JP6690186B2 - Service providing system, service providing method, information processing device, and program - Google Patents

Description

  The present invention relates to a service providing system, a service providing method, an information processing device, and a program.

  In recent years, an increasing number of companies are introducing cloud services. The cloud service is a service provided by cloud computing technology. An example of the cloud service is a print service that uses a PIN (Personal Identification Number) code.

  For example, a conventional printing system using a PIN code receives an electronic mail to which electronic data to be printed is attached from a user terminal, stores the print data in association with the PIN code, and then saves the PIN code by an electronic mail to the user. Reply to. The user inputs the PIN code into the image forming apparatus for which printing is desired. The conventional printing system can print the print data of the print target requested by the user by acquiring the electronic data of the print target stored in association with the PIN code (see, for example, Patent Document 1).

  In a service providing system that uses a temporary usage code such as a PIN code as usage identification information, the characteristics of the temporary usage code such as length (number of digits) and expiration date are set so that the matching temporary usage code is not issued accidentally. I need to put it. Therefore, in the conventional service providing system using the temporary use code, the length of the temporary use code may be increased and the expiration date may be shortened due to an increase in services provided and an increase in users. On the other hand, a temporary use code with a long number of digits or a temporary use code with a short expiration date may be inconvenient for the user.

The embodiment of the present invention has been made in view of the above points, and an object of the present invention is to provide a service providing system that can use a convenient usage code .

In order to achieve the above object, according to claim 1 of the present application, an application means for transmitting a usage code to a terminal device and providing a service to the terminal device that has specified the usage code and made a request; Based on a request, a group identification information creating unit that creates group identification information for identifying a group of the use codes , and the group identification information based on a request from the application unit to issue the use code specifying the group identification information. wherein the use code issuing means for issuing a use code, based on the verification requirements of the used code specified the population identification information and the usage code from the application unit, using the code to verify the use code associated with a verification unit, wherein the application means, the use specified in the request And use code verification request means for verifying requests over de with respect to the use code verification means, if the use code verification result is normal by the use code verification means, processing for executing processing in response to the request And an execution unit.

According to the embodiment of the present invention, it is possible to use a convenient usage code .

It is a block diagram of an example of the information processing system which concerns on 1st Embodiment. It is a hardware block diagram of an example of a computer. 1 is a hardware configuration diagram of an example of an image forming apparatus according to a first exemplary embodiment. It is a processing block diagram of an example of the service provision system which concerns on 1st Embodiment. It is a processing block diagram of an example of a client application. It is a processing block diagram of an example of an authentication / authorization unit. It is a block diagram of an example of client information managed by a client management unit. It is a block diagram of an example of temporary use code space information which a temporary use code space information storage part memorizes. It is a block diagram of an example of temporary use code information stored in a temporary use code information storage unit. It is a sequence diagram of an example of a process of the service providing system according to the first embodiment. It is a block diagram of an example of API which creates a temporary use code space. It is a block diagram of an example of API which issues a temporary use code. It is a figure for demonstrating the temporary use code space created for every client application. It is a figure for demonstrating the retention time limit of the characteristic of a temporary use code. It is a sequence diagram of an example of a process of the service providing system according to the second embodiment. It is a block diagram of an example of job information stored in the job information storage unit. It is a block diagram of an example of job information in which a temporary use code is registered. It is an image figure of the screen which makes a temporary use code input as a PIN code. It is a sequence diagram of an example of a process of the service providing system according to the third embodiment. It is a block diagram of another example of the job information stored in the job information storage unit. It is a block diagram of another example of the temporary use code space information stored in the temporary use code space information storage unit. It is a block diagram of an example of temporary use code information stored in a temporary use code information storage unit. It is a block diagram of an example of an authority information management table that stores authority information. It is a block diagram of an example of the authority subject information management table which memorize | stores authority subject information. It is a block diagram of an example of the authority resource information management table which memorize | stores authority resource information. It is a block diagram of an example of the authority action information management table which stores authority action information. It is a block diagram of an example of the authority action entity information management table which stores authority action entity information. It is a block diagram of an example of an authority condition information management table that stores authority condition information. It is a block diagram of an example of the authority API resource information management table which stores authority API resource information. It is a sequence diagram of an example of processing of a service providing system concerning a 4th embodiment. It is an image figure of an example of a user registration URL generation screen. It is an image figure of an example of the text of the mail which notifies a general user the URL for user registration. It is an explanatory view of an example which shows the request of API performed in Step S102, and its response. It is explanatory drawing of an example which shows the request of API performed by step S107. It is a figure of an example which shows correspondence between tables.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[First Embodiment]
<System configuration>
FIG. 1 is a block diagram of an example of an information processing system according to the first embodiment. The information processing system 1000 in FIG. 1 includes a network N1 such as an in-office network and a network N2 such as the Internet.

  The network N1 is a private network inside the firewall FW. The firewall FW is installed at the contact point between the network N1 and the network N2, and detects and blocks unauthorized access. An image forming apparatus 1013 such as a client terminal 1011, a mobile terminal 1012, and a multifunction peripheral is connected to the network N1.

  The client terminal 1011 is an example of a terminal device. The client terminal 1011 can be realized by an information processing device equipped with a general OS or the like. The client terminal 1011 has a wireless communication means or a wired communication means. The client terminal 1011 is a user-operable terminal such as a desktop PC or a notebook PC.

  The mobile terminal 1012 is an example of a terminal device. The mobile terminal 1012 has a wireless communication means or a wired communication means. The mobile terminal 1012 is a terminal that a user can carry and operate, such as a smartphone, a mobile phone, or a tablet PC.

  The image forming apparatus 1013 is an apparatus having an image forming function such as a multifunction peripheral. The image forming apparatus 1013 is also an example of a terminal device. The image forming apparatus 1013 has a wireless communication unit or a wired communication unit.

  The image forming apparatus 1013 is an apparatus that performs processing related to image formation, such as a multifunction peripheral, a copier, a scanner, a printer, a laser printer, a projector, and an electronic blackboard. Although FIG. 1 shows an example in which each of the client terminal 1011, the mobile terminal 1012, and the image forming apparatus 1013 is one, it may be plural.

  A mobile terminal 1012 and a service providing system 1014 are connected to the network N2. The mobile terminal 1012 may be in a network other than the network N1 such as an in-office network, and an example in which it is connected to the network N1 and the network N2 is shown in FIG.

  The service providing system 1014 is realized by one or more information processing devices. The service providing system 1014 is an example of a system that provides some service to the client terminal 1011, the mobile terminal 1012, and the image forming apparatus 1013. The details of the service providing system 1014 will be described later.

<Hardware configuration>
The client terminal 1011 and the mobile terminal 1012 in FIG. 1 are realized by a computer having a hardware configuration as shown in FIG. 2, for example. Further, one or more information processing devices that realize the service providing system 1014 are also realized by a computer having the hardware configuration shown in FIG.

  FIG. 2 is a hardware configuration diagram of an example of a computer. The computer 100 of FIG. 2 includes an input device 101, a display device 102, an external I / F 103, a RAM 104, a ROM 105, a CPU 106, a communication I / F 107, an HDD 108, and the like, which are interconnected by a bus B.

  The input device 101 includes a keyboard, a mouse, a touch panel, etc., and is used by the user to input each operation signal. The display device 102 includes a display and the like, and displays the processing result by the computer 100. The input device 101 and the display device 102 may be connected and used when necessary.

