JP5692120B2 - Image forming apparatus, control method, and program - Google Patents

Description

  The present invention relates to an authentication system when using an image forming apparatus.

  In recent years, with the heightened awareness of security in offices, security has been required for MFPs that are the input / output part of information.

  Therefore, by using an IC card authentication and authentication server, it is possible to obtain a secure output environment by using a mechanism for logging in to a multifunction machine with a user ID associated with card information.

  However, when communication with the authentication server cannot be performed due to a communication error, the function of the multifunction peripheral cannot be used, and the operation is stopped. Therefore, in Patent Document 1, a user name and a password are held in the multifunction machine as cache data, and even when communication with the authentication server cannot be performed, the cache data held in the multifunction machine can be used to log in to the multifunction machine. The system is described.

JP 2009-65288 A

  However, the system disclosed in Patent Document 1 authenticates and logs in to a multifunction device for users whose cache data has expired or whose cache data has been deleted due to exceeding the maximum number of caches. Can not do it.

  Therefore, the present invention has been made to solve the above problem, and even if the user does not hold the cache data in the multi-function peripheral, by obtaining the approval of the user who holds the cache data in the multi-function peripheral, The purpose is to provide a system that can log in to a multifunction device.

The present invention is an image forming apparatus that stores a data table including user information for identifying a user, and includes: a receiving unit that receives user information; and whether the user information received by the receiving unit is included in the data table. When it is determined that the determination unit and the user information received by the reception unit are included in the data table, the determination unit is specified by the user information received by the reception unit not included in the data table. Use permission means for permitting a user to use the image forming apparatus .

According to another aspect of the present invention, there is provided a control method for an image forming apparatus that stores a data table including user information for identifying a user, wherein the receiving unit of the image forming apparatus receives user information, and the image forming apparatus The determination unit determines whether the user information received in the reception step is included in the data table, and the user information received by the use permission unit of the image forming apparatus in the reception step A use permission step for permitting use of the image forming apparatus by a user specified by the user information received in the reception step that is not included in the data table when it is determined that the image forming device is included in the data table ; It is characterized by providing.

According to another aspect of the present invention, there is provided a program executable in an image forming apparatus that stores a data table including user information for identifying a user, wherein the image forming apparatus is received by a receiving unit that receives user information and the receiving unit. Determining means for determining whether the user information is included in the data table and the user information received by the receiving means are included in the data table when determined to be included in the data table. It is made to function as a use permission means for permitting use of the image forming apparatus by a user specified by the user information received by the reception means .

  According to the present invention, it is possible to provide a system in which even a user whose cache data is not held in the multifunction peripheral can log in to the multifunction peripheral by obtaining approval from a user whose cache data is retained in the multifunction peripheral.

It is a figure which shows the structure of the system in embodiment of this invention. It is a figure which shows the hardware constitutions of client PC100 of the embodiment of this invention, and the authentication server 200. 2 is a diagram illustrating a hardware configuration of a multifunction machine 300 according to an embodiment of the present invention. FIG. 2 is a functional block diagram of a client PC 100, an authentication server 200, and a multifunction peripheral 300 that constitute an embodiment of the present invention. FIG. It is a figure which shows the flow of the user authentication process in embodiment of this invention. It is a figure which shows the flow of the update process of the cache data table (FIG. 11) in embodiment of this invention. FIG. 10 is a diagram illustrating a processing flow when an error occurs in communication between the authentication server 200 and the MFP 300 in the embodiment of the present invention. It is a figure which shows the flow of the process which approves the login of the user who is not registered into cache data in embodiment of this invention. It is a figure which shows the flow of the process which creates the backup file in embodiment of this invention. It is a figure which shows the authentication table in embodiment of this invention. It is a figure which shows the cache data table in embodiment of this invention. It is a figure which shows the backup file in embodiment of this invention. It is a figure which shows the cache data management setting file in embodiment of this invention. It is a figure which shows the screen which prompts a user for IC card authentication in embodiment of this invention. It is a figure which shows the approval user list screen in embodiment of this invention. It is a figure which shows the screen which prompts IC card authentication with respect to an authorized user in embodiment of this invention. It is a figure which shows the screen which receives the input of the user name of the user whom login was approved by the approval user in embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a system configuration diagram showing an example of the configuration of a system using a multifunction machine 300 and an authentication server 200 of the present invention.

  As shown in FIG. 1, the system according to the present embodiment includes one or a plurality of client PCs 100, a plurality of multifunction peripherals (image forming apparatuses) 300, and an authentication server 200 connected via a local area network (LAN) 400, respectively. It is configured to send and receive information.

  The authentication server 200 stores an authentication table (FIG. 10), and an authentication process using the authentication table in response to an authentication request made by a user holding an IC card over the card reader 319 of the multifunction device 300 I do.

  Hereinafter, the hardware configuration of the information processing apparatus applicable to the client PC 100 and the authentication server 200 illustrated in FIG. 1 will be described with reference to FIG.

