US20140016158A1 - Management of image forming apparatus based on user authentication - Google Patents
Management of image forming apparatus based on user authentication Download PDFInfo
- Publication number
- US20140016158A1 US20140016158A1 US14/028,159 US201314028159A US2014016158A1 US 20140016158 A1 US20140016158 A1 US 20140016158A1 US 201314028159 A US201314028159 A US 201314028159A US 2014016158 A1 US2014016158 A1 US 2014016158A1
- Authority
- US
- United States
- Prior art keywords
- user
- information
- authentication
- unit
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/00838—Preventing unauthorised reproduction
- H04N1/00856—Preventive measures
-
- G—PHYSICS
- G03—PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
- G03G—ELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
- G03G15/00—Apparatus for electrographic processes using a charge pattern
- G03G15/50—Machine control of apparatus for electrographic processes using a charge pattern, e.g. regulating differents parts of the machine, multimode copiers, microprocessor control
- G03G15/5016—User-machine interface; Display panels; Control console
-
- G—PHYSICS
- G03—PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
- G03G—ELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
- G03G15/00—Apparatus for electrographic processes using a charge pattern
- G03G15/50—Machine control of apparatus for electrographic processes using a charge pattern, e.g. regulating differents parts of the machine, multimode copiers, microprocessor control
- G03G15/5075—Remote control machines, e.g. by a host
- G03G15/5091—Remote control machines, e.g. by a host for user-identification or authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/00127—Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture
- H04N1/00204—Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a digital computer or a digital computer system, e.g. an internet server
- H04N1/00244—Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a digital computer or a digital computer system, e.g. an internet server with a server, e.g. an internet server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/00127—Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture
- H04N1/00344—Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a management, maintenance, service or repair apparatus
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/0035—User-machine interface; Control console
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/0035—User-machine interface; Control console
- H04N1/00501—Tailoring a user interface [UI] to specific requirements
- H04N1/00509—Personalising for a particular user or group of users, e.g. a workgroup or company
- H04N1/00514—Personalising for a particular user or group of users, e.g. a workgroup or company for individual users
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/44—Secrecy systems
- H04N1/4406—Restricting access, e.g. according to user identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/44—Secrecy systems
- H04N1/4406—Restricting access, e.g. according to user identity
- H04N1/442—Restricting access, e.g. according to user identity using a biometric data reading device
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/44—Secrecy systems
- H04N1/4406—Restricting access, e.g. according to user identity
- H04N1/4426—Restricting access, e.g. according to user identity involving separate means, e.g. a server, a magnetic card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/44—Secrecy systems
- H04N1/4406—Restricting access, e.g. according to user identity
- H04N1/4433—Restricting access, e.g. according to user identity to an apparatus, part of an apparatus or an apparatus function
-
- G—PHYSICS
- G03—PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
- G03G—ELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
- G03G2215/00—Apparatus for electrophotographic processes
- G03G2215/00025—Machine control, e.g. regulating different parts of the machine
- G03G2215/00109—Remote control of apparatus, e.g. by a host
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N2201/00—Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
- H04N2201/0008—Connection or combination of a still picture apparatus with another apparatus
- H04N2201/0034—Details of the connection, e.g. connector, interface
- H04N2201/0037—Topological details of the connection
- H04N2201/0039—Connection via a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N2201/00—Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
- H04N2201/0077—Types of the still picture apparatus
- H04N2201/0094—Multifunctional device, i.e. a device capable of all of reading, reproducing, copying, facsimile transception, file transception
Definitions
- the present invention generally relates to image forming apparatuses including multifunction peripherals, and more particularly to systems and methods for managing processes in such an image forming apparatus based on user authentication.
- address information including at least a user name, a password, distribution information, and a reference address is set for each address to which data is distributed via a network and registered in an address information storage unit. Based on the combination of the user name and password in the address information storage unit, user authentication is performed, and use of the network scanner apparatus is granted only to those users who have been authenticated.
- the image data of a manuscript that has been read is transferred to a certain destination, the image data may be viewed by unintended people when the terminal at the destination is shared by multiple users.
- utilization of the network scanner apparatus is granted to all of the users who are authenticated. It should be noted that many of the modern image forming apparatuses are multifunctional and include FAX and copy functions as well as scanner function. If the multiple authenticated persons are granted utilization of all such functions of a multifunctional image forming apparatus, the image forming apparatus may possibly be used for unintended purposes.
- an image forming apparatus connected via a network with an authentication server for authenticating a user of the image forming apparatus based on biometric information about the user that is acquired by the image forming apparatus.
- the image forming apparatus is also connected with a managing server for managing an operation of the image forming apparatus.
- the image forming apparatus includes a transmission unit configured to transmit the biometric information about the user to the authentication server; a reception unit configured to receive use limit information corresponding to the biometric information about the user from the managing server; and a control unit configured to control the operation of the image forming apparatus based on the use limit information.
- a method for managing an operation of an image forming apparatus by a user using a managing server connected with the image forming apparatus via a network A biometric authentication server for authenticating the user of the image forming apparatus based on biometric information that is acquired by the image forming apparatus is also connected with the managing server via the network.
- the method includes storing use limit information limiting the operation of the image forming apparatus in the managing server; receiving user identifying information corresponding to the biometric information acquired by the image forming apparatus from the biometric authentication server; acquiring from the managing server the use limit information corresponding to the user identifying information; and transmitting the use limit information to the image forming apparatus.
- an image forming apparatus managing system for managing an operation of an image forming apparatus connected via a network with a biometric authentication server for authenticating a user of the image forming apparatus based on biometric information about the user that is acquired by the image forming apparatus.
- the image forming apparatus is also connected via the network with a managing server for managing the operation of the image forming apparatus.
- the biometric authentication server includes a transmission unit configured to transmit user identifying information corresponding to the biometric information received from the image forming apparatus to the managing server.
- the managing server includes a use limit information storage unit in which use limit information limiting the operation of the image forming apparatus is stored; a use limit information acquiring unit configured to acquire the use limit information corresponding to the user identifying information from the limit information storage unit; and a transmission unit configured to transmit the use limit information to the image forming apparatus.
- the image forming apparatus includes a transmission unit configured to transmit the acquired biometric information to the biometric authentication server; and a control unit configured to control the operation of the image forming apparatus based on the use limit information transmitted from the managing server.