  The communication I / F 107 is an interface that connects the computer 100 to the networks N1 and N2. As a result, the computer 100 can perform data communication via the communication I / F 107.

  The HDD 108 is a non-volatile storage device that stores programs and data. The stored programs and data include, for example, an OS that is basic software that controls the entire computer 100 and application software that provides various functions on the OS. The computer 100 may use a drive device (for example, a solid state drive: SSD) that uses a flash memory as a storage medium instead of the HDD 108.

  The external I / F 103 is an interface with an external device. The external device includes a recording medium 103a and the like. This allows the computer 100 to read and / or write to the recording medium 103a via the external I / F 103. The recording medium 103a includes a flexible disk, CD, DVD, SD memory card, USB memory and the like.

  The ROM 105 is a non-volatile semiconductor memory (storage device) that can retain programs and data even when the power is turned off. The ROM 105 stores programs and data such as a BIOS executed when the computer 100 is started up, OS settings, and network settings. The RAM 104 is a volatile semiconductor memory (storage device) that temporarily holds programs and data.

  The CPU 106 is an arithmetic device that realizes control and functions of the entire computer 100 by reading programs and data from a storage device such as the ROM 105 and the HDD 108 onto the RAM 104 and executing processing.

  The client terminal 1011 and the mobile terminal 1012 in FIG. 1 can realize various processes as described later by the hardware configuration of the computer 100. Further, one or more information processing devices that implement the service providing system 1014 can also implement various types of processing to be described later by the hardware configuration of the computer 100.

  FIG. 3 is a hardware configuration diagram of an example of the image forming apparatus according to the first embodiment. The image forming apparatus 1013 illustrated in FIG. 3 includes a controller 201, an operation panel 202, an external I / F 203, a communication I / F 204, a printer 205, a scanner 206, and the like.

  The controller 201 includes a CPU 211, a RAM 212, a ROM 213, an NVRAM 214, an HDD 215 and the like. The ROM 213 stores various programs and data. The RAM 212 temporarily holds programs and data. The NVRAM 214 stores, for example, setting information and the like. Further, the HDD 215 stores various programs and data.

  The CPU 211 realizes control and functions of the entire image forming apparatus 1013 by reading programs, data, setting information and the like from the ROM 213, NVRAM 214, HDD 215, etc. onto the RAM 212 and executing processing.

  The operation panel 202 includes an input unit that receives an input from a user and a display unit that displays. The external I / F 203 is an interface with an external device. The external device includes a recording medium 203a and the like. Accordingly, the image forming apparatus 1013 can read and / or write the recording medium 203a via the external I / F 203. The recording medium 203a includes an IC card, flexible disk, CD, DVD, SD memory card, USB memory, and the like.

  The communication I / F 204 is an interface that connects the image forming apparatus 1013 to the network N1. As a result, the image forming apparatus 1013 can perform data communication via the communication I / F 204. The printer 205 is a printing device for printing print data on an object to be conveyed. For example, the transported object is not limited to paper such as paper, coated paper, cardboard, OHP, plastic film, prepreg, and copper foil. The scanner 206 is a reading device for reading image data from a document. The image forming apparatus 1013 according to the present embodiment can realize various types of processing to be described later with the above hardware configuration. The description of the hardware configuration of the firewall FW is omitted.

<Software configuration>
<Service provision system>
The service providing system 1014 according to the first embodiment is realized by the processing blocks shown in FIG. 4, for example. FIG. 4 is a processing block diagram of an example of the service providing system according to the first embodiment. The service providing system 1014 realizes a processing block as shown in FIG. 4 by executing the program.

  The service providing system 1014 of FIG. 4 realizes an application 1101, a common service 1102, a database (DB) 1103, a management 1104, a business 1105, and a platform API 1106.

  The application 1101 has a portal service application 1111, a scan service application 1112, and a print service application 1113 as an example.

  The portal service application 1111 is an application that provides a portal service. The portal service provides a service serving as an entrance for using the service providing system 1014. The scan service application 1112 is an application that provides a scan service. The print service application 1113 is an application that provides a print service. The application 1101 may include other service applications.

  The platform API 1106 is an interface for the portal service application 1111, the scan service application 1112, the print service application 1113, and the like to use the common service 1102. The platform API 1106 is a predefined interface provided for the common service 1102 to receive a request from the application 1101 and is composed of, for example, a function and a class.

  The platform API 1106 can be realized by, for example, a Web API that can be used via a network when the service providing system 1014 includes a plurality of information processing devices.

  The common service 1102 includes an authentication / authorization unit 1121, a tenant management unit 1122, a user management unit 1123, a client management unit 1124, a license management unit 1125, a device management unit 1126, a temporary image storage unit 1127, a log collection unit 1128, and an image processing workflow. It has a controller 1130.

  The image processing workflow control unit 1130 has a message queue 1131 and one or more workers (Workers) 1132. The worker 1132 realizes functions such as image conversion and image transmission.

  The authentication / authorization unit 1121 executes authentication / authorization based on a login request from an office device such as the client terminal 1011 or the image forming apparatus 1013. The office equipment is a generic term for the client terminal 1011, the mobile terminal 1012, the image forming apparatus 1013, and the like.

  The authentication / authorization unit 1121 accesses, for example, a user information storage unit 1143 and a license information storage unit 1144 described later to authenticate / authorize the user. The authentication / authorization unit 1121 accesses, for example, a tenant information storage unit 1142, a license information storage unit 1144, a device information storage unit 1145, which will be described later, to authenticate the image forming apparatus 1013 and the like.

  Further, the authentication / authorization unit 1121 accesses a temporary use code space information storage unit 1148 and a temporary use code information storage unit 1149, which will be described later, to create a temporary use code space and issue a temporary use code.

  The tenant management unit 1122 manages tenant information stored in the tenant information storage unit 1142 described below. A tenant is a unit of a group such as a company or a department. The user management unit 1123 manages user information stored in a user information storage unit 1143 described later. The client management unit 1124 manages client information described below.

  The license management unit 1125 manages license information stored in a license information storage unit 1144 described later. The device management unit 1126 manages device information stored in the device information storage unit 1145 described later. The temporary image storage unit 1127 stores a temporary image in the temporary image storage unit 1146, which will be described later, and acquires the temporary image from the temporary image storage unit 1146. The log collection unit 1128 manages the log information stored in the log information storage unit 1141 described later.

  The image processing workflow control unit 1130 controls a workflow related to image processing based on a request from the application 1101. The message queue 1131 has a queue corresponding to the type of processing. The image processing workflow control unit 1130 puts a request message relating to a process (job) in a queue corresponding to the type of the job.

  The worker 1132 is monitoring the corresponding queue. When a message is put into the queue, the worker 1132 performs processing such as image conversion and image transmission according to the type of corresponding job. The message put in the queue may be read by the worker 1132 independently (Pull) or may be provided from the queue to the worker 1132 (Push).

  The database 1103 in FIG. 4 includes a log information storage unit 1141, a tenant information storage unit 1142, a user information storage unit 1143, a license information storage unit 1144, a device information storage unit 1145, a temporary image storage unit 1146, a job information storage unit 1147, a temporary storage unit. It has a used code space information storage unit 1148, a temporary used code information storage unit 1149, and an application-specific setting information storage unit 1150.