  FIG. 2 is a block diagram illustrating a hardware configuration of an information processing apparatus applicable to the client PC 100 and the authentication server 200 illustrated in FIG.

  In FIG. 2, reference numeral 201 denotes a CPU that comprehensively controls each device and controller connected to the system bus 204. Further, the ROM 202 or the external memory 211 is necessary to realize a BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as an OS), which is a control program of the CPU 201, or a function executed by each server or each PC. Various programs to be described later are stored.

  A RAM 203 functions as a main memory, work area, and the like for the CPU 201. The CPU 201 implements various operations by loading a program or the like necessary for execution of processing from the ROM 202 or the external memory 211 into the RAM 203 and executing the loaded program.

  An input controller 205 controls input from a keyboard (KB) 209 or a pointing device such as a mouse (not shown). A video controller 206 controls display on a display device such as a CRT display (CRT) 210. In FIG. 2, although described as CRT 210, the display device is not limited to the CRT, but may be another display device such as a liquid crystal display. These are used by the administrator as needed.

  A memory controller 207 is connected to the hard disk (HD), flexible disk (FD), or PCMCIA card slot for storing a boot program, various applications, font data, user files, editing files, various data, etc. via an adapter. The access to the external memory 211 such as a compact flash (registered trademark) memory is controlled.

  A communication I / F controller 208 connects and communicates with an external device via a network (for example, the LAN 400 shown in FIG. 1), and executes communication control processing in the network. For example, communication using TCP / IP is possible.

  Note that the CPU 201 enables display on the CRT 210 by executing outline font rasterization processing on a display information area in the RAM 203, for example. In addition, the CPU 201 enables a user instruction with a mouse cursor (not shown) on the CRT 210.

  Various programs to be described later for realizing the present invention are recorded in the external memory 211 and executed by the CPU 201 by being loaded into the RAM 203 as necessary. Furthermore, definition files and various information tables used when executing the program are also stored in the external memory 211, and a detailed description thereof will be described later.

  Next, the hardware configuration of the multifunction machine 300 shown in FIG. 1 will be described with reference to FIG.

  FIG. 3 is a block diagram illustrating an example of a hardware configuration of the multifunction peripheral 300 illustrated in FIG.

  As shown in FIG. 3, the controller unit 300 includes a CPU 301, a RAM 306, a ROM 302, an external storage device (hard disk drive (HDD)) 307, a network interface (Network I / F) 303, a modem (Modem) 304, an operation unit interface ( Operation unit I / F) 305, external interface (external I / F) 309, image bus interface (IMAGE BUS I / F) 308, raster image processor (RIP) 310, printer interface (printer I / F) 311, scanner interface (Scanner I / F) 312, an image processing unit 313, and the like.

  The CPU 301 is a processor that controls the entire system.

  A RAM 306 is a system work memory for the CPU 301 to operate, and is a program memory for recording a program and an image memory for temporarily storing image data.

  The ROM 302 stores a system boot program and various control programs.

The external storage device (hard disk drive HDD) 307 stores various programs for controlling the system, image data, and the like.

  An operation unit interface (operation unit I / F) 305 is an interface unit with an operation unit (UI) 318, and outputs image data to be displayed on the operation unit 318 to the operation unit 318.

The operation unit I / F 305 serves to transmit information (for example, user information) input by the system user from the operation unit 318 to the CPU 301. Note that the operation unit 318 includes a display unit having a touch panel, and various instructions can be given by a user pressing (touching with a finger or the like) a button displayed on the display unit.

  A network interface (Network I / F) 303 is connected to a network (LAN) and inputs / outputs data.

  A modem (MODEM) 304 is connected to a public line and inputs / outputs data such as FAX transmission / reception.

  An external interface (external I / F) 309 is an interface unit that accepts external inputs such as USB, IEEE 1394, printer port, RS-232C, etc. In this embodiment, a card reader for reading an IC card required for authentication is used. 319 is connected.

The CPU 301 can control reading of information from the IC card by the card reader 319 via the external I / F 309, and can acquire information read from the IC card. Note that the storage medium is not limited to an IC card, and any storage medium that can identify a user may be used. In this case, identification information for identifying the user is stored in the storage medium. This identification information may be a production number of the storage medium or a user code given by the user within the company.
The above devices are arranged on the system bus.

  On the other hand, an image bus interface (IMAGE BUS I / F) 308 is a bus bridge that connects a system bus 316 and an image bus 317 that transfers image data at high speed, and converts a data structure.

  The image bus 317 is configured by a PCI bus or IEEE1394. The following devices are arranged on the image bus 317.

  A raster image processor (RIP) 310 develops vector data such as a PDL code into a bitmap image, for example.

  A printer interface (printer I / F) 311 connects the printer 314 and the controller unit 300, and performs synchronous / asynchronous conversion of image data.

  A scanner interface (scanner I / F) 312 connects the scanner 315 and the controller unit 300 to perform synchronous / asynchronous conversion of image data.

