JP4821292B2 - Authentication system, authentication device, and authentication program - Google Patents

Description

The present invention relates to an authentication apparatus, an authentication system, and an authentication program for authenticating users when used by a plurality of users, and in particular, a use authority is set for each user when used by a plurality of users. The present invention relates to an authentication system, an authentication device, and an authentication program.
The authentication device of the present invention can be suitably applied to electronic devices such as image forming apparatuses such as printers, FAX machines, and copiers, and information processing apparatuses such as personal computers, workstations, and servers.

In an image forming apparatus or a workstation used by a plurality of users (users), in order to prevent each user from changing the operation settings of the device or to restrict the use of a specific function In addition, at the time of authentication (login), a different usage authority is given to an administrator, a general user, a guest user, or the like to limit the functions that can be used.
In addition, there is a technique (for example, see Patent Literature 1) that changes a control program (so-called driver) that controls the operation of each function according to a function that can be used by the user.

JP 2004-220532 A

(Problems of conventional technology)
In the above prior art, when the user leaves the device because of the authentication, the third party without the authority to use is free within the scope of the user's authority to use the user. It becomes possible to use it. In particular, if a third party freely operates while being authenticated as an administrator with a large use authority, the device may be abused, the device may not operate, or confidential information may be leaked.

In view of the above circumstances, the present invention has the following description (O01) as a technical problem.
(O01) Restricting use by a person who is not authorized to use in an authenticated state.

(Invention)
Next, the present invention that has solved the above problems will be described. In order to facilitate the correspondence between the elements of the present invention and elements of specific examples (examples) of the embodiments described later, Add the code enclosed in parentheses. The reason why the present invention is described in correspondence with the reference numerals of the embodiments described later is to facilitate understanding of the present invention, and not to limit the scope of the present invention to the embodiments.

(First invention)
In order to solve the technical problem, the authentication system (S) of the first invention comprises:
Authentication information storage means (C4D, C31B) for storing authentication information for authenticating the user of the image forming apparatus (Pr1) for each user;
Authentication means (C4, C31) for authenticating the user;
A use authority which a user specifies the function of the image forming apparatus (Pr1) available, a function capable standardly used during authentication standard authority and specifying the functions of the image forming of the image forming apparatus (Pr1) And use authority information including additional functions that can be additionally used and that include functions for registering or changing specifications of the image forming apparatus (Pr1) without the image forming function. Use authority information storage means (C7) for storing authority information;
It is determined whether or not an authenticated user has input that uses a function that is not included in the standard authority function specified by the standard authority and that is included in the additional authority function specified by the additional authority. Additional authority function input discrimination means (C8B) to perform,
When the authenticated user is a function not included in the standard authority function specified by the standard authority and an input using a function included in the additional authority function specified by the additional authority is made, An authority change authentication image display means (C9B) for displaying an authority change image (61) for changing the authority of the user on the information display screen (UI1);
Authority change authentication information storage means for storing authority change authentication information for performing authority change authentication of the user who changes authority from the standard authority to the additional authority when using the function specified by the additional authority (C9C),
Based on the input information input to the authority change image (61) and the authority change authentication information stored in the authority change authentication information storage means (C9C), authority change authentication of the user who performs authority change is performed. Authority change authentication means (C9);
The user who has performed the additional authentication is an input using the function included in the standard authority function specified by the standard authority and the image forming function not included in the additional authority function specified by the additional authority. The authority change authentication means (C9) for automatically changing the authority to the standard authority when
It is provided with.

(Operation of the first invention)
In the authentication system (S) of the first invention having the above-described configuration requirements, the authentication information storage means (C4D, C31B) provides authentication information for authenticating the user of the image forming apparatus (Pr1) for each user. Remember. Authentication means (C4, C31) authenticates the user. The use authority information storage means (C7) is a use authority for specifying the functions of the image forming apparatus (Pr1) that can be used by the user , and is a function that can be used as a standard at the time of authentication. Standard authority for specifying the image forming function and additional authority for specifying a function that can be additionally used and that does not have the image forming function but registers or changes the specifications of the image forming apparatus (Pr1). Usage authority information, which is information on usage authority including The additional authority function input discriminating means (C8B) is a function that is not included in the standard authority function for which the authenticated user is identified by the standard authority, and is a function that is included in the additional authority function identified by the additional authority. It is determined whether or not there is an input using.

  The authority change authentication image display means (C9B) is a function that the authenticated user does not include in the standard authority function specified by the standard authority, and is included in the additional authority function specified by the additional authority. When an input for using the function is made, an authority change image (61) for changing the authority of the user is displayed on the information display screen (UI1). The authority change authentication information storage means (C9C) changes authority to perform authority change authentication of the user who changes the authority from the standard authority to the additional authority when using the function specified by the additional authority. Store authentication information. The authority change authentication means (C9) changes the authority based on the input information input to the authority change image (61) and the authority change authentication information stored in the authority change authentication information storage means (C9C). The user authority change authentication is performed.

  Therefore, in the authentication system (S) of the first invention, authority change authentication is required when using the function included in the additional authority function. Therefore, when the authenticated user is in the middle, etc. Even if a third party tries to use it, only the functions included in the standard authority function can be used, and the use of the functions included in the additional authority function is limited. As a result, it is possible to limit the range of functions that can be used by a third party having no use authority, and to suppress abuse of functions included in the additional authority function. Therefore, it is possible to reduce the malfunction or the leakage of confidential information due to the abuse of a third party.

Further, in the first invention having the above-described configuration requirements, the authority change authentication means (C9) includes the image forming function that is not included in the additional authority function that is specified by the additional authority by the user who has been additionally authenticated. When the input using the function included in the standard authority function specified by the standard authority is made, the authority is automatically changed to the standard authority. Therefore, since the authority change authentication to the standard authority does not require the authority change authentication, the input operation can be reduced compared to the case where the authority change authentication is always performed at the time of the authority change, and the operability can be improved.

( Embodiment 1 of the first invention)
Embodiment 1 of the first invention, Oite the first invention,
An authentication image display means (C4A) for displaying an authentication image (11) for performing the authentication, an input authentication information transmission means (C4E) for transmitting the input authentication information inputted in the authentication image (11), and an authentication An image forming apparatus (Pr1) having authentication propriety information receiving means (C4F) for receiving authentication propriety information for notifying the result of propriety,
An information processing apparatus (Sb) connected by a network (N) to a plurality of the image forming apparatuses (Pr1) using a function by a user, and transmitted by the input authentication information transmitting means (C4E) Authentication for receiving input authentication information receiving means (C31A) for receiving the input authentication information, the authentication information storage means (31B), the authentication means (C31), and the result of whether or not authentication is possible by the authentication means (C31) An information processing apparatus (Sb) having authentication propriety information transmitting means (C31F) for transmitting propriety information to the image forming apparatus (Pr1);
It is provided with.

(Operation of Form 1 of the First Invention)
The authentication system (S) according to the first aspect of the first invention having the above configuration requirements is an information processing apparatus in which a user uses a network (N) to connect to the plurality of image forming apparatuses (Pr1) that use functions. (Sb). The input authentication information transmitting means (C4E) of the image forming apparatus (Pr1) is inputted by the authentication image display means (C4A) for displaying the authentication image (11) for performing the authentication and the authentication image (11). Send input authentication information. The input authentication information receiving means (C31A) of the information processing device (Sb) receives the input authentication information transmitted by the input authentication information transmitting means (C4E). The authentication information transmission / reception means (C31F) of the information processing apparatus (Sb) having the authentication information storage means (C31B) and the authentication means (C31) notifies the result of the approval / disapproval of the authentication by the authentication means (C31). Authentication propriety information to be transmitted is transmitted to the image forming apparatus (Pr1). Authentication enable / disable information receiving means (C4F) of the image forming apparatus (Pr1) receives authentication enable / disable information for notifying the result of authentication enable / disable. Therefore, the authentication of the user of the image forming apparatus (Pr1) can be carried out by the information processing apparatus (Sb), the authentication information of the image forming apparatus (Pr1) can be managed by the information processing apparatus (Sb).

( Form 2 of the first invention)
A second aspect of the first invention is the first aspect of the first invention, wherein
The image forming apparatus (Pr1) having use end information transmitting means (C22) for transmitting use end information notifying that the user's use has ended to the information processing apparatus (Sb);
A user storage means for storing a user in use of the image forming apparatus (Pr1) (C32A), the user stored as the user in using the image forming apparatus (Pr1) based on the input authentication information The information processing apparatus comprising: user registration changing means (C32D) that registers with the means (C32A) and deletes the user stored in the user storage means (C32A) based on the received use end information (Sb)
It is provided with.

( Operation of the second aspect of the first invention)
In the second aspect of the first invention having the above-described configuration requirements, the user storage means (C32A) of the information processing apparatus (Sb) stores the users who are using the image forming apparatus (Pr1). The use end information transmitting unit (C22) of the image forming apparatus (Pr1) transmits use end information notifying that the use of the user is ended to the information processing apparatus (Sb). The user registration changing means (C32D) registers the image forming apparatus (Pr1) in the user storage means (C32A) as a user who is using the image forming apparatus (Pr1) based on the input authentication information. Based on this, the user stored in the user storage means (C32A) is deleted. Therefore, in the second aspect of the first invention, it is possible to manage users in use for each image forming apparatus (Pr1).

( Embodiment 3 of the first invention)
The third aspect of the first invention is the second aspect of the first invention, wherein
User duplication determination means (C32B) for determining whether or not the user specified by the input authentication information is stored in the user storage means (C32A);
Forced authentication for forcibly canceling authentication in the image forming apparatus (Pr1) that is stored as being used when the user specified by the input authentication information is stored in the user storage means (C32A) Forced authentication cancellation information transmitting means (C21) for transmitting cancellation information to the image forming apparatus (Pr1);
It is provided with.

