JP6443007B2 - Information processing apparatus and information processing program - Google Patents

Description

  The present invention relates to an information processing apparatus and an information processing program.

  In Patent Document 1, the device can be used even by an unregistered user, and after the user registration, it is an object to carry out processing by taking advantage of the settings used when the user is not registered. When the use is instructed, the application ID indicating the used application and the setting contents are stored in association with the temporary user ID created by the user information management server, and the user information management server stores the information. When it is stored in the setting history database of the storage unit and user registration is performed from the terminal device, a new user ID and a temporary user ID are stored in association with each other, and the MFP receives the user ID and password, When user authentication is performed by the user information management server, the temporary user corresponding to this user ID Download the application indicated D, and it is disclosed that take over the settings.

JP 2007-286957 A

  In the present invention, when a user who does not belong to the tenant of an image output terminal uses the image output terminal, the information registered using the access key can be output from the image output terminal. An object of the present invention is to provide an information processing apparatus and an information processing program that are controlled.

The gist of the present invention for achieving the object lies in the inventions of the following items.
According to the first aspect of the present invention, when the user who does not belong to the tenant of the image output terminal accepts an application for using the image output terminal, and the accepting means accepts the application, the image output terminal Presenting means for presenting an access key for registering the location where the information output by the application is stored to the application source, and control so that the information registered using the access key can be output from the image output terminal And when the proximity data communication is registered using the access key, the control means outputs the information obtained from the terminal possessed by the user from the image output terminal. It is an information processing apparatus characterized by performing control so as to be possible .

  The invention according to claim 2 is characterized in that the control means checks the expiration date of the access key and controls so that the access key cannot be used when the expiration date has passed. It is an information processing apparatus as described in.

  According to a third aspect of the present invention, the accepting unit accepts the first tenant to which the image output terminal belongs, and when the information is registered using the access key, the second to which the user belongs. And an association means for associating the first tenant with the second tenant, wherein the control means associates the second tenant with the first tenant by the association means. The information processing apparatus according to claim 1 or 2, wherein information is extracted from a storage unit belonging to a tenant, and control is performed so that the information can be output from the image output terminal.

According to a fourth aspect of the present invention, there is provided a receiving means for accepting an application for a user who does not belong to the tenant of the image output terminal to use the image output terminal; and when the accepting means accepts the application, Presenting means for presenting an access key for registering a location where information output by the image output terminal is stored to the application source, and information registered using the access key can be output from the image output terminal When the proximity data communication is registered using the access key, the control means outputs the information obtained from the terminal possessed by the user as the image output. It is an information processing program that controls to enable output from a terminal .

  According to the information processing apparatus of claim 1, when a user who does not belong to the tenant of the image output terminal uses the image output terminal, the information registered using the access key is stored in the image output terminal. It is possible to control so as to be able to output from.

  According to the information processing apparatus of the second aspect, when the access key has expired, it can be controlled so that the access key cannot be used.

  According to the information processing apparatus of the third aspect, the first tenant to which the image output terminal belongs and the second tenant to which the user belongs are associated with each other, and information is stored from the storage means belonging to the second tenant. The information can be extracted and controlled so that the information can be output from the image output terminal.

According to the information processing program of claim 4, when a user who does not belong to the tenant of the image output terminal uses the image output terminal, the information registered using the access key is stored in the image output terminal. It is possible to control so as to be able to output from.

It is a conceptual module block diagram about the structural example of this Embodiment. It is explanatory drawing which shows the system configuration example using this Embodiment. It is a conceptual module block diagram about the structural example of this Embodiment. It is a flowchart which shows the process example of this Embodiment. It is a flowchart which shows the process example of this Embodiment. It is a flowchart which shows the process example of this Embodiment. It is a flowchart which shows the process example of this Embodiment. It is a flowchart which shows the process example of this Embodiment. It is a flowchart which shows the process example of this Embodiment. It is explanatory drawing which shows the example of a data structure of a tenant information table. It is explanatory drawing which shows the example of a data structure of a temporary use information table. It is explanatory drawing which shows the example of a data structure of a user information table. It is explanatory drawing which shows the example of a data structure of a terminal information table. It is explanatory drawing which shows the example of a data structure of the management table of a reference destination information table. It is explanatory drawing which shows the example of a data structure of a reference destination information table. It is explanatory drawing which shows the process example by this Embodiment. It is explanatory drawing which shows the process example by this Embodiment. It is a block diagram which shows the hardware structural example of the computer which implement | achieves this Embodiment.

Hereinafter, an example of a preferred embodiment for realizing the present invention will be described with reference to the drawings.
FIG. 1 shows a conceptual module configuration diagram of a configuration example of the present embodiment.
The module generally refers to components such as software (computer program) and hardware that can be logically separated. Therefore, the module in the present embodiment indicates not only a module in a computer program but also a module in a hardware configuration. Therefore, the present embodiment is a computer program for causing these modules to function (a program for causing a computer to execute each procedure, a program for causing a computer to function as each means, and a function for each computer. This also serves as an explanation of the program and system and method for realizing the above. However, for the sake of explanation, the words “store”, “store”, and equivalents thereof are used. However, when the embodiment is a computer program, these words are stored in a storage device or stored in memory. It is the control to be stored in the device. Modules may correspond to functions one-to-one, but in mounting, one module may be configured by one program, or a plurality of modules may be configured by one program, and conversely, one module May be composed of a plurality of programs. The plurality of modules may be executed by one computer, or one module may be executed by a plurality of computers in a distributed or parallel environment. Note that one module may include other modules. Hereinafter, “connection” is used not only for physical connection but also for logical connection (data exchange, instruction, reference relationship between data, etc.). “Predetermined” means that the process is determined before the target process, and not only before the process according to this embodiment starts but also after the process according to this embodiment starts. In addition, if it is before the target processing, it is used in accordance with the situation / state at that time or with the intention to be decided according to the situation / state up to that point. When there are a plurality of “predetermined values”, the values may be different from each other, or two or more values (of course, including all values) may be the same. In addition, the description having the meaning of “do B when it is A” is used in the meaning of “determine whether or not it is A and do B when it is judged as A”. However, the case where it is not necessary to determine whether or not A is excluded.
In addition, the system or device is configured by connecting a plurality of computers, hardware, devices, and the like by communication means such as a network (including one-to-one correspondence communication connection), etc., and one computer, hardware, device. The case where it implement | achieves by etc. is also included. “Apparatus” and “system” are used as synonymous terms. Of course, the “system” does not include a social “mechanism” (social system) that is an artificial arrangement.
In addition, when performing a plurality of processes in each module or in each module, the target information is read from the storage device for each process, and the processing result is written to the storage device after performing the processing. is there. Therefore, description of reading from the storage device before processing and writing to the storage device after processing may be omitted. Here, the storage device may include a hard disk, a RAM (Random Access Memory), an external storage medium, a storage device via a communication line, a register in a CPU (Central Processing Unit), and the like.