  The image processing unit 313 corrects, processes, and edits input image data, and performs printer correction, resolution conversion, and the like on print output image data. In addition to this, the image processing unit 313 performs image data rotation and compression / decompression processing such as JPEG for multi-valued image data and JBIG, MMR, MH for binary image data.

  A scanner 315 connected to the scanner I / F 312 illuminates an image on paper as an original and scans it with a CCD line sensor, thereby converting it into an electrical signal as raster image data. The original paper is set on the tray of the original feeder, and when the apparatus user gives a reading start instruction from the operation unit 318, the CPU 301 gives an instruction to the scanner, and the feeder feeds the original paper one by one to read the original image. I do.

  A printer 314 connected to the printer I / F 311 is a part that converts raster image data into an image on paper. The method is an electrophotographic method using a photosensitive drum or a photosensitive belt, and ink is supplied from a micro nozzle array. There is an ink jet method for ejecting and printing an image directly on a sheet, but any method may be used. The activation of the printing operation is started by an instruction from the CPU 301. The printer unit 314 has a plurality of paper feed stages so that different paper sizes or different paper orientations can be selected, and has a paper cassette corresponding thereto.

  The operation unit 318 connected to the operation unit I / F 305 includes a liquid crystal display (LCD) display unit. A touch panel sheet is pasted on the LCD to display a system operation screen, and when the displayed key is pressed, the position information is transmitted to the CPU 301 via the operation unit I / F 305. The operation unit 318 includes, for example, a start key, a stop key, an ID key, a reset key, and the like as various operation keys.

  Here, the start key of the operation unit 318 is used when starting a document image reading operation. There are green and red LEDs in the center of the start key, and indicates whether or not the start key can be used depending on the color. In addition, the stop key of the operation unit 318 functions to stop the operation being performed. The ID key of the operation unit 318 is used when inputting the user ID of the user. The reset key is used when initializing settings from the operation unit 318.

  A card reader 319 connected to the external I / F 309 reads information stored in an IC card (for example, Sony FeliCa (registered trademark)) under the control of the CPU 301, and reads the read information into the external I / F 309. The CPU 301 is notified via F309.

  With the configuration as described above, the multifunction peripheral 300 can transmit the image data read from the scanner 315 to the LAN 400 and print out the print data received from the LAN 400 by the printer unit 314.

  Further, the image data read from the scanner 315 can be faxed to the public line by the modem 304, and the image data received by fax from the public line can be output by the printer unit 314.

Next, functions of the client PC 100, the authentication server 200, and the MFP 300 according to the present invention will be described with reference to FIG. FIG. 4 is a functional block diagram illustrating an example of functions of the client PC 100, the authentication server 200, and the multifunction peripheral 300.
<Client PC 100>

The Web browser 150 on the client PC 100 accesses the Web service unit 355 in the MFP 300 and rewrites the cache data management setting file (FIG. 13) to change settings such as the cache data expiration date and backup processing time. It has the function to do.
<Authentication server 200>

  As shown in FIG. 4, the authentication server 200 includes a data communication unit 250 and an authentication unit 251 as functional configurations.

  The data communication unit 250 receives an authentication request from the authentication server communication unit 351 of the multi-function apparatus 300 and transmits an authentication result to the authentication server communication unit 351.

When the authentication unit 251 on the authentication server 200 receives an authentication request from the authentication server communication unit 351 of the MFP 300, the authentication unit 251 accesses the authentication table (FIG. 10) managed on the authentication server 200, and the card requested for authentication. The user name associated with the number is searched, and the authentication result is returned to the authentication server communication unit 351 on the multi-function device 300 that has transmitted the authentication request.
<Multifunction device 300>

  As shown in FIG. 4, the multifunction machine 300 includes a card reader control unit 350, an authentication server communication unit 351, an authentication processing unit 352, a cache processing unit 353, a backup unit 354, and a web service unit 355 as functional configurations.

  The card reader control unit 350 on the multifunction machine 300 acquires card information (manufacturing number and the like) of the card held over the card reader 319.

  The authentication server communication unit 351 transmits an authentication request to the authentication unit 251 of the authentication server 200 using the card number acquired by the card reader control unit 350, and is issued from the authentication result returned from the authentication server 200 or from the authentication server 200. A function of receiving the access key.

  When the cache processing unit 353 holds a cache data table (FIG. 11) and can communicate with the authentication server 200, the cache processing unit 353 caches the user information returned from the authentication server 200 in the cache data table. If communication with the authentication server 200 is not possible, the cache data is used, and the user name associated with the card number held over the card reader 319 is searched for authentication. Further, when a card of a user (hereinafter referred to as an unregistered user) that is not in the cache data is held over, a list (FIG. 15) of cached users (hereinafter referred to as authorized users) is displayed by communicating with the authentication server 200. Then, the information of the unregistered user is cached by holding the selected authorized user's card over the card reader.

