JP5402439B2 - Information processing apparatus, information processing system, usage restriction method, usage restriction program, and recording medium recording the program - Google Patents

Description

  The present invention relates to an information processing apparatus and an information processing system for restricting the use of a device-mounted function for a user.

  For example, Patent Document 1 discloses a multifunction peripheral (MFP) that executes a requested job (copy) from an authenticated user within the range of the number of sheets to be used. In addition, some image processing devices restrict the execution of a requested job from an authenticated user based on a counter value (value obtained from a job log) of an address book managed in the device or an external device (server). There are also things.

  As described above, recent image processing apparatuses have a function of performing user authentication by login / logout (authentication function) and a function of restricting use of the device mounting function (printing function) (use restriction function). . Thereby, in the image processing apparatus, it is possible to prevent information leakage due to use of equipment (high confidentiality), save resources, reduce costs, and the like.

However, conventional usage restrictions are not accurate.
For example, in the image processing apparatus disclosed in Patent Document 1 described above, whether or not to restrict the use of the printing function is determined based on the scheduled use number input by the user. For this reason, the accuracy of the usage restriction depends on the accuracy of the inputted scheduled number of use, and is reduced unless the user inputs the scheduled usage number correctly.

  In the case of an image processing apparatus that restricts use using an address book, whether to restrict use of a print function is determined based on a counter value obtained from a job log. Usage restrictions in this case are performed on a job basis. For this reason, the accuracy of use restriction is reduced due to lack of immediacy.

  Originally, it is desired to provide a highly accurate usage restriction function from the viewpoints of resource saving and cost reduction as described above.

  The present invention has been proposed in view of the above-described problems of the prior art, and an object of the present invention is to provide an information processing apparatus, an information processing system, and a use capable of performing a high-precision use restriction on a device-mounted function. The present invention provides a restriction method, a use restriction program, and a recording medium on which the program is recorded.

In order to achieve the above object, an information processing apparatus according to the present invention is an information processing apparatus connected to an authentication management apparatus for performing user authentication via a predetermined data transmission path and having a function related to printing, When a function usage request is received from a user authenticated by the authentication management device, a log notification unit that issues and notifies an operation log of the usage function executed in response to the request in units of printed pages, and the log notification unit notifies based on by operation log, the usage possess the operation stop means for instructing an operation stop in the printed page unit to the function, and the operation log is printed page, or double-sided printing is single-sided printing It contains information indicating whether or not it has been done.

With such a configuration, when the information processing apparatus according to the present invention receives a function use request from an authenticated user, the information processing apparatus issues an operation log of the use function executed in response to the request in units of printed pages. Based on the issued operation log, the information processing apparatus updates the accumulated consumption value that quantitatively indicates the accumulated consumption due to the past requested action to the latest value. The information processing apparatus compares and determines the updated value (latest cumulative consumption amount) and the upper limit value (use limit value) related to the set consumption. As a result, the information processing apparatus instructs the use function to stop the operation for each printed page based on the comparison determination result.

In order to achieve the above object, an information processing apparatus according to the present invention is an information processing apparatus to which one or a plurality of devices having a function related to printing are connected via a predetermined data transmission path, A log receiving unit that receives an operation log of a used function that is issued and transmitted in units of printed pages from the device on which the installed function has been executed in response to the function usage request from the user, and the log receiving unit based on the received operation logs, have a, an operation stop request means for requesting the operation stop of the printed page units with respect to the apparatus in which the utilization function operates, the operation log is printed page, It includes information indicating whether single-sided printing or double-sided printing has been performed.

With such a configuration, the information processing apparatus according to the present invention receives the usage function operation log issued in units of printed pages from the device on which the installed function is executed in response to the function usage request from the authenticated user. To do. Based on the received operation log, the information processing apparatus updates the cumulative consumption value that quantitatively indicates the cumulative consumption due to the past requested operation to the latest value. The information processing apparatus compares and determines the updated value (latest cumulative consumption amount) and the upper limit value (use limit value) related to the set consumption. As a result, the information processing apparatus gives an instruction to stop the operation in units of printed pages to the device on which the use function operates based on the comparison determination result.

Thus, the information processing apparatus according to the present invention, based on the operation log by the printed page in mounting function performed in response to the function utilization request from the authenticated user, in pages printed relative to use function Can be restricted. As a result, it is possible to perform a highly accurate usage restriction on the device mounting function.

In order to achieve the above object, an information processing system according to the present invention is an information processing in which one or a plurality of devices having a function related to printing and an authentication management apparatus for performing user authentication are connected via a predetermined data transmission path. An authentication unit, wherein the authentication management device performs user authentication based on authentication information transmitted from the device in response to an authentication request from the device, and responds to the requesting device with an authentication result And when the device accepts a function use request from a user authenticated by the authentication means, a log notification unit that issues and notifies an operation log of the use function executed in response to the request in units of printed pages When the log information based on the operation logs notified by means have a, and operation stopping means for instructing an operation stop in the printed page units with respect to the used function, the operation b May have printed page includes information indicating how the one-sided printing is single-sided printing, it is characterized.

In order to achieve the above object, in the information processing system according to the present invention, one or a plurality of devices having a function related to printing and an authentication management apparatus that performs user authentication are connected via a predetermined data transmission path. In the information processing system, the authentication management device performs user authentication based on authentication information transmitted from the device in response to an authentication request from the device, and returns an authentication result to the requesting device. The use function operates based on the authentication means, the log receiving means for receiving the operation log of the use function issued and transmitted from the device in units of printed pages, and the operation log received by the log reception means. anda operation stop request means for requesting the operation stop of the printed page units to the equipment, the equipment, function use request from the authenticated user by said authentication means Accepts the, have a log notification means for issuing a page unit that is printed the operation log of the executed utilized function in response to request notification, the operation log is printed page is either double-sided printing is single-sided printing It includes information indicating whether or not.

In order to achieve the above object, the information processing system according to the present invention uses one or a plurality of devices having a function related to printing, an authentication management device that performs user authentication, and usage restrictions on the functions mounted on the device. Is an information processing system connected by a predetermined data transmission path, and the authentication management device is based on authentication information transmitted from the device in response to an authentication request from the device. And an authentication unit that performs user authentication and responds to the requesting device with an authentication result. When the device receives a function use request from a user authenticated by the authentication unit, the request is executed in response to the request. It has a log notification means for issuing a page unit that is printed the operation log of the use function notification, the information processing apparatus, from the apparatus, issued in the printed page units sent utilized A log receiving unit for receiving operation logs of the ability, based on the operation logs received by the log receiving unit, the operation stop request means for requesting the operation stop of the printed page units with respect to the apparatus in which the utilization function operates If, have a, the operation log is printed page includes information indicating how the one-sided printing is single-sided printing, it is characterized.

In order to achieve the above object, a usage restriction method according to the present invention is a usage restriction method in an information processing apparatus connected to an authentication management apparatus for performing user authentication via a predetermined data transmission path and having a function related to printing. A log notification procedure for issuing and notifying an operation log of a used function executed in response to a request in units of printed pages when a function use request is received from a user authenticated by the authentication management device; based on the operation logs notified by the notification procedure, have a, and operation stop procedure for instructing an operation stop in the printed page units with respect to the used function, the operation log is printed page is single-sided printing Or information indicating whether or not double-sided printing has been performed.

In order to achieve the above object, a usage restriction method according to the present invention is a usage restriction method in an information processing apparatus to which one or a plurality of devices having a function related to printing are connected via a predetermined data transmission path. A log receiving procedure for receiving an operation log of a used function issued and transmitted in units of printed pages from the device in which the installed function is executed in response to a function use request from an authenticated user; based on the operation logs received by the log receiving procedure, have a, and operation stop request procedure for requesting the stop of the operation of the printed page unit to the equipment in which the utilization function operates, the operation log is printed The information includes whether the page is printed on one side or on both sides.