  The log information storage unit 1141 stores log information. The tenant information storage unit 1142 stores tenant information. The user information storage unit 1143 stores user information. The license information storage unit 1144 stores license information. The device information storage unit 1145 also stores device information.

  The temporary image storage unit 1146 stores a temporary image. The temporary image is, for example, a file or data such as a scan image processed by the worker 1132. The job information storage unit 1147 stores request information (job information) related to processing (job). The temporary use code space information storage unit 1148 stores temporary use code space information described later. The temporary use code information storage unit 1149 stores temporary use code information described later. The application-specific setting information storage unit 1150 stores setting information unique to the application 1101.

  The management 1104 in FIG. 4 has a monitoring unit, a deployment unit, a server account management unit, and a server login management unit as an example. Further, the job 1105 in FIG. 4 has a customer information management unit, a contract management unit, a sales management unit, a license management unit, and a development environment unit as an example.

  The service providing system 1014 functions as an integrated platform that provides common services such as a workflow related to authentication / authorization and image processing, and a service group that provides application services such as a scan service and a print service using the functions of the integrated platform. .

  The integrated platform is composed of, for example, a common service 1102, a DB 1103, a management 1104, a business 1105, and a platform API 1106. The service group is composed of, for example, the application 1101.

  The service providing system 1014 shown in FIG. 4 can easily develop the application 1101 that uses the platform API 1106 by the configuration in which the service group and the integrated base are separated.

  The classification form of the processing blocks of the service providing system 1014 shown in FIG. 4 is an example, and the application 1101, the common service 1102, the DB 1103, the management 1104, and the work 1105 are classified in a hierarchy as shown in FIG. Is not essential. As long as the processing of the service providing system 1014 according to the first embodiment can be performed, the hierarchical relationship shown in FIG. 4 is not limited to a particular one.

  Applications such as the portal service application 1111, the scan service application 1112, and the print service application 1113 included in the application 1101 of the service providing system 1014 can use the temporary use code space and the temporary use code described below.

  Hereinafter, among the applications included in the application 1101, an application that uses a temporary use code space and a temporary use code, which will be described later, will be referred to as a client application 10. FIG. 5 is a processing block diagram of an example of a client application.

  The client application 10 of FIG. 5 includes a temporary use code space creation management unit 11, a temporary use code issue request unit 12, a process execution unit 13, a temporary use code verification request unit 14, a temporary use code space ID storage unit 15, and a client ID storage unit. 16 is a configuration having 16.

  The client ID storage unit 16 stores a client ID that is an ID for identifying the client application 10. The temporary use code space creation management unit 11 requests the authentication / authorization unit 1121 to create the temporary use code space by designating the client ID and the temporary use code space ID, and secures the temporary use code space information resource. The temporary use code space ID of the created temporary use code space is stored in the temporary use code space ID storage unit 15.

  The temporary use code issuance request unit 12 requests the authentication / authorization unit 1121 to issue a temporary use code by designating the client ID and the temporary use code space ID, and acquires the issued temporary use code.

  When the process execution unit 13 receives a request for some action specifying the temporary use code from, for example, the image forming apparatus 1013 operated by the user, the process execution unit 13 requests the temporary use code verification request unit 14 to verify the specified temporary use code. The process execution unit 13 obtains the verification result from the temporary use code verification request unit 14. If the obtained verification result is normal, the process execution unit 13 performs a process in response to a request for some action.

  The temporary use code verification requesting unit 14 requests the verification of the temporary use code from the authentication / authorization unit 1121 by designating the client ID, the temporary use code space ID, and the temporary use code, and obtains the verification result. The temporary use code verification request unit 14 returns the verification result to the process execution unit 13.

  FIG. 6 is a processing block diagram of an example of the authentication / authorization unit. The authentication / authorization unit 1121 of FIG. 6 has a configuration including an authentication / authorization processing unit 21, a temporary use code space creation unit 22, a temporary use code issuing unit 23, a temporary use code verification unit 24, and a temporary use code invalidation unit 25.

  The authentication / authorization processing unit 21 performs processing relating to authentication / authorization. The temporary use code space creating unit 22 receives a request for creating a temporary use code space in which the client ID and the temporary use code space ID are specified from the client application 10, and creates a temporary use code space. In addition, the temporary use code space creating unit 22 causes the temporary use code space information storage unit 1148 to store the temporary use code space information.

  The temporary use code issuing unit 23 receives a request for issuing a temporary use code specifying the client ID and the temporary use code space ID from the client application 10, and issues the temporary use code. The temporary use code issuing unit 23 also stores the temporary use code in the temporary use code information storage unit 1149. The temporary use code issuing unit 23 returns the issued temporary use code to the client application 10.

  The temporary-use code verification unit 24 receives a verification request for a temporary-use code specifying the client ID, the temporary-use code space ID, and the temporary-use code from the client application 10, and performs verification. Then, the temporary use code verification unit 24 returns the result of the verification of the temporary use code to the client application 10.

  The temporary-use code revocation unit 25 accepts a temporary-use code revocation request specifying the temporary-use code space ID and the temporary-use code specified from the client application 10, and performs the temporary-use code revocation process.

  FIG. 7 is a block diagram of an example of client information managed by the client management unit. The client information of FIG. 7 has an internal ID and a client ID as items. The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The client ID is an ID that identifies the client application 10.

  FIG. 8 is a block diagram of an example of temporary use code space information stored in the temporary use code space information storage unit. The temporary use code space information in FIG. 8 has items of internal ID, client internal ID, temporary use code space ID, usable characters, length, expiration date, retention period, one time, and upper limit of collision probability.

  The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The client internal ID is the internal ID of the client application 10. The temporary use code space ID is an ID for identifying the temporary use code space.

  The usable characters, the length, the expiration date, the retention period, the one time, and the upper limit of the collision probability, which are the items of the temporary use code space information in FIG. 8, are items for designating the characteristics of the temporary use code. The usable characters represent the characters that can be used for the temporary use code. The length represents the length (number of digits) of the temporary use code. The expiration date represents the expiration date of the temporary use code. The retention period represents the retention period after the expiration date of the temporary use code. One-time indicates whether the temporary use code can be used only once. The upper limit of the collision probability represents the upper limit of the probability that the temporary use codes coincide with each other.

Here, the collision probability will be further described. For example, the collision probability is
(Number of temporarily used codes held) / (Number of usable characters ^ length)
It is expressed by the following formula. In other words, the collision probability is the ratio of already issued temporary use codes to all patterns of temporary use codes. In other words, the collision probability is the probability that the temporary use code will accidentally match when it is input to the data.

For example, when the usable characters are “0123456789” and the length is “5”, “0000” to “99999” are all patterns of the temporary use code, and 10 ^ 5 = 100000 patterns. If the upper limit of the collision probability is "0.0001",
0.0001 = 10/1000000
Therefore, when ten temporary use codes are issued, the collision probability reaches the upper limit, and the eleventh temporary use code is not issued.

When the usable characters are "0 to 9, a to z, A to Z" and the length is "4", "0000" to "ZZZZ" are all patterns of the temporary use code, and 62 ^ 4 = There are 14778336 patterns. If the upper limit of the collision probability is "0.0001",
0.0001 = 1477.8336 / 14777836
Therefore, 1477 temporary use codes can be issued, and the 1478th temporary use code exceeding the upper limit of the collision probability is not issued.