- FIG. 1 shows an image forming apparatus managing system 100 according to an embodiment of the present invention
- FIG. 2 shows a hardware structure of an MFP 200 in the image forming apparatus managing system 100 ;
- FIG. 3 shows a hardware structure of a managing server 300 in the image forming apparatus managing system 100 ;
- FIG. 4 shows a system configuration of the image forming apparatus managing system 100 according to Embodiment 1;
- FIG. 5 shows a functional configuration of the MFP 200 according to Embodiment 1;
- FIG. 6 shows a functional configuration of the managing server 300 according to Embodiment 1;
- FIG. 7 shows a plugin setting screen according to Embodiment 1
- FIG. 8 shows an authentication server setting screen in the managing server 300 ;
- FIG. 9 shows a flowchart of a biometric authentication process according to Embodiment 1;
- FIG. 10 shows an opening screen of the biometric authentication process
- FIG. 11 shows a user ID input screen displayed on an operating/display unit 28 of the MFP 200 ;
- FIGS. 12A through 12C show various error messages displayed on the operating/display unit 28 ;
- FIG. 13 shows a flowchart of an IC card authentication process according to Embodiment 1;
- FIG. 14 shows a flowchart of an individual menu process according to Embodiment 1;
- FIGS. 15A and 15B show statuses of the operating/display unit 28 upon selection of the individual menu process
- FIG. 16 shows a flowchart of a user authentication process when a biometric authentication server 400 in the image forming apparatus managing system 100 is unusable
- FIG. 17 shows a biometric authentication server 400 A according to Embodiment 2;
- FIG. 18 shows a functional configuration of an MFP 200 A according to Embodiment 2;
- FIG. 19 shows a screen displayed on the operating/display unit 28 ;
- FIG. 20 shows a screen where a group name list is shown
- FIG. 21 shows a flowchart of a biometric authentication process according to Embodiment 2;
- FIG. 22 shows a functional configuration of an MFP 200 B according to Embodiment 3.
- FIG. 23 shows a button setting screen produced by a button setting unit 237 according to Embodiment 2;
- FIG. 24 shows a flowchart of a biometric authentication process according to Embodiment 3.
- FIG. 25 shows a screen displayed on the operating/display unit 28 ;
- FIG. 26 shows a system configuration of an image forming apparatus managing system 100 A according to Embodiment 4.
- FIG. 27 shows a functional configuration of an MFP 200 C according to Embodiment 4.
- FIG. 28 shows a functional configuration of a managing server 300 A according to Embodiment 4.
- FIG. 29 shows an AD server 500 A according to Embodiment 4.
- FIG. 30 shows a print server 800 according to Embodiment 4.
- FIG. 31 shows a managing terminal 700 A according to Embodiment 4.
- FIG. 32A shows a format of an IC card
- FIG. 32B shows a table of information items recorded in the IC card
- FIG. 33 shows a screen for selecting the type of information to be read from the IC card A
- FIG. 34 shows an area setting screen for setting an area in the IC card A
- FIG. 35 shows a flowchart of an operation of a plugin 290 A in the MFP 200 C
- FIG. 36 shows a plugin setting screen according to Embodiment 4.
- FIG. 37 shows a flowchart of a user authentication according to Embodiment 4 in the absence of the IC card
- FIGS. 38A and 38B show examples of screens displayed on the MFP 200 C according to Embodiment 4.
- FIG. 39 shows a flowchart of a process for registering or deleting user information in the managing server 300 A according to Embodiment 4;
- FIG. 40 shows a system configuration of an image forming apparatus managing system 100 B according to Embodiment 5.
- FIG. 41 shows a configuration of an MFP 200 a , an operating terminal 50 , a biometric information reader 210 a , and an IC card reader 220 a.
- biometric information of a user is acquired by an image forming apparatus, and the user is authenticated or not authenticated by a biometric authentication server based on the biometric information. Utilization of the image forming apparatus by the user is controlled by a managing server in accordance with the biometric information.
- FIG. 1 shows an image forming apparatus managing system 100 according to an embodiment of the present invention.
- the image forming apparatus managing system 100 includes one or more multifunction peripherals (MFP) 200 as an image forming apparatus, a managing server 300 , a biometric authentication server 400 , and an AD (ActiveDirectory) server 500 , which are connected via a network 600 .
- MFP multifunction peripherals
- the MFP 200 acquires biometric information about a user of the MFP 200 as authenticating information for authenticating the user.
- the biometric information is transmitted to the biometric authentication server 400 via the network 600 .
- the biometric authentication server 400 there is stored a user ID corresponding to the biometric information.
- the biometric authentication server 400 transmits the corresponding user ID to the managing server 300 .
- the managing server 300 there is stored use limit information concerning the MFP 200 that is associated with the user ID.
- the managing server 300 supplies the use limit information corresponding to the user ID to the MFP 200 . Based on the use limit information, an operation of the MFP 200 is controlled.
- the MFP 200 may employ information stored in a recording medium, such as IC card identifying information stored in an IC card, as the authenticating information.
- the MFP 200 transmits the acquired IC card identifying information to the managing server 300 .
- the managing server 300 then transmits the user ID corresponding to the IC card identifying information to the AD server 500 for user authentication.
- the managing server 300 supplies the use limit information associated with the authenticated user ID to the MFP 200 . Based on the use limit information, the MFP 200 controls its operation.
- either biometric information about the user or identifying information stored in a recording medium such as an IC card may be used as the information used for user authentication.
- the operation of the MFP 200 is then controlled based on the use limit information associated with each user ID corresponding to the biometric information or IC card identifying information about each user.
- Use of the image forming apparatus is thus granted on an individual user basis, thus making it possible to maintain confidentiality of information.
- use of biometric information for user authentication prevents impersonation, so that information that requires high level of confidentiality can be properly handled.
- FIG. 2 shows a block diagram of a hardware configuration of the MFP 200 .
- the MFP 200 includes a scan unit 21 , a plotter unit 22 , a drive unit 23 , an auxiliary storage unit 24 , a memory unit 25 , a processor unit 26 , an interface unit 27 , and an operating/display unit 28 , which are all connected via a bus B.
- the scan unit 21 which may include a scanner engine and an engine control unit for controlling the scanner engine, is used for obtaining image data from a paper manuscript or the like.
- the image data is outputted by the plotter unit 22 , which may include a plotter engine and an engine control unit for controlling the plotter engine.
- the interface unit 27 may include a modem and a LAN (local area network) card and is used for providing connection with the network 600 . Specifically, the interface unit 27 enables the MFP 200 to exchange information with other devices on the network 600 .
- the operating/display unit 28 may include a touch panel that displays operating keys for the MFP 200 or the status of progress of a process.
- the MFP 200 is controlled by various programs of which one is an image forming program which may be either stored in a recording medium 29 for distribution, or downloaded via the network 600 .
- the recording medium 29 with the image forming program may include various recording media that record information optically, electrically, and/or magnetically. Examples are a CD-ROM (compact disc read-only memory), a flexible disc, a magneto-optical disc, a ROM, and a flash memory.
- the image forming program may be installed in the auxiliary storage unit 24 by setting the recording medium 29 on the drive unit 23 .
- the image forming program may also be downloaded via the network 600 and then installed in the auxiliary storage unit 24 via the interface unit 27 .
- the MFP 200 loads the installed image forming program and other necessary files or data and the like.
- the memory unit 25 reads the image forming program from the auxiliary storage unit 24 and loads it.
- the processor unit 26 realizes various processes as described below, in accordance with the image forming program stored in the memory unit 25 .
- FIG. 3 shows a block diagram of a hardware configuration of the managing server 300 .
- the managing server 300 includes an input device 31 , an output device 32 , a drive unit 33 , an auxiliary storage unit 34 , a memory unit 35 , a processor unit 36 , and an interface unit 37 , which are mutually connected via a bus B.
- the input device 31 which may include a keyboard and mouse, is used for inputting various signals.
- the output device 32 may include a display unit for displaying various windows and data.
- the interface unit 37 may include a modem or a LAN card and is used for connection with the network 600 . Specifically, the managing server 300 exchange information with other devices on the network 600 via the interface unit 37 .