According to such a procedure, the usage restriction method according to the present invention is printed for the usage function based on the operation log for each printed page in the installed function executed in response to the function usage request from the authenticated user . Realizes the operation of restricting usage in units of pages.

  As a result, the usage restriction method according to the present invention can provide an environment in which the usage restriction can be performed with high accuracy for the device mounting function.

According to the present invention, based on the operation log for each printed page in the installed function executed in response to the function use request from the authenticated user, the use function is restricted in units of printed pages for the use function. Thus, it is possible to provide an information processing apparatus, an information processing system, a use restriction method, a use restriction program, and a recording medium on which the program is recorded, which can perform use restriction with high accuracy with respect to the device mounting function.

It is a figure which shows the structural example of the information processing system which concerns on the 1st Embodiment of this invention. It is a figure which shows the hardware structural example of the authentication management apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows the hardware structural example of the image processing apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows the structural example of the use restriction function which concerns on the 1st Embodiment of this invention. It is a figure which shows the example of the log data which concerns on the 1st Embodiment of this invention. It is a figure which shows the example of the user data which concerns on the 1st Embodiment of this invention. It is a sequence diagram which shows the example of a process sequence which performs the user authentication which concerns on the 1st Embodiment of this invention. It is a sequence diagram which shows the example of a process sequence which performs the use restriction which concerns on the 1st Embodiment of this invention. It is a figure which shows the structural example of the use restriction function which concerns on the 2nd Embodiment of this invention. It is a sequence diagram which shows the example of a process sequence which performs the use restriction which concerns on the 2nd Embodiment of this invention.

  DESCRIPTION OF EMBODIMENTS Hereinafter, preferred embodiments of the present invention (hereinafter referred to as “embodiments”) will be described in detail with reference to the drawings.

[First Embodiment]
<System configuration>
A system configuration for providing an authentication service according to the present embodiment will be described.

FIG. 1 is a diagram illustrating a configuration example of an information processing system 1 according to the present embodiment.
As shown in FIG. 1, the information processing system 1 according to the present embodiment includes one or a plurality of image processing devices 200 ₁ to 200 _n and an authentication management device (authentication server) 100, each having a predetermined data transmission path N ( For example, “LAN: Local Area Network”) is used for connection. In the following description, the image processing apparatuses 200 ₁ to 200 _n are collectively referred to as “image processing apparatus 200”.

  The image processing apparatus 200 is a device such as an MFP or LP (Laser Printer) that executes a job requested by a user (requested image processing). The authentication management apparatus 100 is an information processing apparatus having a server function for performing authentication management of users who use the image processing apparatus 200.

  With such a system configuration, the information processing system 1 realizes a user authentication function by login / logout in the image processing apparatus 200. Specifically, the two devices (the authentication management device 100 and the image processing device 200) perform user authentication by performing a linked operation as follows.

  For example, the image processing apparatus 200 displays a login screen on an operation panel included in the apparatus, and requests the user to input authentication information such as a user ID and a password. When the authentication information is input, the image processing apparatus 200 transmits the input information to the authentication management apparatus 100 and requests user authentication. In response to the request, the authentication management apparatus 100 performs user authentication based on the received information, and returns an authentication result to the requesting image processing apparatus 200. Based on the authentication result received from the authentication management apparatus 100, the image processing apparatus 200 notifies the user of the availability of the installed function. In addition, the image processing apparatus 200 notifies the user of logout after completion of the request process.

  As described above, the information processing system 1 maintains the confidentiality of the image processing apparatus 200 that is assumed to be used by an unspecified number.

  In the present embodiment, under such a system environment, a highly accurate use restriction is realized for the functions installed in the image processing apparatus 200.

<Hardware configuration>
Next, the hardware configuration of each device constituting the system 1 will be described.

<Authentication management device>
FIG. 2 is a diagram illustrating a hardware configuration example of the authentication management apparatus 100 according to the present embodiment.
As shown in FIG. 2, the authentication management apparatus 100 includes an input device 101, a display device 102, a drive device 103, a RAM (Random Access Memory) 104, a ROM (Read Only Memory) 105, a CPU (Central Processing Unit) 106, an interface. A device 107, an HDD (Hard Disk Drive) 108, and the like are provided and are connected to each other via a bus B.

  The input device 101 includes a keyboard and a mouse, and is used to input each operation signal to the authentication management device 100. The display device 102 includes a display or the like, and displays a processing result (for example, “management information”) by the authentication management device 100.

  The interface device 107 is an interface that connects the authentication management device 100 to a predetermined data transmission path N. Therefore, the authentication management apparatus 100 can perform data communication with the image processing apparatus 200 via the interface apparatus 107.

  The HDD 108 is a non-volatile storage device that stores various programs and data. The stored programs and data include, for example, an OS (Operating System) that is basic software such as an information processing system (for example, “Windows (registered trademark)” or “UNIX (registered trademark)) that controls the entire authentication management apparatus 100. ), And an application that provides various functions (for example, “authentication management function”) on the information processing system. The HDD 108 manages the stored program and data by a predetermined file system and / or DB (Data Base).

  The drive device 103 is an interface with a removable recording medium 103a. As a result, the authentication management apparatus 100 can read and / or write the recording medium 103a via the drive apparatus 103.

  The ROM 105 is a nonvolatile semiconductor memory (storage device) that can retain internal data even when the power is turned off. The ROM 105 stores data such as a basic input / output system (BIOS) that is executed when the authentication management apparatus 100 is activated, and system settings and network-related settings of the authentication management apparatus 100.

  The RAM 104 is a volatile semiconductor memory (storage device) that temporarily stores programs and data read from the various storage devices. The CPU 106 implements the overall control of the authentication management apparatus 100 and the operation of various functions by executing the program read on the RAM 104.

  With such a hardware configuration, for example, the authentication management apparatus 100 can realize a mounting function by executing a program (software component that realizes a mounting function) read from the HDD 108 onto the RAM 104 by the CPU 106.

  Further, as can be seen from the hardware configuration, the authentication management device 100 has substantially the same configuration as an information processing device such as a PC (Personal Computer).

<Image processing device>
FIG. 3 is a diagram illustrating a hardware configuration example of the image processing apparatus 200 according to the present embodiment.
As shown in FIG. 3, the image processing apparatus 200 includes a controller 210, an operation panel 220, a plotter 230, a scanner 240, an external device I / F 250, and the like, which are connected to each other via a bus B.

  The operation panel 220 includes an input unit such as a touch panel in addition to the display unit, and provides various information such as device information to the user and accepts various user operations such as operation settings and operation instructions.

  The plotter 230 includes an image forming unit and forms an output image on a sheet. For example, methods for forming an output image include an electrophotographic method and an inkjet method. The scanner 240 optically reads a document and generates a read image.

  The external device I / F 250 is an interface for reading stored information from the external device 250a. Examples of the external device 250a include a non-contact IC (Integrated Circuit) card such as a smart card.

  In the office environment, the external device 250a is issued in the form of an employee ID card or a usage certificate to a user who is a target of use of the image processing apparatus 200.

  In recent years, RFID (Radio Frequency Identification) has been used as a mechanism for managing authentication of people and things. RFID is a technology for exchanging information by wireless communication at a short distance (several centimeters to several meters depending on a frequency band) using an electromagnetic field or radio wave from a tag in which ID information is embedded.

  The external device I / F 250 can read stored information from the external device 250a using such a technique.

  The controller 210 includes a CPU 211, a storage device 212, a network I / F 213, an external storage I / F 214, and the like, which are connected to each other via a bus B.