The server 108 of the information processing apparatus according to the present embodiment enables a user who does not belong to the tenant of the output terminal 144 to use the output terminal 144. As shown in the example of FIG. , Data communication module 112, access authentication module 116, reference destination information management module 120, terminal information management module 124, terminal authentication module 128, tenant information management module 132, access authentication module 136, tenant A content storage 140A, tenant B content storage 140B. The output terminal 144 is an image output terminal, and is, for example, a copier, a fax machine, a printer, or a multifunction machine (an image processing apparatus having any two or more functions of a scanner, a printer, a copier, a fax machine, etc.). Etc. Therefore, the output terminal 144 outputting content (such as a document) mainly means printing an image of the content. The tenant may be a multi-tenant tenant in a cloud service described below, or may be interpreted as a simple organization (such as a company).
A user who can use the output terminal 144 needs to belong to the tenant to which the output terminal 144 belongs. Therefore, a user who does not belong to the tenant of the output terminal 144 (hereinafter also referred to as a guest user) cannot use the output terminal 144.
However, it may be necessary to print out at another company. In order to cope with this case, the tenant management technology needs to store a file (information to be printed out) once in a storage belonging to another tenant. Such a correspondence is not preferable in terms of security. Moreover, it can be solved by preparing an account for the guest user, but it takes man-hours for maintenance for the guest user such as changing the password periodically. Further, the person in charge of the tenant to which the output terminal 144 belongs can be solved by manually granting the authority to the guest user at the time of output at the output terminal 144, but it cannot be used without the person in charge.
Therefore, in this embodiment, a user who does not belong to the tenant of the output terminal 144 accepts an application for using the output terminal 144 and presents an access key in advance. The information registered using the access key is controlled to be output by the output terminal 144.

The data communication module 112 is connected to the data communication module 104 of the client terminal 100 and the data communication module 148 of the output terminal 144. The data communication module 112 communicates with the data communication module 104 of the client terminal 100 and the data communication module 148 of the output terminal 144. From the output terminal 144, the guest user accepts an application for using the output terminal 144 (hereinafter also referred to as a guest use application request), and returns an access key. Further, a request for actually using the output terminal 144 (hereinafter also referred to as a guest use request) is received, and a reference destination information list (for example, a reference destination information table 1500 shown in FIG. 15) is transmitted to the output terminal 144. Further, the content in the tenant A content storage 140A or the tenant B content storage 140B is transmitted to the output terminal 144 as the content to be output by the output terminal 144. Further, content stored in the tenant A content storage 140A or the tenant B content storage 140B is received from the client terminal 100 by the operation of a user (may be a guest user).
The access authentication module 116, in cooperation with the reference destination information management module 120, authenticates the access and changeability based on the access key issued as a reply to the guest use application request.

The reference destination information management module 120 receives an application from the output terminal 144 for a user who does not belong to the tenant of the output terminal 144 to use the output terminal 144. This application operation is performed by the output terminal 144, and the user who applies may be a user who does not belong to the tenant of the output terminal 144 or a user who belongs to the tenant of the output terminal 144. May be. In the case of the former user, an access key is presented, and information may be registered using the access key. On the other hand, in the case of the latter user, the person who receives the access key is different from the person who registers information using the access key (the user who does not belong to the tenant of the output terminal 144). The person who has received the access key needs to convey the access key to the person who registers information using the access key. For example, it may be transmitted using e-mail or the like. In the following example, it is assumed that a user who does not belong to the tenant of the output terminal 144 makes an application.
Then, when receiving the application, the reference destination information management module 120 presents an access key for registering the location where the information output by the output terminal 144 is stored to the output terminal 144 that is the application source. There are tenant A content storage 140A and tenant B content storage 140B as “locations where information output by the output terminal 144 is stored”. Here, two examples (tenant A and tenant B) are shown, but there may be three or more tenant content storages 140. For example, when the output terminal 144 belongs to the tenant A and the user who intends to use the output terminal 144 belongs to the tenant B, generally, the output terminal 144 outputs information in the tenant B content storage 140B. However, the information registered in the tenant B content storage 140B using the access key can also be output by the output terminal 144.
The reference destination information management module 120 accepts the first tenant to which the output terminal 144 belongs, and accepts the second tenant to which the user belongs when the information is registered using the access key. One tenant and a second tenant may be associated with each other.