  Since the cache data table is erased when the multifunction device 300 is activated, the cache processing unit 353 acquires the backup file shown in FIG. 12 from the storage area when the multifunction device 300 is activated, and the acquired backup file. Register user information in the cache data table. At this time, the registration flag is set to “1”. The backup file creation process will be described later with reference to the flowchart shown in FIG.

  Incidentally, as shown in FIG. 11, the cache data table holds card information 1101, user name 1102, authentication date 1103, registration flag 1104, and approval card information 1105. In the card information 1101, card information of a card held over the card reader 319 is registered. Further, when the user name 1102 can communicate with the authentication server 200, the user name acquired from the authentication server 200 is registered. When the user name 1102 cannot be communicated and an unregistered user is cached, the user name registration screen (FIG. 17) is displayed. ) Is cached. The authentication date and time 1103 is overwritten with a new authentication date and time each time the user logs in. In the registration flag 1104, “1” is cached when the authentication result returned from the authentication server 200 is successful, communication with the authentication server 200 is not possible, and an unregistered user holds the card of the authorized user. In this case, “0” is cached. In the authentication card information 1105, card information held by an authorized user when an unregistered user is registered (when an unregistered user is logged in) is cached.

  The backup processing unit 354 registers user information whose cache data table registration flag 1104 is “1” and whose expiration date has not passed in a backup file (FIG. 12) at predetermined time intervals.

  The Web service unit 355 provides a mechanism that returns a corresponding Web page in response to a request from the WEB browser 150 of the client PC 100.

  Next, user authentication processing will be described with reference to the flowchart of FIG.

  Note that step S501, step S503 to step S505, and step S511 of this flowchart are processes performed by the CPU 301 of the multifunction machine 300 reading and executing a predetermined control program.

  Step S502 is a process executed by the card reader 319.

  Further, the processes in steps S506 to S510 are processes performed by the CPU 201 of the authentication server 200 reading and executing a predetermined control program.

  In step S <b> 501, the authentication processing unit 352 of the MFP 300 displays an authentication screen (FIG. 14) on the operation unit 318 and prompts the user to hold the IC card over the card reader 319.

  In step S <b> 502, the card reader 319 acquires card information such as a card manufacturing number from the IC card held by the user, and transmits the acquired card information to the authentication processing unit 352 of the multifunction device 300.

  In step S503, the authentication processing unit 352 of the MFP 300 receives the card information acquired by the card reader 319 in step S502 from the card reader 319. (First user information acquisition means)

  In step S504, the authentication server communication unit 351 of the MFP 300 transmits the card information acquired by the authentication processing unit 352 in step S503 to the data communication unit 250 of the authentication server 200 as an authentication request.

  In step S <b> 505, the authentication server communication unit 351 of the MFP 300 determines whether communication with the authentication server 200 has been successful.

  If communication with the authentication server 200 fails (step S505: YES), the process proceeds to the process shown in the flowchart of FIG.

  If communication with the authentication server 200 is successful (step S505: NO), the process proceeds to step S506.

  In step S506, the data communication unit 250 of the authentication server 200 receives the authentication request including the card information transmitted from the authentication server communication unit 351 of the multi-function device 300 in step S505.

  In step S507, the authentication unit 251 of the authentication server 200 determines the authentication result of the card information received in step S505. Specifically, it is determined whether or not the received card information exists in the authentication table shown in FIG. 10, and if it exists, the process proceeds to step S508 as successful authentication (step S507: YES).

  On the other hand, if the received card information does not exist in the authentication table (FIG. 10) (step S507: NO), the process proceeds to step S510 as an authentication failure.

  In step S <b> 510, the data communication unit 250 of the authentication server 200 transmits a result indicating that the authentication has failed to the authentication processing unit 352 of the MFP 300.

  In step S508, the authentication unit 251 of the authentication server 200 acquires user information (card information 1001, user name 1002, password 1003, date and time 1004) of the user who has been successfully authenticated from the authentication table (FIG. 10).

  In step S509, the data communication unit 250 of the authentication server 200 transmits to the authentication processing unit 352 of the multifunction device 300 the result that the authentication has been successful and the user information acquired from the authentication table (FIG. 10).

  In step S511, the authentication processing unit 352 of the MFP 300 receives the authentication result transmitted from the data communication unit 250 of the authentication server 200 in step S509 or step S510.

  When the authentication result is received, the process proceeds to the process shown in the flowchart of FIG.

  Next, the update processing of the cache data table (FIG. 11) stored in the multifunction machine 300 will be described with reference to FIG.

  Note that the processing shown in the flowchart of FIG. 6 is processing that is performed when the CPU 301 of the multifunction peripheral 300 reads and executes a predetermined control program.

  In step S601, the authentication processing unit 352 of the MFP 300 determines whether the authentication result transmitted from the data communication unit 250 of the authentication server 200 is a result of successful authentication or a result of failed authentication. to decide.

  If the result indicates that the authentication has failed (step S601: NO), the process proceeds to step S602.

  If the result is that the authentication is successful (step S601: YES), the process proceeds to step S605.