  The CPU 211 executes various programs and controls various functions and the entire apparatus. The storage device 212 stores and holds the program and various data (for example, “image data”). Examples of the storage device 212 include a RAM that is a volatile memory, a ROM that is a nonvolatile memory, and an HDD having a large-capacity storage area. The RAM functions as a work area for the CPU 211 (a storage area from which programs and data are temporarily read). ROM and HDD are used as storage locations for programs and various data. As a result, in the image processing apparatus 200, the CPU 211 reads the program stored in the ROM onto the RAM and executes the program.

  The network I / F 213 is an interface for connecting the image processing apparatus 200 to a predetermined data transmission path N. Thereby, the image processing apparatus 200 can perform data communication with the authentication management apparatus 100 via the network I / F 213.

  The external storage I / F 214 is an interface for connecting a recording medium 214a corresponding to external storage. Accordingly, the image processing apparatus 200 can read and / or write the recording medium 214a via the external storage I / F 214.

  With such a hardware configuration, the image processing apparatus 200, for example, in the controller 210, the CPU 211 executes a program (software component that implements a mounted function) read from the ROM to the RAM, and is connected to the bus B. By controlling a device (for example, “plotter” or “scanner”), a mounting function can be realized.

  In the present embodiment, the case where the image processing apparatus 200 is an MFP has been described as an example. For example, when the image processing apparatus 200 is LP, the scanner 240 is not provided.

  Further, as can be seen from the above hardware configuration, the image processing apparatus 200 has a controller 210 substantially the same configuration as an information processing apparatus such as a PC (Personal Computer).

<Usage restriction function>
The use restriction function according to this embodiment will be described.

  In the image processing apparatus 200 according to the present embodiment, when a function use request is received from an authenticated user, an operation log of the used function executed in response to the request is issued for each page. Based on the issued operation log, the image processing apparatus 200 updates the accumulated consumption value that quantitatively indicates the accumulated consumption due to the past requested operation to the latest value. The image processing apparatus 200 compares and determines the updated value (latest cumulative consumption amount) and the upper limit value (use limit value) related to the set consumption. As a result, the image processing apparatus 200 instructs the use function to stop the operation in units of pages based on the comparison determination result. The image processing apparatus 200 has such a use restriction function.

  In the conventional use restriction function, there are a method for determining whether or not to restrict the use of a printing function based on a planned use number of sheets input by a user and a method for determining based on a counter value obtained from a job log. However, in such a method, control depending on a user input value or control using a value lacking immediacy is performed, and a highly accurate use restriction function cannot be provided.

  Therefore, in the image processing apparatus 200 according to the present embodiment, the use function is restricted on a page-by-page basis based on the operation log for each page in the installed function executed in response to the function use request from the authenticated user.

  As a result, in the information processing system 1 according to the present embodiment, it is possible to perform highly accurate usage restrictions on the device mounting functions.

The configuration and operation of the use restriction function will be described below.
FIG. 4 is a diagram illustrating a configuration example of the use restriction function according to the present embodiment.
As shown in FIG. 4, in the information processing system 1 according to the present embodiment, the use restriction function is realized by the cooperative operation of the functional units included in the authentication management apparatus 100 and the image processing apparatus 200.

<Authentication management device>
The authentication management apparatus 100 includes a log service 11 and a user information service 12.

  The log service 11 is a functional unit that manages logs collected from the image processing apparatus 200. As a log collection method, for example, a passive method for receiving a log transmitted from the image processing apparatus 200, or an active method for making an acquisition request to the image processing apparatus 200 and receiving a response log is given. and so on. The log service 11 manages the collected logs by storing and holding (storing) them in the log holding unit 11s. For example, the log holding unit 11s corresponds to a predetermined storage area of a storage device (for example, “HDD”) included in the authentication management apparatus 100.

  The user information service 12 is a functional unit that manages various types of information (hereinafter referred to as “user information”) of a user who is a usage target of the image processing apparatus 200. The user information service 12 stores / holds (saves) user information in the user information holding unit 12s and manages the user information by various data operations. Similarly to the log holding unit 11s, the user information holding unit 12s corresponds to, for example, a predetermined storage area of a storage device (for example, “HDD”) included in the authentication management apparatus 100. The user information held in this way can be operated using, for example, a predetermined management tool provided by the user information service 12. Therefore, the administrator can perform information management by registering and setting the target user information in advance using the management tool, and then adding, changing (updating), deleting, etc. the registration data.

  The user information service 12 authenticates the user during information management. The user information service 12 is based on authentication information (for example, “input user ID” or “input password”) transmitted from the image processing apparatus 200 and user information (for example, registered authentication information) managed by the service. Perform user authentication.

  Details of the log and the user information will be described in << various data >>.

<Image processing device>
The image processing apparatus 200 includes a log application 21, an authentication application 22, an external device control unit 23, an external device information acquisition unit 24, an authentication communication unit 25, a main body function unit 26, a log notification unit 27, a main body control unit 28, and the like. doing.

  The log application 21 is a functional unit that manages an operation log that is issued as a result of the on-board function of the device operating. The log application 21 receives an operation log for each page from a log notification unit 27 described later. The log service 11 manages the received operation log by storing / holding (saving) it in the log holding unit 21s. The log holding unit 21s corresponds to, for example, a predetermined storage area of a storage device (for example, “HDD”) included in the image processing apparatus 200.

  In addition, the log application 21 transmits the operation log received from the log notification unit 27 to the authentication management apparatus 100. As a result, the image processing apparatus 200 and the authentication management apparatus 100 hold and manage the same log.

  The authentication application 22 is a functional unit that cooperates with the user information service 12 included in the authentication management apparatus 100 and provides an authentication function to a user who is a usage target of the apparatus. The authentication application 22 displays a login screen (GUI: Graphical User Interface) on the operation panel 220 provided in the apparatus, and prompts input of authentication information. The authentication application 22 requests user authentication by transmitting the input authentication information to the authentication management apparatus 100 via the authentication communication unit 25 described later. As a result, the authentication application 22 receives the authentication result returned from the authentication management apparatus 100. At this time, when the user is authenticated, the authentication application 22 acquires corresponding user information managed by the user information service 12 as an authentication result. The authentication application 22 stores and holds (saves) the acquired corresponding user information in the user information holding unit 22s. The user information holding unit 22s corresponds to, for example, a predetermined storage area of a storage device (for example, “HDD”) included in the image processing apparatus 200.

  Further, the authentication application 22 determines whether or not it is necessary to restrict usage for the authenticated user (necessity of usage limitation). The usage restriction determination unit 221 corresponds to this.

  The operation log received from the log notification unit 27 by the log application 21 is passed to the authentication application 22 in units of pages. Based on the received operation log, the authentication application 22 updates the accumulated consumption value that quantitatively indicates the accumulated consumption due to the past requested operation to the latest value. The use restriction determination unit 221 determines whether or not use restriction is necessary by comparing the updated value (latest cumulative consumption) with the set upper limit value (use restriction value). As a result, the authentication application 22 instructs the use function to stop the operation on a page basis via the main body control unit 28 described later based on the determination result.

  The current value and the upper limit value are included in the corresponding user information received by the authentication application 22 from the authentication management apparatus 100 as an authentication result. That is, the authentication application 22 accesses the user information holding unit 22s and updates the current value included in the user information of the authenticated user. In addition, the usage restriction determination unit 221 accesses the user information holding unit 22s, refers to the upper limit value included in the user information of the authenticated user, and determines whether usage restriction is necessary.

  The external device control unit 23 is a functional unit that controls the external device I / F 250, and the external device information acquisition unit 24 is a functional unit that acquires (reads) storage information from the external device 250a via the external device I / F 250. It is.

