. It is possible to efficiently perform composite image processing in cooperation with.

  Further, in the service cooperation processing method in the image forming system, the image forming apparatus may receive an execution request for a specific image processing service from an information terminal in a predetermined message format.

  As a result, it is possible to construct a system that links image processing services without being affected by restrictions on communication protocols between devices on the network.

  Furthermore, in the service cooperation processing method in the image forming system, the predetermined message format may be a SOAP message format.

  Thereby, it is possible to freely construct a highly versatile system for linking image processing services without being affected by restrictions on communication protocols between devices on the network.

  Further, in the service cooperation processing method in the image forming system, the service requesting step acquires user authentication information for each logged-in user from the authentication information terminal when executing a predetermined application, and any one of the image forming apparatuses. On the other hand, an image processing service request provided by the image forming apparatus may be output together with the acquired user authentication information.

  This makes it possible to reliably output an image processing service request to the image forming apparatus when executing a predetermined application accompanied by user authentication information acquired at the time of login.

  Further, in the service cooperation processing method in the image forming apparatus in the first embodiment, a specific image processing service from a user who receives an image processing request from the information terminal and is authenticated by the authentication information terminal is serviced by another image forming apparatus. Service processing method in an image forming apparatus that can be processed in cooperation with a specific image processing service request with user authority authentication authenticated by the authentication information terminal with respect to the user authentication information acquired from the information terminal On the basis of the first service request step (step S603 shown in FIG. 8) to be performed on the other image forming apparatus and the specific image processing service request response from the other image forming apparatus with respect to the first service request step. The specific image processing with the stored service authentication information of the own device authenticated by the authentication information terminal A second service request step (step S607 shown in FIG. 8) for re-outputting the service request to the image forming apparatus, and output information generated by another image forming apparatus in response to the request by the second service request step. An acquisition step (step S607 shown in FIG. 8) to be acquired and an output step (step S609 shown in FIG. 8) to output the output information acquired by the acquisition step may be used.

  As a result, when the image forming apparatus receives a request accompanied by the specific image processing service from the information processing apparatus, the user authentication of the specific image processing service does not have the user authority for the specific image processing service. Even if the transfer cannot be delegated, if the other image forming apparatus is authenticated based on the service authentication information set in the specific image processing service registered in the requesting image forming apparatus, the required specific By executing the image processing service, it is possible for the image forming apparatuses to cooperate to continue the composite image processing. Therefore, even if an image forming apparatus cannot be used with user authority over the image forming apparatus on the network, if the user is authenticated by one of the image forming apparatuses, the image forming apparatus recognizes a certain level of reliability. By using the service authentication information in and authenticating with the image forming apparatus that cooperates with the use authority, it is possible to perform image processing using network resources effectively.

  In the service cooperation processing method in the image forming apparatus, a specific image processing service from a user who receives an image processing request from an information terminal and is authenticated by an authentication information terminal can be processed in cooperation with a service by another image forming apparatus A service cooperation processing method in the image forming apparatus, the user authentication requesting step (step S506 shown in FIG. 9) for requesting authentication at the authentication information terminal for user authentication information acquired from the image forming apparatus, and image formation A service authentication request step (step S506 shown in FIG. 9) for requesting authentication at the authentication information terminal for service authentication information acquired from a device, and the authentication information terminal by the user authentication request step or the service authentication request step Service that executes specific image processing service based on authentication result An execution step (step S508 shown in FIG. 9), and a reply step (step S508 shown in FIG. 9) for returning output information generated by the service execution step to the image forming apparatus that is the service request source. It is good also as composition to do.

  As a result, when the image forming apparatus receives a request accompanied by the specific image processing service from the information processing apparatus, the user authentication of the specific image processing service does not have the user authority for the specific image processing service. Even if the transfer cannot be delegated, if the other image forming apparatus is authenticated based on the service authentication information set in the specific image processing service registered in the requesting image forming apparatus, the required specific By executing the image processing service, it is possible for the image forming apparatuses to cooperate to continue the composite image processing.