  In step S602, the cache processing unit 353 of the multi-function peripheral 300 determines whether the card information acquired in step S503 in FIG. 5 exists in the cache data table (FIG. 11).

  If it is determined that it exists (step S602: YES), the process proceeds to step S603, and if it is determined that it does not exist (step S602: NO), the process proceeds to step S604.

  In step S603, the cache processing unit 353 of the MFP 300 deletes the user information remaining in the cache data table (FIG. 11).

  By the deletion process in step S603, it is possible to avoid a state in which user information for which no user information exists in the authentication server 200 exists in the cache data table (FIG. 11).

  In step S604, an error screen (not shown) notifying that authentication has failed is displayed on the operation unit 318.

  In step S605, the cache processing unit 353 of the MFP 300 acquires the date and time when authentication was performed.

  In step S606, the cache processing unit 353 of the multi-function peripheral 300 checks whether or not the card information acquired in step S503 is registered in the cache data table (FIG. 11).

  If it is determined that it is registered (step S606: YES), the process proceeds to step S607. If it is determined that it is not registered (step S606: NO), the process proceeds to step S608.

  In step S607, the cache processing unit 353 of the MFP 300 receives the user information of the user (the user corresponding to the card information acquired in step S503) in the cache data table (FIG. 11) from the authentication server 200 in step S511. Overwritten by the user information. The specific data to be overwritten is the user name 1102 received in step S511, the authentication date and time 1103 acquired in step S605, “1” is set in the registration flag 1104, and “ “NULL” is set.

  When the cache data table (FIG. 11) is updated in step S607, the process proceeds to step S611.

  In step S608, the cache processing unit 353 of the MFP 300 determines whether the number of data in the cache data table (FIG. 11) has reached the upper limit value. If the upper limit has been reached (step S608: YES), the process proceeds to step S609. If the upper limit has not been reached (step S608: NO), the process proceeds to step S610.

  Whether or not the number of cache data has reached the upper limit value is determined according to the cache upper limit number 1304 of the cache data management setting file (FIG. 13).

  In step S609, the cache processing unit 353 of the MFP 300 deletes the user information with the oldest authentication date 1103 from the user information registered in the cache data table.

  In step S610, the cache processing unit 353 of the MFP 300 sets the card information 1101 acquired in step S503, the user name 1102 received in step S511, and the authentication date 1103 acquired in step S605 in the cache data table (FIG. 11). The registration flag is set to “1”. “NULL” is set in the approval card information 1105.

  When the cache data table (FIG. 11) is updated in step S610, the process proceeds to step S611.

  In step S <b> 611, the authentication processing unit 352 of the MFP 300 accepts login with the user information received in step S <b> 511.

  Next, the processing when it is determined in step S505 that communication is an error will be described with reference to FIG.

  Note that the processing shown in the flowchart of FIG. 7 is processing that is performed when the CPU 301 of the multifunction peripheral 300 reads and executes a predetermined control program.

  In step S <b> 701, the cache processing unit 353 of the MFP 300 acquires a cache data table (FIG. 11) stored in a storage area such as the HDD 307.

  In step S702, the cache processing unit 353 of the MFP 300 determines whether the card information acquired in step S503 is registered in the cache data table acquired in step S701. (First determination means)

  If it is determined that it is registered (step S702: YES), the process proceeds to step S703, and if it is determined that it is not registered (step S702: NO). The process proceeds to step S708.

  In step S703, the cache processing unit 353 of the MFP 300 confirms whether or not the user information having the card information that matches the card information acquired in step S503 is within the expiration date. Specifically, the value set in the flag “0” user expiration date 1301 or the flag “1” user expiration date 1302 in the cache data management setting file shown in FIG. Use to judge.

  For a user whose user information registration flag is “0”, the expiration date is the date calculated by adding the number of days set in the flag 0 user expiration date 1301 to the authentication date 1103 of the user information.

  For a user whose user information registration flag is “1”, the date calculated by adding the number of days set in the flag 1 user expiration date 1302 to the authentication date 1103 of the user information becomes the expiration date.

  When it is determined that the expiration date thus determined has not passed (step S703: YES), the process proceeds to step S706, and when it is determined that the expiration date has passed (step S703: NO). ) Shifts the processing to step S704.

  In step S704, the cache processing unit 353 of the MFP 300 deletes the user information determined to have expired in step S703 from the cache data table.

  In step S705, the MFP 300 displays an error screen (not shown) indicating that the authentication has failed, and shifts the processing to the processing shown in the flowchart of FIG.

  In step S706, the cache processing unit 353 of the MFP 300 acquires the current date and time. In step S707, the cache processing unit 353 of the MFP 300 overwrites the user information of the user corresponding to the card information acquired in step S503 with the current date and time acquired in step S706.

  Then, the process proceeds to step S611 in FIG. 6, and login is performed using the user information overwritten in step S707.