  In this way, if the upper limit of the collision probability is increased, the number of temporarily used codes that can be issued increases, but the probability of coincidence also increases.

  FIG. 9 is a configuration diagram of an example of temporary use code information stored in the temporary use code information storage unit. The temporary use code information has, as items, an internal ID, a temporary use code space internal ID, a temporary use code, an issue date / time, an expiration date, a retention period, a one-time date, an expiration date / time, and attached information.

  The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The temporary use code space internal ID is an internal ID for identifying the temporary use code space. The temporary use code represents the issued temporary use code. The issue date and time indicates the date and time when the temporary use code was issued. The expiration date represents the expiration date of the temporary use code. The retention period represents the retention period after the expiration date of the temporary use code. One-time indicates whether the temporary use code can be used only once. The revocation date and time indicates the date and time when the temporary use code was revoked. The attached information represents attached information specified when the temporary use code was issued.

<Details of processing>
Hereinafter, details of the processing of the service providing system 1014 according to the first embodiment will be described. FIG. 10 is a sequence diagram of an example of processing of the service providing system according to the first embodiment.

  The service providing system 1014 according to the first embodiment creates a temporary use code space as a preliminary preparation. There may be a plurality of timings for creating the temporary use code space depending on how the client application 10 uses the temporary use code space. When the temporary use code space is divided for each tenant, the temporary use code space is created when the tenant administrator registers the service use or when the tenant first uses it.

  When the temporary use code space is divided for each function, the temporary use code space is created when the client application 10 is activated for the first time or when the function is used for the first time. A temporary use code space may be created for each combination of function and tenant. Furthermore, when the tenant administrator performs service use registration, the client application 10 registered for service use may send a request for creating a temporary use code space to the authentication / authorization unit 1121.

  In step S11, the temporary use code space creation management unit 11 of the client application 10 requests the authentication / authorization unit 1121 to create a temporary use code space by designating the client ID and the temporary use code space ID. The temporary use code space creation management unit 11 requests the creation of the temporary use code space by using the API for creating the temporary use code space shown in FIG. 11 included in the platform API 1106, for example.

  FIG. 11 is a block diagram of an example of an API that creates a temporary use code space. The API for creating the temporary use code space in FIG. 11 specifies the client ID and the temporary use code space ID as essential parameters. The API for creating the temporary use code space in FIG. 11 can specify usable characters, length, expiration date, retention period, one time, and upper limit of collision probability as optional parameters. Optional parameters are not mandatory and default values are set if not specified.

  The temporary use code space creation unit 22 of the authentication / authorization unit 1121 requested to create the temporary use code space accepts a temporary use code space creation request using the API for creating the temporary use code space of FIG. Create code space. The temporary use code space creation unit 22 stores the temporary use code space information of the temporary use code space as shown in FIG. 8 in the temporary use code space information storage unit 1148. The temporary use code space creation unit 22 responds to the temporary use code space creation management unit 11 of the client application 10 to secure the temporary use code space information resource.

  As a first action, in step S12, the user operates the client terminal 1011 to request the client application 10 for some action. When the temporary use code issuance request unit 12 of the client application 10 receives a request for some action for which a temporary use code is not designated, it issues a temporary use code. For example, the temporary use code issuance requesting unit 12 requests the issuance of the temporary use code by using the API for issuing the temporary use code shown in FIG. 12 included in the platform API 1106.

  FIG. 12 is a block diagram of an example of an API that issues a temporary use code. The API for issuing the temporary use code shown in FIG. 12 specifies the client ID and the temporary use code space ID as essential parameters. The API that issues the temporary use code in FIG. 12 can specify attached information as an optional parameter. Optional parameters are not mandatory and need not be specified.

  The temporary use code issuing unit 23 of the authentication / authorization unit 1121 requested to issue the temporary use code accepts a request to issue the temporary use code using the API for issuing the temporary use code in FIG. 12, and issues the temporary use code. . The temporary use code issuing unit 23 issues the temporary use code according to the item for specifying the characteristics of the temporary use code included in the item of the temporary use code space information in FIG. The temporary use code issuing unit 23 stores the temporary use code information of the temporary use code as shown in FIG. 9 in the temporary use code information storage unit 1149. The temporary use code issuing unit 23 responds the issued temporary use code to the temporary use code issuance request unit 12 of the client application 10.

  In step S14, the temporary use code issuance request unit 12 responds to the client terminal 1011 with the temporary use code and causes the display device 102 of the client terminal 1011 to display the temporary use code. Therefore, the user can confirm the temporary use code issued in the service providing system 1014.

  As the next action, in step S15, the user operates the image forming apparatus 1013, inputs the temporary use code, and requests the client application 10 for some action. When the process execution unit 13 of the client application 10 receives a request for some action in which the temporary use code is specified, the process execution unit 13 requests the temporary use code verification request unit 14 to verify the specified temporary use code.

  In step S16, the temporary use code verification requesting unit 14 requests the temporary use code verifying unit 24 of the authentication / authorization unit 1121 to verify the temporary use code by designating the client ID, the temporary use code space ID, and the temporary use code. The temporary-use code verification unit 24 receives a verification request for the temporary-use code that specifies the client ID, the temporary-use code space ID, and the temporary-use code from the client application 10. For example, the temporary-use code space information of FIG. 8 and the temporary-use code space of FIG. Perform verification by referring to code information.

  If there is a combination of the client ID, the temporary use code space ID, and the temporary use code specified in the temporary use code verification request, the temporary use code verifying unit 24 determines that the verification result is normal. If there is no combination of the client ID, the temporary use code space ID, and the temporary use code specified in the temporary use code verification request, the temporary use code verifying unit 24 determines that the verification result is abnormal.

  If the verification result is normal and the temporary use code is one-time, the temporary use code revocation unit 25 performs revocation processing of the temporary use code in step S17. The temporary use code revocation process is a process of registering the expiration date and time of the temporary use code information of FIG. In step S18, the temporary use code verification unit 24 returns the result of verification of the temporary use code to the client application 10.

  The process execution unit 13 obtains the verification result from the temporary use code verification request unit 14. If the obtained verification result is normal, the process execution unit 13 performs a process (internal process) according to a request for some action in step S19. If the temporary execution code is to be revoked after the internal processing, the process executing unit 13 specifies the client ID, the temporary use code space ID, and the temporary use code in step S20 to authenticate / authorize the invalidation of the temporary use code. Request the temporary use code revocation unit 25 of the unit 1121. The temporary-use code revocation unit 25 performs revocation processing of the temporary-use code and returns a response. Then, in step S21, the process execution unit 13 of the client application 10 returns a response to the request for some action in step S15 to, for example, the image forming apparatus 1013.

  As described above, the service providing system 1014 according to the first embodiment uses the client information of FIG. 7, the temporary use code space information of FIG. 8, and the temporary use code information of FIG. You can create a temporary code space.

  FIG. 13 is a diagram for explaining the temporary use code space created for each client application. FIG. 13 shows that temporary use code spaces A and B are created in the client applications 10A and 10B, respectively, and temporary use codes are issued in the temporary use code spaces A and B, respectively.