  Therefore, even if an image forming apparatus cannot be used with user authority over the image forming apparatus on the network, if the user is authenticated by one of the image forming apparatuses, the image forming apparatus recognizes a certain level of reliability. By using the service authentication information in and authenticating with the image forming apparatus that cooperates with the use authority, it is possible to perform image processing using network resources effectively.

  Further, in the service cooperation processing method in the image forming apparatus, when it is authenticated that the user cannot execute the specific image processing service based on the user authentication result in the user authentication request step, a reply is sent from another image forming apparatus. A data storage step for storing the user authentication information in the data storage means, wherein the second service request step replaces the first service request step with the service authentication information for the other image forming apparatus. It may be configured to request a specific image processing service associated therewith.

  Thus, when a similar specific image processing service is received from a user that cannot be used for user authentication, service authentication information is included from the beginning without performing authentication processing that cannot be used for similar user authentication from other image forming apparatuses. It becomes possible to make a request for a specific image processing service to another image forming apparatus, and promptly request another specific image processing service from the other image processing apparatus without performing unnecessary traffic. It is possible to efficiently perform composite image processing in cooperation with.

  Furthermore, in the service cooperation processing method in the image forming apparatus, the image forming apparatus may receive an execution request for the specific image processing service from the information terminal in a predetermined message format.

  As a result, it is possible to construct a system that links image processing services without being affected by restrictions on communication protocols between devices on the network.

  In the service cooperation processing method in the image forming apparatus, the predetermined message format may be a SOAP message format.

  Thereby, it is possible to freely construct a highly versatile system for linking image processing services without being affected by restrictions on communication protocols between devices on the network.

  Furthermore, the service cooperation processing method in the image forming apparatus may be stored in a computer-readable storage medium as a program for causing the computer to execute the method.

  Thereby, there exists an effect mentioned above.

  Furthermore, it is good also as a structure characterized by making it the program for making a computer perform the service cooperation processing method in an image forming apparatus.

  Thereby, there exists an effect mentioned above.

1 is a diagram illustrating a network configuration of an image processing system to which an image forming apparatus according to a first embodiment of the present invention is applicable. 1 is a block diagram illustrating a configuration of an image forming apparatus according to a first embodiment of the present invention. It is a block diagram which shows an example of an internal structure of the information processing apparatus shown in FIG. FIG. 2 is a block diagram illustrating modules of a system including the information processing apparatus and the image forming apparatus illustrated in FIG. 1. FIG. 2 is a diagram illustrating an example of a SOAP message transmitted / received from the information processing apparatus illustrated in FIG. 1 through a service of the image forming apparatus and a service between the image forming apparatuses. It is a figure which shows an example of the access control information managed by the information processing apparatus shown in FIG. FIG. 2 is a diagram illustrating an example of a call permission service list managed by the image forming apparatus illustrated in FIG. 1. It is a flowchart which shows an example of the 1st data processing procedure in the image processing system which concerns on this invention. It is a flowchart which shows an example of the 2nd data processing procedure in the image processing system which concerns on this invention. It is a figure explaining the memory map of the storage medium which stores the various data processing program which can be read by the image processing system concerning this invention.

Explanation of symbols

101, 102 Information processing apparatus 103, 104 Image forming apparatus 403, 407 SOAP handler 404 PDF-S
406 AAS
408 PDF to PCL-S

Claims (22)