- the managing server 300 is controlled by various programs of which one is a managing program which may be either stored in a recording medium 38 for distribution or downloaded via the network 600 .
- the recording medium 38 in which the managing program is recorded may record information optically, electrically, and/or magnetically. Examples of the recording medium are a CD-ROM, a flexible disc, a magneto-optical disc, and various semiconductor memories that record information electrically, such as a ROM and a flash memory.
- the managing program may be installed in the auxiliary storage unit 34 by setting the recording medium 38 on the drive unit 33 .
- the managing program may be downloaded via the network 600 and then installed in the auxiliary storage unit 34 via the interface unit 37 .
- the managing server 300 loads the installed managing program and other necessary files and data and the like.
- the memory unit 35 reads the managing program from the auxiliary storage unit 34 and loads it.
- the processor unit 36 realizes various processes as described below in accordance with the managing program stored in the memory unit 35 .
- FIG. 4 shows a system configuration of the image forming apparatus managing system 100 according to Embodiment 1.
- the image forming apparatus managing system 100 includes an MFP 200 , a managing server 300 , a biometric authentication server 400 , an AD server 500 , and a managing terminal 700 , which are connected via a network 600 .
- biometric authentication server 400 when user authentication by biometric information is selected, user authentication is performed by the biometric authentication server 400 .
- user authentication by IC card identifying information when user authentication is selected, user authentication is performed by the managing server 300 and the AD server 500 .
- the biometric information may be based on vein recognition. Biometric information is not limited to vein recognition and may include fingerprints in other embodiments of the present invention.
- FIG. 5 shows a functional configuration of the MFP 200 .
- the MFP 200 includes, in addition to the hardware units shown in FIG. 2 , a biometric information reader 210 and an IC card reader 220 .
- the biometric information reader 210 and the IC card reader 220 are controlled by the processor unit 26 .
- the biometric information reader 210 may comprise a finger vein imaging unit for taking an image of the veins in a user's finger.
- the IC card reader 220 may comprise a contactless IC card reader.
- the MFP 200 further includes a plug-in unit 230 , a plugin setting unit 240 , a password generating unit 250 , a display control unit 260 , an individual information acquiring unit 270 , and a process history acquiring unit 280 .
- the plug-in unit 230 is a program stored in the auxiliary storage unit 24 that is read and executed by the processor unit 26 .
- the plug-in unit 230 includes a plugin 231 having a biometric information acquisition control function for controlling a process relating to the acquisition of biometric information.
- the plug-in unit 230 also includes a plugin 290 having an IC card information acquiring function for controlling the acquisition of information from an IC card.
- the plugins 231 and 290 may be recorded in the recording medium 29 , or may be downloaded via the network 600 .
- the plugins 231 and 290 acquired from the recording medium 29 or downloaded are then stored in the auxiliary storage unit 24 .
- the plugins 231 and 290 may be mutually independently installed or uninstalled to or from the MFP 200 .
- the plugin 231 includes a biometric information acquiring unit 232 for acquiring biometric information obtained by the biometric information reader 210 ; and a biometric information processing unit 233 for rendering the biometric information into data that can be handled by the MFP 200 .
- the plugin 290 is configured to acquire the IC card identifying information read by the IC card reader 220 .
- the plugin setting unit 240 sets a plugin that is started in the plug-in unit 230 .
- the setting of the plugin that is started using the plugin setting unit 240 allows for the selection of biometric information or IC card identifying information for user authentication.
- the password generating unit 250 generates a password based on the IC card identifying information, in accordance with a particular algorithm.
- the password once generated by the password generating unit 250 is stored in the auxiliary storage unit 24 as individual information, as will be described later.
- the display control unit 260 controls the display on the operating/display unit 28 of the MFP 200 .
- the individual information acquiring unit 270 acquires the individual information based on the use limit information as described later.
- the individual information which is information each user can individually use on the MFP 200 , may be stored in the auxiliary storage unit 24 in advance.
- the individual information may include the individual user's setting information and address book, and image data or electronic documents that have been or are to be processed in the MFP 200 .
- the individual information is associated with the user ID, as will be described later, and is read upon selection of an “individual menu” in the MFP 200 . In the MFP 200 , when the individual menu is selected and the individual information is read, the processor unit 28 executes a process in the MFP 200 based on the individual information.
- the process history acquiring unit 280 acquires a history of processes executed in the MFP 200 .
- the acquired history information may be stored in the auxiliary storage unit 24 , or transmitted to a history managing apparatus (not shown) or the like via the network 600 .
- the process history may be stored in association with the user ID and the type of process so that the history of executed processes can be retrieved by referring to the user ID or the type of process. A result of such retrieval may be displayed on the operating/display unit 28 for the user.
- the managing server 300 includes IC card identifying information 311 and a user ID 312 .
- the IC card identifying information 311 is the same as the IC card identifying information recorded in the IC card reader 220 , and is stored in advance.
- the user ID 312 is user identifying information corresponding to the IC card identifying information 311 , and is read based on the IC card identifying information 311 .
- the use limit information 313 includes information indicating one or more functions that a corresponding user can use in the MFP 200 and setting conditions.
- the use limit information 313 is associated with the user ID 312 .
- the use limit information 313 indicates whether the scan function, the FAX function, the monochrome print function, and/or the color print function of the MFP 200 may be used.
- the use limit information 313 may indicate that a user A is allowed to use the scan function, the FAX function, the monochrome print function, and the color print function while a user B is allowed to use only the scan function and the print function.
- the use limit information acquiring unit 320 acquires the use limit information associated with the user ID 312 from the auxiliary storage unit 34 .
- the authentication server setting unit 330 sets an authentication server used for user authentication. In accordance with the present embodiment, the authentication server set by the authentication server setting unit 330 is either the biometric authentication server 400 or the AD server 500 .
- the display control unit 340 controls the display on a display unit such as the output device 32 of the managing server 300 .
- the biometric authentication server 400 performs user authentication based on biometric authentication.
- biometric authentication server 400 there is stored biometric information associated with individual users, and user IDs associated with the individual biometric information.
- the AD server 500 performs user authentication based on the user ID.
- the user IDs are stored in advance.
- the managing terminal 700 is a terminal for managing the image forming apparatus managing system 100 .
- the managing terminal 700 may be used to modify a setting in the MFP 200 or the managing server 300 , or register information therein.
- the present embodiment employs the single managing terminal 700 , the managing terminal 700 may be allocated to the MFP 200 and the managing server 300 individually.
- the biometric authentication server 400 , the AD server 500 , and the managing terminal 700 may each have a similar hardware configuration to that of the managing server 300 .
- the biometric authentication server 400 , the AD server 500 , and the managing terminal 700 may be each provided by a general computer having a processor unit, an auxiliary storage unit, a memory unit, and an output device (such as a display unit).
- user authentication by biometric information can be performed by setting an appropriate plugin that is started in the MFP 200 , and setting the authentication server used for user authentication.
- the setting of the plugin and the authentication server is described.
- FIG. 7 shows a plugin setting screen 70 according to Embodiment 1.
- the plugin setting screen 70 is displayed on the operating/display unit 28 by the display control unit 260 in the MFP 200 in response to a plugin setting instruction.