  In step S <b> 708, the cache processing unit 353 of the MFP 300 acquires user information within the expiration date with the registration flag “1” in the data in the cache data table (FIG. 11). The determination as to whether it is within the expiration date is the same as the determination in step S703.

  That is, user information of a user who can be an authorized user is acquired from the cache data table. The user whose registration flag is “1” is a user who has succeeded in the authentication process using the authentication table of the authentication server 200.

  In step S709, the cache processing unit 353 of the MFP 300 displays a list of user information acquired in step S708 on the operation unit 318 (FIG. 15 as an example of a list display screen). (Display means)

  In step S <b> 710, the cache processing unit 353 of the multifunction peripheral 300 accepts the approval user selection from the approval user information list displayed in step S <b> 709. (Selection acceptance means)

  In step S711, the cache approval unit 353 of the MFP 300 determines whether an approved user is selected from the users and the authentication button 1502 on the list screen is pressed.

  If it is determined that the authentication button 1502 has been pressed (step S711: YES), the process proceeds to step S801 in the flowchart of FIG.

  If the authentication button has not been pressed (step S711: NO), the process proceeds to step S711, and it is determined whether the return button 1501 has been pressed. If the return button 1501 is pressed (step S712: YES), the process proceeds to step S501 in FIG. 5, and the user authentication screen (FIG. 14) is displayed again. If neither the authentication button 1502 nor the return button 1501 is pressed (step S712: NO), the standby state is continuously maintained. If no operation is performed by the user for a certain period of time, the process may be shifted to step S501 in FIG.

  Next, a process for approving login of a user whose user information is not registered in the cache data table (unregistered user) by holding the card of the authorized user over the card reader 319 will be described using the flowchart shown in FIG. Do

  Note that the processes shown in step S801, step S802, and step S804 to step S812 in the flowchart of FIG. 8 are processes that are performed when the CPU 301 of the multifunction peripheral 300 reads and executes a predetermined control program.

  Step S803 is processing executed by the card reader 319.

  In step S801, the cache processing unit 353 of the MFP 300 displays an approved user authentication dialog (FIG. 16) for prompting authentication of the approved user selected by the user in step S710 on the operation unit 318.

  In step S802, the cache processing unit 353 of the MFP 300 determines whether the user has pressed the return button 1601 of the approved user authentication dialog. If the return button 1601 is pressed by the user, the process proceeds to step S709 in FIG. 7, and the approved user list screen (FIG. 15) is displayed again to accept the selection of the approved user.

  If the return button 1601 is not pressed (step S802: NO), the process proceeds to step S803.

  In step S803, the card reader 319 detects the IC card of the approved user selected in step S710, and acquires card information of the detected IC card.

  In step S804, the cache processing unit 353 of the MFP 300 receives the card information acquired by the card reader 319 in step S803. (Authorized user acquisition means)

  In step S805, the cache processing unit 353 of the MFP 300 matches the card information of the authorized user selected in step S710 and the card information received from the card reader 319 in step S804, which is stored in the cache data table. Confirm whether to do. (Second determination means)

  If they match (step S804: YES), the process proceeds to step S807. If they do not match (step S805: NO), the process proceeds to step S806.

  In step S806, the cache processing unit 353 of the MFP 300 displays an authentication error screen (not shown) indicating that the authentication has failed. Then, the process proceeds to step S709, the approval user list screen is displayed again, and the selection of the approval user is accepted.

  In step S807, the cache processing unit 353 of the MFP 300 displays a user name registration screen (FIG. 17) that accepts user name registration.

  In step S <b> 808, the cache processing unit 353 of the multifunction peripheral 300 receives an input of a user name from the user. Note that the processing in step S808 is processing for setting user information (user name) of a user who is authorized to log in to the cache data table.

  In step S809, the cache processing unit 353 of the MFP 300 determines whether or not the user has pressed the OK button on the user name registration screen.

  If it is determined that the button has been pressed (step S809: YES), the process proceeds to step S811, and if it has not been pressed (step S809: NO), the process proceeds to step S810.

  In step S810, it is determined whether or not a cancel button has been pressed by the user. If the cancel button has been pressed, the process proceeds to step S501.

  In step S811, the cache processing unit 353 of the MFP 300 acquires the current date (authentication date).

  In step S812, the cache processing unit 353 of the MFP 300 sets the card information acquired in step S503, the user name received in step S808, and the current date and time acquired in step S811 in the cache data table (FIG. 11) and registers them. Set the flag to “0”. Then, the card information of the approval user acquired in step S803 is set in the approval card information 1105.

  Then, the cache processing unit 353 of the MFP 300 proceeds to step S611, and performs login using the information set in step S812.

  In the present embodiment, an authorized user's card is detected, and an input of user information of a user who receives login approval is received. However, as a processing order, the user information of the user who receives login approval is received. The configuration may be such that the card of the authorized user is detected after receiving the input.

  Next, the creation process of the backup file (FIG. 12) will be described with reference to FIG.