  As shown in FIG. 13, the service providing system 1014 according to the first embodiment can issue a temporary use code for each client application 10. In FIG. 13, the same temporary use codes “1234”, “5678”, and “1357” are issued in the temporary use code space A of the client applications 10A and 10B. However, in the service providing system 1014 according to the first embodiment, even the same temporary use code can be treated as another temporary use code if the client application 10 is different.

  Further, as shown in FIG. 13, the service providing system 1014 according to the first embodiment can issue a temporary use code for each temporary use code space. In the service providing system 1014 according to the first embodiment, even the same temporary use code can be treated as another temporary use code if the temporary use code space is different.

  Further, in the service providing system 1014 according to the first embodiment, as shown in FIG. 8, for example, the characteristics (usable characters, length, etc.) of the temporary use code issued for each temporary use code space can be defined. The service providing system 1014 according to the first embodiment issues a temporary use code based on the characteristics of the temporary use code defined for each temporary use code space. Therefore, the characteristics of the temporary use code issued from the same temporary use code space are the same. In the service providing system 1014 according to the first embodiment, since the upper limit of the collision probability is set for the characteristic of the temporary use code, the characteristic cannot be changed for each temporary use code.

  Further, as described above, the service providing system 1014 according to the first embodiment can specify the characteristics of the temporary use code from the client application 10 by using the API for creating the temporary use code space in FIG. Note that the API for creating the temporary use code space in FIG. 11 has a retention period as one of the characteristics of the temporary use code.

  The retention term is, for example, as shown in FIG. 14, a term provided to prevent the same temporary use code from being issued after the expiration date. FIG. 14 is a diagram for explaining the retention period of the characteristics of the temporary use code.

  As shown in FIG. 14, the retention period is provided after the expiration date indicating the actual expiration period of the temporary use code. As shown in FIG. 14A, the temporary use code is deleted after the expiration date + retention period after the issue. Further, as shown in FIG. 14B, even if the temporary use code expires before the expiration date, the temporary use code is deleted after the expiration date + holding date.

(Summary)
According to the service providing system 1014 according to the first embodiment, the temporary use code can be issued for each temporary use code space, so that the length of the temporary use code can be suppressed even if the number of services and the number of users increase. it can. Further, according to the service providing system 1014 according to the first embodiment, since the temporary use code can be issued for each temporary use code space, even if the service increases or the number of users increases, the expiration date of the temporary use code. Can be suppressed.

Therefore, according to the service providing system 1014 according to the first embodiment, it is possible to realize a temporary use code which has a smaller number of digits and a longer expiration date than the conventional one and is convenient for the user.
[Second Embodiment]
In the first embodiment, the example in which the user requests the client application 10 for some action has been described. In the second embodiment, an example in which the user requests printing from the print service application 1113, which is an example of the client application 10, will be described. The second embodiment is the same as the first embodiment except for some parts, and therefore the description thereof will be appropriately omitted.

  FIG. 15 is a sequence diagram of an example of processing of the service providing system according to the second embodiment. The service providing system 1014 according to the second embodiment creates a temporary use code space as a preliminary preparation. The temporary use code space is created for each tenant, for example. The temporary use code space may be created for each tenant scale. Here, an example of creating a temporary use code space for each tenant will be described.

  In step S31, the temporary use code space creation management unit 11 of the print service application 1113 requests the authentication / authorization unit 1121 to create a temporary use code space by designating the client ID and the temporary use code space ID (tenant ID). As described above, in the service providing system 1014 according to the second embodiment, the temporary use code space can be created for each tenant by designating the tenant ID as the temporary use code space ID.

  The temporary use code space creation management unit 11 requests the creation of the temporary use code space by using the API for creating the temporary use code space shown in FIG. 11 included in the platform API 1106, for example.

  In step S32, the temporary use code space creation unit 22 of the authentication / authorization unit 1121 requested to create the temporary use code space requests the creation of the temporary use code space using the API for creating the temporary use code space in FIG. Accept and create temporary use code space. The temporary use code space creation unit 22 stores the temporary use code space information of the temporary use code space as shown in FIG. 8 in the temporary use code space information storage unit 1148. In step S33, the temporary use code space creating unit 22 responds to the request for creating the temporary use code space.

  As a first action, in step S34, the user operates the client terminal 1011 to send an e-mail with print data attached to the print service application 1113. The email includes a sender email address and a tenant ID. In step S35, the process execution unit 13 of the print service application 1113 creates job information based on the email received in step S34. The process execution unit 13 stores the created job information in, for example, the job information storage unit 1147.

  FIG. 16 is a configuration diagram of an example of job information stored in the job information storage unit. The job information shown in FIG. 16 has an internal ID, a job ID, a tenant ID, a mail address, a print data path, and a temporary use code as items.

  The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The job ID is an ID that identifies a job. The tenant ID is an ID that identifies the tenant. The email address is the sender email address. The print data path represents a location where print data is stored.

  The issued temporary use code is stored in the temporary use code. However, the temporary use code is not issued in step S35. Therefore, in the job information of FIG. 16, the temporary use code is blank.

  In step S36, the temporary use code issuance requesting unit 12 of the print service application 1113 requests the issuance of the temporary use code by using the API for issuing the temporary use code shown in FIG. 12 included in the platform API 1106, for example.

  In step S37, the temporary use code issuing unit 23 of the authentication / authorization unit 1121 requested to issue the temporary use code accepts the temporary use code issuing request using the API for issuing the temporary use code in FIG. Issue the code. In step S38, the temporary use code issuing unit 23 responds to the temporary use code issuing request unit 12 of the print service application 1113 with the temporary use code. The process execution unit 13 registers the temporary use code notified from the authentication / authorization unit 1121 in step S38 in the temporary use code of the job information as shown in FIG. FIG. 17 is a configuration diagram of an example of job information in which a temporary use code is registered.

  The service providing system 1014 according to the second embodiment can associate the job information created in step S35 and the temporary use code issued in step S37 with the job information in FIG.

  In step S39, the temporary use code issuance request unit 12 reads the sender email address from the email address of the job information shown in FIG. 17, and sends the temporary use code by an email (job acceptance email) addressed to the sender email address. To do. For example, the client terminal 1011 receives the job reception mail and causes the display device 102 or the like to display the temporary use code. Therefore, the user can confirm the temporary use code issued in the service providing system 1014.

  As the next action, in step S40, the user operates the image forming apparatus 1013, for example, and causes the operation panel 202 to display a screen for inputting a temporary use code as a PIN code as shown in FIG. The user inputs the temporary use code as a PIN code on the screen of FIG. 18 and requests PIN code printing.

  In step S41, the image forming apparatus 1013 designates the preset tenant ID and the temporary use code input on the screen of FIG. 18, and requests the print service application 1113 of the service providing system 1014 to send print data. . The process execution unit 13 of the print service application 1113 requests the temporary use code verification request unit 14 to verify the designated temporary use code.

  In step S42, the temporary use code verification requesting unit 14 specifies the client ID, the temporary use code space ID (tenant ID), and the temporary use code to verify the temporary use code, and the temporary use code of the authentication / authorization unit 1121. Request to the verification unit 24.

  In step S43, the temporary use code verification unit 24 performs verification based on the temporary use code verification request received from the print service application 1113, for example, by referring to the temporary use code space information in FIG. 8 and the temporary use code information in FIG. .