( Operation of the third aspect of the first invention)
In the third aspect of the first invention having the above configuration requirements, the user duplication determination means (C32B) is configured to determine whether or not the user specified by the input authentication information is stored in the user storage means (C32A). Is determined. When the user specified by the input authentication information is stored in the user storage unit (C32A), the forced authentication cancellation information transmission unit (C21) stores the image forming apparatus (Pr1) stored as being in use. ) Is sent to the image forming apparatus (Pr1). Therefore, according to the third aspect of the first invention, it is possible to prevent the same user from using the plurality of image forming apparatuses (Pr1) repeatedly, and the user ends the use of one image forming apparatus (Pr1). If the other image forming apparatus (Pr1) is to be used in the state where the user has forgotten, the authentication of the other image forming apparatus (Pr1) that has been forgotten to be terminated can be cancelled. As a result, it is possible to prevent a third party who does not have the right to use one image forming apparatus (Pr1) forgotten to end.

( Embodiment 4 of the first invention)
A fourth aspect of the first invention is the third aspect of the first invention, wherein
The image forming apparatus (Pr1) and the information processing apparatus (Sb) connected to a network (N) including a plurality of sub-networks (3, 4),
When the user specified by the input authentication information is stored in the user storage means (C32A), the subnetwork (3) to which the image forming apparatus (Pr1) stored as being used is connected , 4) and sub-network matching determining means for determining whether or not the sub-network (3, 4) to which the image forming apparatus (Pr1) to be authenticated by the input authentication information is connected matches ( C32B1),
When the sub-networks (3, 4) do not match, forced authentication cancellation information for forcibly canceling authentication in the image forming apparatus (Pr1) stored as being used is transmitted to the image forming apparatus (Pr1). The forced authentication cancellation information transmitting means (C21);
It is provided with.

( Operation of the fourth aspect of the first invention)
In the fourth aspect of the first invention having the above-described configuration requirements, the image forming apparatus (Pr1) and the information processing apparatus (Sb) are connected to a network (N) including a plurality of sub-networks (3, 4). Yes. The sub-network matching determination means (C32B1) is stored in the image forming apparatus (Pr1) that is being used when the user specified by the input authentication information is stored in the user storage means (C32A). Whether or not the subnetwork (3, 4) to which the image forming apparatus is connected and the subnetwork (3, 4) to which the image forming apparatus (Pr1) to be authenticated by the input authentication information is connected match Is determined. The forced authentication cancellation information transmission means (C21) forcibly cancels the authentication in the image forming apparatus (Pr1) that is stored as being used when the sub-networks (3, 4) do not match. Information is transmitted to the image forming apparatus (Pr1). Therefore, in the fourth of the first aspect of the invention, when a subnetwork (3, 4) coincide, since a plurality of image forming apparatus (Pr1) capable of the same user uses, one image forming Compared to a case where only the device (Pr1) can be used, a flexible operation can be performed.

(Second invention)
In order to solve the technical problem, the authentication device (Pr1) of the second invention
Authentication information storage means (C4D, C31B) for storing authentication information for authenticating the user of the image forming apparatus (Pr1) for each user;
Authentication means (C4, C31) for authenticating the user;
A use authority which a user specifies the function of the image forming apparatus (Pr1) available, a function capable standardly used during authentication standard authority and specifying the functions of the image forming of the image forming apparatus (Pr1) And use authority information including additional functions that can be additionally used and that include functions for registering or changing specifications of the image forming apparatus (Pr1) without the image forming function. Use authority information storage means (C7) for storing authority information;
It is determined whether or not an authenticated user has input that uses a function that is not included in the standard authority function specified by the standard authority and that is included in the additional authority function specified by the additional authority. Additional authority function input discrimination means (C8B) to perform,
When the authenticated user is a function not included in the standard authority function specified by the standard authority and an input using a function included in the additional authority function specified by the additional authority is made, An authority change authentication image display means (C9B) for displaying an authority change image (61) for changing the authority of the user on the information display screen (UI1);
Authority change authentication information storage means for storing authority change authentication information for performing authority change authentication of the user who changes authority from the standard authority to the additional authority when using the function specified by the additional authority (C9C),
Based on the input information input to the authority change image (61) and the authority change authentication information stored in the authority change authentication information storage means (C9C), authority change authentication of the user who performs authority change is performed. Authority change authentication means (C9);
The user who has performed the additional authentication is an input using the function included in the standard authority function specified by the standard authority and the image forming function not included in the additional authority function specified by the additional authority. The authority change authentication means (C9) for automatically changing the authority to the standard authority when
It is provided with.

(Operation of the second invention)
In the above configuration requirements authentication apparatus of the second invention having the (Pr1), the authentication information storage means (C4D, C31b) is authentication information for authenticating the user of the image forming apparatus (Pr1) for each user To remember. Authentication means (C4, C31) authenticates the user. The use authority information storage means (C7) is a use authority for specifying the functions of the image forming apparatus (Pr1) that can be used by the user , and is a function that can be used as a standard at the time of authentication. Standard authority for specifying the image forming function and additional authority for specifying a function that can be additionally used and that does not have the image forming function but registers or changes the specifications of the image forming apparatus (Pr1). Usage authority information, which is information on usage authority including The additional authority function input discriminating means (C8B) is a function that is not included in the standard authority function for which the authenticated user is identified by the standard authority, and is a function that is included in the additional authority function identified by the additional authority. It is determined whether or not there is an input using.

  The authority change authentication image display means (C9B) is a function that the authenticated user does not include in the standard authority function specified by the standard authority, and is included in the additional authority function specified by the additional authority. When an input for using the function is made, an authority change image (61) for changing the authority of the user is displayed on the information display screen (UI1). The authority change authentication information storage means (C9C) changes authority to perform authority change authentication of the user who changes the authority from the standard authority to the additional authority when using the function specified by the additional authority. Store authentication information. The authority change authentication means (C9) changes the authority based on the input information input to the authority change image (61) and the authority change authentication information stored in the authority change authentication information storage means (C9C). The user authority change authentication is performed.

Accordingly, in the authentication device (Pr1) of the second invention, authority change authentication is required when using the function included in the additional authority function. Therefore, when the authenticated user is in the middle, etc. Even if a third party tries to use it, only the functions included in the standard authority function can be used, and the use of the functions included in the additional authority function is limited. As a result, it is possible to limit the range of functions that can be used by a third party having no use authority, and to suppress abuse of functions included in the additional authority function. Therefore, it is possible to reduce the malfunction or the leakage of confidential information due to the abuse of a third party.
Further, in the second invention having the above-described configuration requirements, the authority change authentication unit (C9) includes the image forming function that is not included in the additional authority function that is specified by the additional authority by the user who has been additionally authenticated. When the input using the function included in the standard authority function specified by the standard authority is made, the authority is automatically changed to the standard authority. Therefore, since the authority change authentication to the standard authority does not require the authority change authentication, the input operation can be reduced compared to the case where the authority change authentication is always performed at the time of the authority change, and the operability can be improved.

(Third invention)
In order to solve the technical problem, the authentication program (P1) of the third invention is:
Computer (Pr1)
Authentication information storage means (C4D, C31B) for storing authentication information for authenticating the user of the image forming apparatus (Pr1) for each user;
Authentication means (C4, C31) for authenticating the user;
A use authority which a user specifies the function of the image forming apparatus (Pr1) available, a function capable standardly used during authentication standard authority and specifying the functions of the image forming of the image forming apparatus (Pr1) And use authority information including additional functions that can be additionally used and that include functions for registering or changing specifications of the image forming apparatus (Pr1) without the image forming function. Usage authority information storage means (C7) for storing authority information;
It is determined whether or not an authenticated user has input that uses a function that is not included in the standard authority function specified by the standard authority and that is included in the additional authority function specified by the additional authority. Additional authority function input discriminating means (C8B),
When the authenticated user is a function not included in the standard authority function specified by the standard authority and an input using a function included in the additional authority function specified by the additional authority is made, Authority change authentication image display means (C9B) for displaying an authority change image (61) for changing the authority of the user on the information display screen (UI1);
Authority change authentication information storage means for storing authority change authentication information for performing authority change authentication of the user who changes authority from the standard authority to the additional authority when using the function specified by the additional authority (C9C),
Based on the input information input to the authority change image (61) and the authority change authentication information stored in the authority change authentication information storage means (C9C), authority change authentication of the user who performs authority change is performed. Authority change authentication means (C9),
The user who has performed the additional authentication is an input using the function included in the standard authority function specified by the standard authority and the image forming function not included in the additional authority function specified by the additional authority. The authority change authentication means (C9) for automatically changing the authority to the standard authority when
It is made to function as.

(Operation of the third invention)
The authentication information storage means (C4D, C31B) provides authentication information for authenticating the user of the image forming apparatus (Pr1) for each user by the authentication program (P1) of the third invention having the above configuration requirements. Remember. Authentication means (C4, C31) authenticates the user. The use authority information storage means (C7) is a use authority for specifying the functions of the image forming apparatus (Pr1) that can be used by the user , and is a function that can be used as a standard at the time of authentication. Standard authority for specifying the image forming function and additional authority for specifying a function that can be additionally used and that does not have the image forming function but registers or changes the specifications of the image forming apparatus (Pr1). Usage authority information, which is information on usage authority including The additional authority function input discriminating means (C8B) is a function that is not included in the standard authority function for which the authenticated user is identified by the standard authority, and is a function that is included in the additional authority function identified by the additional authority. It is determined whether or not there is an input using.