Specifically, the reference destination information management module 120 performs the following processing.
The reference destination information management module 120 receives an application request from the output terminal 144, and identifies a terminal tenant from the information included in the application request. Then, a table for managing the reference destination information for the guest user is generated. As a result, a plurality of reference destinations can be specified at the time of output at the output terminal 144. Next, an access key to the generated table is generated and notified to the output terminal 144. For example, the access key may be a combination of tenant identification information and an authentication key. This enables use by multiple guest users.
In addition, the reference destination information management module 120 has, as each tenant information, “a parameter that can be selected as a reference destination and parameters for controlling input information essential for reference destination registration”, and generates a reference destination information table. By referring to them, the reference information table may be initialized. For example, there are USB, NFC (Near Field Communication), tenant content storage 140, cloud storage, etc. as reference destination types. Authentication is used as a parameter for controlling input information essential for reference destination registration. There are an ID (IDentification), an authentication password, and the like (specifically, refer to a reference destination type column 1510, an authentication ID column 1515, an authentication PW column 1520, etc. of a reference destination information table 1500 described later in the example of FIG. 15). These improve the security by restricting the usage capabilities of guest users.

More specifically, when the reference destination information management module 120 receives a guest use application request, the reference destination information management module 120 performs the following processing.
-Application generation (or initialization) of the management table (for example, the management table 1400 of the reference destination information table shown in FIG. 14)
-Generation of Access Key The reference destination information management module 120 performs the following processing when adding or changing reference destination information.
-Provision of screen for addition / change (or API)-Refer to information on guest use application terminal (output terminal 144) and reflect available functions on the screen-Add input information to management table or add existing information Change-Tenant Output Terminal Mapping Request When the reference destination information management module 120 receives a guest use request (output request by a guest user) from the output terminal 144, the reference destination information management module 120 performs the following processing.
-A reference destination information list (for example, the reference destination information table 1500 shown in FIG. 15) is returned to the guest use request transmission source terminal (output terminal 144).

The terminal information management module 124 is referred to at the time of authentication of the output terminal 144 by the terminal authentication module 128 and at the time of terminal information mapping between multi-tenants accompanying reference destination information registration. The terminal information management module 124 manages information of the output terminal 144 and responds to information acquisition requests from other modules.
The terminal authentication module 128 authenticates the transmission source terminal (output terminal 144) when receiving the guest use request and the guest use request. The tenant to which the access source terminal (output terminal 144) belongs is specified from the authentication result. This belonging tenant may be used for access key generation.

The tenant information management module 132 performs control so that the information registered using the access key can be output from the output terminal 144.
Further, the tenant information management module 132 may check the expiration date of the access key, and if the expiration date has passed, control may be performed so that the access key cannot be used.
Further, the tenant information management module 132 receives information from the tenant content storage 140 (tenant B content storage 140B in the above example) belonging to the second tenant associated with the first tenant by the reference destination information management module 120. And the information may be controlled to be output from the output terminal 144.
Further, the tenant information management module 132 further performs control so that information obtained from the terminal possessed by the user or the cloud storage device 176 specified by the user's operation can be output from the output terminal 144. May be.

Specifically, the tenant information management module 132 performs the following processing.
The tenant information management module 132 authenticates the access key by the access authentication module 136, and adds or changes the reference destination information table. This allows the guest user to arbitrarily specify the reference destination, and enables secure access to the reference destination.
Further, the tenant information management module 132 manages the life cycle of the reference destination information table. For example, deletion is performed after a predetermined time.
Then, the tenant information management module 132 passes the reference destination information table to the output terminal 144 and controls the guest user to use it. This enables the guest user to use the output terminal 144. The output terminal 144 accesses each reference destination based on the reference destination information table, and displays content (for example, a list of names of documents and the like that can be output by the output terminal 144). Then, the output terminal 144 outputs the content selected by the guest user. Further, depending on the function of the output terminal 144, in addition to the content registered in advance in the tenant content storage 140, reference destination candidates (for example, the mobile storage device 168 and the cloud storage device 176 capable of proximity data communication) are displayed as guest users. To present. It offers more choices for guest users.
More specifically, the tenant information management module 132 manages tenant related information (for example, owned output terminal information, registered user information).
When adding or changing reference destination information, the following processing is performed.
-If the reference destination to be added is another tenant, add the terminal under the guest usage application tenant to the primary usage terminal information of the tenant.
When a guest user uses it, the following processing is performed.
-Document access authentication is performed based on information transmitted from the output terminal 144.
In addition, the life cycle management (for example, deletion of expiration information) of the primary usage terminal is also performed.

The access authentication module 136 cooperates with the tenant information management module 132 to authenticate access and changeability regarding tenant information, user information, content in the tenant content storage 140, and the like.
The tenant A content storage 140A stores content stored by users belonging to the tenant A.
The tenant B content storage 140B stores content stored by users belonging to the tenant B. Content stored in the tenant content storage 140 is output by the output terminal 144.

The client terminal 100 has a data communication module 104. The client terminal 100 is specifically a personal computer or the like that can communicate with the server 108, and is used by, for example, a guest user who has acquired an access key.
The data communication module 104 is connected to the data communication module 112 of the server 108. The data communication module 104 communicates with the data communication module 112 of the server 108. In order to store the content to be output by the output terminal 144 in the tenant content storage 140, the content is transmitted to the server 108. In this case, when the output terminal 144 is used as a guest user, an access key is transmitted.

The output terminal 144 includes a data communication module 148, a proximity data communication module 152, a guest usage processing module 156, a guest usage application processing module 160, and a user interface module 164.
The data communication module 148 is connected to the data communication module 112 of the server 108 and the data communication module 180 of the cloud storage device 176. The data communication module 148 communicates with the data communication module 112 of the server 108 and the data communication module 180 of the cloud storage device 176.
The proximity data communication module 152 is connected to the proximity data communication module 172 of the mobile storage device 168. The proximity data communication module 152 communicates with the proximity data communication module 172 of the mobile storage device 168.
The guest use processing module 156 causes the output terminal 144 to perform processing based on the operation of the guest user. Specifically, it is content output processing.
The guest use application processing module 160 requests the server 108 to use the output terminal 144 by the guest user. That is, a guest use application request is transmitted to the server 108. Specifically, unique information (for example, a terminal ID) of the own terminal (output terminal 144) is set, and a guest use application request is transmitted to the server 108.
The user interface module 164 receives a user operation on the output terminal 144 and presents information to the user. For example, a user operation using a mouse, a keyboard, a touch panel, voice, or the like is accepted, and information is presented on a display device such as a liquid crystal display.