  With these functional units, the image processing apparatus 200 can read, for example, authentication information stored in a tag in the non-contact IC card.

  Therefore, the authentication application 22 can perform not only user authentication based on the authentication information input from the login screen but also user authentication based on the authentication information acquired by the external device information acquisition unit 24. That is, in the image processing apparatus 200, user authentication can be performed by holding the non-contact IC card 250a over the external device I / F 250.

  The authentication communication unit 25 is a functional unit that performs data communication related to user authentication performed between the authentication management unit 100 and the image processing apparatus 200. For example, the authentication communication unit 25 transmits and receives authentication information and an authentication result through the network I / F 213 included in the image processing apparatus 200.

  The main body function unit 26 is a function unit that provides a predetermined service to the user in the image processing apparatus 200. The image processing apparatus 200 can be equipped with a basic function related to input / output and an extended function that can be added / deleted linked to the basic function. In this embodiment, functions related to printing (output) are targeted for use restriction. Therefore, for example, when the image processing apparatus 200 is an MFP, functions such as copy, printer, and facsimile, which are basic functions related to output, are collectively referred to as a main body function unit 26.

  The log notification unit 27 is a functional unit that issues / notifies operation logs of the main body function unit 26 that operates in response to a function use request from an authenticated user in units of pages. When the main body function unit 26 (copy function) receives a copy request from an authenticated user, the log notification unit 27 issues and notifies an operation log as follows. For example, when one copy of a five-page document is copied, a total of five action logs are issued / notified in the order of processed pages. When five copies of a 5-page document are copied, a total of 25 operation logs are issued / notified in the order of processed pages. As a result, the operation log in units of pages is passed to the log application 21 in the order processed by the main body function unit 26.

  The main body control unit 28 is a functional unit that realizes the operating environment (platform) of the main body function unit 26. The main body control unit 28 controls the start, stop, termination, etc. of the main body function unit 26 (controls the life cycle of the functions installed in the image processing apparatus). Thereby, according to the instruction | indication from the authentication application 22, the operation | movement of the main body function part 26 (utilization function) can be stopped.

《Various data》
Here, the log and user information held in each holding unit described above will be described.

FIG. 5 is a diagram illustrating an example of the log data 31 according to the present embodiment.
The log data (operation log) 31 illustrated in FIG. 5 is operation log data issued / notified in units of pages from the log notification unit 27. As described above, the log data 31 is stored and managed in the log holding unit 21 s by the log application 21. The log data 31 is transferred from the log application 21 to the authentication application 22 at the issue / notification timing by the log notification unit 27. Further, the log data 31 is collected by the authentication management apparatus 100 and stored and managed in the log holding unit 12s.

  As shown in FIG. 5A, the log data 31 includes user information 31U, device information 31M, consumption resource information 31R, and the like.

  Each of these pieces of information 31U, 31M, and 31R is configured by actual values (actual data) corresponding to the following information items.

  The user information 31U is information related to the authenticated user who has requested the operation, and includes a value corresponding to a user identification item such as “user ID”, for example. Note that the value of the user identification item (user identification information) may be a user name or the like other than the ID shown in FIG.

  The device information 31M is information related to the image processing apparatus 200 in which the function operates, and includes a value corresponding to a device identification item such as “device ID”, for example. Note that the value of the device identification item (device identification information) may be a device name or the like other than the ID shown in FIG.

  The consumed resource information 31R is information related to the resource consumed by the requested operation, and includes, for example, “number of pages”, “color model”, “double-sided / single-sided”, “paper size”, “used function”, and the like. Contains a value corresponding to each consumed resource item. In the data example of the consumption resource item shown in FIG. 5B, values are shown when a document of paper size [A3] is copied for one page with [color] and [single side].

  In the present embodiment, the log data 31 having such a configuration is issued by the log notification unit 27 in units of pages. As a result, the image processing apparatus 200 can obtain the resource consumed per page at the time of printing.

FIG. 6 is a diagram showing an example of user data 41 according to the present embodiment.
User data (user information) 41 shown in FIG. 6 is data stored and managed in the log holding unit 12 s by the log service 12. The user data 41 is transmitted from the authentication management apparatus 100 to the image processing apparatus 200 at the time of user authentication, and is referred to by the use restriction determination unit 221 included in the authentication application 22.

  As shown in FIG. 6A, the user data 41 includes authentication information 41A, usage restriction information 41L, and the like.

  Each of these pieces of information 41A and 41L is composed of actual values (actual data) corresponding to the following information items.

  The authentication information 41A is information relating to user authentication, and includes values corresponding to authentication items such as “authentication user ID”, “authentication password”, “external device ID”, and “use permission authority”, for example. . Among these, the item “external device ID” is an item in which a value (external device identification information) for identifying the external device 250a used at the time of user authentication is set. In addition, the item “use permission authority” is an item in which a function (authorization information) that permits use of the authenticated user is set. In the data example of the authentication item shown in FIG. 6B, the user has the external device 250a identified by [Card01], the user is authenticated by the ID [User01] and the password [***], and the use permission function after the authentication. The values when the users of [Copy] and [Printer] are registered and set are shown.

  The usage restriction information 41L is information related to usage restrictions set for the user. For example, “consumption calculation coefficient”, “upper limit value (use restriction value)”, and “current value (cumulative consumption amount)”. ”And the like corresponding to each usage restriction item. The item “consumption amount calculation coefficient” is an item in which a coefficient K for calculating a consumption amount per page (a value to be added to the cumulative consumption amount up to now) by the requested operation is set. For example, the coefficient K is set in a table format as shown in FIG.

  As shown in FIG. 6C, the coefficient K has a coefficient value per page corresponding to each item such as “color”, “monochrome”, “single side”, “double side” for each function / print type. Is set. For example, in the data example shown in FIG. 6C, when color copying is performed, the consumption amount per page is calculated using the coefficient [3.0]. When color printing is performed using the function N, the consumption amount per page is calculated using the coefficient [2.0].

  In this way, in the item “consumption calculation coefficient”, a weight can be set for each user with respect to the consumption per page resulting from the execution of the use function.

  In addition, the item “upper limit value (usage limit value)” is an item in which an upper limit value that is the maximum permitted consumption amount for determining whether or not the use limit is required is set. In addition, the item “current value (cumulative consumption)” is a value obtained by accumulating the consumption by the requested action calculated using the above coefficient (a value that quantitatively shows the cumulative consumption by the past requested action (cumulative up to the present). Consumption))) is an item to be set. Therefore, “0” is set as an initial value in the “current value” item, and the calculated consumption amount is accumulated in units of pages when the operation is executed. In the data example of the use restriction item shown in FIG. 6B, the consumption amount per page at the time of printing is calculated using [Coefficient 1] to [Coefficient n], and the use restriction is required by the upper limit value [25]. A value when a user who is determined to be negative is registered is shown.

  In the present embodiment, the user data 41 having such a configuration is managed by the authentication management apparatus 100 (user information service). As a result, the image processing apparatus 200 can perform user authentication and use restrictions during printing.

  As described above, the use restriction function according to the present embodiment is realized by the above-described functional units linking and performing processing using the data.

  Next, the detailed operation of the use restriction function (the operation of associating the functional unit group) will be described with reference to a sequence diagram showing a processing procedure.

  The use restriction function is a program (software component related to the use restriction function) installed (installed) in the authentication management apparatus 100 and the image processing apparatus 200 by the CPUs 106 and 211 from the storage location (for example, “ROM”) to the storage device ( For example, it is realized by reading the data onto “RAM”) and executing the following processing. Hereinafter, “user authentication process” and “usage restriction process” will be described in this order.