  The authority change authentication image display means (C9B) is a function that the authenticated user does not include in the standard authority function specified by the standard authority, and is included in the additional authority function specified by the additional authority. When an input for using the function is made, an authority change image (61) for changing the authority of the user is displayed on the information display screen (UI1). The authority change authentication information storage means (C9C) changes authority to perform authority change authentication of the user who changes the authority from the standard authority to the additional authority when using the function specified by the additional authority. Store authentication information. The authority change authentication means (C9) changes the authority based on the input information input to the authority change image (61) and the authority change authentication information stored in the authority change authentication information storage means (C9C). The user authority change authentication is performed.

Therefore, the authorization program (P1) of the third invention requires authorization change authentication when using the function included in the additional authorization function. Therefore, when the authenticated user is in the middle, etc. Even if a third party tries to use it, only the functions included in the standard authority function can be used, and the use of the functions included in the additional authority function is limited. As a result, it is possible to limit the range of functions that can be used by a third party having no use authority, and to suppress abuse of functions included in the additional authority function. Therefore, it is possible to reduce the malfunction or the leakage of confidential information due to the abuse of a third party.
Further, in the second invention having the above-described configuration requirements, the authority change authentication unit (C9) includes the image forming function that is not included in the additional authority function that is specified by the additional authority by the user who has been additionally authenticated. When the input using the function included in the standard authority function specified by the standard authority is made, the authority is automatically changed to the standard authority. Therefore, since the authority change authentication to the standard authority does not require the authority change authentication, the input operation can be reduced compared to the case where the authority change authentication is always performed at the time of the authority change, and the operability can be improved.

The above-described present invention has the following effect (E01).
(E01) It is possible to restrict use by a person who is not authorized in the authenticated state.

  Next, specific examples (examples) of the embodiments of the present invention will be described with reference to the drawings, but the present invention is not limited to the following examples.

FIG. 1 is an overall explanatory diagram of an authentication system according to a first embodiment of the present invention.
In FIG. 1, a print system (authentication system) S according to a first embodiment of the present invention includes a network N including an Internet line (public communication line) 1 and a local area network (LAN) 2. The local area network 2 is connected to the Internet line 1 via a router R. In the first embodiment, the local area network 2 includes a first subnetwork 3 for the first business department and a second subnetwork 4 for the second business department, and the first subnetwork 3 and the second subnetwork 4 are provided. The network 4 is connected via a router R.
Each of the sub-networks 3 and 4 includes a plurality of client personal computers PCs (electronic manual browsing devices) and network-connected multifunction devices (copying, FAX, printers, image forming apparatuses having scanner functions, electronic devices, authentication apparatuses) Computers Pr1 to Pr4, an administrator server Sb (information processing apparatus, electronic device) of a network administrator, and other workstations and database servers (not shown) are connected. Further, a multifunction machine Pr5 is connected via the Internet line 1.

Each of the client personal computers PC and the administrator server Sb is composed of a computer device, and includes a computer main body H1, a display (information display screen) H2, input devices such as a keyboard H3 and a mouse H4, and an HD drive (not shown). (Hard disk drive), CD drive (compact disk drive), and the like.
The multifunction peripherals Pr1 to Pr5 have a user interface UI, a plurality of paper feed trays TR for feeding printing paper, and a paper discharge tray TRh. The multi-function machines Pr1 to Pr5 are electrophotographic multi-function machines having a built-in microcomputer and having all functions of a copy, a printer, a FAX, and a network scanner.

  In FIG. 1, the print system S according to the first embodiment is operated in a TCP / IP (Transmission Control Protocol / Internet Protocol) environment that is currently in widespread use, and each device PC, Pr1 connected to a network N is shown. -Pr5 is assigned (set) with unique network identification information (IP address). In the first embodiment, each device PC, Pr1, and Pr2 connected to the first sub-network 3 has an IP address of “192.168.8.0. *” (* Is a value that varies from device to device from 0 to 255). Is assigned, and “192.168.1. *” Is assigned as an IP address to each of the devices PC, Pr3, and Pr4 connected to the second sub-network 4.

  Here, the IP address will be described. In IPv4 (Internet Protocol Version 4), the IP address is a 32-bit number (actually, it is expressed as “123.123.123.123” or the like by dividing it into 8-bit decimal numbers). Is used. In the standard, the upper 16 bits of the 32 bits are used as network address numbers, and the lower 16 bits are used as host address numbers. Since the host address number is 16 bits (that is, 0 to 65535), 65536 devices are managed, and it is difficult to manage all of them. Therefore, at present, the host address number is divided into upper 8 bits and lower 8 bits (subnetized) and managed by 256 units corresponding to the lower 8 bits. At this time, the subnet mask is used to obtain the subnet network address from the IP address, and the subnet network address can be obtained by ANDing the IP address with the subnet mask. In the case of the lower 8 bits, the subnet mask is “255.255.255.0”, and the upper 24 bits are the network address of the subnet. In the first embodiment, this subnet mask is set and stored in each device. Accordingly, the network address of the subnet of the first subnetwork 3 is “192.168.0.0”, and the network address of the subnet of the second subnetwork 4 is “192.168.1.0”.

(Description of the control part of Example 1)
Next, the control unit according to the first exemplary embodiment will be described. Image information for printing is transmitted to the multifunction peripherals Pr1 to Pr5 via the network N according to a user input, or scanned by the multifunction peripherals Pr1 to Pr5. The description of the control unit of the client personal computer PC or the administrator server Sb that takes in the image information via the network N is omitted since it is conventionally known.
(Description of control unit of image forming apparatus)
FIG. 2 is a block diagram (functional block diagram) illustrating each function provided in the control unit of the multifunction peripheral as the image forming apparatus according to the first exemplary embodiment.
In FIG. 2, the controller C of the multifunction peripheral Pr1 according to the first embodiment includes an I / O (input / output interface) that performs input / output of signals with the outside, adjustment of input / output signal levels, and a program for performing necessary processing. And a ROM (read only memory) or hard disk in which data and the like are stored, a RAM (random access memory) for temporarily storing necessary data, and a CPU that performs processing according to a program stored in the ROM ( A central processing unit) and a microcomputer having a clock oscillator and the like, and various functions can be realized by executing a program stored in the ROM or the like.
The controller C of each of the multifunction peripherals Pr1 to Pr5 is configured in the same manner. Therefore, in the following description, the multifunction peripheral Pr1 will be described, and a detailed description of the other multifunction peripherals Pr2 to Pr5 will be omitted.

(Signal input element connected to the controller C)
The controller C receives signals from signal input elements such as a UI (user interface) and various sensors (not shown).
The UI includes input keys such as a display UI1, a copy start key UI2, a numeric keypad UI3, etc., and detects that they are input, and inputs a detection signal to the controller C.

(Control element connected to the controller C)
The controller C forms an image in accordance with the image information, records the image on an image reading member (scanner unit) PrA for reading a document image, and paper fed from the paper feed tray TR, and discharges it to the discharge tray TRh. It is connected to an image recording member (printer unit) PrB and other control elements to output their operation control signals.

(Function of the controller C)
The controller C has a function (control means) for executing a process corresponding to an output signal from each signal output element, information received via the network N, and a signal and outputting a control signal to each control element. Have. The function (control means) of the controller C will be described next.
C1: Image information receiving means The image information receiving means C1 receives image information such as print image information and FAX image information transmitted from the client personal computer PC or the like via the network N.
C2: Image information storage means The image information storage means C2 performs operations such as received image information, read image information during a copy operation, a scanner operation, and a FAX transmission operation (job, ie, print operation, scanner operation, FAX Information (data) for executing an operation, a copy operation, and the like.

C3: Image Forming Unit The image forming unit C3 executes the job by controlling the operations of the image reading member PrA and the image recording member PrB according to the job to be executed (copying operation, printing operation, etc.).
P1: Authentication program The authentication program P1 includes authentication means C4, function selection image display means C5, authentication user storage means C6, use authority information storage means C7, use authority determination means C8, and authority change authentication means C9. It performs user authentication, setting and changing user authority, etc.
C4: Authentication Unit The authentication unit C4 includes an authentication image display unit C4A, an authentication impossible notification image display unit C4B, a keyboard image display unit C4C, and an authentication information storage unit C4D. It is authenticated whether or not a user (user or administrator) is a registered user.

FIG. 3 is an explanatory diagram of an authentication image according to the first embodiment.
C4A: Authentication Image Display Unit The authentication image display unit C4A displays an authentication image 11 (see FIG. 3) for inputting user authentication information on the display unit (information display screen) UI1. In FIG. 3, an authentication image 11 according to the first embodiment includes a user ID input field 12 for inputting a user ID as authentication information, a password input field 13 for inputting a password as authentication information, a user ID and a password. In order to complete the input of the keyboard input start image 14 (see the “keyboard” icon in FIG. 3) and the authentication information (user ID and password) for displaying the keyboard image for inputting the password and to perform authentication (login) Authentication execution image 16 (see “Login” icon in FIG. 3). The display unit UI1 according to the first embodiment is configured by a contact input type (so-called touch panel) display unit UI1 that can be input by a user touching an image portion with a fingertip.

FIG. 4 is an explanatory diagram of an authentication impossible notification image according to the first embodiment.
C4B: Non-authentication notification image display means The non-authentication notification image display means C4B is a non-authentication notification image 21 for notifying the user when the user ID and password do not match and authentication (login) is not possible. 4) is displayed on the display unit UI1. In FIG. 4, the authentication impossible notification image 21 according to the first embodiment includes a confirmation image 22 (see “OK” icon in FIG. 4) for the user to confirm that the authentication has failed.