  If there is a combination of the client ID, the temporary use code space ID, and the temporary use code specified in the temporary use code verification request, the temporary use code verifying unit 24 determines that the verification result is normal. If there is no combination of the client ID, the temporary use code space ID, and the temporary use code specified in the temporary use code verification request, the temporary use code verifying unit 24 determines that the verification result is abnormal. Here, the description will be continued assuming that the examination result is normal (verification OK).

  In step S44, the temporary use code verification unit 24 returns the result of verification OK of the temporary use code to the print service application 1113. The process execution unit 13 obtains the verification OK result from the temporary use code verification request unit 14. In step S45, the process execution unit 13 acquires the job information including the temporary use code which has been verified OK from the job information of FIG.

  Then, in step S46, the process execution unit 13 refers to the print data path of the job information acquired in step S45. The process execution unit 13 acquires the print data stored in the location indicated by the print data path and sends it to the image forming apparatus 1013.

  In step S47, the process execution unit 13 specifies the client ID, the temporary use code space ID (tenant ID), and the temporary use code to invalidate the temporary use code, and the temporary use code invalidation unit 25 of the authentication / authorization unit 1121. To request. In step S48, the temporary use code revocation unit 25 performs the revocation processing of the temporary use code. In step S49, the temporary use code revocation unit 25 returns a response (revocation OK) to the print service application 1113.

  Then, in step S50, the image forming apparatus 1013 prints the print data received in step S46. In step S51, the user can obtain the printed matter printed by the image forming apparatus 1013.

  In the sequence diagram of FIG. 15, after confirming that the print data can be transmitted to the image forming apparatus 1013 in step S46, the print service application 1113 requests the authentication / authorization unit 1121 to invalidate the temporary use code in step S47. There is. Note that, in the sequence diagram of FIG. 15, the one-time temporary use code invalidation process may be performed as shown in step S17 of the sequence diagram of FIG. 10 on the assumption that print data can be transmitted to the image forming apparatus 1013.

(Summary)
According to the service providing system 1014 according to the second embodiment, the temporary use code issued for each temporary use code space can be used to print the print data stored in association with the temporary use code from the image forming apparatus 1013.
[Third Embodiment]
In the second embodiment, it is necessary to manage the temporary use code and the job information in association with each other as shown in FIG. In the third embodiment, by specifying the job ID as attached information that is an optional parameter of the API that issues the temporary use code shown in FIG. 12, the temporary use code information and the job information job are displayed according to the temporary use code information in FIG. The ID is managed in association with the ID.

  The third embodiment is the same as the second embodiment except for some parts, and thus the description thereof will be appropriately omitted. FIG. 19 is a sequence diagram of an example of processing of the service providing system according to the third embodiment. The processing of steps S61 to S64 is the same as the processing of steps S31 to S34 of FIG.

  In step S65, the process execution unit 13 of the print service application 1113 creates the job information of FIG. 20 based on the email received in step S34. The process execution unit 13 stores the created job information in, for example, the job information storage unit 1147.

  FIG. 20 is a configuration diagram of another example of job information stored in the job information storage unit. The job information shown in FIG. 20 is obtained by deleting the temporary use code as an item from the job information shown in FIG.

  In step S66, the temporary use code issuance requesting unit 12 of the print service application 1113 requests the issuance of the temporary use code by using, for example, the API for issuing the temporary use code shown in FIG. 12 included in the platform API 1106. In step S66, the job ID is specified as the auxiliary information of the API that issues the temporary use code.

  In step S67, the temporary use code issuing unit 23 of the authentication / authorization unit 1121 requested to issue the temporary use code accepts the temporary use code issuance request using the API for issuing the temporary use code in FIG. Issue the code. The temporary use code issuing unit 23 stores the temporary use code information of the temporary use code as shown in FIG. 9 in the temporary use code information storage unit 1149. With the temporary use code information of FIG. 9, the service providing system 1014 of the third embodiment can manage the issued temporary use code and the job ID of the job information in association with each other. The processing of steps S68 to S72 is the same as the processing of steps S38 to S42 of FIG.

  In step S73, the temporary use code verification unit 24 performs verification based on the temporary use code verification request received from the print service application 1113, for example, by referring to the temporary use code space information in FIG. 8 and the temporary use code information in FIG. .

  If there is a combination of the client ID, the temporary use code space ID, and the temporary use code specified in the temporary use code verification request, the temporary use code verifying unit 24 determines that the verification result is normal. If there is no combination of the client ID, the temporary use code space ID, and the temporary use code specified in the temporary use code verification request, the temporary use code verifying unit 24 determines that the verification result is abnormal. Here, the description will be continued assuming that the examination result is normal (verification OK).

  In step S74, the temporary use code verification unit 24 returns to the print service application 1113 the job ID designated as the auxiliary information of the temporary use code information of FIG. The process execution unit 13 obtains the job ID together with the result of verification OK from the temporary use code verification request unit 14.

  In step S75, the process execution unit 13 acquires job information including the job ID obtained along with the verification OK result from the job information in FIG. Then, in step S76, the process execution unit 13 refers to the print data path of the job information acquired in step S75. The process execution unit 13 acquires the print data stored in the location indicated by the print data path and sends it to the image forming apparatus 1013. The processing of steps S77 to S81 is the same as the processing of steps S47 to S51 of FIG.

  In the sequence diagram of FIG. 19, the job ID designated as the attached information is stored in the temporary use code information storage unit 1149 as the temporary use code information, and the job ID is returned to the print service application 1113 when the temporary use code verification request is responded. ing. Therefore, the print service application 1113 does not need to manage the temporary use code and the job information in association with each other as shown in FIG.

  In the sequence diagram of FIG. 19, the print service application 1113 needs to manage the job information of FIG. 20 if all the contents of the job information of FIG. 20 are specified as the auxiliary information of the API that issues the temporary use code of step S66. Disappears.

(Summary)
According to the service providing system 1014 according to the third embodiment, print data stored in association with a temporary use code can be image-formed even if the print service application 1113 does not manage job information and the temporary use code in association with each other. It can be printed from the device 1013.
[Fourth Embodiment]
The fourth embodiment makes the temporary use code usable for a plurality of purposes. The fourth embodiment is the same as the first embodiment except for some parts, and thus the description thereof will be appropriately omitted.

  FIG. 21 is a configuration diagram of another example of the temporary use code space information stored in the temporary use code space information storage unit. The items of the temporary use code space information shown in FIG. 21 are the same as the items of the temporary use code space information of FIG. However, in the fourth embodiment, only one temporary use code space of the temporary use code corresponding to the authority described later is created.

  The temporary use code space for the temporary use code corresponding to the authority is created, for example, when the authentication base is started. In the temporary use code space for the temporary use code associated with the authority, “NULL” is stored in the client internal ID.

  In addition, FIG. 22 is a configuration diagram of an example of temporary use code information stored in the temporary use code information storage unit. The temporary use code information of FIG. 22 associates the temporary use code with the authority by adding the authority internal ID to the item of the temporary use code information of FIG. Nothing is stored in the attached information. In the record of the temporary use code information corresponding to the authority, all the temporary use code space internal IDs have the same value.

  Further, in the fourth embodiment, the application-specific setting information storage unit 1150 of the database 1103 stores authority information, authority subject information, authority resource information, authority operation information, authority operation entity information, authority condition information, authority API resource information. I remember.