The mobile storage device 168 has a proximity data communication module 172. The mobile storage device 168 is possessed by a user (may be a guest user), and stores content to be output by the output terminal 144.
The proximity data communication module 172 is connected to the proximity data communication module 152 of the output terminal 144. The proximity data communication module 172 communicates with the proximity data communication module 152 of the output terminal 144. The content stored in the mobile storage device 168 is transmitted to the output terminal 144.
The cloud storage device 176 has a data communication module 180. The cloud storage device 176 stores content that a user (may be a guest user) outputs from the output terminal 144.
The data communication module 180 is connected to the data communication module 148 of the output terminal 144. The data communication module 180 communicates with the data communication module 148 of the output terminal 144. The content stored in the cloud storage device 176 is transmitted to the output terminal 144.

The content output from the output terminal 144 is stored in any one of the tenant content storage 140, the mobile storage device 168, and the cloud storage device 176. An actual usage example at the acquisition destination of the content to be output is shown below.
-When a guest use request is made at the output terminal 144 of the tenant A and the tenant B is added as reference destination information, the tenant B content together with the shared content in the tenant A content storage 140A when the guest user output terminal 144 is used The contents owned by the guest user in the storage 140B are also displayed in a list.
-When a guest use request is made at the output terminal 144 of the tenant A and external cloud storage is added as reference destination information, the guest in the cloud storage device 176 is shared with the shared content in the tenant A content storage 140A when the guest is used List content owned by users.
-When a guest use application is made at the output terminal 144 of the tenant A, and the proximity data communication module 152 (or USB port, etc.) of the output terminal 144 is added as reference destination information, the shared content in the tenant A when using the guest A list of contents in the mobile storage device 168 owned by the guest user read via the proximity data communication module 152 is also displayed.

FIG. 2 is an explanatory diagram showing a system configuration example using the present embodiment.
The client terminal 100, the server 108, the output terminal 144, and the cloud storage device 176 are connected via a communication line 290, respectively. The communication line 290 may be wireless, wired, or a combination thereof, for example, the Internet as a communication infrastructure. The output terminal 144 and the mobile storage device 168 are connected by proximity wireless communication, USB, or the like.
The function by the server 108 may be realized as a cloud service for tenant management (including output management of the output terminal 144) for constructing a multi-tenant.

FIG. 3 is a conceptual module configuration diagram of a configuration example of the present embodiment. An arrow indicating processing is added to the module configuration diagram shown in the example of FIG.
The process of Step A shows a processing example of an application request for guest use.
The guest use application processing module 160 sets the unique information of the own terminal and transmits a guest use application request to the server 108. (Step A1)
The terminal authentication module 128 authenticates the transmission source terminal using the terminal information management module 124 when receiving the guest use application request (Step A1). The tenant to which the access source terminal belongs is also identified from the authentication result.
Then, the following processing is performed when the guest use application request is received. (Step A2)
-Management table application generation (or initialization)
-Access key generation

The process of Step B shows a processing example related to the specification of the content to be output by the guest user.
The reference destination information management module 120 performs the following processing when adding or changing reference destination information.
-Provision of screen for addition / change (or API) (Step B1)
-Refer to the information on the guest application terminal and reflect the available functions on the above screen (Step B1)
-Use the access authentication module 116 to authenticate whether or not change is possible based on the access key issued at the time of guest use application. (Step B1)
-Add input information to the management table or change existing information (Step B1)
-Output terminal mapping request between tenants (Step B2)
Then, when the reference destination information is added or changed, the tenant information management module 132 adds a terminal under the guest usage application tenant to the primary usage terminal information of the corresponding tenant when the reference destination to be added is another tenant. (Step B2)

The processing of Step C shows an example of usage processing of the guest user output terminal 144.
The reference destination information management module 120 uses the access authentication module 116 to authenticate access based on the access key issued at the time of guest use application. (StepC1)
When receiving the guest use request, the reference destination information management module 120 returns a reference destination information list to the request transmission source terminal. (StepC1)
The terminal authentication module 128 authenticates the transmission source terminal when receiving the guest usage request. (Step C2)
The tenant information management module 132 performs document access authentication based on information transmitted from the output terminal 144 when using the guest. (Step C2)

4 to 9 are flowcharts showing processing examples of the present embodiment. In these flowcharts, processing by the output terminal 144 is surrounded by a solid line frame, processing by the server 108 is surrounded by a dotted line frame, and processing by the client terminal 100 is surrounded by a double line frame.
The flowchart shown in the example of FIG. 4 (application process flow for guest use) will be described.
In step S402, the “Guest use application” menu is selected in accordance with a user operation. For example, the guest user selects the “Guest use application” menu on the user interface of the output terminal 144.
In step S404, terminal information (for example, terminal ID) of the output terminal 144 is collected.
In step S406, a “guest use request” is transmitted. For example, the output terminal 144 sets its own terminal ID in a guest use application request and transmits it to the server 108.
In step S408, a “guest application request” is received.
In step S410, terminal authentication is performed. For example, the server 108 compares the terminal ID read from the received “guest use application request” with the terminal information table 1300 and performs authentication processing.
In step S412, it is determined whether or not the authentication is successful. If successful, the process proceeds to step S418. Otherwise, the process proceeds to step S414.
In step S414, a failure response is made.
In step S416, a failure response is received.