FIG. 5 is an explanatory diagram of a keyboard image of the first embodiment, FIG. 5A is an explanatory diagram of a keyboard image for inputting hiragana, and FIG. 5B is an explanatory diagram of a keyboard image for inputting alphanumeric characters.
C4C: Keyboard image display means The keyboard image display means C4C is a keyboard image 31 (FIG. 5) for inputting a user ID or password when the keyboard input start image 14 is input in the authentication image 11. Display) is displayed on the display unit UI1. 5, the keyboard image 31 according to the first embodiment includes an input item display field 32 for displaying input items (a user ID display field in FIG. 3), a keyboard input unit 33 for performing input by touching an image part with a finger, An input decision image 34 (see the “decision” icon in FIG. 5) for reflecting the contents input in the input item display column 32 to the corresponding input columns 12 and 23 of the authentication image 11, and display in the input item display column 32 The input cancellation image 36 (see the “cancel” icon in FIG. 5) that discards the contents and returns to the authentication image 11 and the input mode switching image for switching the input mode among hiragana, katakana, alphanumeric characters, and symbols. 37 (refer to the icons of “Hiragana”, “Katakana”, “Alphabet” and “Symbol” in FIG. 5).

C4D: Authentication Information Storage Unit The authentication information storage unit C4D stores authentication information (user ID and password) of a user who can use the multifunction peripheral Pr1 that is referred to when the authentication unit C6 performs authentication. The authentication information is registered (stored) in advance by an administrator by a conventionally known authentication information registration means (program) (not shown).

FIG. 6 is an explanatory diagram of a function selection image according to the first embodiment.
C5: Function Selection Image Display Unit The function selection image display unit C5 displays a function selection image 41 (menu image, see FIG. 6) for selecting each function of the multifunction peripheral Pr1 on the display unit UI1. 6, a function selection image 41 according to the first embodiment includes a function selection icon 42 (see “copy” icon 42 a, “FAX” icon 42 b, “scanner” icon 42 c in FIG. 6) for selecting each function, A specification change icon 43 (see the “change specification” icon in FIG. 6) for registering and changing various settings and specifications of the multifunction device Pr1, and a logout image 47 (“logout” icon for ending the operation of the multifunction device Pr1). Reference).

C6: Authentication user storage means (authentication user storage means)
The authenticated user storage unit C6 stores the user (user) authenticated by the authentication unit C4. That is, the user currently using the multifunction device Pr1 is stored.
C7: Usage Authority Information Storage Unit The usage authority information storage unit C7 includes a user authority group management table storage unit C7A and an authority function management table storage unit C7B, and is used for specifying functions that can be used by the user (user). Usage authority information, which is information of usage authority including authority, which is a standard authority that specifies a function that can be used normally at the time of authentication, and an additional authority that specifies an additional function that can be used is stored.

FIG. 7 is an explanatory diagram of usage authority information according to the first embodiment, FIG. 7A is an explanatory diagram of a user authority group management table, and FIG. 7B is an explanatory diagram of an authority function management table.
C7A: User authority group management table storage means The user authority group management table storage means C7A is a use authority group in which a specific range of use authority is recognized and to which group (use authority) each user (user) belongs. A user authority group management table (see FIG. 7A) in which these are tabulated is stored. 7A, in the first embodiment, as the usage authority group, there are “general user 1”, “general user 2”, and “administrator”, and groups to which each user (user A to user C) belongs (each User authority authorized by the user) and the standard authority group granted at the time of the first authentication are stored in the user authority group management table.

C7B: Authority Function Management Table Storage Unit The authority function management table storage unit C7B stores an authority function management table (see FIG. 7B) that tabulates functions that can be used in each usage authority group. In FIG. 7B, in Example 1, only the “copy” function is set for “general user 1”, and “copy” function, “FAX” function, and “scan” are set for “general user 2”. The use authority of the function is set, and the “administrator” is set with the use authority of the “change specification” function. It is stored that the authority increases in the order of “general user 1”, “general user 2”, and “administrator”. Accordingly, in FIG. 7A and FIG. 7B, “User A” has the “copy” function, “FAX” function, and “scan” function set to “general user 2”, which is the standard authority at the time of authentication, as the standard authority function. Thus, “specification setting” set in “administrator”, which is an additional authority not granted as a standard, becomes an additional authority function. In the first embodiment, only the standard authority (“general user 2” or “general user 1”) is set for “user B” and “user C”, and no additional authority is set.

C8: Usage Authority Determination Unit The usage authority determination unit C8 includes a granted usage authority storage unit C8A, an additional authority function input determination unit C8B, an authority level determination unit C8C, and a no authority notification image display unit C8D. Determine the usage rights for.
C8A: Granted Use Authority Storage Unit The granted use authority storage unit C8A stores the use authority currently granted to the authenticated user. The granted usage right source storage unit C8A of the first embodiment is currently granted to the user by storing the usage right group to which the user currently belongs and the usage right function set in the usage right group. Remember usage rights.

C8B: Additional authority function input determination means The additional authority function input determination means C8B is a function that is not included in the standard authority function in which the authenticated user (user) is specified by the standard authority, and is specified by the additional authority. It is determined whether or not an input using a function included in the additional authority function is made. The additional authority function input determination unit C8B according to the first embodiment is a function that is not included in the function of the current usage authority stored in the usage right source storage unit, and is a function of other usage authority of the currently used user. By determining whether or not an input using a function included in the function is included, it is also determined whether an input that uses a function that is not included in the standard authority function and included in the additional authority function is performed. .
C8C: Authority level discriminating means The authority level discriminating means C8C is a function that is not included in the function of the current usage authority by the additional authority function input determining means C8B and that is included in the function of other usage authority of the user. When an input for use is made, it is determined which of the current use authority and the other use authority is greater based on the order of the authorities stored in the authority function management table storage unit C7B.

FIG. 8 is an explanatory diagram of an unauthorized authority notification image according to the first embodiment.
C8D: Unauthorized notice image display means Unauthorized notice image display means C8D is used when the function input by the authenticated user is not included in the standard authority function or the additional authority function. An unauthorized authority notification image 51 (see FIG. 8) for notifying the user that there is no message is displayed. In FIG. 8, the unauthorized authority notification image 51 of the first embodiment includes a confirmation image 52 (see “OK” icon in FIG. 8) indicating that the user has confirmed the notification content.
C9: Authority Change Authentication Unit The authority change authentication unit C9 includes an authority change authentication information storage unit C9A, an authority change authentication image display unit C9B, and an authority change authentication impossible notification image display unit C9C. Based on the input information input in FIG. 9) and the authority change authentication information stored in the authority change authentication information storage means C9B, authority change authentication of the user who performs authority change is performed.

C9A: Authority change authentication information storage means The authority change authentication information storage means C9A is an authority for performing authority change authentication of a user who changes the authority from the standard authority to the additional authority when using the function specified by the additional authority. The change authentication information is stored. The authority change authentication information storage unit C9A according to the first embodiment stores, as authority change authentication information, a preset authority change password that is different from the authentication password stored in the authentication information storage unit C4D. The authentication password and the authority change password are preferably different from each other, but can be shared.

FIG. 9 is an explanatory diagram of a re-authentication notification image according to the first embodiment.
C9B: Authority change authentication image display means The authority change authentication image display means C9B is a function in which an authenticated user inputs a function that is not included in the standard authority function and that uses a function included in the additional authority function. The authority change image 61 (see FIG. 9) for changing the user's use authority is displayed on the display unit UI1 (information display screen). 9, the authority change image 61 of the first embodiment includes a password input field 62 for inputting an authority change password as authority change authentication information, and a keyboard image for inputting the authority change password (see FIG. 5). Change the authority to perform the authority change authentication after the input of the keyboard input start image 63 (refer to the “keyboard” icon in FIG. 9) and the authority change authentication information (authority change password) is displayed. An authentication execution image 64 (see “OK” icon in FIG. 9) and a non-execution instruction image 66 (see “cancel” icon in FIG. 9) for instructing not to perform authority change authentication.

FIG. 10 is an explanatory diagram of an authority change authentication impossible notification image according to the first embodiment.
C9C: Authority change authentication disabled notification image display means The authority change authentication disabled notification image display means C9C stores the input information entered in the password input field 62 of the authority change authentication image 61 and the authority change authentication information storage means. When the authority change authentication information does not match and the authority change authentication cannot be performed, an authority change authentication impossible notification image 71 (see FIG. 10) for notifying the authority change authentication cannot be displayed is displayed on the display unit UI1. . In FIG. 10, the authority change authentication impossible notification image 71 of the first embodiment includes a confirmation image 72 (see “OK” icon in FIG. 10) indicating that the user has confirmed the notification content.
C10: Network Information Storage Unit The network information storage unit C10 includes an IP address storage unit C10A that stores the IP address of the multifunction peripheral (image forming apparatus) Pr1, and a subnet mask storage unit C10B that stores the subnet mask of the multifunction peripheral Pr1. Network information including the IP address and subnet mask of the multifunction peripheral Pr1.

(Description of Flowchart of Example 1)
Next, the processing flow of the multifunction peripheral Pr1 according to the first embodiment will be described with reference to a flowchart. The client personal computer PC or the like that transmits image information for printout to the multifunction peripheral Pr1 in response to a user input is described below. Since the processing is conventionally known, illustration and detailed description are omitted.

(Description of main flowchart)
FIG. 11 is a main flowchart of the image forming apparatus according to the first exemplary embodiment.
The processing of each ST (step) in the flowchart of FIG. 11 is performed according to a program stored in the ROM, the hard disk or the like of the multi-function device Pr1. This process is executed in a multitasking manner in parallel with other various processes of the multifunction peripheral Pr1.
The flowchart shown in FIG. 11 is started when the multifunction device Pr1 is powered on.