  FIG. 23 is a block diagram of an example of the authority information management table that stores authority information. The authority information of FIG. 23 has an internal ID, authority ID, name, and description as items. The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The authority ID is an ID that identifies the authority. The name is the name of the authority. The description is a description of the authority. The details of the authority (the subject of the authority, the resource subject to the authority, and the operation for the resource) are managed in another table as described later.

  FIG. 24 is a block diagram of an example of an authority subject information management table that stores authority subject information. The authority subject information of FIG. 24 has an internal ID, an authority internal ID, a subject table name, and a subject internal ID as items. The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The authority internal ID is an internal ID that identifies the authority. The subject table name is the table name in which the entity of the authority subject is stored. The internal ID of the subject is the internal ID of the entity of the subject of authority.

  The authority subject information in FIG. 24 is an intermediate table for associating the object that is the authority of the authority associated with the temporary use code with the authority itself. Authority and the substance of the subject have many relationships. Further, the entity of the subject of authority can specify a record in any table.

  FIG. 25 is a configuration diagram of an example of the authority resource information management table that stores authority resource information. The authority resource information of FIG. 25 has an internal ID, an authority internal ID, a table name of the authority resource, and an internal ID of the authority resource as items.

  The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The authority internal ID is an internal ID that identifies the authority. The table name of the authority resource is the table name in which the entity of the authority resource is stored. The internal ID of the authority resource is the internal ID of the entity of the authority resource.

  The authority resource information in FIG. 25 is an intermediate table for associating the object (authority resource) operated by the authority associated with the temporary use code with the authority itself. There is a many-to-many relationship between authorities and the substance of authority resources. Further, the substance of the authority resource can be specified by the record of any table.

  FIG. 26 is a block diagram of an example of the authority action information management table storing authority action information. The authority operation information of FIG. 26 has an internal ID, an authority internal ID, and an internal ID of an operation entity as items.

  The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The authority internal ID is an internal ID that identifies the authority. The internal ID of the action entity is the internal ID of the authority action entity.

  The authority operation information of FIG. 26 is an intermediate table for associating information (operation) indicating what operation the authority associated with the temporary use code permits the authority resource and the authority itself. There is a many-to-many relationship between authority and the substance of action. Unlike the subject and the authority resource, the entity of the authority action is stored in the authority action entity information management table as shown in FIG.

  FIG. 27 is a block diagram of an example of the authority action entity information management table storing authority action entity information. The authority action entity information of FIG. 27 has an internal ID, a type, and a name as items. The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The type is the type of operation. The name is the name of the action. In the authority action entity information of FIG. 27, when the action type is “http_method”, HTTP methods such as “get, post, delete, put” are stored in the name. Further, the type of operation can be set freely.

  FIG. 28 is a configuration diagram of an example of the authority condition information management table storing authority condition information. The authority condition information of FIG. 28 has an internal ID, an authority internal ID, and a condition as items. The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The authority internal ID is an internal ID that identifies the authority. The condition is a condition for the authority to become effective. A JSON object is stored as a character string in the condition. For example, in the case of FIG. 28, when the role of the request body is "User", the authority is valid.

  FIG. 29 is a block diagram of an example of the authority API resource information management table that stores authority API resource information. The authority API resource information of FIG. 29 has an internal ID, an authority resource internal ID, and a path as items.

  The internal ID is a primal key (primary key) in the database 1103 and is for internal management. The authority resource internal ID is an internal ID for identifying the authority resource. The path is the API path. The authority API resource information management table is a table used as an entity of an authority resource when an API such as a WebAPI is linked to an authority as a resource.

  FIG. 30 is a sequence diagram of an example of processing of the service providing system according to the fourth embodiment. The sequence diagram of FIG. 30 shows a processing procedure when user registration is performed using temporary use code authentication.

  In step S101, the user administrator displays a user registration URL generation screen as shown in FIG. 31 on the client terminal 1011 for example. FIG. 31 is an image diagram of an example of a user registration URL generation screen. The user registration URL generation screen shown in FIG. 31 is an example in which a mail is used to notify a general user of the user registration URL. Note that the user registration URL generation screen of FIG. 31 is an example in which one mail address can be input, but it is also possible to input a plurality of mail addresses.

  The user administrator inputs the mail address of the general user to be newly registered in the user registration URL generation screen of FIG. 31, and presses the send button. The client terminal 1011 operated by the user administrator specifies the authentication ticket and requests the client application 10 to generate a user registration URL.

  In step S102, the temporary use code issuance request unit 12 of the client application 10 requests the authentication / authorization unit 1121 to issue a temporary use code that can be registered by the user. In the request of step S102, the authentication ticket, the user registration authority, and the expiration date are specified.

  The temporary use code issuing unit 23 of the authentication / authorization unit 1121 issues a temporary use code that can be registered by the user when the validity of the authentication ticket can be confirmed, and returns the temporary use code to the client application 10. In step S103, the process execution unit 13 of the client application 10 generates a user registration URL including a temporary use code. When a plurality of mail addresses are input on the user registration URL generation screen in which a plurality of mail addresses can be input, a plurality of temporary use codes are issued in step S103.

  In step S104, the process execution unit 13 of the client application 10 sends a text mail as shown in FIG. 32 to the general user, for example, the client terminal 1011. FIG. 32 is an image diagram of an example of the text of an email for notifying a general user of a user registration URL. A temporary use code is embedded in the URL for user registration in FIG. In step S105, the client application 10 responds to the client terminal 1011 in response to the request for generating the user registration URL in step S101.

  In step S106, the general user performs an operation of opening the user registration URL of FIG. 32 on the client terminal 1011. The client terminal 1011 of the general user requests the client application 10 for user registration by accessing the user registration URL in which the temporary use code is embedded.

  In step S107, the process execution unit 13 of the client application 10 uses the temporary use code embedded in the accessed user registration URL to perform user registration in the authentication / authorization unit 1121.

  The API request executed in step S102 and its response are as shown in FIG. 33, for example. FIG. 33 is an explanatory diagram of an example showing the API request executed in step S102 and its response.

  FIG. 33A shows the API request executed in step S102. Further, FIG. 33B shows a response to the API request executed in step S102. The meanings of API request and response parameters are as follows.

resource: Resource that can be used by issued temporary use code action: Action that can be executed for resource by issued temporary use code condition: Action that is specified by action for resource specified by resource depending on issued temporary use code Conditions to be additionally verified when executing: expires_in: Expiration date of temporary use code onetime: Information on whether the temporary use code can be used only once code: Issued temporary use code Request of API of FIG. 33 (A) "Requests of API such that the role attribute of the request body is User and the HTTP method is POST for the URL / organizations / aaa / users of the authentication / authorization unit 1121. The is a request to use temporary issue a code "that can be executed.

  The API request executed in step S107 is, for example, as shown in FIG. FIG. 34 is an explanatory diagram of an example showing the API request executed in step S107.

  The API request of FIG. 34 uses the temporary use code issued by the API request executed in step S102 and the user information (user ID, password, role).

  When the API of FIG. 33 is executed in step S102, the correspondence between the tables shown in FIGS. 21 to 29 is as shown in FIG. FIG. 35 is a diagram showing an example of correspondence between tables.