- the plugin setting screen 70 there is displayed a list of plugins that can be started in the MFP 200 .
- the plugin selected on the plugin setting screen 70 is set by the plugin setting unit 240 as the plugin to be started.
- the plugin setting screen 70 may be displayed on a display unit of the managing terminal 700 .
- the plugin setting unit 240 may acquire plugin setting information from the managing terminal 700 and set the selected plugin as the plugin that is started.
- FIG. 8 shows an example of an authentication server setting screen in the managing server 300 according to the present embodiment.
- the managing server 300 acquires authentication server setting information, and sets an authentication server using the authentication server setting unit 330 .
- the managing server 300 in response to an authentication server setting instruction, instructs the display control unit 340 to display an authentication server setting screen 80 on the display unit 32 .
- the authentication server setting screen 80 In the authentication server setting screen 80 , settings concerning the URL (Uniform Resource Locator) of the authentication server on the network 600 , or other settings unique to the individual authentication server are made.
- the authentication server setting screen 80 shown in FIG. 8 is adapted for the setting of the biometric authentication server 400 .
- the URL of the biometric authentication server 400 and a timeout period for acquiring biometric information are set.
- the authentication server setting unit 330 acquires the setting information generated on the authentication server setting screen 80 and sets the authentication server.
- the authentication server setting screen 80 may be displayed on the display unit of the managing terminal 700 .
- the authentication server setting unit 330 acquires the setting information from the managing terminal 700 and sets the authentication server.
- biometric authentication user authentication based on biometric information
- the plugin 231 is set as the plugin to be started for realizing the biometric information acquisition control function
- the biometric authentication server 400 is set as the authentication server.
- FIG. 9 shows a flowchart of a process of biometric authentication according to Embodiment 1.
- the display control unit 260 of the MFP 200 causes the operating/display unit 28 to display an opening screen 10 (see FIG. 10 ) which prompts the acquisition of biometric information.
- FIG. 10 shows an example of the opening screen, where a start button 10 A for entering a biometric authentication start instruction is displayed.
- step S 903 the managing server 300 , in response to the biometric authentication start instruction, determines whether the biometric authentication server 400 is set as the authentication server. If in step S 903 it is determined that the authentication server is not set, the managing server 300 notifies the MFP 200 . The MFP 200 then causes the display control unit 260 to display an error message on the operating/display unit 28 in step S 904 , indicating that the authentication server is not set (see FIG. 12A ).
- FIGS. 12A to 12C show examples of the error message displayed on the operating/display unit 28 .
- step S 903 if it is determined in step S 903 that the biometric authentication server 400 is set, the managing server 300 notifies the MFP 200 .
- the display control unit 260 causes the user ID input screen 11 shown in FIG. 11 to be displayed on the operating/display unit 28 in step S 905 .
- FIG. 11 shows an example of the user ID input screen displayed on the operating/display unit 28 .
- step S 905 If there is no input in step S 905 for a predetermined duration of time, the display control unit 260 causes the operating/display unit 28 to display the opening screen 10 in step S 901 . If the user ID is inputted in step S 905 , biometric information is read by the biometric information reader 210 , and the authentication button 11 A displayed on the user ID input screen 11 is operated in step S 906 . Then a biometric authentication process is performed in step S 907 . After the user is authenticated in step S 907 , the user login in the image forming apparatus managing system 100 is completed in step S 908 .
- the biometric authentication process according to the present embodiment is described.
- the user ID and the biometric information acquired in step S 905 by the MFP 200 are transmitted to the biometric authentication server 400 .
- the biometric authentication server 400 if there are a user ID and biometric information that correspond to the user ID and biometric information transmitted from the MFP 200 , the user is authenticated.
- step S 907 if the authentication process is unsuccessful due to an input error of the user ID or a biometric information reading error, the display control unit 260 in step S 909 displays an appropriate error message on the operating/display unit 28 (see FIG. 12B ).
- the user ID input error may be caused when a prohibited character or letter is inputted.
- a confirm button 12 B is operated in step S 910 in response to the error message displayed in step S 909 , the display control unit 260 displays the user ID input screen 11 back in step S 905 . If no operation is entered in step S 910 for a certain duration of time, the display control unit 260 displays the opening screen 10 back in step S 901 .
- step S 907 if the authentication process cannot be performed due to a connection error between the MFP 200 and the biometric authentication server 400 , the display control unit 260 in step S 911 displays an appropriate error message on the operating/display unit 28 (see FIG. 12C ).
- biometric information prevents the risk of user impersonation and enables the maintenance of high level of security. Furthermore, use of biometric information for user authentication eliminates the need for carrying an IC card or the like for login into the image forming apparatus managing system 100 , thus providing enhanced user-friendliness.
- IC card authentication process a description is given of a user authentication process using IC card identifying information (hereafter referred to as “IC card authentication process”).
- the plugin 290 that has the IC card information acquisition function is set as the plugin to be started, and the AD server 500 is set as the authentication server.
- FIG. 13 shows a flowchart of the IC card authentication process according to Embodiment 1.
- the MFP 200 acquires the IC card identifying information 311 via the IC card reader 220 , and transmits it to the managing server 300 via the interface unit 27 .
- the managing server 300 Upon reception of the IC card identifying information 311 , the managing server 300 in step S 1301 retrieves the user information 310 stored in the auxiliary storage unit 34 , based on the IC card identifying information 311 .
- the managing server 300 determines whether there is IC card identifying information in the auxiliary storage unit 34 that corresponds to the acquired IC card identifying information.
- the managing server 300 If there is the corresponding IC card identifying information in the auxiliary storage unit 34 , the managing server 300 reads the user ID 312 associated with the acquired IC card identifying information. The managing server 300 then determines in step S 1302 whether the AD server 500 is set for the user authentication process. If in S 1302 the AD server 500 is set for user authentication, the managing server 300 in step S 1303 accesses the AD server 500 and determines whether the user ID 312 that has been read exists among the user IDs retained in the AD server 500 .
- step S 1303 the managing server 300 considers the user to have been authenticated, and login of the user is completed in step S 1304 . If in step S 1302 user authentication based on the AD server 500 is not set, the process goes to step S 1304 and the login of the user is completed. In this case, the login is complete as long as the IC card identifying information corresponding to the acquired IC card information is present in the auxiliary storage unit 34 .
- step S 1305 determines whether use of the MFP 200 should be granted to the user ID 312 based on the use limit information 313 corresponding to the relevant user ID. If in step S 1305 the user ID 312 is a user ID for which use of the MFP 200 is granted, the managing server 300 considers the user to have been authenticated. If in step S 1305 the user ID 312 is a user ID for which use of the MFP 200 is not granted, the managing server 300 considers the login process to have failed and ends the user authentication process in step S 1306 .
- user authentication is performed using an IC card as described above.
- the managing server 300 acquires the use limit information 313 corresponding to the user ID 312 , using the use limit information acquiring unit 320 .
- the use limit information 313 is then transmitted to the MFP 200 .
- the MFP 200 then controls its operation based on the use limit information 313 so that only one or more of the functions that are allowed to be used by the authenticated user are realized.
- the process for realizing only those functions that are allowed for an authenticated user is referred to as an individual menu process.