In step S418, the terminal information (owned function: belonging tenant) is referred to. For example, after the authentication is successful, the terminal information table 1300 is referred to again, and the affiliation tenant information (affiliation tenant ID column 1310) and proximity data transmission / reception unit information (USB presence / absence column 1325, NFC presence / absence column 1330) of the output terminal 144 (if any) )get.
In step S420, the tenant information (table initialization control parameter) is referred to. For example, further refer to “table initialization control parameters” (reference destination type column 1510, authentication ID column 1515, authentication PW column 1520, etc.) in the reference destination information table 1500 corresponding to the belonging tenant information (affiliated tenant ID column 1310). To do.
In step S422, a management table 1400 of the reference destination information table is generated. For example, the management table 1400 of the reference destination information table is generated, and the management table 1400 of the reference destination information table is initialized based on the acquired information. The internal structure of the management table 1400 of the reference destination information table will be described later.
In step S424, a table access key is generated.
In step S426, a table access key is returned. For example, an access key for adding, changing, or acquiring reference destination information is generated and returned to the output terminal 144. The guest user performs the subsequent processing (the flow illustrated in FIG. 7 and the like) using this access key.
In step S428, a table access key user interface is displayed.

A flowchart (a guest use / outputable content list acquisition process flow) shown in the example of FIG. 5 will be described.
In step S502, the “guest use” menu is selected. For example, the guest user selects a “guest use” menu on the user interface of the output terminal 144.
In step S504, an access key is input.
In step S506, a “reference destination information” acquisition request is transmitted. For example, a printable document list acquisition request is transmitted to the server 108 using the access key received in the guest use application in the flow of FIG.
In step S508, a “reference destination information” acquisition request is received.
In step S510, terminal authentication is performed. Detailed processing will be described later using the flowchart shown in the example of FIG.
In step S512, table access authentication is performed.
In step S514, it is determined whether or not the authentication is successful. If successful, the process proceeds to step S520. Otherwise, the process proceeds to step S516.
In step S516, a failure response is made.
In step S518, a failure response is received.

In step S520, reference destination information is returned. For example, the server 108 authenticates access to the management table 1400 of the reference destination information table, and if successful, returns the reference destination information table 1500 to the output terminal 144.
In step S522, access is performed for each reference destination.
In step S524, it is determined whether or not the authentication is successful. If successful, the process proceeds to step S526. Otherwise, the process proceeds to step S528.
In step S526, the document list is acquired and displayed. For example, based on the received information, the output terminal 144 acquires and displays a list of guest user documents at each reference destination according to the reference destination type. Reference destination type examples (tenant content storage 140 of another tenant, external cloud storage device 176, mobile storage device 168) will be described later.
In step S528, an error is displayed.

The flowchart (terminal authentication process flow) shown in the example of FIG. 6 will be described.
In step S602, terminal information is transmitted.
In step S604, the terminal affiliation tenant ID is specified.
In step S606, it is determined whether or not it matches the own tenant ID. If they match, the process proceeds to step S614, and otherwise, the process proceeds to step S608.
In step S608, it is determined whether there is a registration in the temporary use list. If there is, the process proceeds to step S610, and otherwise, the process proceeds to step S616.
In step S610, the temporary usage information table is referenced.
In step S612, it is determined whether or not there is a terminal affiliation tenant ID. If there is, the process proceeds to step S614, and if not, the process proceeds to step S616.
In step S614, authentication is permitted.
In step S616, authentication is not permitted.

A flowchart (reference destination information registration flow) shown in the example of FIG. 7 will be described.
In step S702, the reference destination information registration WEB is accessed. For example, the guest user accesses the reference destination information registration WEB.
In step S704, the access key is transmitted. For example, the access key received in the guest use application in the flow of FIG. 4 is input.
In step S706, table access authentication is performed.
In step S708, it is determined whether or not the authentication is successful. If successful, the process proceeds to step S710, and otherwise, the process proceeds to step S724. For example, the server 108 performs access key authentication, and when successful, returns a reference destination information input screen. Screen samples and the like will be described later.

In step S710, a reference destination information registration user interface is provided.
In step S712, registration information is input and transmitted. A reference destination type is selected, necessary information is input, and then transmitted to the server 108. Reference destination type selection and the like will be described later.
In step S714, it is determined whether or not another tenant is applicable. If applicable, the process proceeds to step S716, and otherwise, the process proceeds to step S720. The server 108 determines the type of registration information to be received, and performs the processes of steps S716 and S718 only when corresponding to another tenant.
In step S716, information on other tenant-owned terminals is acquired. For example, with reference to the tenant information table 1000, information on owned terminals of other tenants is acquired.
In step S718, the guest use application tenant is temporarily registered. For example, the information acquired in step S716 is added to the temporary use information table 1100 of the guest use application tenant. The relationship between the tenant information table 1000 and the temporary use information table 1100 will be described later.
In step S720, information is recorded.
In step S722, a process completion response is sent. When all the information is stored, the client terminal 100 is responded.
In step S724, a failure response is made.
In step S726, a response is received.

The flowchart (reference destination table life cycle process flow) shown in the example of FIG. 8 will be described.
In step S802, it is determined whether or not a trigger is detected. If detected, the process proceeds to step S804. Otherwise, the process ends (step S899). For example, when the start trigger of the life cycle confirmation process is detected, the expiration date of each reference destination table is confirmed. Examples of the trigger include a specific time and a call from a program.
In step S804, the expiration date of the reference destination table (plurality) is confirmed.
In step S806, it is determined whether or not it has expired. If it has expired, the process proceeds to step S808. Otherwise, the process ends (step S899). If it has expired, check whether other tenants are included as internal reference destinations.
In step S808, it is determined whether or not other tenants are to be referred to internally. If so, the process proceeds to step S810, and otherwise, the process proceeds to step S812.
In step S810, the terminal temporary registration with another tenant is deleted. For example, when other tenants are included in the confirmation processing in step S808, the terminals belonging to the guest use application tenant (that is, the tenant ID at the time of creation of the reference destination information table 1500) registered primarily with the tenant are cleared. .
In step S812, the reference destination information table 1500 is deleted.

The flowchart (document print processing flow) shown in the example of FIG. 9 will be described.
In step S902, an output target document is selected. For example, the guest user selects a print target document from a list of printable documents displayed on the user interface of the output terminal 144 and issues a print instruction.
In step S904, the data of the output target document is downloaded. For example, the output terminal 144 downloads the target document from the server 108.
In step S906, printing is performed.
In step S908, the print log is transmitted. For example, after printing is completed, the executed print log is transmitted to the server 108.