  As shown in FIG. 35, the temporary use code information management table of FIG. 22 is associated with the authority information management table of FIG. The authority information management table of FIG. 23 is associated with the authority subject information management table of FIG. 24, the authority resource information management table of FIG. 25, the authority operation information management table of FIG. 26, and the authority condition information management table of FIG. There is. The authority action information management table of FIG. 26 is associated with the authority action entity information table of FIG.

(Summary)
In the service providing system 1014 according to the fourth exemplary embodiment, the user administrator delegates the process of creating an account of a general user to the general user by the process shown in the sequence diagram of FIG. According to the service providing system 1014 of the fourth embodiment, the temporary use code can be used for multiple purposes. Even if the temporary use code is used for a plurality of purposes, the client application 10 does not increase the management load of the temporary use code.

  The present invention is not limited to the above specifically disclosed embodiments, and various modifications and changes can be made without departing from the scope of the claims. The temporary use code is an example of use identification information described in the claims. The temporary use code space ID is an example of group identification information.

  The client application 10 is an example of application means. The temporary use code space creating unit 22 is an example of a group identification information creating unit. The temporary use code issuing unit 23 is an example of a use identification information issuing unit. The temporary use code verification unit 24 is an example of a use identification information verification means. The temporary use code verification requesting unit 14 is an example of a use identification information verification requesting means. The processing execution unit 13 is an example of processing execution means.

10 client application 11 temporary use code space creation management unit 12 temporary use code issue request unit 13 process execution unit 14 temporary use code verification request unit 15 temporary use code space ID storage unit 16 client ID storage unit 21 authentication / authorization processing unit 22 temporary Use code space creation unit 23 Temporary use code issuing unit 24 Temporary use code verification unit 25 Temporary use code invalidation unit 100 Computer 101 Input device 102 Display device 103 External I / F
103a, 203a Recording medium 104 RAM
105 ROM
106 CPU
107 Communication I / F
108 HDD
201 controller 202 operation panel 203 external I / F
204 Communication I / F
205 printer 206 scanner 211 CPU
212 RAM
213 ROM
214 NVRAM
215 HDD
1000 Information processing system 1011 Client terminal 1012 Mobile terminal 1013 Image forming apparatus 1014 Service providing system 1101 Application 1102 Common service 1103 Database 1104 Management 1105 Business 1106 Platform API (Application Programming Interface)
1111 Portal service application 1112 Scan service application 1113 Print service application 1121 Authentication / Authorization section 1122 Tenant management section 1123 User management section 1124 Client management section 1125 License management section 1126 Device management section 1127 Temporary image storage section 1128 Log collection section 1130 Image processing workflow Control unit 1131 Message queue 1132 Worker 1141 Log information storage unit 1142 Tenant information storage unit 1143 User information storage unit 1144 License information storage unit 1145 Device information storage unit 1146 Temporary image storage unit 1147 Job information storage unit 1148 Temporary use code space information storage unit 1149 Temporary use code information storage unit 1150 Application-specific setting information storage unit B bus FW Fire Oru N1~N2 network

JP, 2005-132989, A

Claims (10)

Application means for transmitting a usage code to the terminal device and providing a service to the terminal device that has made a request by designating the usage code ,
Group identification information creating means for creating group identification information for identifying a group of the use codes based on a request from the application means,
Based on the request for issuing the use code specified the population identification information from said application unit, and use code issuing means for issuing the use code associated with said population identification information,
A usage code verification means for verifying the usage code based on a verification request of the usage code specifying the group identification information and the usage code from the application means;
Have
The application means is
Use code verification request means for making a request for verification of the use code specified in the request to the use code verification means;
If the verification result of the usage code by the usage code verifying unit is normal, the service providing system includes a process executing unit that executes a process according to the request. The group identification information creating unit creates group identification information for identifying a group of the usage codes based on a request from the application unit, and also identifies characteristics of the usage code issued in association with the group identification information. The service providing system according to claim 1, wherein the setting is performed. The usage code issuing unit is configured to use the usage code according to a characteristic of the usage code set in association with the group identification information, based on a request for issuing the usage code specifying the group identification information from the application unit. The service providing system according to claim 2, wherein a code is issued in association with the group identification information. The use code issuing means, on the basis of the issue request of the use code specified the population identification information and associated information from the application unit, as well as issuing the use code associated with said population identification information, said population identification Storing the attached information in the storage unit in association with the information and the use code ,
If the verification result of the usage code is normal, the usage code verification means returns the attached information stored in the storage unit in association with the group identification information and the usage code to the application means. The service providing system according to any one of claims 1 to 3, characterized in that: 5. The service providing system according to claim 4, wherein the attached information is identification information of job information regarding a process executed by the process executing unit. The use code issuing means, together with the basis of the issue request of the population identification information and said usage code specified authority identification information from the application means, for issuing the use code associated with said population identification information, said population The authority identification information is stored in the storage unit in association with the identification information and the use code ,
If the verification result of the usage code is normal, the usage code verification means is based on the authority identification information stored in the storage unit in association with the group identification information and the usage code, and based on the authority identification information. The service providing system according to any one of claims 1 to 3, wherein processing of the authority identified by is executed. If the application means accepts access to the access destination for executing the processing of the authority in which the usage code is embedded from the terminal device, and the verification result of the usage code by the usage code verification means is normal. 7. The service providing system according to claim 6, wherein processing of the authority identified by the authority identification information is executed based on the authority identification information stored in the storage unit in association with the usage code. . A service providing method performed in a service providing system,
A group that transmits a usage code to a terminal device and creates group identification information for identifying a group of the usage code based on a request from an application unit that provides a service to the terminal device that specified the usage code and made a request. Identification information creation step,
Based on the request for issuing the use code specified the population identification information from said application unit, and use code issuing step of issuing the use code associated with said population identification information,
A usage code verification request step in which the application means makes a verification request for the usage code specified in the request;
A usage code verification step of verifying the usage code based on a verification request of the usage code specifying the group identification information and the usage code from the application means;
The service providing method, wherein the application unit has a process execution step of executing a process according to the request if the verification result of the usage code is normal. Application means for transmitting a usage code to the terminal device and providing a service to the terminal device that has made a request by designating the usage code ,
Group identification information creating means for creating group identification information for identifying a group of the use codes based on a request from the application means,
Based on the request for issuing the use code specified the population identification information from said application unit, and use code issuing means for issuing the use code associated with said population identification information,
A usage code verification means for verifying the usage code based on a verification request of the usage code specifying the group identification information and the usage code from the application means;
Have
The application means is
Use code verification request means for making a request for verification of the use code specified in the request to the use code verification means;
An information processing apparatus comprising: a processing execution unit that executes a process in response to the request if the verification result of the usage code by the usage code verification unit is normal. Computer,
Application means for transmitting a usage code to the terminal device and designating the usage code to provide a service to the requesting terminal device,
Group identification information creating means for creating group identification information for identifying a group of the use codes based on a request from the application means,
Based on said request for issuing the use code specified collective identity, using code issuing means for issuing the use code associated with said population identification information from said application unit,
A usage code verification means for verifying the usage code based on a verification request of the usage code specifying the group identification information and the usage code from the application means,
Function as
The application means is
Use code verification request means for making a request for verification of the use code specified in the request to the use code verification means;
If the verification result of the usage code by the usage code verification means is normal, the program is provided with a processing execution means for executing processing according to the request.

Images