<< User authentication process >>
FIG. 7 is a sequence diagram illustrating an example of a processing procedure for performing user authentication according to the present embodiment.
In the information processing system 1 according to the present embodiment, the following user authentication process is performed by the authentication management apparatus 100 and the image processing apparatus 200.

  The image processing apparatus 200 causes the authentication application 22 to display a login screen on the operation panel 220 included in the apparatus and waits for input of authentication information from the user U (step S101).

  The authentication application 22 receives authentication information such as user identification information and a password input from the login screen by the user U (step S201).

  The authentication application 22 requests user authentication by transmitting the received authentication information to the authentication management apparatus 100 (step S301).

  The authentication management apparatus 100 performs user authentication based on the authentication information received by the user information service 12 and the user data 41 held in the user information holding unit 12s (step S302), and the authentication result is used as the image processing of the request source. Respond to device 200. At this time, the user information service 12 performs user authentication as follows. The user information service 12 accesses the user information holding unit 12 s and identifies user data 41 corresponding to the authentication target user U based on the user identification information included in the received authentication information. The user information service 12 performs user authentication by comparing the password included in the received authentication information with the set value of the “authentication password” item of the authentication information 41A included in the identified user data 41. When the passwords match and the user U is authenticated, the user information service 12 transmits the specified user data 41 to the image processing apparatus 200 as an authentication result.

  The image processing apparatus 200 receives the authentication result from the authentication management apparatus 100 by the authentication application 22, and stores the received user data 41 in the user information holding unit 22s if the user U is authenticated (step S303). .

  The authentication application 22 notifies the user U of the function permitted to be used after authentication based on the setting value of the “use permission restriction” item of the use restriction information 41L included in the stored user data 41 (use Display the permission function screen. For example, when receiving the user data 41 shown in FIG. 6 as an authentication result, the authentication application 22 notifies the user U of the copy function and the printer function as functions permitted to be used after authentication.

  On the other hand, if the user U is not authenticated, the authentication application 22 displays a screen (authentication error screen) notifying that on the operation panel 220.

  In the information processing system 1, the user U can log in to the image processing apparatus 200 and use the device mounting function by the above processing procedure.

《Usage restriction processing》
FIG. 8 is a sequence diagram illustrating an example of a processing procedure for performing usage restriction according to the present embodiment.
Subsequently, in the information processing system 1 according to the present embodiment, the following usage restriction process is performed by the authentication management apparatus 100 and the image processing apparatus 200. In the following description, the authenticated user U is referred to as “authenticated user U”, and the processing procedure when the authenticated user U requests one copy of a single-sided color copy of a 6-page document from the image processing apparatus 200. Will be explained. Therefore, the main body function unit 26 in the figure is a copy function.

  As shown in FIG. 8, when the image processing apparatus 200 receives a copy request from the authenticated user U (step S401), the main body function unit 26 starts a request operation (copy operation) (step S501).

  In the image processing apparatus 200, the use restriction in units of pages is performed by executing the processing procedure of steps S502 to S510 described below every time the copy operation for one page is completed.

  When the main unit 26 completes the copy operation for one page, it requests the log notification unit 27 to issue / notify the log data 31 related to the copy operation in units of pages (step S502).

  The log notification unit 27 issues / notifies the log data 31 in units of pages according to the request to the log application 21 (step S503).

  The log application 21 stores the issued / notified log data 31 in the log holding unit 21s (step S504).

  Subsequently, the log application 21 sets the value of the “current value (consumed cumulative value)” item of the usage restriction information 41L included in the user data 41 held by the user information holding unit 22s to the latest value for the authentication application 22. Is requested to be updated (step S505). At this time, the log application 21 requests the update of the user data 41 by passing the log data 31 for each page to the authentication application 22.

  In response to the request, the authentication application 22 calculates the latest cumulative consumption value including the copy operation for one page that has been executed, based on the received page unit log data 31, and displays “current value (cumulative consumption amount). ) "Item value is updated (step S506: calculation, update means).

  The authentication application 22 first copies based on the value of the consumption resource information 31R included in the log data 31 and the set value (coefficient K) of the “consumption calculation coefficient” item of the usage restriction information 41L included in the user data 41. A consumption per page (a value to be added to the cumulative consumption until now) due to the execution of the operation is calculated. In the authentication application 22, for example, when the consumption amount per page due to the execution of the copy operation is calculated based on the log data 31 shown in FIG. 5 and the user data 41 shown in FIG.

  The image processing apparatus 200 is requested by the authenticated user U to make a one-sided color copy of a 6-page document. The authentication application 22 is based on [color] of the “color model” item, “single side” of the “duplex / single side” item, and “copy” of the “used function” item of the consumption resource information 31R included in the log data 31. With reference to the “consumption calculation coefficient” item of the usage restriction information 41L included in the user data 41, coefficients K [3.0] and [1.0] for calculating the consumption per page are acquired. The authentication application 22 uses the acquired coefficient K [3.0], [1.0] and consumes [3.0] (= 3.0 × 1.0) per page when the copy operation is executed. X1 (page)) is calculated.

  When one copy of a two-sided color copy of a 6-page document is requested from the authenticated user U, [Color] in the “Color model” item, [Double-sided] in the “Double-sided / single-sided” item, and “Used function” items Based on [Copy], the coefficients K [3.0] and [2.0] for calculating the consumption per page are acquired, and the consumption per page due to the execution of the copy operation [ 6.0] (= 3.0 × 2.0 × 1 (page)) is calculated.

  In this way, the authentication application 22 calculates the consumption per page due to the requested operation.

  Subsequently, the authentication application 22 adds the calculated consumption [3.0] to the value [15] of the “current value (cumulative consumption)” item of the usage restriction information 41L included in the user data 41. Then, the latest cumulative consumption value [18] (= 15 + 3) is calculated, and the value is updated.

  In this way, the authentication application 22 updates the value of the cumulative consumption that quantitatively indicates the cumulative consumption due to the past request action with the consumption in page units due to the current request action.

  In the authentication application 22, the use limit determination unit 221 causes the updated value (latest cumulative consumption) to exceed the set value of the “upper limit (use limit value)” item of the use restriction information 41 </ b> L included in the user data 41. It is determined whether or not (step S507: determination means).

  In this way, the authentication application 22 uses the use restriction determination unit 221 to compare the updated value (latest cumulative consumption) with the set upper limit value (use restriction value) for consumption, thereby restricting the use. Whether or not is necessary is determined.

  For example, when the authentication application 22 determines whether or not use restriction is required for the copy function based on the user data 41 shown in FIG.

  The use restriction determination unit 221 refers to the set value update [25] of the “upper limit (use limit value)” item of the use restriction information 41L included in the user data 41, and compares it with the updated value [18]. As a result, the use restriction determination unit 221 determines that there is no need to restrict the use of the copy function because the updated value does not exceed the upper limit value (25> 18).

  As described above, when the updated value does not exceed the upper limit value (step S508: NO), the authentication application 22 determines that the use restriction determination unit 221 does not need to restrict the use of the copy function. Continue processing the next page.

  On the other hand, when the updated value exceeds the upper limit value (step S508: YES), the authentication application 22 determines that the use restriction determination unit 221 needs to restrict the use of the copy function.

  For example, in the image processing apparatus 200, the copy operation proceeds by continuing the processing, and when the copy operation for the fourth page is finished, the “current value (cumulative consumption amount) of the usage restriction information 41L included in the user data 41 is processed by the processing in step S506. ) "Item value is updated to the latest cumulative consumption value [27]. As a result, the use restriction determination unit 221 determines that the use restriction needs to be performed on the copy function because the updated value exceeds the upper limit value (25 <27).