  Note that the processing shown in the flowchart of FIG. 9 is processing that is performed by the CPU 301 reading and executing a predetermined control program by the function of the backup unit 354 in the multifunction peripheral 300.

  In step S901, the backup unit 354 of the MFP 300 determines whether the backup processing time has come. If it is determined that the backup processing time has arrived (step S901: YES), the process proceeds to step S902. If it is determined that the backup processing time has not arrived (step S901: NO), the processing of this flowchart ends.

  The backup processing time follows the backup processing time 1303 of the cache data management setting file stored in advance.

  In step S902, the backup unit 354 of the MFP 300 acquires a cache data table (FIG. 11).

  In step S903, the backup unit 354 of the MFP 300 reads one piece of user information set in the cache data table.

  In step S904, the backup unit 354 of the MFP 300 determines whether the user information has been read in step S903.

  If it can be read (step S904: YES), the process proceeds to step S905. If it cannot be read (step S904: NO), the process of this flowchart ends.

  In step S905, the backup unit 354 of the MFP 300 determines whether the registration flag 1104 of the user information read in step S903 is “1”. If the registration flag 1104 is “1” (step S905: YES), the process proceeds to step S906. If the registration flag 1104 is not “1” (step S905: NO), the process of this flowchart is performed. finish.

  The user whose registration flag is “1” is a user who has communicated with the authentication server 200 and succeeded in the authentication process using the authentication table (FIG. 10).

  In step S906, the backup unit 354 of the MFP 300 determines whether the expiration date of the user information is within the time limit. Note that a specific determination method is the same as the processing in step S703.

  If it is determined that it is within the expiration date (step S906: YES), the process proceeds to step S907. If it is determined that the expiration date has passed (NO at step S906), the processing of this flowchart is performed. finish.

  In step S907, the backup unit 354 of the MFP 300 stores the user information (card information, user name, authentication date) within the expiration date in the backup file (FIG. 12), with the registration flag 1104 being “1”.

  Note that the processing from step S903 to step S907 in this flowchart is repeated until the reading processing is executed for all user information stored in the cache data table.

  By backing up user information of a user whose registration flag is “1” (a user who can be an authorized user) by the processing of this flowchart, the backup file can be used as data in the cache data table when the MFP 300 is activated. Thus, even when the MFP 300 whose cache data table has been deleted is activated, the approval user can approve login.

  In other words, even when the cache data table is erased, such as when the MFP 300 is activated, even if the cache data is not held in the MFP by using the backup file, the approval user can approve the login. Be able to get.

  Through the above processing, even a user whose cache data is not held in the multifunction device can log in to the multifunction device by obtaining approval from the user whose cache data is held in the multifunction device.

  It should be noted that the configuration and contents of the various data described above are not limited to this, and it goes without saying that the various data and configurations are configured according to the application and purpose.

  The present invention can adopt an embodiment as, for example, a system, an apparatus, a method, a program, or a recording medium. Specifically, the present invention may be applied to a system including a plurality of devices. Moreover, you may apply to the apparatus which consists of one apparatus.

  Moreover, the program in this invention is a program which can perform the processing method of FIGS. 5-9 by a computer, and the program which can execute the processing method of FIGS. 5-9 in a computer is stored in the storage medium of this invention. It is remembered. The program in the present invention may be a program for each processing method of each apparatus in FIGS.

  As described above, a recording medium that records a program that implements the functions of the above-described embodiments is supplied to a system or apparatus, and a computer (or CPU or MPU) of the system or apparatus stores the program stored in the recording medium. It goes without saying that the object of the present invention can also be achieved by reading and executing.

  In this case, the program itself read from the recording medium realizes the novel function of the present invention, and the recording medium recording the program constitutes the present invention.

  As a recording medium for supplying the program, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, nonvolatile memory card, ROM, EEPROM, silicon A disk or the like can be used.

  Further, by executing the program read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) operating on the computer based on an instruction of the program is actually It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the processing and the processing is included.

  Furthermore, after the program read from the recording medium is written to the memory provided in the function expansion board inserted into the computer or the function expansion unit connected to the computer, the function expansion board is based on the instructions of the program code. It goes without saying that the case where the CPU or the like provided in the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  The present invention may be applied to a system constituted by a plurality of devices or an apparatus constituted by a single device. Needless to say, the present invention can be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

  Furthermore, by downloading and reading a program for achieving the present invention from a server, database, etc. on a network using a communication program, the system or apparatus can enjoy the effects of the present invention. In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

100 client PC
200 Authentication Server 300 Multifunction Device 319 Card Reader 400 LAN

Claims (7)