FIG. 10 is an explanatory diagram showing an example of the data structure of the tenant information table 1000.
The tenant information table 1000 includes a tenant ID column 1005, a registration date / time column 1010, an expiration date column 1015, an owner ID column 1020, another tenant availability column 1025, a cloud availability column 1030, a USB availability column 1035, an NFC availability column 1040, and a reference table. It has an effective date column 1045 and a temporary use list ID column 1050.
The tenant ID column 1005 stores information (tenant ID) for uniquely identifying a tenant in the present embodiment. The registration date / time column 1010 stores the registration date / time of the tenant (may be year, month, day, hour, minute, second, second or less, or a combination thereof). The expiration date column 1015 stores an expiration date. In the present embodiment, the owner ID column 1020 stores information (owner ID) for uniquely identifying the owner. The other tenant availability column 1025 stores the availability of other tenants. The cloud availability column 1030 stores cloud availability. The USB availability column 1035 stores the availability of USB. The NFC availability column 1040 stores NFC availability. The reference destination table effective date column 1045 stores the reference destination table effective date. In the present embodiment, temporary use list ID column 1050 stores information (temporary use list ID) for uniquely identifying the temporary use list.

FIG. 11 is an explanatory diagram showing an example of the data structure of the temporary usage information table 1100.
The temporary use information table 1100 has a list ID column 1105 and a tenant ID column 1110.
In the present embodiment, the list ID column 1105 stores information (list ID) for uniquely identifying the list. The tenant ID column 1110 stores a tenant ID.

FIG. 12 is an explanatory diagram showing an example of the data structure of the user information table 1200.
The user information table 1200 includes a user ID column 1205, a belonging tenant ID column 1210, a generation date / time column 1215, an expiration date column 1220, and a user information column 1225.
The user ID column 1205 stores information (user ID) for uniquely identifying a user in the present embodiment. The belonging tenant ID column 1210 stores the belonging tenant ID. The generation date / time column 1215 stores the generation date / time. The expiration date column 1220 stores an expiration date. The user information column 1225 stores user information.

FIG. 13 is an explanatory diagram showing an example of the data structure of the terminal information table 1300.
The terminal information table 1300 includes a terminal ID column 1305, a belonging tenant ID column 1310, a generation date / time column 1315, an expiration date column 1320, a USB presence / absence column 1325, and an NFC presence / absence column 1330.
In the present embodiment, terminal ID column 1305 stores information (terminal ID) for uniquely identifying a terminal. The belonging tenant ID column 1310 stores the belonging tenant ID. The generation date / time column 1315 stores the generation date / time. The expiration date column 1320 stores an expiration date. The USB presence / absence column 1325 stores the presence / absence of USB. The NFC presence / absence column 1330 stores the presence / absence of NFC.

FIG. 14 is an explanatory diagram showing an example of the data structure of the management table 1400 of the reference destination information table.
The management table 1400 of the reference information table includes an ID column 1405, a generation date / time column 1410, an expiration date column 1415, an application tenant ID column 1420, an application terminal ID column 1425, and an access key column 1430.
The ID column 1405 stores an ID. The generation date / time column 1410 stores the generation date / time. The expiration date column 1415 stores an expiration date. The application tenant ID column 1420 stores the application tenant ID. Application terminal ID column 1425 stores an application terminal ID. The access key column 1430 stores an access key.

FIG. 15 is an explanatory diagram showing an example of the data structure of the reference destination information table 1500.
The reference destination information table 1500 includes a reference destination table ID column 1505, a reference destination type column 1510, an authentication ID column 1515, an authentication PW column 1520, a URL column 1525, and a tenant ID column 1530.
In the present embodiment, the reference destination table ID column 1505 stores information (reference destination table ID) for uniquely identifying the reference destination table. The reference destination type column 1510 stores a reference destination type. The authentication ID column 1515 stores an authentication ID. The authentication PW column 1520 stores the authentication PW. The URL column 1525 stores a URL. The tenant ID column 1530 stores the tenant ID.

A specific example of terminal information mapping (association) processing between multi-tenants will be described below.
(Step 1) A user (guest user) belonging to the tenant 2 applies for guest use at the terminal 400001 of the tenant 4 and obtains an access key (first line of the access key column 1430 of the management table 1400 of the reference information table) reference).
(Step 2) The guest user accesses the connection destination registration WEB and adds the own tenant 2 (see the third line of the tenant ID column 1530 of the reference destination information table 1500).
(Step 3) Since the tenant has applied for guest use in the tenant 4, a primary use list ID is generated (see the second line of the temporary use list ID column 1050 of the tenant information table 1000).
(Step 4) The guest use application tenant ID (4) is entered in the primary use list ID generated in Step 3 (first line of the tenant ID column 1110 of the temporary use information table 1100).
(Step 5) In authentication of the output terminal 144, the tenant ID specified from the terminal information table 1300 (the belonging tenant ID column 1310) and the tenant ID (tenant ID column 1005) in the tenant information table 1000 or the tenant ID in the primary usage table 1100 (Tenant ID column 1110) is collated (refer to the first line of the belonging tenant ID column 1310 of the terminal information table 1300). Specifically, when a user (including a guest user) uses the output terminal 144 (terminal ID: 400001) of the tenant 4, the terminal ID is in the first line (tenant 4) of the temporary usage information table 1100. Tenant 2 of the tenant information table 1000 corresponding to the tenant 4 (the list ID: a is extracted from the list ID column 1105 in the first row of the temporary usage information table 1100, and the list ID: a is stored in the temporary usage list ID column 1050. The content in the tenant content storage 140 of the second line of the tenant information table 1000 that the tenant information table 1000 has and the tenant 2 is extracted from the tenant ID column 1005 on the second line can be included in the output available list.