An information terminal that makes an image processing request, an authentication information terminal that authenticates the authority of a user or service provided by each image forming apparatus to a plurality of image forming apparatuses, and an image forming apparatus that can be connected to the information terminal can communicate with each other Image forming system,
Information terminal
Service for acquiring user authentication information for each user who logs in from the authentication information terminal and outputting an image processing service request provided by the image forming apparatus together with the acquired user authentication information to any of the image forming apparatuses A request means,
Authentication information terminal
User authentication means for performing user connection authentication from the information terminal or user authority authentication from each image forming apparatus;
Service authentication means for performing service authority authentication from any of the image forming apparatuses,
Any of the image forming apparatuses
First service request means for making a request for a specific image processing service with user authority authentication authenticated by the authentication information terminal to the other image forming apparatus with respect to the user authentication information acquired from the information terminal;
Based on a specific image processing service request response from another image forming apparatus to the first service request unit, the specific image processing service request is imaged with the service authentication information of the own apparatus authenticated by the authentication information terminal. Second service request means for re-outputting to the forming apparatus;
An acquisition unit that acquires output information generated by another image forming apparatus in response to a request from the second service request unit;
Output means for outputting output information acquired by the acquisition means, and
Any other image forming device
User authentication requesting means for requesting authentication at the authentication information terminal for user authentication information acquired from the image forming apparatus;
Service authentication request means for requesting authentication at the authentication information terminal for service authentication information acquired from the image forming apparatus;
Service execution means for executing a specific image processing service based on an authentication result at the authentication information terminal by the user authentication request means or the service authentication request means;
An image forming system comprising: reply means for returning output information generated by the service execution means to an image forming apparatus that is a service request source. A data storage unit configured to store user authentication information returned from another image forming apparatus when the user is authenticated as a user who cannot execute the specific image processing service based on a user authentication result by the user authentication request unit; ,
2. The second service request unit requests a specific image processing service with the service authentication information from the other image forming apparatus instead of the first service request unit. Image forming system.   The image forming system according to claim 1, wherein the image forming apparatus receives an execution request for the specific image processing service from the information terminal in a predetermined message format.   4. The image forming system according to claim 3, wherein the predetermined message format is a SOAP message format.   The service request unit acquires user authentication information for each logged-in user from the authentication information terminal when executing a predetermined application, and sends an image together with the acquired user authentication information to any of the image forming apparatuses. 2. The image forming system according to claim 1, wherein an image processing service request provided by the forming apparatus is output. An image forming apparatus capable of receiving an image processing request from an information terminal and processing a specific image processing service from a user authenticated by an authentication information terminal in cooperation with a service by another image forming apparatus,
First service request means for making a request for a specific image processing service with user authority authentication authenticated by the authentication information terminal to the other image forming apparatus with respect to the user authentication information acquired from the information terminal;
Based on a specific image processing service request response from another image forming apparatus to the first service request unit, the specific image processing is performed with the stored service authentication information of the own device authenticated by the authentication information terminal. Second service request means for re-outputting the service request to the image forming apparatus;
An acquisition unit that acquires output information generated by another image forming apparatus in response to a request from the second service request unit;
Output means for outputting output information acquired by the acquisition means;
An image forming apparatus comprising: An image forming apparatus capable of receiving an image processing request from an information terminal and processing a specific image processing service from a user authenticated by an authentication information terminal in cooperation with a service by another image forming apparatus,
User authentication requesting means for requesting authentication at the authentication information terminal for user authentication information acquired from the image forming apparatus;
Service authentication request means for requesting authentication at the authentication information terminal for service authentication information acquired from the image forming apparatus;
Service execution means for executing a specific image processing service based on an authentication result at the authentication information terminal by the user authentication request means or the service authentication request means;
Reply means for returning the output information generated by the service execution means to the image forming apparatus of the service request source;
An image forming apparatus comprising: A data storage unit configured to store user authentication information returned from another image forming apparatus when the user is authenticated as a user who cannot execute the specific image processing service based on a user authentication result by the user authentication request unit; ,
7. The second service request unit requests a specific image processing service with the service authentication information from the other image forming apparatus instead of the first service request unit. Image forming apparatus.   The image forming apparatus according to claim 7, wherein the image forming apparatus receives an execution request for the specific image processing service from the information terminal in a predetermined message format.   The image forming apparatus according to claim 9, wherein the predetermined message format is a SOAP message format. An information terminal that makes an image processing request, an authentication information terminal that authenticates the authority of a user or service provided by each image forming apparatus to a plurality of image forming apparatuses, and an image forming apparatus that can be connected to the information terminal can communicate with each other Service cooperation processing method in a simple image forming system,