An authentication table that stores user information for identifying a user, determines whether user information received from the image forming apparatus is included in the authentication table, and transmits the determination result to the image forming apparatus; An image forming apparatus for storing a data table including user information for connecting and identifying a user,
Receiving means for receiving user information;
User information transmission means for transmitting user information received by the reception means to the authentication server;
A determination result receiving means for receiving, from the authentication server, a determination result as to whether or not the user information transmitted by the user information transmitting means is included in the authentication table;
When the determination result received by the determination result receiving unit is a result indicating that the user information transmitted by the user information transmitting unit is included in the authentication table, the user information is formed by the other user. A determination result registration means for registering in the data table as an authorized user who has the authority to approve the use of the device;
Obtaining means for obtaining user information of the approved user from the data table;
Determining means for determining whether the user information received by the receiving means is included in the data table;
With
The accepting means further accepts user information when the judging means judges that the user information is not included in the data table,
User information further accepted if the user information is determined not to be included in the data table, if included in the user information acquired approved user by the acquisition unit, when not included in the data table Use permission means for permitting use of the image forming apparatus by a user specified by the determined user information;
Data addition for additionally registering user information of a user permitted to use the image forming apparatus by the use permission unit as user information of a user who is not authorized to approve use of the image forming apparatus by another user Means,
An image forming apparatus further comprising: The data adding means further includes:
The user information determined to be included in the data table by the determination unit is registered in association with the user information of a user who is permitted to use the image forming apparatus by the use permission unit. Item 2. The image forming apparatus according to Item 1. Selection accepting means for accepting selection of any user information among the user information of the approved user obtained by the obtaining means ;
An approved user determining means for determining a user related to the user information received by the selection receiving means as an approved user;
The image forming apparatus according to claim 1, further comprising: The usage permission unit, when the user information is further accepted if the user information is determined not to be included in the data table, a user information relating to the determined approved Nyuza by the authorized user decision means, said data The image forming apparatus according to claim 3, wherein a user specified by user information determined not to be included in the table is permitted to use the image forming apparatus. Further comprising a communication possibility determining means for determining whether communication with the pre-Symbol authentication server,
The determination unit determines whether or not the user information received by the reception unit is included in the data table when the communication permission determination unit determines that communication with the authentication server is impossible. The image forming apparatus according to claim 1, wherein the image forming apparatus is an image forming apparatus. An authentication table that stores user information for identifying a user, determines whether user information received from the image forming apparatus is included in the authentication table, and transmits the determination result to the image forming apparatus; A control method of an image forming apparatus for storing a data table including user information for connecting and identifying a user,
An accepting step in which the accepting means of the image forming apparatus accepts user information;
A user information transmitting step in which the user information transmitting means of the image forming apparatus transmits the user information received in the receiving step to the authentication server;
A determination result receiving step in which a determination result receiving unit of the image forming apparatus receives a determination result from the authentication server as to whether or not the user information transmitted in the user information transmitting step is included in the authentication table;
When the determination result received by the determination result reception step of the image forming apparatus is a result that the user information transmitted in the user information transmission step is included in the authentication table, A determination result registration step of registering the user information in the data table as an approved user having authority to approve use of the image forming apparatus by another user;
An acquisition step in which the acquisition unit of the image forming apparatus acquires user information of the approved user from the data table;
A determination step in which the determination unit of the image forming apparatus determines whether the user information received in the reception step is included in the data table;
With
In the receiving step, when it is determined by the determining step that user information is not included in the data table, the receiving step further receives user information,
When the use permission unit of the image forming apparatus determines that the user information is not included in the data table, the received user information is included in the user information of the approved user acquired by the acquisition step. , a use permission step of permitting use of the image forming apparatus by a user identified by the user information is determined not to be included in the data table,
The user information of the user who is permitted to use the image forming apparatus by the use permission step is used as user information of a user who is not authorized to approve the use of the image forming apparatus by another user. , A data addition step of additionally registering in the data table;
A control method further comprising: An authentication table that stores user information for identifying a user, determines whether user information received from the image forming apparatus is included in the authentication table, and transmits the determination result to the image forming apparatus; A program that can be executed in an image forming apparatus that is connected and stores a data table including user information for identifying a user,
The image forming apparatus;
Receiving means for receiving user information;
User information transmission means for transmitting user information received by the reception means to the authentication server;
A determination result receiving means for receiving, from the authentication server, a determination result as to whether or not the user information transmitted by the user information transmitting means is included in the authentication table;
When the determination result received by the determination result receiving unit is a result indicating that the user information transmitted by the user information transmitting unit is included in the authentication table, the user information is formed by the other user. A determination result registration means for registering in the data table as an authorized user who has the authority to approve the use of the device;
Obtaining means for obtaining user information of the approved user from the data table;
Function as a determination unit that determines whether the user information received by the reception unit is included in the data table;
When the determination unit determines that the user information is not included in the data table, the reception unit further functions as a unit for receiving user information,
The image forming apparatus;
User information further accepted if the user information is determined not to be included in the data table, if included in the user information acquired approved user by the acquisition unit, when not included in the data table Use permission means for permitting use of the image forming apparatus by a user specified by the determined user information;
Data addition for additionally registering user information of a user permitted to use the image forming apparatus by the use permission unit as user information of a user who is not authorized to approve use of the image forming apparatus by another user A program characterized by functioning as a means.

Images