The following can be mentioned as characteristics of the table structure.
(1) Even from the same terminal, a new table (in this example, a new ID) is generated each time a guest use application is made (see the application terminal ID column 1425 of the management table 1400 of the reference destination information table).
(2) The expiration date of the new table is unique information of the tenant to which the application terminal belongs (changeable by the administrator) (reference destination table effective date column 1045 of the tenant information table 1000, management of the reference destination information table) (See the expiration date column 1415 of the table 1400).
(3) The belonging tenant is specified from the terminal ID included in the guest use application request (see the belonging tenant ID column 1310 of the terminal information table 1300 and the application tenant ID column 1420 of the management table 1400 of the reference information table).
(4) Registration of reference destination information Reference destinations that can be selected in the user interface are determined by the unique information of the tenant to which the guest use application terminal belongs (can be changed by the administrator) (see the cloud availability column 1030 in the tenant information table 1000). .
(5) The table access key issued at the time of guest use application issues a different key each time an application is made (see the access key column 1430 of the management table 1400 of the reference destination information table).
(6) A plurality of primary use tenants can be merged into the guest use application tenant and there is a list for managing them (see the temporary use list ID column 1050 of the tenant information table 1000 and the list ID column 1105 of the temporary use information table 1100). .
(7) The displayable menu changes depending on the setting in (4) (see the reference type selection area 1620 on the screen 1600b).
(8) Whether or not it is an essential input item can also be controlled by parameters in the tenant information (see screen 1600c).

FIG. 16 is an explanatory diagram illustrating a processing example according to the present embodiment. A screen 1600 shows the content displayed on the display device of the client terminal 100.
As shown in the example of FIG. 16A, in the initial stage of the output terminal 144, an access key input area 1610 and a “Next” button 1615 are displayed on the screen 1600a. When an access key is input to the access key input area 1610 by the guest user and the “Next” button 1615 is selected, the screen moves to the screen 1600b.
As shown in the example of FIG. 16B, a reference destination type selection area 1620 and a “next” button 1625 are displayed on the screen 1600b. In the reference destination type selection area 1620, for example, a reference destination type (a tenant content storage 140 of a tenant different from the tenant to which the output terminal 144 belongs, the cloud storage device 176) is selected in a pull-down menu format. . When the “Next” button 1625 is selected, if the mobile storage device 168 is selected, the screen moves to the screen 1600c, and if the tenant content storage 140 of another tenant is selected, the screen moves to the screen 1600d, and the cloud storage device If 176 is selected, the screen moves to the screen 1600e.
As shown in the example of FIG. 16C, an authentication ID column 1630, an authentication PW column 1635, and a registration button 1640 are displayed on the screen 1600c. The guest user inputs the authentication ID field 1630 and the authentication PW field 1635, and selects the registration button 1640.
As shown in the example of FIG. 16D, an authentication ID column 1645, an authentication PW column 1650, a tenant ID column 1655, and a registration button 1660 are displayed on the screen 1600d. The guest user inputs the authentication ID column 1645, the authentication PW column 1650, and the tenant ID column 1655, and selects the registration button 1660. If a tenant ID different from the output terminal 144 is registered as reference destination information in the tenant ID column 1655, the primary usage list ID column 1050 in the tenant information table 1000 is searched, and if not, it is newly generated. If there is, data is added to the primary usage information table 1100.
As shown in the example of FIG. 16E, an authentication ID field 1665, an authentication PW field 1670, a URL field 1675, and a registration button 1680 are displayed on the screen 1600e. The guest user inputs the authentication ID field 1665, the authentication PW field 1670, and the URL field 1675, and selects the registration button 1680.

FIG. 17 is an explanatory diagram showing a processing example according to the present embodiment.
The reference destination information table 1500 shown in the example of FIG. 17A is the same as that shown in the example of FIG. When a reference destination is defined as in the reference destination information table 1500 and a smartphone (an example of the mobile storage device 168) is held over NFC (an example of the proximity data communication module 152) of the output terminal 144 to execute use by a guest user The acquired file list screen 1700 as shown in the example of FIG. 17B is displayed on a display device such as a liquid crystal display. The contents of the acquired file list screen 1700 are acquired as follows.
First, a shared document in the tenant to which the output terminal 144 belongs is acquired. This example is a default behavior example and may not be present.
Next, the USB port of the output terminal 144 is read, but since there is no medium, a read error is displayed. Even when USBs with different password settings are connected, the acquisition result is also an error.
-Next, the smartphone storage is read and the files stored in the smartphone are displayed.
Next, the tenant specified in the reference destination information table 1500 is accessed, and the user account is set to log in to obtain a list of related documents.
Finally, the user accesses the designated URL (“GggggggDrive” and “OooDrive” as an example of the cloud storage device 176), logs in with the designated account, and acquires a document list therein. It is assumed that the external cloud connection conforms to the API.

  A hardware configuration example of the information processing apparatus according to this embodiment will be described with reference to FIG. The configuration illustrated in FIG. 18 is configured by a personal computer (PC), for example, and shows a hardware configuration example including a data reading unit 1817 such as a scanner and a data output unit 1818 such as a printer.

  A CPU (Central Processing Unit) 1801 includes various modules described in the above-described embodiments, that is, the data communication module 104, the data communication module 112, the access authentication module 116, the reference information management module 120, and the terminal information management module 124. , Terminal authentication module 128, tenant information management module 132, access authentication module 136, tenant content storage 140, data communication module 148, proximity data communication module 152, guest usage processing module 156, guest usage application processing module 160, user interface module 164 Describes the execution sequence of each module such as the proximity data communication module 172 and the data communication module 180 The control unit executes processing according to the computer program.

  A ROM (Read Only Memory) 1802 stores programs used by the CPU 1801, calculation parameters, and the like. A RAM (Random Access Memory) 1803 stores programs used in the execution of the CPU 1801, parameters that change as appropriate during the execution, and the like. These are connected to each other by a host bus 1804 including a CPU bus or the like.