Information terminal
Service for acquiring user authentication information for each user who logs in from the authentication information terminal and outputting an image processing service request provided by the image forming apparatus together with the acquired user authentication information to any of the image forming apparatuses With a request step,
Authentication information terminal
A user authentication step of performing user connection authentication from the information terminal or user authority authentication from each image forming device;
A service authentication step for performing service authority authentication from any of the image forming apparatuses,
Any of the image forming apparatuses
A first service requesting step of requesting another image forming apparatus to perform a specific image processing service request accompanied by user authority authentication authenticated by the authentication information terminal with respect to the user authentication information acquired from the information terminal;
Based on a specific image processing service request response from another image forming apparatus with respect to the first service request step, the specific image processing service request is imaged with the service authentication information of its own device authenticated by the authentication information terminal. A second service request step for re-outputting to the forming device;
An acquisition step of acquiring output information generated by another image forming apparatus in response to the request in the second service request step;
An output step of outputting the output information acquired by the acquisition step as an image;
Any other image forming device
A user authentication requesting step for requesting authentication at the authentication information terminal for user authentication information acquired from the image forming apparatus;
A service authentication requesting step for requesting authentication at the authentication information terminal for service authentication information acquired from the image forming apparatus;
A service execution step of executing a specific image processing service based on an authentication result at the authentication information terminal by the user authentication request step or the service authentication request step;
A service cooperation processing method comprising: a reply step of returning output information generated by the service execution step to an image forming apparatus that is a service request source. A storage for storing, in a data storage unit, user authentication information returned from another image forming apparatus when it is authenticated that the user cannot execute the specific image processing service based on a user authentication result in the user authentication requesting step. With steps,
12. The second service requesting step requests a specific image processing service with the service authentication information from the other image forming apparatus in place of the first service requesting unit. Service linkage processing method.   12. The service cooperation processing method according to claim 11, wherein the image forming apparatus receives an execution request for a specific image processing service from an information terminal in a predetermined message format.   The service cooperation processing method according to claim 13, wherein the predetermined message format is a SOAP message format.   The service requesting step acquires user authentication information for each logged-in user from the authentication information terminal when executing a predetermined application, and sends an image together with the acquired user authentication information to any of the image forming apparatuses. 12. The service cooperation processing method according to claim 11, wherein an image processing service request provided by the forming apparatus is output. A service cooperation processing method in an image forming apparatus that receives an image processing request from an information terminal and can process a specific image processing service from a user who is authenticated by an authentication information terminal in cooperation with a service by another image forming apparatus. ,
A first service requesting step of requesting another image forming apparatus to perform a specific image processing service request accompanied by user authority authentication authenticated by the authentication information terminal with respect to the user authentication information acquired from the information terminal;
Based on a specific image processing service request response from another image forming apparatus with respect to the first service request step, the specific image processing is performed with the stored service authentication information of the own device authenticated by the authentication information terminal. A second service request step for re-outputting the service request to the image forming apparatus;
An acquisition step of acquiring output information generated by another image forming apparatus in response to the request in the second service request step;
An output step of outputting the output information acquired by the acquisition step;
A service cooperation processing method characterized by comprising: A service cooperation processing method in an image forming apparatus that receives an image processing request from an information terminal and can process a specific image processing service from a user who is authenticated by an authentication information terminal in cooperation with a service by another image forming apparatus. ,
A user authentication requesting step for requesting authentication at the authentication information terminal for user authentication information acquired from the image forming apparatus;
A service authentication requesting step for requesting authentication at the authentication information terminal for service authentication information acquired from the image forming apparatus;
A service execution step of executing a specific image processing service based on an authentication result at the authentication information terminal by the user authentication request step or the service authentication request step;
A reply step of returning the output information generated by the service execution step to the image forming apparatus of the service request source;
A service cooperation processing method characterized by comprising: Data that stores user authentication information returned from another image forming apparatus in a data storage unit when it is authenticated that the user cannot execute the specific image processing service based on a user authentication result in the user authentication request step With a save step,
17. The second service requesting step requests a specific image processing service with the service authentication information from the other image forming apparatus instead of the first service requesting step. Service linkage processing method. Wherein the image forming apparatus, according to claim 1 7 or 1 8 service cooperative processing method, wherein the receiving from the information terminal an execution request of the specific image processing service in a predetermined message format.   The service cooperation processing method according to claim 19, wherein the predetermined message format is a SOAP message format.   A computer-readable storage medium storing a program for executing the service cooperation processing method according to any one of claims 11 to 20.   21. A program for executing the service cooperation processing method according to claim 11.

Images