- the “individual menu” may refer to the individual menu process.
- the functions available in the individual menu may include accessing and viewing of image data or electronic documents stored in the MFP 200 on an individual user basis; using or editing of an address book for an individual user; and viewing of mail documents for an individual user.
- the display on the operating/display unit 28 or settings in the MFP 200 can be customized by the individual user.
- FIG. 14 shows a flowchart of the individual menu process.
- FIGS. 15A and 15B show examples of the display on the operating/display unit 28 when the individual menu process is selected. Specifically, FIG. 15A shows a status of the operating/display unit 28 before login to the individual menu, while FIG. 15B shows a status on the operating/display unit 28 after login into the individual menu.
- step S 1401 the MFP 200 in step S 1402 renders operable the operating/display unit 28 that has been locked until completion of user login (“hard-key lock”).
- step S 1403 the MFP 200 , based on the use limit information 313 transmitted from the managing server 300 , transitions to a status where one or more predetermined functions (priority functions) alone can be realized.
- the priority functions may include a function that can be realized without using unique user information, such as the copy process.
- step S 1404 If the MFP 200 receives an instruction for executing an individual menu process in step S 1404 , the process goes to step S 1405 where the display control unit 260 causes the operating/display unit 28 to indicate that preparations are being made (see FIG. 15A ). If there is no instruction for the individual menu process in step S 1404 , the MFP 200 is controlled in step S 1418 so that only the priority functions determined based on the use limit information can be realized.
- step S 1406 an individual menu login process is executed.
- a password is generated by the password generating unit 250 based on the user ID 312 .
- the user ID 312 and the password that has been generated based on the user ID 312 at the time of the last login are stored in the auxiliary storage unit 24 .
- step S 1407 the MFP 200 determines whether there is a user ID and a password in the auxiliary storage unit 24 that correspond to the user ID 312 and the password generated from the user ID 312 . In step S 1407 , if there is no corresponding user ID, the MFP 200 determines that the user ID 312 is a new user ID whose user is not registered. In step S 1408 , the display control unit 260 of the MFP 200 displays the user registration screen on the operating/display unit 28 , and the process transitions to the user registration process. If the password is invalid in step S 1407 , the MFP 200 in step S 1409 puts the operating/display unit 28 in the hard-key locked status. However, a print instruction can be issued for any print job that is retained within the MFP 200 at this point in time.
- An invalid status of the password is recognized when, for example, the user changed his or her password (initial password) that has been generated by the password generating unit 250 upon initial login to the individual menu into a user-defined password.
- the display control unit 260 displays in step S 1410 a touch panel screen or the like on the operating/display unit 28 , indicating that the input of the modified password is necessary. If a correct password is entered by the user in S 1410 , the hard-key lock status is cancelled in step S 1411 in accordance with the use limit information.
- step S 1407 If the login process produces an error in step S 1407 for one reason or another, the display control unit 260 in step S 1412 deletes the indication of process preparations from the operating/display unit 28 .
- step S 1413 the display control unit 260 displays a message on the operating/display unit 28 indicating the error in the individual menu login process. Thereafter, the MFP 200 is controlled so that only the priority functions can be realized based on the use limit information 313 .
- step S 1407 if there are the corresponding user ID and password in the auxiliary storage unit 24 , the login of the user to the individual menu is completed.
- step S 1414 the individual information acquiring unit 270 acquires individual information from the auxiliary storage unit 24 that corresponds to the user ID 312 . Then, settings or the like are made for the MFP 200 based on the individual information.
- step S 1415 the MFP 200 in step S 1415 puts the operating/display unit 28 in a status such that operating keys used for the individual menu can be used.
- step S 1416 the display control unit 260 deletes the indication on the operating/display unit 28 regarding the preparations being made for the execution of process.
- step S 1417 the display control unit 260 displays a message on the operating/display unit 28 indicating that information regarding password can be viewed. This completes the individual menu login process in the MFP 200 , and thereafter the individual menu for the particular user is displayed on the operating/display unit 28 (see FIG. 15B ).
- the information regarding password that is displayed in step S 1417 may include the initial password generated by the password generating unit 250 , and a guidance for changing the initial password into a user-defined password.
- the screen displayed in step S 1417 may transition to a password setting screen for changing the password.
- the screen may transition to a screen that notifies the user of the initial password once again.
- the password displayed on the operating/display unit 28 may be automatically deleted after a predetermined duration of time.
- the user ID is managed using the managing server 300 , and the available functions of the MFP 200 are limited based on the user ID.
- enhanced security can be obtained for the management of the individual information image held in the forming apparatus 200 , enabling the maintenance of information confidentiality.
- FIG. 16 shows a flowchart of a user authentication process that is performed when the biometric authentication server 400 is unusable.
- the MFP 200 in step S 1601 transmits the user ID (see step S 906 in FIG. 9 ) entered via the operating/display unit 28 to the AD server 500 .
- the AD server 500 determines whether a user ID that corresponds to the user ID that it received exists in the AD server 500 .
- step S 1603 if there is the corresponding user ID in the AD server 500 , the user is authenticated.
- step S 1603 If in step S 1603 there is no corresponding user ID, the AD server 500 in step S 1605 notifies the MFP 200 of an authentication error.
- the control unit 260 displays an authentication error message on the operating/display unit 28 .
- step S 1606 in the MFP 200 , the process history acquiring unit 280 acquires authentication error history information and stores it in the auxiliary storage unit 24 or the like. The authentication error history may be transmitted to the managing server 300 and stored in the auxiliary storage unit 34 therein.
- the login process can be performed using an entered user ID even when the biometric authentication server 400 is unusable due to failure or the like, or when biometric information cannot be acquired, enabling the user to use the MFP 200 based on his or her individual use limit information.
- Embodiment 2 differs from Embodiment 1 in that improved operability is obtained when performing user authentication based on biometric information.
- Embodiment 2 only the differences from Embodiment 1 are described, with the units or components having similar or corresponding functions to those of Embodiment 1 being designated by similar reference numerals and their descriptions omitted.
- biometric information about individual users and user IDs associated with the biometric information are registered on a group by group basis in advance.
- Each of the groups is allocated group identifying information (referred to as a “group ID”).
- the biometric authentication server 400 A may be realized by a general computer having a processor unit, a storage unit, and the like, which are not shown.
- the biometric authentication server 400 A includes a database 410 in the storage unit, and an authentication processing unit 420 configured to perform an authentication process based on biometric information.
- the database 410 stores authenticating information used for the authentication process, including biometric information about individual users and user IDs associated with the biometric information, on a group by group basis. Each group is given the group ID.
- the database 410 includes authenticating information 411 with a group ID A; authenticating information 412 with a group ID B; and authenticating information 413 with a group ID C.
- Each of the groups may correspond to a department of a company or the like to which the individual users belong.
- the authentication processing unit 420 in response to a biometric authentication start instruction from the MFP 200 A, executes the authentication process, as described in detail below.
- FIG. 18 shows a functional configuration of the MFP 200 A according to Embodiment 2.
- the MFP 200 A includes a plug-in unit 230 A.
- the plug-in unit 230 A has a plugin 231 A for realizing a biometric information acquiring function.