  If it is determined that usage restrictions are necessary, the authentication application 22 instructs the main body control unit 28 to issue a command to stop the copy function based on the determination result (step S509). In response to the instruction, the main body control unit 28 instructs the main body function unit 26 to stop the operation (step S510: operation stop means).

  As described above, in the image processing apparatus 200, the use function is restricted on a page-by-page basis based on the operation log for each page in the installed function executed in response to the function use request from the authenticated user U.

  After the operation of the copy function is stopped, the main body function unit 26 displays a screen (logout screen) notifying that the user has been logged out on the operation panel 220 (step S601), and also logs out to the log application 22. This is notified (step S701).

  Upon receiving the notification, the log application 21 transmits the log data 31 for each page stored in the log holding unit 21s to the authentication management apparatus 100 until usage is restricted (step S702).

  The authentication management apparatus 100 stores the received log data 31 in the log holding unit 11s by the log service 11 (step S703).

  Subsequently, the log service 11 updates the value of the “current value (consumed accumulated value)” item of the usage restriction information 41L included in the user data 41 held by the user information holding unit 12s with respect to the user information service 12. (Step S704). At this time, the log service 11 requests the user data 41 to be updated by passing the log data 31 for each page to the user information service 12.

  In response to the request, the user information service 12 calculates the latest cumulative consumption value including the executed copy operation based on the received page unit log data 31, and displays the “current value (cumulative consumption)” item. Is updated (step S705).

  Thus, in the information processing system 1, user information held by the authentication management apparatus 100 and the image processing apparatus 200 is unified and managed.

<Summary>
As described above, according to the image processing apparatus 200 according to the present embodiment, when a function use request is received from the authenticated user U, the log notification unit 27 performs an operation log (log data) of the used function executed in response to the request. 31) is issued for each page. In the image processing apparatus 200, the authentication application 22 updates the accumulated consumption value that quantitatively indicates the accumulated consumption due to the past requested action to the latest value based on the issued operation log. The image processing apparatus 200 uses the use restriction determination unit 221 included in the authentication application 22 to compare and determine the updated value (latest cumulative consumption) and the set upper limit value (use restriction value). As a result, in the image processing apparatus 200, the authentication application 22 instructs the use function to stop the operation in units of pages based on the comparison determination result.

  As a result, the image processing apparatus 200 can restrict the use function in units of pages based on the operation log for each page in the installed function executed in response to the function use request from the authenticated user U.

  In the information processing system 1 according to the present embodiment, it is possible to perform highly accurate usage restrictions on the device mounting functions.

[Second Embodiment]
In the first embodiment, the configuration in which the image processing apparatus has the use restriction function has been described. In the configuration described in the first embodiment, there is a possibility that a time lag occurs in updating the value of the cumulative consumption held by the authentication management apparatus (a value that quantitatively indicates the cumulative consumption due to the past request operation). This is because the cumulative consumption value held by the authentication management apparatus is synchronized with the timing when the authenticated user logs out from the image processing apparatus.

  In such a case, for example, when the same user uses two image processing apparatuses and executes a requested job, it is determined whether or not usage restriction is necessary using the accumulated consumption amount that has not been updated to the latest value depending on the timing. May adversely affect the accuracy of usage restrictions.

  In consideration of the above points, the present embodiment proposes a configuration in which an authentication management apparatus side common to a plurality of image processing apparatuses has a use restriction function.

  In the following description, the same points as those in the first embodiment are denoted by the same reference numerals, and only different points will be described.

<Usage restriction function>
The use restriction function according to this embodiment will be described.

  In the authentication management apparatus 100 according to the present embodiment, an operation log (log data 31) of a used function issued in units of pages from the image processing apparatus 200 in which the installed function is executed in response to a function use request from the authenticated user U. Receive. Based on the received operation log, the authentication management apparatus 100 updates the accumulated consumption value that quantitatively indicates the accumulated consumption due to the past requested operation to the latest value. The authentication management apparatus 100 compares and determines the updated value (latest cumulative consumption) and the upper limit value (use limit value) related to the set consumption. As a result, based on the comparison determination result, the authentication management apparatus 100 instructs the image processing apparatus 200 in which the use function operates to stop the operation in units of pages. The authentication management apparatus 100 has such a use restriction function.

The configuration and operation of the use restriction function will be described below.
FIG. 9 is a diagram illustrating a configuration example of the use restriction function according to the present embodiment.
As shown in FIG. 9, the difference from the functional configuration shown in the first embodiment is that the user information service 12 operating on the authentication management apparatus 100 has a use restriction determination unit 121, and the image processing apparatus 200 has a log The application 21 and the log holding unit 21s are not provided.

  In the authentication management apparatus 100, since the user information service 12 includes the use restriction determination unit 121, the use restriction process by the authentication application 22 described in the first embodiment is performed. “Usage restriction processing” here means “update of cumulative consumption based on operation log (log data 31)”, “necessity of usage restriction based on latest cumulative consumption and upper limit (usage restriction value)” For example, “determination” and “instruction to stop operation in units of pages based on the determination result”.

  Among them, “update of the cumulative consumption based on the operation log” is performed by receiving the operation log for each page issued / transmitted from the log notification unit 27 of the image processing apparatus 200. The operation log transmitted from the image processing apparatus 200 is stored in the log holding unit 11 s by the log service 11 included in the authentication management apparatus 100 and is passed to the user information service 12. The user information service 12 performs usage restriction processing based on the received operation log.

  Further, the authentication management apparatus 100 instructs the use function to stop the operation in units of pages based on the determination result by the use restriction determination unit 121 included in the user information service 12. At this time, the authentication management apparatus 100 requests the image processing apparatus 200 on which the use function operates to issue a function stop instruction issuance instruction, and instructs the use function to stop the operation in units of pages. When the use restriction determination unit 121 determines that the use restriction needs to be restricted, the user information service 12 transmits the determination result to the authentication application 22 via the authentication communication unit 25 included in the image processing apparatus 200. . As a result, in the image processing apparatus 200, the authentication application 22 instructs the main body control unit 28 to issue the function stop command, and instructs the main body function unit 26 that operates as a use function to stop the operation.

  As described above, the use restriction function according to the present embodiment is realized by the above-described functional units operating in conjunction with each other.

  Next, the detailed operation of the use restriction function (the operation of associating the functional unit group) will be described with reference to a sequence diagram showing a processing procedure.

  The use restriction function is a program (software component related to the use restriction function) installed (installed) in the authentication management apparatus 100 and the image processing apparatus 200 by the CPUs 106 and 211 from the storage location (for example, “ROM”) to the RAM 104 or the storage. This is realized by reading the data on the device 212 and executing the following processing. Hereinafter, the description of the “user authentication process” similar to that of the first embodiment will be omitted, and only a different “usage restriction process” will be described. In addition, the processing procedure of steps S502 to S511 performed in units of pages in the “use restriction process” will be described.

《Usage restriction processing》
FIG. 10 is a sequence diagram illustrating an example of a processing procedure for performing usage restriction according to the present embodiment.
As illustrated in FIG. 10, when the main body function unit 26 finishes the copy operation for one page, the image processing apparatus 200 issues log data 31 relating to the copy operation in units of pages to the log notification unit 27. A notification is requested (step S502).

  The log notification unit 27 transmits the log data 31 for each page issued in response to the request to the authentication management apparatus 100 (step S503).

  The authentication management apparatus 100 uses the log service 11 to store the received log data 31 in the log holding unit 11s (step S504: log receiving unit).

  Subsequently, the log service 11 updates the value of the “current value (consumed cumulative value)” item of the usage restriction information 41L included in the user data 41 held in the user information holding unit 12s with respect to the user information service 12. A request is made to update to a value (step S505). At this time, the log service 11 requests the user data 41 to be updated by passing the log data 31 for each page to the user information service 12.