In ST1 of FIG. 11, the authentication image 11 (login image) is displayed on the display unit UI1, and the process proceeds to ST2.
In ST2, it is determined whether or not an input for selecting the authentication execution image 16 of the authentication image 11 (see the “login” icon in FIG. 3) has been made. If no (N), the process proceeds to ST3, and if yes (Y), the process proceeds to ST7.
In ST3, it is determined whether or not an input for selecting the keyboard input start image 14 (see the “keyboard” icon in FIG. 3) of the authentication image 11 has been made. If yes (Y), the process proceeds to ST4. If no (N), the process proceeds to ST5.
In ST4, the keyboard image 31 is displayed on the display unit UI1, the user ID or the password is input by the keyboard input unit 33, and the authentication image is input in response to the input determination image 34 (see the “decision” icon in FIG. 5). The keyboard input process (not shown) for reflecting the input contents in the user ID input field 12 or the password input field 13 is executed, and the process returns to ST1.

In ST5, it is determined whether or not an input is performed using the numeric keypad UI3 of the user interface UI. If yes (Y), the process proceeds to ST6. If no (N), the process returns to ST2.
In ST6, the image of the authentication image 11 (one field selected from the user ID input field 12 or the password input field 13) is updated according to the input, and the process returns to ST2.
In ST7, based on the information input in the user ID input field 12 of the authentication image 11, it is determined whether or not the input user ID is registered (stored) in the authentication information storage unit C4D. If yes (Y), the process proceeds to ST8. If no (N), the process proceeds to ST9.
In ST8, based on the information input in the password input field 13 of the authentication image 11, the input password matches the password (authentication information) of the user ID registered (stored) in the authentication information storage means C4D. It is determined whether or not. If no (N), the process proceeds to ST9, and if yes (Y), the process proceeds to ST11.

In ST9, the authentication impossible notification image 21 (see FIG. 4) is displayed on the display unit UI1. Then, the process proceeds to ST10.
In ST10, it is determined whether or not an input for selecting the confirmation image 22 (see the “OK” icon in FIG. 4) of the authentication impossible notification image 21 has been made. If yes (Y), the process returns to ST1, and if no (N), ST10 is repeated.
In ST11, based on the user authority group management table (see FIG. 7A), the standard authority group set for the logged-in user (authenticated user) is read and stored (obtained) in the granted use authority storage means C8A. ). Then, the process proceeds to ST12.
In ST12, based on the authority function management table (see FIG. 7B), the standard authority function set in the acquired standard use authority group is read and stored (obtained) in the granted use authority storage means C8A. Then, the process proceeds to ST13.

In ST13, the function selection image 41 (see FIG. 6) is displayed on the display unit UI1. Then, the process proceeds to ST14.
In ST14, it is determined whether or not an input for selecting the “copy” icon 42a has been made. If yes (Y), the process proceeds to ST15, and, if no (N), the process proceeds to ST17.
In ST15, it is determined whether or not the selected function is included in the usage authority function of the usage authority group to which the authenticated user currently belongs, and authority change authentication processing (described later) is executed as necessary. The process proceeds to ST16.
In ST16, a conventionally known copy function selection process is executed in which the number of copies is set and a copy operation as a job is executed, and the process returns to ST13.

In ST17, it is determined whether or not an input for selecting the “FAX” icon 42b has been made. If yes (Y), the process proceeds to ST18, and, if no (N), the process proceeds to ST20.
In ST18, the same authority discrimination authentication process (see the subroutine of FIG. 11 described later) as in ST15 is executed, and the process proceeds to ST19.
In ST19, a destination function is input, a process for selecting a FAX function for executing a conventionally known FAX operation (job) for reading and transmitting a document image is performed, and the process returns to ST13.
In ST20, it is determined whether or not an input for selecting the “scanner” icon 42c has been made. If yes (Y), the process proceeds to ST21. If no (N), the process proceeds to ST23.
In ST21, the same authority discrimination authentication process (see the subroutine of FIG. 11 described later) as in ST15 is executed, and the process proceeds to ST22.
In ST22, a conventionally known scanner function selection process for executing a scanner operation (job) for reading a document image is performed, and the process returns to ST13.

In ST23, it is determined whether or not an input for selecting the specification change icon 43 has been made. If yes (Y), the process proceeds to ST24, and, if no (N), the process proceeds to ST26.
In ST24, the same authority discrimination authentication process (see the subroutine of FIG. 11 described later) as in ST15 is executed, and the process proceeds to ST25.
In ST25, a conventionally known specification change process for registering or changing the operation setting of the multifunction peripheral Pr1 or editing the FAX destination is executed, and the process returns to ST13.
In ST26, it is determined whether or not an input for selecting the “logout” icon 47 of the function selection image 41 has been made. If yes (Y), the process proceeds to ST27, and, if no (N), the process returns to ST14.
In ST27, logout (deauthentication) processing of the logged-in user is executed. Then, the process returns to ST1.

(Description of authority discrimination authentication processing (subroutines of ST15, ST18, ST21, ST24))
FIG. 12 is a flowchart of the authority discrimination authentication process according to the first embodiment, which is a subroutine of ST15, ST18, ST21, and ST24 of FIG.
In ST31 of FIG. 12, it is determined whether or not there is an authority to use the selected function. That is, it is determined whether or not the selected function is included in the use authority function stored in the granted use authority storage means C8A. If yes (Y) (when there is no usage authority), the process proceeds to ST32. If no (N) (when there is a usage authority), the authority discrimination authentication process of FIG. 12 is terminated, and the main flowchart of FIG. Return.

In ST32, based on the user authority group management table (see FIG. 7A), it is determined whether or not the login user (authenticated user) has another usage authority group set. If yes (Y), the process proceeds to ST33, and if no (N), the process proceeds to ST34.
In ST33, based on the user authority group management table (see FIG. 7A) and the authority function management table (see FIG. 7B), it is determined whether there is another authority group in which the selected function is included as a use authority function. . If no (N), the process proceeds to ST34, and if yes (Y), the process proceeds to ST36.
In ST34, an unauthorized notification image 51 (see FIG. 8) is displayed. Then, the process proceeds to ST35.
In ST35, it is determined whether or not an input for selecting the confirmation image 52 (see the “OK” icon in FIG. 8) of the unauthorized notification image 51 has been made. If no (N), ST35 is repeated, and if yes (Y), the process returns to ST13 in FIG.

In ST36, based on the authority function management table (see FIG. 7B), it is determined whether another authorized authority group is greater in authority than the current authority group. If yes (Y), the process proceeds to ST37, and, if no (N), the process proceeds to ST45.
In ST37, the authority change image 61 (see FIG. 9) is displayed on the display unit UI1 (information display screen). Then, the process proceeds to ST38.
In ST38, it is determined whether or not an input for selecting the authority change authentication execution image 64 (see the “OK” icon in FIG. 9) of the authority change image 61 has been made. If no (N), the process proceeds to ST39, and if yes (Y), the process proceeds to ST42.
In ST39, it is determined whether or not an input for selecting the non-execution instruction image 66 (see the “cancel” icon in FIG. 9) of the authority change image 61 has been made. If no (N), the process proceeds to ST40, and if yes (Y), the process returns to ST13 in FIG.

In ST40, it is determined whether or not an authority change password as authority change authentication information has been input from the keyboard input start image 63 (see the “keyboard” icon in FIG. 9) of the authority change image 61 and the numeric keypad UI3. If yes (Y), the process proceeds to ST41, and, if no (N), the process returns to ST38.
In ST41, the authority change image 61 is updated according to the input. Then, the process returns to ST38.
In ST42, it is determined whether or not the authority change password input in the password input field 62 of the authority change image 61 matches the authority change password stored in the authority change authentication information storage unit C9A. If no (N), the process proceeds to ST43, and if yes (Y), the process proceeds to ST45.

In ST43, the authority change authentication impossible notification image 71 (see FIG. 10) is displayed on the display unit UI1. Then, the process proceeds to ST44.
In ST44, it is determined whether or not an input for selecting a confirmation image 72 (see “OK” icon in FIG. 10) of the authority change authentication impossible notification image 71 has been made. If yes (Y), the process returns to ST37, and if no (N), ST44 is repeated.
In ST45, the usage authority group of the login user is changed to another usage authority group having authority to use the selected function. Then, the authority discrimination authentication process in FIG. 12 is terminated and the process returns to the main flowchart in FIG.

(Operation of Example 1)
In the MFP Pr1 of the first embodiment having the above-described configuration, as shown in FIG. 7A, at least one standard authority group is set for each user, and the function to which authority is given by the standard authority group There is also a user (a user A in the first embodiment) in which a usage authority group with usage authority for another function is additionally set.
In FIG. 7A, user A belonging to a plurality of usage authority groups belongs to the standard authority group at the time of initial authentication, can use the standard authority function, and cannot use the additional authority function (“specification change” in the first embodiment). When the additional authority function is used, by performing authority change authentication, the functions included in the additional authority function can be used, and the standard authority function cannot be used.

  Therefore, in the multifunction device Pr1 according to the first embodiment, when a user leaves the multifunction device Pr1 because of a standard authority group, even if a third party without usage authority tries to use it, If only the above functions can be used and authorization change authentication is not performed, use of the functions of the additional authority group is restricted. For example, when user A is logged in as an administrator, even if the user is an administrator, the specification can not be changed by the standard authority function, so even if the administrator is in this state, the specification can be changed by a third party. Can be prevented. As a result, the range of functions that can be used by a third party in the authenticated state can be restricted, and the abuse of the device can be reduced. Therefore, it is possible to reduce the possibility of the device not operating or leakage of confidential information due to abuse by a third party.