- the plugin 231 A includes a biometric information acquiring unit 232 , a biometric information processing unit 233 , a group name setting unit 234 , a list control unit 235 , and a group ID acquiring unit 236 .
- the group name setting unit 234 of the plugin 231 A is configured to associate a group ID stored in the biometric authentication server 400 A with a group name in a list box L 10 (see FIG. 20 ) that is displayed on the operating/display unit 28 of the MFP 200 A.
- the group name setting unit 234 causes the display control unit 260 to display a screen 20 shown in FIG. 19 to be displayed on the operating/display unit 28 .
- FIG. 19 is an example of the screen displayed on the operating/display unit 28 .
- a software keyboard is displayed. Using this software keyboard, a system administrator, for example, sets the associations between the group IDs and the group names.
- the group name setting unit 234 may store the association between the group ID and the group name in the auxiliary storage unit 24 of the MFP 200 A.
- the list control unit 235 is configured to create a list of group names (“group name list”) that have been set by the group name setting unit 234 .
- the list created by the list control unit 235 is displayed in the list box L 10 on the operating/display unit 28 .
- FIG. 20 shows an example of the screen in which the group name list is displayed. The details of creation of the group name list by the list control unit 235 will be described later.
- the list box L 10 shows all of the group names that have been set by the group name setting unit 234 .
- a scroll bar S may be shown in the list box L 10 when all of the group names set by the group name setting unit 234 cannot be shown in the list box L 10 .
- the group ID acquiring unit 236 acquires a group ID corresponding to a group name selected in the list box L 10 created by the list control unit 235 , from the auxiliary storage unit 24 , for example, of the MFP 200 A.
- step S 2103 if the biometric authentication server 400 A is set as the authentication server, the managing server 300 notifies the MFP 200 A.
- the MFP 200 A then causes the display control unit 260 to display the list box L 10 of FIG. 20 to be displayed on the operating/display unit 28 in step S 2105 .
- step S 2106 after a group name is selected in the list box L 10 and the biometric information is read, the authentication button 31 is operated (see FIG. 20 ).
- step S 2107 the biometric authentication process is performed, as described below.
- the MFP 200 A Upon selection of the group name, the MFP 200 A acquires a group ID corresponding to the group name selected by the group ID acquiring unit 236 . The MFP 200 A then transmits the acquired group ID and biometric information that is read to the biometric authentication server 400 A. In the biometric authentication server 400 A, the group ID and the biometric information are received and the authentication process is performed. Specifically, the biometric authentication server 400 A retrieves authenticating information corresponding to the group ID received, using the authentication processing unit 420 , and determines whether there is biometric information that matches the biometric information received.
- the authentication processing unit 420 searches the authenticating information 411 corresponding to the group ID A, and determines whether there exists biometric information that matches the biometric information received. If there is the biometric information matching the biometric information received, the authentication processing unit 420 authenticates the biometric information.
- steps S 2108 and S 2111 are the same as the process between steps S 908 and S 911 shown in FIG. 9 .
- description of steps S 2108 to S 2111 is omitted in the following.
- the process of creating the group name list by the list control unit 235 in the present embodiment is described.
- the list control unit 235 after the group name is selected in step S 2106 , creates the group name list once again. Specifically, the list control unit 235 , upon selection of the group name in step S 2106 , creates the group name list when the list box L 10 is next displayed such that the group name selected in step S 2106 comes at the top of the list.
- the group names that follow the top group name are arranged in descending order of the number of times of selection of the group name in the past.
- the list control unit 235 puts the group name A at the top of the list, and places the group name C next to the group name A, as shown in FIG. 20 .
- the group name B is placed next to the group name C.
- the list control unit 235 has stored values indicating the number of times each group name has been selected, so that the number of times of selection of each group name can be determined.
- the list control unit 235 creates the group name list in which the group name selected the last time and the group names that have been selected most frequently in the past are at the top of the list. This allows a user to find and select his or her own group name the more easily the more often he or she uses the group name.
- the biometric authentication server 400 A only needs to retrieve the authenticating information to which the group ID associated with the selected group name is allocated, and there is no need to retrieve all of the authenticating information stored in the biometric authentication server 400 A.
- the time required for the authentication process can be reduced and its accuracy can be improved.
- Embodiment 3 differs from Embodiment 2 in that a further improved operability is obtained when performing user authentication based on biometric information.
- Embodiment 3 only the differences from Embodiment 2 are described and the units or components having the same or corresponding functions as those of Embodiment 2 are designated with similar reference numerals while omitting their descriptions.
- the group names are displayed on the operating/display unit 28 of the MFP 200 B as group name buttons. This eliminates the need to retrieve a desired group name from the list box L 10 , thus improving operability.
- FIG. 22 shows a functional configuration of the MFP 200 B according to the present embodiment.
- the MFP 200 B includes a plug-in unit 230 B which includes a plugin 231 B for realizing a biometric information acquiring function.
- the plugin 231 B includes a biometric information acquiring unit 232 ; a biometric information processing unit 233 ; a group name setting unit 234 ; a list control unit 235 ; a group ID acquiring unit 236 ; and a button setting unit 237 .
- the button setting unit 237 is configured to make settings for displaying on the operating/display unit 28 group name buttons corresponding to the group names that are set by the group name setting unit 234 . Specifically, the button setting unit 237 displays a group name button setting screen that has the same layout as the screen displayed on the operating/display unit 28 upon biometric authentication.
- FIG. 23 shows a button setting screen 40 produced by the button setting unit 237 .
- the button setting screen 40 has a setting area 41 for associating the group name buttons and group names.
- the layout of the setting area 41 is the same as that of the screen that is displayed upon execution of biometric authentication as will be described later.
- the screen 20 shown in FIG. 19 is displayed.
- the entered group name is displayed within the setting area 41 in the screen 40 .
- the layout of the screen 40 according to the present embodiment is the same as that of the screen displayed during actual biometric authentication, the system administrator or the like who makes the setting can make sure whether, looking at the display of the setting area 41 , a group name can be correctly displayed within the group name button at the time of actual biometric authentication.
- the group name button 42 within the setting area 41 is pressed. Then, the screen 20 of FIG. 19 appears, where the user presses the group name A, enters the group ID corresponding to the group name A, and presses the setting button 21 . Then on the screen 40 , the group name A entered in the screen 20 is displayed within the group name button 42 . By pressing the OK button 43 at this time, the setting of the group name in the group name button 42 is complete. If the cancel button 44 is pressed instead, the screen 40 transitions back to the screen 20 , where the group name to be displayed can be changed or modified. Thus, when the system administrator or the like makes the group name button setting, he or she can confirm the displayed content.
- the allowed number of letters that can be displayed within the group name button is eight, if a 10-letter group name is entered, the ninth and 10th letters are not displayed within the group name button. In accordance with the present embodiment, however, such an incorrect display of the group name within the group name button is visibly displayed on the screen 40 , so that the administrator or the like can quickly change or modify the group name.
- steps S 2401 and S 2404 shown in FIG. 24 is the same as the process between steps S 901 and S 904 shown in FIG. 9 . Therefore, description of steps S 2401 to S 2404 is omitted.
- step S 2403 if the biometric authentication server 400 A is set as the authentication server, the managing server 300 notifies the MFP 200 A.