  The host bus 1804 is connected to an external bus 1806 such as a PCI (Peripheral Component Interconnect / Interface) bus via a bridge 1805.

  A keyboard 1808 and a pointing device 1809 such as a mouse are input devices operated by an operator. The display 1810 includes a liquid crystal display device or a CRT (Cathode Ray Tube), and displays various types of information as text or image information.

  An HDD (Hard Disk Drive) 1811 includes a hard disk, drives the hard disk, and records or reproduces a program executed by the CPU 1801 and information. The hard disk realizes functions as a tenant information table 1000, a temporary usage information table 1100, a user information table 1200, a terminal information table 1300, a reference information table management table 1400, a reference information table 1500, and the like. Further, various other data, various computer programs, and the like are stored.

  The drive 1812 reads data or a program recorded on a removable recording medium 1813 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory, and the data or program is read out to the interface 1807 and the external bus 1806. , A bridge 1805, and a RAM 1803 connected via a host bus 1804. The removable recording medium 1813 can also be used as a data recording area similar to a hard disk.

  The connection port 1814 is a port for connecting the external connection device 1815 and has a connection unit such as USB, IEEE1394. The connection port 1814 is connected to the CPU 1801 and the like via the interface 1807, the external bus 1806, the bridge 1805, the host bus 1804, and the like. A communication unit 1816 is connected to a communication line and executes data communication processing with the outside. The data reading unit 1817 is a scanner, for example, and executes document reading processing. The data output unit 1818 is, for example, a printer, and executes document data output processing.

  Note that the hardware configuration of the information processing apparatus illustrated in FIG. 18 illustrates one configuration example, and the present embodiment is not limited to the configuration illustrated in FIG. 18, and the modules described in the present embodiment are executed. Any configuration is possible. For example, some modules may be configured with dedicated hardware (for example, Application Specific Integrated Circuit (ASIC), etc.), and some modules are in an external system and connected via a communication line In addition, a plurality of systems shown in FIG. 18 may be connected to each other via communication lines so as to cooperate with each other. Further, it may be incorporated in a copying machine, a fax machine, a scanner, a printer, a multifunction machine or the like.

The program described above may be provided by being stored in a recording medium, or the program may be provided by communication means. In that case, for example, the above-described program may be regarded as an invention of a “computer-readable recording medium recording the program”.
The “computer-readable recording medium on which a program is recorded” refers to a computer-readable recording medium on which a program is recorded, which is used for program installation, execution, program distribution, and the like.
The recording medium is, for example, a digital versatile disc (DVD), which is a standard established by the DVD Forum, such as “DVD-R, DVD-RW, DVD-RAM,” and DVD + RW. Standard “DVD + R, DVD + RW, etc.”, compact disc (CD), read-only memory (CD-ROM), CD recordable (CD-R), CD rewritable (CD-RW), Blu-ray disc ( Blu-ray (registered trademark) Disc), magneto-optical disk (MO), flexible disk (FD), magnetic tape, hard disk, read-only memory (ROM), electrically erasable and rewritable read-only memory (EEPROM (registered trademark)) )), Flash memory, Random access memory (RAM) SD (Secure Digital) memory card and the like.
The program or a part of the program may be recorded on the recording medium for storage or distribution. Also, by communication, for example, a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), a wired network used for the Internet, an intranet, an extranet, or a wireless communication It may be transmitted using a transmission medium such as a network or a combination of these, or may be carried on a carrier wave.
Furthermore, the program may be a part of another program, or may be recorded on a recording medium together with a separate program. Moreover, it may be divided and recorded on a plurality of recording media. Further, it may be recorded in any manner as long as it can be restored, such as compression or encryption.

DESCRIPTION OF SYMBOLS 100 ... Client terminal 104 ... Data communication module 108 ... Server 112 ... Data communication module 116 ... Access authentication module 120 ... Reference information management module 124 ... Terminal information management module 128 ... Terminal authentication module 132 ... Tenant information management module 136 ... Access authentication Module 140A ... Tenant A content storage 140B ... Tenant B content storage 144 ... Output terminal 148 ... Data communication module 152 ... Proximity data communication module 156 ... Guest use application processing module 160 ... Guest use application processing module 164 ... User interface module 168 ... Mobile storage Device 172 ... Proximity data communication module 176 ... Cloud storage device 180 ... Data communication Module 290 ... communication line

Claims (4)

Accepting means for accepting an application for a user who does not belong to the tenant of the image output terminal to use the image output terminal;
When the accepting means accepts the application, a presenting means for presenting an access key for registering a place where the information output by the image output terminal is stored to the application source;
Control means for controlling the information registered using the access key so that the information can be output from the image output terminal ;
When the proximity data communication is registered using the access key, the control means performs control so that information obtained from a terminal possessed by the user can be output from the image output terminal. An information processing apparatus characterized by that. The information processing apparatus according to claim 1, wherein the control unit checks an expiration date of the access key, and controls so that the access key cannot be used when the expiration date has passed. The accepting means accepts a first tenant to which the image output terminal belongs;
When the information is registered using the access key, the information processing apparatus further includes an association unit that accepts the second tenant to which the user belongs and associates the first tenant with the second tenant,
The control unit extracts information from the storage unit belonging to the second tenant associated with the first tenant by the association unit, and enables the information to be output from the image output terminal. The information processing apparatus according to claim 1, wherein the information processing apparatus is controlled as follows. Computer
Accepting means for accepting an application for a user who does not belong to the tenant of the image output terminal to use the image output terminal;
When the accepting means accepts the application, a presenting means for presenting an access key for registering a place where the information output by the image output terminal is stored to the application source;
The information registered using the access key functions as a control means for controlling to enable output from the image output terminal ,
When the proximity data communication is registered using the access key, the control means performs control so that information obtained from a terminal possessed by the user can be output from the image output terminal. Information processing program.

Images