  In the MFP Pr1 according to the first embodiment, the order of authority is set in the usage authority group. When the authority is changed from the usage authority group with the lower authority to the authority group with the higher authority, the authority change authentication is performed. Although it is necessary (see ST36 to ST44), the authority can be changed from the group having a higher authority to the group having a lower authority without performing authority change authentication (see ST36 and ST45). Therefore, it is possible to make it harder to be abused by requiring authority change authentication for authority change to a privileged usage authority group that may cause damage if abused (security can be improved). ). In addition, since authority change authentication is not required for authority change to a group with less authority, it is possible to reduce input operations and improve operability compared to the case where authority change authentication is always performed at the time of authority change.

  Next, a second embodiment of the present invention will be described. In the description of the second embodiment, components corresponding to those of the first embodiment are denoted by the same reference numerals, and detailed description thereof is omitted. To do. The second embodiment is different from the first embodiment in the following points, but is configured in the same manner as the first embodiment in other points.

(Description of Control Unit of Example 2)
(Description of control unit of image forming apparatus)
(Function of the controller C of the second embodiment)
FIG. 13 is a block diagram (functional block diagram) illustrating each function provided in the control unit of the multifunction peripheral as the image forming apparatus according to the second embodiment, and corresponds to FIG. 2 according to the first embodiment. is there.
In FIG. 13, in the authentication program P1 of the multifunction peripherals Pr1 to Pr5 according to the second embodiment, the authentication unit C4 transmits the input authentication information input in the authentication image 11 to the administrator server Sb instead of the authentication information storage unit C4D. Input information transmitting means C4E that performs authentication, and authentication enable / disable information receiving means C4F that receives authentication enable / disable information transmitted from the administrator server in accordance with the transmitted input authentication information. Then, the authentication unit C4 according to the second embodiment performs authentication (determination of whether to log in) based on the received authentication propriety information. In the second embodiment, the user authentication is performed by the administrator server Sb, and the authenticated user's standard authority group, additional authority group, and authority change authentication information are transferred from the administrator server Sb to the authentication permission / inhibition information. It is included and transmitted and stored in the user authority group management table storage means C7A and authority change authentication information storage means C9A. That is, unlike the first embodiment, the user authority group management table storage means C7A and authority change authentication information storage means C9A store only information relating to the user in use.

The authentication program P1 of the second embodiment has the following functional means in addition to the functional means C4 to C9 of the authentication program P1 of the first embodiment.
C21: Automatic logout information receiving means (forced authentication cancellation information receiving means)
The automatic logout information receiving means C21 receives forced authentication cancellation information (automatic logout information) transmitted from the administrator server (information processing apparatus) Sb for forcibly canceling authentication of an authenticated user. That is, the automatic logout information receiving means C21 of the second embodiment receives automatic logout information for automatically logging out a logged-in user.
C22: Usage End Information Transmitting Unit The usage end information transmitting unit C22 transmits usage end information notifying that the user who has been authenticated by the MFP Pr1 has ended the usage to the administrator server Sb. The use end information transmitting unit C22 according to the second embodiment receives the user ID and the MFP identification information (implementation) when an input for selecting the “logout” icon 47 of the function selection image 41 is received or when automatic logout information is received. In Example 2, use end information including the IP address is transmitted to the administrator server Sb.

(Description of the control unit of the administrator server Sb)
FIG. 14 is a block diagram (function block diagram) showing each function provided in the control part of the administrator server of the second embodiment.
In FIG. 14, the computer main body H1 of the administrator server Sb is an I / O (input / output interface) that performs input / output of signals to / from the outside, adjustment of input / output signal levels, and the like, and programs and data for performing necessary processing. ROM (Read Only Memory) that stores data, RAM (Random Access Memory) for temporarily storing necessary data, CPU (Central Processing Processing) that performs processing according to programs stored in a hard disk, ROM, etc. Device), a clock oscillator, and the like.
The administrator server Sb having the above configuration can realize various functions by executing a program stored in the hard disk, ROM, or the like.

In FIG. 14, the hard disk drive of the administrator server Sb according to the second embodiment includes a basic software (operating system) OS that controls basic operations of the computer main body H1, application programs AP such as document creation software and drawing software, and application programs. In addition to a conventionally known printer driver PD that transmits image information to the image forming apparatuses Pr1 to Pr5 in response to a print instruction from an AP or the like, an authentication unit C31, a user management unit C32, an automatic logout information transmission unit C33, and network information It has storage means C34.
Hereinafter, functions (control means) other than the conventionally known operating system OS, application program AP, and printer driver PD will be described.

C31: Authentication means The authentication means C31 includes input authentication information reception means C31A, authentication information reception means C31B, user authority group management table storage means C31C, authority function management table storage means C31D, and authority change authentication information storage means C31E. And authentication enable / disable information transmitting means C31F, and authenticates a user who is using the multifunction peripherals Pr1 to Pr5 via the network N.
C31A: Input Authentication Information Receiving Unit The input authentication information receiving unit C31A receives the input authentication information transmitted from the multifunction peripherals Pr1 to Pr5.
C31B: Authentication Information Storage Unit The authentication information storage unit C31B is a user who can use the multifunction peripherals Pr1 to Pr5, which is referred to when the authentication unit C31 performs authentication, like the authentication information storage unit C4D of the first embodiment. Authentication information (user ID and password) is stored. The authentication information is registered (stored) in advance by an administrator by a conventionally known authentication information registration means (program) (not shown).

C31C: User authority group management table storage means The user authority group management table storage means C31C stores a user authority group management table in the same manner as the user authority group management table storage means C7A of the first embodiment.
C31D: Authority Function Management Table Storage Unit The authority function management table storage unit C31D stores the authority function management table in the same manner as the authority function management table storage unit C7B of the first embodiment.
C31E: Authority Change Authentication Information Storage Unit The authority change authentication information storage unit C31E stores authority change authentication information in the same manner as the authority change authentication information storage unit C9A of the first embodiment.

C31F: Authentication availability information transmitting unit The authentication availability information transmitting unit C31F transmits authentication availability information notifying the authentication result by the authentication unit C31 to each of the multifunction peripherals Pr1 to Pr5. The authentication permission / inhibition information transmission unit C31F of the second embodiment transmits authentication permission / inhibition information for login disapproval when the authentication is not performed (when login is not possible). Sends the authenticated user's standard authority group, additional authority group, authority change authentication information, and login permission authentication enable / disable information.
C32: User Management Unit The user management unit C32 includes a user storage unit C32A, a user duplication determination unit C32B, a use end information reception unit C32C, and a user registration change unit C32D. Manage users who are using (users who are authenticated and logged in).

C32A: User storage means The user storage means C32A stores users who are currently using the multifunction peripherals Pr1 to Pr5. In the second embodiment, the user ID of the user is stored in association with the identification information (the IP address in the second embodiment) of the multifunction machine Pr1 being used.
C32B: User duplication discriminating means The user duplication discriminating means C32B discriminates whether or not the user specified by the received input authentication information is stored in the user storage means C32A. It is determined whether or not the same user intends to use Pr1 to Pr5 in duplicate.

C32C: Usage End Information Receiving Unit The usage end information receiving unit C32C receives the usage end information transmitted from the multifunction peripherals Pr1 to Pr5.
C32D: User Registration Change Unit The user registration change unit C32D stores the user authenticated by the authentication unit C31 based on the input authentication information as a user who is using the multifunction peripherals Pr1 to Pr5 (electronic device). Register in means C32A. Further, the user registration changing unit C32D according to the second embodiment deletes the user stored in the user storage unit C32A based on the received use end information.

C33: Automatic logout information transmission means (forced authentication cancellation information transmission means)
The automatic logout information transmitting means C33 authenticates the multifunction peripherals Pr1 to Pr5 stored as being used in the user storage means C32A when the user duplication judgment means C32B determines that the user is duplicated. The automatic logout information (forced authentication cancellation information) for forcibly canceling is transmitted to the multifunction peripherals (electronic devices) Pr1 to Pr5.
C34: Network information storage means The network information storage means C34 includes an IP address storage means C34A for storing the IP address of the administrator server (information processing apparatus) Sb, and a subnet mask storage means C34B for storing the subnet mask of the administrator server Sb. And stores network information including the IP address and subnet mask of the administrator server Sb.

(Explanation of flowchart of embodiment 2)
Next, the flowchart of the second embodiment will be described. The same steps (ST) numbers are assigned to the same processes as those of the flowchart of the first embodiment, and the detailed description thereof is omitted.
(Description of the main flowchart of the MFP)
FIG. 15 is a main flowchart of the MFP according to the second embodiment, and is a flowchart corresponding to FIG. 11 according to the first embodiment.

In FIG. 15, in the main flowchart of the second embodiment, ST7 and ST8 in the main flowchart of the first embodiment are omitted.
In ST51, the input authentication information is transmitted to the administrator server Sb. Then, the process proceeds to ST52.
In ST52, it is determined whether or not the authentication propriety information transmitted from the administrator server Sb has been received. If yes (Y), the process proceeds to ST53, and if no (N), ST52 is repeated.
In ST53, it is determined whether or not the received authentication propriety information is login permission (authenticated). If no (N), the process proceeds to ST9, and if yes (Y), the process proceeds to ST11.

Next, ST11 to ST26 are executed. If NO (N) in ST26, the process proceeds to ST54, and if yes (Y), the process proceeds to ST27 '.
In ST54, it is determined whether or not automatic logout information has been received. If yes (Y), the process proceeds to ST27 ', and if no (N), the process returns to ST14.
In ST27 ′, the following processes (1) and (2) are executed, and the process returns to ST1.
(1) Execute logout (deauthentication) processing for the logged-in user.
(2) Use end information is transmitted to the administrator server Sb.

(Description of processing of administrator server Sb)
(Description of main flowchart)
FIG. 16 is a main flowchart of the administrator server Sb according to the second embodiment.
The processing of each ST (step) in the flowchart of FIG. 16 is performed according to a program stored in the hard disk or the like of the computer main body H1. Further, this process is executed by multitasking in parallel with other various processes of the administrator server Sb.
The flowchart shown in FIG. 16 is started when the administrator server Sb is powered on.