- the display control unit 260 displays the screen 50 shown in FIG. 25 on the operating/display unit 28 in step S 2405 .
- FIG. 25 is an example of the screen displayed on the operating/display unit 28 .
- step S 2406 a desired group name button is pressed in the screen 50 , and biometric information is read.
- step S 2407 biometric authentication is performed.
- the biometric authentication procedure in step S 2407 is the same as in Embodiment 2. Namely, upon selection of the group name by the pressing of the group name button, the group ID acquiring unit 236 acquires a group ID associated with the group name. The MFP 200 B then transmits the acquired group ID and the biometric information to the biometric authentication server 400 A. In the biometric authentication server 400 A, the authentication processing unit 420 performs authentication using the group ID and biometric information.
- steps S 2408 and S 2411 are the same as the process between steps S 908 and S 911 shown in FIG. 9 and therefore the description of the corresponding steps is omitted.
- up to six group name buttons can be displayed in the screen 50 shown in FIG. 25 .
- the group names that are set in the group name buttons are those group names that are frequently selected.
- a group name that is not displayed in any of the group name buttons in the screen 50 can be selected. Specifically, when selecting a group name that is not displayed in the screen 50 , a “Select other groups” button 51 is pressed. Then, the display screen of the operating/display unit 28 transitions to the screen 30 shown in FIG. 20 , where a list of group names other than those set in the group name buttons is shown in the list box L 10 .
- the group name buttons indicating group names are displayed, so that the user can select a group name simply by pressing the corresponding group name button. This eliminates the need to search the list box L 10 for the desired group name, thereby further improving operability.
- the group name buttons can be set in a setting screen having the same layout as that of the screen displayed when a relevant process is actually performed. This helps to reduce the burden on the system administrator or the like during the setting operation.
- Embodiment 4 is based on Embodiment 1 to which additional functions are provided.
- units or components having the same or similar functions to those of Embodiment 1 are designated by similar reference numerals while omitting their descriptions.
- the MFP information in a preset region on an IC card can be read. Further, the AD server and the managing server can be linked when user information stored in the managing server is registered or deleted. Furthermore, print jobs executed in the MFP can be managed.
- FIG. 26 shows a system configuration of an image forming apparatus managing system 100 A according to Embodiment 4.
- the image forming apparatus managing system 100 A includes an MFP 200 C, a managing server 300 A, a biometric authentication server 400 , an AD server 500 A, a managing terminal 700 A, a print server 800 , and a user terminal 900 , which are connected via a network 600 .
- the print server 800 manages print jobs that are generated in the user terminal 900 or the MFP 200 C, as will be described below.
- the user terminal 900 may be used for selecting a document to be printed by the MFP 200 C, or entering a print instruction into the MFP 200 C.
- FIG. 27 shows a functional configuration of an MFP 200 C according to Embodiment 4.
- the MFP 200 C includes a plug-in unit 230 C having a plugin 290 A for realizing an IC card information acquiring function.
- the plugin 290 A is configured to set an area of an IC card from which information is read by the MFP 200 C.
- the plugin 290 A includes an area setting information acquiring unit 291 , an area setting unit 292 , a card reader control unit 293 , and an information format converting unit 294 .
- the area setting information acquiring unit 291 acquires area setting information generated by the managing terminal 700 A as described below. Based on the area setting information acquired by the area setting information acquiring unit 291 , an area is set by the area setting unit 292 .
- the area setting unit 292 makes an area setting for the MFP 200 C by storing the acquired area setting information in the auxiliary storage unit 24 .
- Information in the area set in an IC card is read by the IC card reader 220 , under the control by the card reader control unit 293 .
- the information format converting unit 294 converts IC card identifying information acquired by the IC card reader 220 into a predetermined information format.
- the “predetermined format” is herein intended to refer to a format handled by the image forming apparatus managing system 100 A, i.e., a format that the MFP 200 C can process.
- the information format converting unit 294 converts the eLWISE format into FeliCa format.
- the information format converting unit 294 need not perform such information format converting process.
- the information format converting unit 294 enables the MFP 200 C to handle different IC card formats.
- FIG. 28 shows a functional configuration of the managing server 300 A according to Embodiment 4.
- the managing server 300 includes, in addition to the various units provided in the managing server 300 according to Embodiment 1 shown in FIG. 6 , the following: a user information managing unit 350 ; an update file acquiring unit 360 ; a print job deleting instruction unit 370 ; and a print order change unit 380 .
- the user information managing unit 350 manages user information 310 stored in the managing server 300 A by, for example, registering, deleting, or updating the user information.
- the user information managing unit 350 includes a user information registering unit 351 , a user information deleting unit 352 , and a user information updating unit 353 .
- the user information registering unit 351 is configured to register user information in the auxiliary storage unit 34 .
- the user information deleting unit 352 deletes user information from the auxiliary storage unit 34 .
- the user information updating unit 353 is configured to update user information stored in the auxiliary storage unit 34 based on an update file which will be described below.
- the update file acquiring unit 360 acquires the update file for updating user information stored in the auxiliary storage unit 34 .
- the update file may be created by a device connected to the managing server 300 A via the network 600 and downloaded by the managing server 300 A.
- the update file may also be created by a general computer not connected to the managing server 300 A and then recorded in a recording medium. In this case, the managing server 300 A can acquire the update file by reading it from the recording medium.
- the print job deleting instruction unit 370 generates a print job deleting instruction for deleting one or more print jobs stored in the print server 800 all at once.
- the print order change instruction unit 380 generates an execution order change instruction for changing the order of execution of the print jobs stored in the print server 800 .
- the AD server 500 A includes a storage unit 510 and an authentication processing unit 520 that is realized by the processor unit.
- the storage unit 510 there is stored user information 530 and a password 540 corresponding to the user information 530 .
- the user information 530 includes IC card identifying information 531 and a user ID 532 corresponding to the IC card identifying information 531 .
- the authentication processing unit 520 performs user authentication by determining whether the user information 530 stored in the storage unit 510 is valid.
- the print server 800 manages print jobs generated by the user terminal 900 and the MFP 200 C, as will be described below.
- the print server 800 includes a print control unit 811 , a print order change unit 812 , and a print job deleting unit 813 which are realized by an processor unit 810 , and a print job retaining unit 820 realized by a storage unit, and a communications unit 830 .
- the print control unit 811 transmits a relevant print job retained in the print instruction retaining unit 820 to the MFP 200 C, where the print job is executed.
- the print order change unit 812 changes the order in which the print jobs retained in the print instruction retaining unit 820 are executed.
- the print job deleting unit 813 in response to a print job deleting instruction from the managing server 300 A, deletes the print jobs retained in the print instruction retaining unit 820 all at once.
- the communications unit 830 is configured to communicate with the managing server 300 A and the MFP 200 C.
- the managing terminal 700 A may be realized by installing a suitable program in a general computer having an processor unit 710 , a storage unit 720 , a display unit 730 , and a communications unit 740 .
- the managing terminal 700 A includes a control unit 711 and an area setting information generating unit 712 , which are realized by the processor unit 710 .
- the control unit 711 controls various processes executed by the managing terminal 700 A.
- the area setting information generating unit 712 generates area setting information, as will be described later.