  In response to the request, the user information service 12 calculates the latest cumulative consumption value including the copy operation for one page that has been executed, based on the received page unit log data 31, and displays “current value (cumulative consumption The value of the “amount)” item is updated (step S506: calculation, update means). Note that the details of the processing related to “calculation of consumption per page” and “update of cumulative consumption” by the user information service 12 are the same as the processing contents of step S506 shown in FIG.

  In the user information service 12, the updated value (latest cumulative consumption) by the use restriction determination unit 121 is set to the set value of the “upper limit value (use restriction value)” item of the use restriction information 41L included in the user data 41. It is determined whether or not it exceeds (step S507: determination means).

  In this way, the user information service 12 uses the usage limit determination unit 121 by comparing the updated value (latest cumulative consumption) with the set upper limit value (use limit value) related to consumption. Determine whether restriction is necessary.

  If it is determined that usage restriction is necessary (step S508: YES), the user information service 12 requests the image processing apparatus 200 to issue an instruction to activate the copy function based on the determination result (step S508). S509: Operation stop request means). At this time, the user information service 12 transmits the determination result to the authentication application 22 via the authentication communication unit 25 included in the image processing apparatus 200.

  The image processing apparatus 200 instructs the main body control unit 28 to issue a command to stop the copy function by the authentication application 22 (step S510). In response to the instruction, the main body control unit 28 instructs the main body function unit 26 to stop the operation (step S511).

  As described above, in the authentication management apparatus 100, based on the operation log for each page in the installed function executed by the image processing apparatus 200 in response to the function use request from the authentication user U, the image management apparatus 200 in which the use function operates. On the other hand, usage is restricted on a page-by-page basis.

<Summary>
As described above, according to the authentication management apparatus 100 according to the present embodiment, the log service 11 is issued page by page from the image processing apparatus 200 in which the installed function is executed in response to the function use request from the authentication user U. An operation log (log data 31) of the function to be used is received. In the authentication management apparatus 100, the user information service 12 updates the accumulated consumption value that quantitatively indicates the accumulated consumption due to the past requested operation to the latest value based on the received operation log. In the authentication management apparatus 100, the use restriction determination unit 121 included in the user information service 12 compares and determines the updated value (latest cumulative consumption) and the set upper limit value (use restriction value). As a result, in the authentication management apparatus 100, the user information service 12 instructs the image processing apparatus 200 in which the use function operates to stop the operation on a page basis based on the comparison determination result.

  As a result, the authentication management apparatus 100 provides a response to the image processing apparatus 200 in which the use function operates based on the operation log for each page in the installed function executed by the image processing apparatus 200 in response to the function use request from the authenticated user U. You can limit usage on a page basis.

  In the information processing system 1 according to the present embodiment, as in the first embodiment, it is possible to perform highly accurate usage restrictions on the device mounting functions.

  The above embodiment has been described so far. The “use restriction function” of the information processing system 1 according to the above embodiment is different from the authentication management apparatus 100 and the processing procedure described with reference to the drawings. This is realized by the CPUs 106 and 211 executing a program coded in a programming language suitable for the operating environment (platform) of the image processing apparatus 200.

  The program can be stored in the computer-readable recording media 103a and 214a. Examples of the recording medium 103a include a floppy (registered trademark) disk, a CD (Compact Disk), and a DVD (Digital Versatile Disk). The recording medium 214a includes, for example, an SD memory card (SD Memory Card) and a USB (Universal Serial Bus) memory.

  Therefore, the program is stored in the recording media 103a and 214a, so that the authentication management apparatus 100 and the image processing apparatus 200 can read the recording media 103a and 214a via the drive device 103 and the external storage I / F 214. Can be installed. Further, since the authentication management apparatus 100 and the image processing apparatus 200 include the interface apparatus 107 and the network I / F 213, the program can be downloaded and installed using an electric communication line such as the Internet.

  In the above-described embodiment, the configuration in which either the authentication management apparatus 100 or the image processing apparatus 200 has the use restriction function has been described. For example, both apparatuses have a use restriction function, and control which of the use restriction functions is operated according to the traffic situation of the data transmission path N connecting the authentication management apparatus 100 and the image processing apparatus 200. There may be. When the authentication management apparatus 100 has a use restriction function, an operation log in units of pages is transmitted from the image processing apparatus 200, so that the amount of data communication is larger than the configuration of the image processing apparatus 200. Therefore, the traffic status is monitored, and when the communication load is relatively low, the use restriction function of the authentication management apparatus 100 is operated. When the communication load is high, the use restriction of the image processing apparatus 200 is provided. You may control to operate a function.

  In the second embodiment, the configuration in which the authentication management apparatus 100 has the use restriction function has been described. However, the present invention is not limited to this. For example, the use restriction function may be configured such that an information processing apparatus other than the authentication management apparatus 100 and the image processing apparatus 200 has the use restriction function. For example, in some user environments, an authentication server that performs user authentication using an active directory (Active Directory) or the like may already be provided. In such an environment, use authentication of the image processing apparatus 200 is performed using an existing authentication server installed in the user environment, and function usage restrictions based on the authentication result are restricted to those other than the authentication server and the image processing apparatus 200. There may be a configuration performed by the information processing apparatus.

  Finally, the present invention is not limited to the requirements shown here, such as combinations of other elements with the shapes and configurations described in the above embodiments. With respect to these points, the present invention can be changed within a range that does not detract from the gist of the present invention, and can be appropriately determined according to the application form.

1 Information processing system 11 Log service (s: Log holding unit)
12 User information service (s: user information holding unit)
21 Log application (s: log holding unit)
22 Authentication application (s: user information holding unit)
221 Usage restriction determination unit 23 External device control unit 24 External device information acquisition unit 25 Authentication communication unit 26 Main body function unit 27 Log notification unit 28 Main body control unit 31 Log data (U: user information, M: device information, R: consumed resource) information)
41 User data (A: Authentication information, L: Usage restriction information)
100 Authentication management device (authentication server)
101 Input Device 102 Display Device 103 Drive Device (a: Recording Medium)
104 RAM (volatile semiconductor memory)
105 ROM (nonvolatile semiconductor memory)
106 CPU (Central Processing Unit)
107 Interface device (NIC: Network I / F Card)
108 HDD (nonvolatile storage device)
200 Image processing device 210 Controller (control board)
211 CPU
212 Storage device (ROM, RAM)
213 Network I / F (NIC)
214 External storage I / F (a: recording medium)
220 Operation panel 230 Plotter (image forming unit)
240 Scanner (Original reading unit)
250 External device I / F (a: external device)
N Data transmission line (LAN)
U user

JP 2008-186101A

Claims (20)