In ST61 of FIG. 16, it is determined whether or not the input authentication information transmitted from the multifunction peripherals Pr1 to Pr5 has been received. If no (N), the process proceeds to ST62, and if yes (Y), the process proceeds to ST64.
In ST62, it is determined whether use end information transmitted from the multifunction peripherals Pr1 to Pr5 is received. If yes (Y), the process proceeds to ST63, and, if no (N), the process returns to ST61.
In ST63, the user ID and the identification information of the multifunction peripherals Pr1 to Pr5 included in the received use end information are deleted from the user storage unit C32A. Then, the process returns to ST61.

In ST64, it is determined whether or not the user ID of the received input authentication information is registered in the authentication information storage unit C31B. If yes (Y), the process proceeds to ST65, and, if no (N), the process proceeds to ST66.
In ST65, it is determined whether or not the password of the received input authentication information matches the password registered in the authentication information storage means C31B. If no (N), the process proceeds to ST66, and if yes (Y), the process proceeds to ST67.
In ST66, authentication propriety information including login disapproval information is transmitted to the multifunction peripherals Pr1 to Pr5 that transmitted the input authentication information.
In ST67, it is determined whether or not the user ID of the received input authentication information is unregistered in the user storage means C32A. If no (N), the process proceeds to ST68, and if yes (Y), the process proceeds to ST69.

In ST68, automatic logout information (forced authentication cancellation information) is transmitted to the devices (multifunction devices) Pr1 to Pr5 registered in the user storage means C32A. Then, the process proceeds to ST69.
In ST69, authentication propriety information including the authenticated user use authority group, authority change authentication information, and login permission information is transmitted to the multifunction peripherals Pr1 to Pr5 that have transmitted the input authentication information. Then, the process proceeds to ST70.
In ST70, the user ID and identification information of the logged-in (used) MFPs Pr1 to Pr5 are registered in the user storage unit C32A. Then, the process returns to ST61.

(Operation of Example 2)
In the authentication system S according to the second embodiment having the above-described configuration, the authentication information and the usage authority group set for each user are stored in the administrator server Sb and managed by the administrator. Therefore, it is easy to manage, and it is possible to reduce the leakage of authentication information and the like due to unauthorized access to the multifunction peripherals Pr1 to Pr5.
The administrator server Sb stores the users who are currently authenticated (logged in) in each of the multifunction peripherals Pr1 to Pr5, and the user who is logged in to the multifunction peripherals Pr1 to Pr5 When logging in from Pr1 to Pr5, the original multifunction peripherals Pr1 to Pr5 are automatically (forcedly) logged out. Therefore, when the user forgets to log out and tries to use another multifunction device Pr1 to Pr5, the original multifunction devices Pr1 to Pr5 can be automatically logged out. User operations can be reduced.
In addition, the authentication system S of the second embodiment has the same effects as the authentication system S of the first embodiment.

  Next, a third embodiment of the present invention will be described. In the description of the third embodiment, the same reference numerals are given to the components corresponding to the components of the first and second embodiments, and a detailed description thereof will be given. Is omitted. The third embodiment is different from the first and second embodiments in the following points, but is configured in the same manner as the first and second embodiments in other points.

(Description of Control Unit of Example 3)
(Description of control unit of image forming apparatus)
(Function of the controller C of the third embodiment)
FIG. 17 is a block diagram (functional block diagram) showing each function provided in the control part of the administrator server of the third embodiment, and corresponds to FIG. 14 of the second embodiment.
In FIG. 17, in the administrator server Sb of the third embodiment, the user duplication determination unit C32B includes a sub-network matching determination unit C32B1.

C32B1: Subnetwork match determination unit C32B1 is configured such that when the user specified by the input authentication information is stored in the user storage unit C32A, the multifunctional devices Pr1 to Pr1 stored as in use are stored. It is determined whether or not the sub-networks 3 and 4 to which Pr5 is connected and the sub-network to which the electronic device to be authenticated is connected match the input authentication information. Example 3 The sub-network matching determination unit C32B1 is logging in when the network address of the subnet obtained by masking the IP addresses of the MFPs Pr1 to Pr5 to be logged in with the subnet mask is registered in the user storage unit C32A. It is determined whether or not the sub-networks match by determining whether or not the IP addresses of the MFPs Pr1 to Pr5 match the subnet network address obtained by masking with the subnet mask.
In response to this, the automatic logout information transmission unit C33 of the third embodiment determines that the user storage unit C32A is in use when the user duplication determination unit C32B has duplicate users and the sub-networks do not match. Automatic logout information (forced authentication cancellation information) for forcibly canceling authentication in the stored multifunction devices Pr1 to Pr5 is transmitted to the multifunction devices (electronic devices) Pr1 to Pr5.

(Description of Flowchart of Example 3)
Next, the flowchart of the third embodiment will be described. However, the same step (ST) number is assigned to the same process as that of the flowcharts of the first and second embodiments, and the detailed description is omitted.
Note that the main flowchart of the multifunction peripherals Pr1 to Pr5 of the third embodiment is the same as that of FIG.
(Description of the main flowchart of the administrator server)
FIG. 18 is a main flowchart of the administrator server of the third embodiment and corresponds to FIG. 16 of the second embodiment.
In FIG. 18, the main flowchart of the third embodiment is the same as the main flowchart of the second embodiment except that the following ST71 is executed between ST67 and ST68 of the main flowchart of the second embodiment. Other explanations are omitted.
Therefore, if no (N) in ST67, the process proceeds to ST71.
In ST71, the subnet network address obtained by masking the IP addresses (identification information) of the MFPs Pr1 to Pr5 that transmitted the input authentication information with the subnet mask of the administrator server Sb, and the user storage means C32A are stored. It is determined whether or not the network addresses of the subnets obtained by masking the IP addresses (identification information) of the multifunction peripherals Pr1 to Pr5 in use with the subnet mask match. If yes (Y), the process proceeds to ST69, and, if no (N), the process proceeds to ST68.

(Operation of Example 3)
In the authentication system S of the third embodiment having the above-described configuration, when a plurality of multifunction peripherals Pr1 to Pr5 are connected to the same subnetwork 3 and 4, the same user is duplicated in the plurality of multifunction peripherals Pr1 to Pr5. Login is allowed. Therefore, when the user wants to use a plurality of multifunction peripherals Pr1 to Pr5 connected to the same subnetwork 3 and 4 and presumed to be installed in a relatively close place, this can be permitted. . For example, it is permitted to perform fax transmission with the other multifunction device while copying with one multifunction device. As a result, more flexible operation is possible than when only one device can log in, and convenience is improved.
In addition, the authentication system S of the third embodiment has the same functions and effects as those of the first and second embodiments.

(Example of change)
As mentioned above, although the Example of this invention was explained in full detail, this invention is not limited to the said Example, A various change is performed within the range of the summary of this invention described in the claim. It is possible. Modification examples (H01) to (H011) of the present invention are exemplified below.
(H01) In the above-described embodiment, the configuration of the devices connected on the network N is not limited to the above-described embodiment, and a network scanner, a database server, a workstation, or the like can be connected. , 4 has no problem even if there is only one image forming apparatus. Also, the number of sub-networks can be one, or three or more. Further, the present invention is not limited to the multifunction peripheral Pr1 connected to the network, and can be applied to an image forming apparatus connected to the network via a printer server or a single image forming apparatus not connected to the network.

(H02) In the third embodiment, whether or not the sub-networks match is determined based on the IP address and the subnet mask. However, the present invention is not limited to this, and the zone name of AppleTalk (registered trademark) or Windows (registered trademark) In the network divided into a plurality of sub-networks configured by work groups etc. used in (1), whether or not the sub-networks match based on whether or not the zone names and work group names match It is also possible to configure to make a determination.
(H03) In the embodiment, each of the images 11 to 71 can be changed according to the design or the like.
(H04) In the above-described embodiment, the multifunction peripheral having all the functions of the copy, the printer, the scanner, and the FAX is exemplified. However, the present invention is not limited thereto, and the image forming apparatus has any one or more of the functions. It is also applicable to.

(H05) In the above-described embodiment, the user ID and password are used for the authentication method and the authority change authentication method. However, the present invention is not limited to this, and only a password or a magnetic card or IC card in which authentication information is stored is read ( Any authentication method can be employed, such as employing contact type or non-contact type authentication, or biometric authentication in which authentication is performed using a fingerprint pattern, vein pattern, retina pattern, or the like.
(H06) In the above-described embodiment, the configuration in which the original MFP is automatically logged out when the user is duplicated is exemplified. However, the present invention is not limited to this. It is also possible to log out the MFP that was not a true user (who could not be authenticated) by inputting the re-authentication.

(H07) In the above-described embodiment, copying, FAX, scanner, and specification change have been exemplified as functions to which authority is given. It is possible to have authority for functions such as whether or not copying is possible, limitation of usable paper feed trays, whether or not the FAX reading resolution can be changed, and whether or not the scanner reading resolution is allowed.
(H08) In the above embodiment, the case where the authority of the additional authority group is higher than that of the standard authority group is illustrated, but the authority of the standard authority group can be increased.
(H09) In the above-described embodiment, the case of using one or two use authority groups has been exemplified, but three or more can be set.

(H010) In the above embodiment, if the function selection is not entered, the additional authority group is not changed to the standard authority group. However, the present invention is not limited to this. It is also possible to automatically shift from the additional authority group to the standard authority group after a predetermined time has elapsed.
(H011) In the above-described embodiment, the image forming apparatus is exemplified as the authentication apparatus or the electronic device. However, the present invention is not limited to this. It is also possible to apply to an electronic apparatus having a plurality of functions such as a file browsing function, a user registration function, and a printing function.

FIG. 1 is an overall explanatory diagram of an authentication system according to a first embodiment of the present invention. FIG. 2 is a block diagram (functional block diagram) illustrating each function provided in the control unit of the multifunction peripheral as the image forming apparatus according to the first exemplary embodiment. FIG. 3 is an explanatory diagram of an authentication image according to the first embodiment. FIG. 4 is an explanatory diagram of an authentication impossible notification image according to the first embodiment. FIG. 5 is an explanatory diagram of a keyboard image of the first embodiment, FIG. 5A is an explanatory diagram of a keyboard image for inputting hiragana, and FIG. 5B is an explanatory diagram of a keyboard image for inputting alphanumeric characters. FIG. 6 is an explanatory diagram of a function selection image according to the first embodiment. FIG. 7 is an explanatory diagram of usage authority information according to the first embodiment, FIG. 7A is an explanatory diagram of a user authority group management table, and FIG. 7B is an explanatory diagram of an authority function management table. FIG. 8 is an explanatory diagram of an unauthorized authority notification image according to the first embodiment. FIG. 9 is an explanatory diagram of a re-authentication notification image according to the first embodiment. FIG. 10 is an explanatory diagram of an authority change authentication impossible notification image according to the first embodiment. FIG. 11 is a main flowchart of the image forming apparatus according to the first exemplary embodiment. FIG. 12 is a flowchart of the authority discrimination authentication process according to the first embodiment, which is a subroutine of ST15, ST18, ST21, and ST24 of FIG. FIG. 13 is a block diagram (functional block diagram) illustrating each function provided in the control unit of the multifunction peripheral as the image forming apparatus according to the second embodiment, and corresponds to FIG. 2 according to the first embodiment. is there. FIG. 14 is a block diagram (function block diagram) showing each function provided in the control part of the administrator server of the second embodiment. FIG. 15 is a main flowchart of the MFP according to the second embodiment, and is a flowchart corresponding to FIG. 11 according to the first embodiment. FIG. 16 is a main flowchart of the administrator server Sb according to the second embodiment. FIG. 17 is a block diagram (functional block diagram) showing each function provided in the control part of the administrator server of the third embodiment, and corresponds to FIG. 14 of the second embodiment. FIG. 18 is a main flowchart of the administrator server of the third embodiment and corresponds to FIG. 16 of the second embodiment.

Explanation of symbols

11 ... Authentication image,
61 ... Authority change image,
C4, C31 ... authentication means,
C4A ... authentication image display means,
C4D, C31B ... authentication information storage means,
C4E: Input authentication information transmitting means,
C4F ... Authentication availability information receiving means,
C7: Usage authority information storage means,
C8B ... Additional authority function input determining means,
C9: Authority change authentication means,
C9B ... Authority change authentication image display means,
C9C ... Authority change authentication information storage means,
C21: Forced authentication cancellation information transmission means,
C22: Use end information transmission means,
C31A: Input authentication information receiving means,
C31F: Authentication permission / inhibition information transmission means,
C32A: User storage means,
C32B: User duplication determination means,
C32B1... Subnetwork match determination means,
C32D: User registration change means,
N ... Network,
Pr1 ... electronic device, image forming apparatus, authentication apparatus, computer,
P1: Authentication program,
S ... Authentication system,
Sb ... Information processing device,
UI1 ... Information display screen.

Claims (7)

Authentication information storage means for storing authentication information for authenticating the user of the image forming apparatus for each user;
An authentication means for authenticating the user;
A use authority which a user specifies the function of the image forming apparatus which can be utilized is a function that can be used as standard at the time of authentication and the standard authority and specifying the functions of the image forming of the image forming apparatus, additionally Usage authority information for storing usage authority information, which is a function that can be used and includes additional authority for specifying a function for registering or changing the specifications of the image forming apparatus without the image forming function. Storage means;
It is determined whether or not an authenticated user has input that uses a function that is not included in the standard authority function specified by the standard authority and that is included in the additional authority function specified by the additional authority. An additional authority function input determining means to perform,
When the authenticated user is a function not included in the standard authority function specified by the standard authority and an input using a function included in the additional authority function specified by the additional authority is made, An authority change authentication image display means for displaying an authority change image for changing the authority of the user on an information display screen;
Authority change authentication information storage means for storing authority change authentication information for performing authority change authentication of the user who changes authority from the standard authority to the additional authority when using the function specified by the additional authority When,
Authority change authentication means for performing authority change authentication of the user who performs authority change based on the input information input to the authority change image and the authority change authentication information stored in the authority change authentication information storage means;
The user who has performed the additional authentication is an input using the function included in the standard authority function specified by the standard authority and the image forming function not included in the additional authority function specified by the additional authority. The right change authentication means for automatically changing the right to the standard right when
An authentication system characterized by comprising: Authentication image display means for displaying an authentication image for performing the authentication, input authentication information transmission means for transmitting the input authentication information input by the authentication image, and authentication permission / prohibition information for notifying the result of the authentication permission / rejection An image forming apparatus having authentication enable / disable information receiving means;
An information processing apparatus connected by a network to a plurality of the image forming apparatuses in which a user uses a function, and an input authentication information receiving unit that receives the input authentication information transmitted by the input authentication information transmitting unit; The information processing apparatus comprising: the authentication information storage unit; the authentication unit; and an authentication propriety information transmitting unit that transmits authentication propriety information for notifying a result of authentication propriety by the authentication unit to the image forming apparatus. ,
The authentication system according to claim 1, further comprising: Use end information transmitting means for transmitting use end information notifying that the user's use has ended to the information processing apparatus ; and
A user storage means for storing the user in using the image forming apparatus, and registers the user storage means as a user in use of the image forming apparatus based on the input authentication information, use the received A user registration change unit for deleting a user stored in the user storage unit based on end information;
The authentication system according to claim 2 , further comprising: A user duplication determination means for determining whether or not the user specified by the input authentication information is stored in the user storage means;
When the user specified by the input authentication information is stored in the user storage unit, forced authentication cancellation information for forcibly canceling authentication in the image forming apparatus stored as being used is stored in the image formation. and forced authentication release information transmitting means for transmitting device,
The authentication system according to claim 3 , further comprising: The image forming apparatus and the information processing apparatus connected to a network including a plurality of sub-networks,
When the user specified by the input authentication information is stored in the user storage unit, the sub network connected to the image forming apparatus stored as being used and the authentication by the input authentication information A sub-network matching determination means for determining whether or not the sub-network connected to the image forming apparatus to which the image forming apparatus is to be connected matches,
The forced authentication cancellation information transmitting means for transmitting, to the image forming apparatus , forced authentication cancellation information for forcibly canceling authentication in the image forming apparatus stored as being used when the sub-networks do not match;
The authentication system according to claim 4 , further comprising: Authentication information storage means for storing authentication information for authenticating the user of the image forming apparatus for each user;
An authentication means for authenticating the user;
A use authority which a user specifies the function of the image forming apparatus which can be utilized is a function that can be used as standard at the time of authentication and the standard authority and specifying the functions of the image forming of the image forming apparatus, additionally Usage authority information for storing usage authority information, which is a function that can be used and includes additional authority for specifying a function for registering or changing the specifications of the image forming apparatus without the image forming function. Storage means;
It is determined whether or not an authenticated user has input that uses a function that is not included in the standard authority function specified by the standard authority and that is included in the additional authority function specified by the additional authority. An additional authority function input determining means to perform,
When the authenticated user is a function not included in the standard authority function specified by the standard authority and an input using a function included in the additional authority function specified by the additional authority is made, An authority change authentication image display means for displaying an authority change image for changing the authority of the user on an information display screen;
Authority change authentication information storage means for storing authority change authentication information for performing authority change authentication of the user who changes authority from the standard authority to the additional authority when using the function specified by the additional authority When,
Authority change authentication means for performing authority change authentication of the user who performs authority change based on the input information input to the authority change image and the authority change authentication information stored in the authority change authentication information storage means;
The user who has performed the additional authentication is an input using the function included in the standard authority function specified by the standard authority and the image forming function not included in the additional authority function specified by the additional authority. The right change authentication means for automatically changing the right to the standard right when
An authentication apparatus comprising: Computer
Authentication information storage means for storing authentication information for authenticating the user of the image forming apparatus for each user;
Authentication means for authenticating the user;
A use authority which a user specifies the function of the image forming apparatus which can be utilized is a function that can be used as standard at the time of authentication and the standard authority and specifying the functions of the image forming of the image forming apparatus, additionally Usage authority information for storing usage authority information, which is a function that can be used and includes additional authority for specifying a function for registering or changing the specifications of the image forming apparatus without the image forming function. Storage means Whether or not the authenticated user is an input that uses a function that is not included in the standard authority function specified by the standard authority and that is included in the additional authority function specified by the additional authority Additional authority function input determining means for determining
When the authenticated user is a function not included in the standard authority function specified by the standard authority and an input using a function included in the additional authority function specified by the additional authority is made, Authority change authentication image display means for displaying an authority change image for changing the authority of the user on an information display screen;
Authority change authentication information storage means for storing authority change authentication information for performing authority change authentication of the user who changes authority from the standard authority to the additional authority when using the function specified by the additional authority ,
Authority change authentication means for performing authority change authentication of the user who performs authority change based on the input information input to the authority change image and the authority change authentication information stored in the authority change authentication information storage means;
The user who has performed the additional authentication is an input using the function included in the standard authority function specified by the standard authority and the image forming function not included in the additional authority function specified by the additional authority. The right change authentication means for automatically changing the right to the standard right when
Authentication program to function as.

Images