An information management device connected to an authentication management device for performing user authentication via a predetermined data transmission path and having a function related to printing,
A log notification means for issuing and notifying an operation log of a used function executed in response to a request in units of printed pages upon receiving a function use request from a user authenticated by the authentication management device;
The log information based on the operation logs notified by means have a, and operation stopping means for instructing an operation stop in the printed page units with respect to the used function,
The operation log includes information indicating whether a printed page is printed on one side or on both sides.
An information processing apparatus characterized by that. The operation stop unit instructs the use function to stop operation in units of pages based on the consumption value based on the operation log notified by the log notification unit and the set upper limit value for consumption. ,
The information processing apparatus according to claim 1, wherein the consumption amount is a consumption amount depending on whether a printed page is printed on one side or on both sides. Based on the operation log, update means for updating the value of the cumulative consumption quantitatively indicating the cumulative consumption due to the past requested action to the latest value;
Determination means for determining whether or not it is necessary to restrict the use function based on the accumulated consumption updated by the update means and the upper limit value related to the set consumption,
The operation stop means is
2. The information processing apparatus according to claim 1, wherein when the determination unit determines that the use restriction is necessary, the information processing apparatus instructs the use function to stop the operation in units of pages. Based on the operation log, having a calculation means for calculating a consumption amount due to execution of the use function in response to a request;
The updating means includes
The information processing apparatus according to claim 3 , wherein the consumption value calculated by the calculation unit is added to the cumulative consumption amount to be updated to the latest value. The calculating means includes
Based on the number of pages included in the operation log, information indicating whether a printed page is printed on one side or on both sides, and a coefficient for calculating consumption per page by the use function, the use function is Calculate the amount of consumption due to execution ,
The information processing apparatus according to claim 4 , wherein the coefficient includes a coefficient corresponding to single-sided printing or double-sided printing . The determination means includes
Compare the cumulative consumption updated by the updating means with the upper limit value for the set consumption,
When the updated cumulative consumption exceeds the upper limit value,
The information processing apparatus according to any one of claims 3 to 5, characterized in that to determine that it is necessary to perform usage restriction to the use function. An information processing apparatus to which one or more devices having a function related to printing are connected via a predetermined data transmission path,
Log receiving means for receiving an operation log of a used function issued and transmitted in units of printed pages from the device on which the installed function has been executed in response to a function use request from an authenticated user;
Wherein based on the operation logs received by the log receiving unit, have a, an operation stop request means for requesting the operation stop of the printed page units with respect to the apparatus in which the utilization function operates,
The operation log includes information indicating whether a printed page is printed on one side or on both sides.
An information processing apparatus characterized by that. The operation stop requesting unit requests the use function to stop operation in units of pages based on the consumption value based on the operation log received by the log receiving unit and the set upper limit value for consumption. ,
The information processing apparatus according to claim 7, wherein the consumption amount is a consumption amount depending on whether a printed page is printed on one side or on both sides. Based on the operation log, update means for updating the value of the cumulative consumption quantitatively indicating the cumulative consumption due to the past requested action to the latest value;
Determination means for determining whether or not it is necessary to restrict the use function based on the accumulated consumption updated by the update means and the upper limit value related to the set consumption,
The operation stop request means includes
The information processing apparatus according to claim 7 , wherein when the determination unit determines that it is necessary to restrict usage, the information processing apparatus requests the device to stop operation in units of pages. Based on the operation log, having a calculation means for calculating a consumption amount due to execution of the use function in response to a request;
The updating means includes
The information processing apparatus according to claim 9 , wherein the information is updated to the latest value by adding the consumption calculated by the calculation unit to the cumulative consumption. The calculating means includes
Based on the number of pages included in the operation log, information indicating whether a printed page is printed on one side or on both sides, and a coefficient for calculating consumption per page by the use function, the use function is Calculate the amount of consumption due to execution ,
The information processing apparatus according to claim 10 , wherein the coefficient includes a coefficient corresponding to single-sided printing or double-sided printing . The determination means includes
Compare the cumulative consumption updated by the updating means with the upper limit value for the set consumption,
When the updated cumulative consumption exceeds the upper limit value,
The information processing apparatus according to any one of claims 9 to 11, characterized in that to determine that it is necessary to perform usage restriction to the use function. An information processing system in which one or a plurality of devices having a function related to printing and an authentication management apparatus that performs user authentication are connected via a predetermined data transmission path,
The authentication management device is
In response to an authentication request from the device, user authentication is performed based on authentication information transmitted from the device, and an authentication unit responds to the request source device with an authentication result.
The device is
Log notification means for issuing and notifying the operation log of the use function executed in response to the request in units of printed pages upon receiving a function use request from the user authenticated by the authentication means;
The log information based on the operation logs notified by means have a, and operation stopping means for instructing an operation stop in the printed page units with respect to the used function,
The operation log includes information indicating whether the printed page is printed on one side or on both sides.
An information processing system characterized by this. An information processing system in which one or a plurality of devices having a function related to printing and an authentication management apparatus that performs user authentication are connected via a predetermined data transmission path,
The authentication management device is
In response to an authentication request from the device, based on authentication information transmitted from the device, user authentication is performed, and an authentication unit responds to the request source device with an authentication result;
Log receiving means for receiving an operation log of a use function issued and transmitted in units of printed pages from the device;
Based on the operation log received by the log receiving means, operation stop requesting means for requesting the device in which the use function operates to stop the operation in units of printed pages,
The device is
When receiving the function use request from the authenticated user by the authentication means, we have a log notification means for issuing a page unit that is printed the operation log of the executed use function notified on demand,
The operation log includes information indicating whether the printed page is printed on one side or on both sides.
An information processing system characterized by this. Information in which one or a plurality of devices having a function related to printing, an authentication management device that performs user authentication, and an information processing device that restricts the use of the functions mounted on the device are connected through a predetermined data transmission path A processing system,
The authentication management device is
In response to an authentication request from the device, user authentication is performed based on authentication information transmitted from the device, and an authentication unit responds to the request source device with an authentication result.
The device is
When a function usage request is received from a user authenticated by the authentication unit, log processing means for issuing and notifying an operation log of the used function executed in response to the request in units of printed pages;
The information processing apparatus is
Log receiving means for receiving an operation log of a use function issued and transmitted in units of printed pages from the device;
Wherein based on the operation logs received by the log receiving unit, have a, an operation stop request means for requesting the operation stop of the printed page units with respect to the apparatus in which the utilization function operates,
The operation log includes information indicating whether the printed page is printed on one side or on both sides.
An information processing system characterized by this. An authentication management apparatus for performing user authentication is connected via a predetermined data transmission path, and is a usage restriction method in an information processing apparatus having a function related to printing,
When a function usage request is received from a user authenticated by the authentication management device, a log notification procedure for issuing and notifying an operation log of the usage function executed in response to the request in units of printed pages;
Based on said log information operation log notified by the procedure, have a, and operation stop procedure for instructing an operation stop in the printed page units with respect to the used function,
The operation log includes information indicating whether the printed page is printed on one side or on both sides.
A usage restriction method characterized by that. A usage restriction method in an information processing apparatus to which one or a plurality of devices having a function related to printing are connected via a predetermined data transmission path,
A log reception procedure for receiving an operation log of a use function issued and transmitted in units of printed pages from the device in which the installed function is executed in response to a function use request from an authenticated user;
Wherein based on the operation logs received by the log receiving procedure, we have a, and operation stop request procedure for requesting the stop of the operation of the printed page unit to the equipment in which the utilization function operates,
The operation log includes information indicating whether the printed page is printed on one side or on both sides.
A usage restriction method characterized by that. An authentication management apparatus for performing user authentication is connected via a predetermined data transmission path, and is a use restriction program in an information processing apparatus having a function related to printing,
Computer
A log notification means for issuing and notifying an operation log of a used function executed in response to a request in units of printed pages upon receiving a function use request from a user authenticated by the authentication management device;
Based on the operation log notified by the log notification unit, to function as an operation stop unit for instructing the use function to stop operation in units of printed pages ,
The operation log includes information indicating whether the printed page is printed on one side or on both sides.
Usage restriction program. A use restriction program in an information processing apparatus to which one or a plurality of devices having a function related to printing are connected via a predetermined data transmission path,
Computer
Log receiving means for receiving an operation log of a used function issued and transmitted in units of printed pages from the device on which the installed function has been executed in response to a function use request from an authenticated user;
Based on the operation log received by the log receiving unit, function as an operation stop request unit that requests an operation stop for each printed page for the device on which the use function operates ,
The operation log includes information indicating whether the printed page is printed on one side or on both sides.
Usage restriction program. A computer-readable recording medium storing the program according to claim 18 and / or 19 .

Images