- the processor unit 710 executes an area setting program stored in the storage unit 720 in order to realize the function of the area setting information generating unit 712 .
- the area setting program is started up in the managing terminal 700 A upon instruction for generating area setting information.
- FIG. 32A shows an information recording format for the IC card A.
- FIG. 32B shows various items of information recorded in the IC card A.
- IC card identifying information is recorded at the top.
- employee number information is recorded.
- information about the number of times of issuance of the IC card A is recorded.
- information about the date of issuance of the IC card A is recorded.
- information about the expiration date of the IC card A is recorded.
- the format of the IC card may vary depending on the particular standard used and may be determined by the issuer of the IC card.
- the format of the information recorded in the IC card may also vary depending on the IC card standard. For example, in the case of a FeliCa card, information is recorded in FeliCa card format. In the case of an eLWISE card, the information is recorded in eLWISE card format.
- FIG. 32B the areas of the individual items of information in the IC card A are shown. It is seen that, for example, the area in block 1 in which an employee number is recorded starts at address 0 and ends at address 9.
- area setting information is generated using the format information about the IC card A shown in FIGS. 32A and 32B .
- the format information about the IC card A is supplied by the IC card issuer in advance.
- the information read from the IC card A may be selected from three kinds, as described below.
- FIG. 33 shows a screen for selecting the type of information to be read from the IC card A.
- the three types of information that can be read from the IC card A are the IC card identifying information, information in accordance with a standard format, and information recorded in a particular area within the IC card A.
- the managing terminal 700 A once information to be read from the IC card A is selected in the screen shown in FIG. 33 , a screen for entering an area setting is displayed on the display unit 730 .
- the area setting information generating unit 712 considers the information indicating the head area of the IC card A as the area setting information. It should be noted, however, that the area in which the IC card identifying information is recorded is not limited to the head area of the IC card A.
- the area setting information generating unit 712 uses the information indicating the standard format as the area setting information.
- the standard format may be supplied from the IC card issuer to the system administrator and set in the managing terminal 700 A.
- the format information stored in the managing terminal 700 A may include information indicating the area where the IC card identifying information is recorded, and information indicating the area where the employee number is recorded. Based on such format information stored in the managing terminal 700 A, the area setting information generating unit 712 generates area setting information.
- FIG. 34 shows an area setting screen 25 A for setting an area in the IC card A.
- the area setting screen 25 A includes a block designating area 25 B for designating a block in which information is to be read; a position designating area 25 C for designating a position (address) in the designated block; and an information list area 25 D where information items that can be read are shown.
- blocks 1 and 3 of the IC card A are designated in the block designating area 25 B.
- the position designating area 25 C the entire data in blocks 1 and 3 is designated.
- the area setting information generating unit 712 generates area setting information indicating that the entire data recorded in blocks 1 and 3 of the IC card is to be acquired.
- the information list area 25 D there are displayed an employee number, which is the entire data recorded in block 1, and an expiration date, which is the entire data recorded in block 3, as the information items to be acquired based on the area setting information.
- an employee number which is the entire data recorded in block 1
- an expiration date which is the entire data recorded in block 3
- a block and the position of information in the block can be designated while confirming the information items to be read in the area setting screen.
- the area setting information can be generated by the system administrator or the like through a simple operation.
- the area setting information generated by the managing terminal 700 A may be supplied to the MFP 200 C via the network 600 .
- the area setting information may be recorded in a recording medium in the managing terminal 700 A, such as a USB memory.
- the area setting information recorded in such a recording medium is then read by the MFP 200 C, thus acquiring the area setting information.
- an area setting program for realizing the function of the area setting information generating unit 712 is installed in the managing terminal 700 A, this is merely an example.
- the area setting program may be installed in the user terminal 900 .
- the area setting program may be installed in a general computer not connected to the MFP 200 C. In this case, the area setting information that is generated may be recorded in a recording medium and then supplied to the MFP 200 C.
- FIG. 35 shows a flowchart of an operation of the plugin 290 A in the MFP 200 C.
- the plugin 290 A starts a process when selected as the plugin executed in the plug-in unit 230 C in step S 2601 .
- the selection of the plugin is described below.
- the MFP 200 C according to the present embodiment includes plural kinds of plugins (not shown) for controlling the reading of information from the IC card.
- a system administrator for example, can select one of the plugins to be executed in the MFP 200 C.
- the selection of the plugin may be performed by an administrator tool for managing the image forming apparatus managing system 100 A.
- the administrator tool may be provided in the managing terminal 700 A or in the MFP 200 C.
- plugins provided in the MFP 200 C may include an SSFC (Shared Security Formats Cooperation; an ID card security management system using the FeliCa contactless IC card technology) plugin in accordance with the SSFC standard, and an eLWISE plugin in accordance with the eLWISE card standard.
- SSFC Shared Security Formats Cooperation
- eLWISE eLWISE plugin
- the SSFC plugin is executed so that the MFP 200 C reads information from the IC card in accordance with SSFC standard format.
- the plugin 290 A according to the present embodiment may be operated as a FeliCa plugin in accordance with the FeliCa standard.
- FIG. 36 shows an example of a plugin setting screen according to Embodiment 4.
- the plugin setting screen 70 A may be displayed on the display unit 730 of the managing terminal 700 A, or on the operating/display unit 28 of the MFP 200 C.
- the MFP 200 C starts the plugin 290 A.
- the area setting information acquiring unit 291 acquires area setting information in step S 2602 .
- the area setting information acquiring unit 291 may acquire the area setting information from the managing terminal 700 A via the network 600 , or from a recording medium.
- the acquired area setting information is set in the MFP 200 C by the area setting unit 292 .
- the area setting unit 292 stores the area setting information in the auxiliary storage unit 24 , whereupon the setting of area setting information in the MFP 200 C is completed.
- step S 2604 when the IC card A is passed over the IC card reader 220 , the information recorded in a set area of the IC card A is read by the IC card reader 220 under the control of the card reader control unit 293 .
- the card reader control unit 293 controls the reading of the information by the IC card reader 220 by referring to the area setting information stored in the auxiliary storage unit 24 .
- the IC card reader 220 may also acquire the format information about the IC card A when the IC card A is passed over it.
- four patterns of area setting information can be generated for each type of an IC card.
- multiple patterns of area setting information may be acquired and set.
- the card reader control unit 293 determines whether each item of area setting information corresponds to the format of the IC card A, in order from the area setting information that is initially acquired. Based on the area setting information that has been determined to correspond to the format of the IC card A, the card reader control unit 293 controls the reading of information by the IC card reader 220 .
- the information format converting unit 294 converts the information into a predetermined format.
- the “predetermined format” is herein intended to refer to a format that can be processed by the MFP 200 C.
- the MFP 200 C is adapted for FeliCa card format
- the information format converting unit 294 converts the eLWISE format into FeliCa card format. If the information read by the IC card reader 220 is in a format compatible with the MFP 200 C, the information format converting unit 294 need not perform the information format converting process.
- step S 2606 the MFP 200 C transmits the information whose format may have been converted by the information format converting unit 294 to the managing server 300 A.
- the managing server 300 A performs a user login process using the information transmitted from the MFP 200 C.
- an area for the reading of information is set in the IC card, so that the information recorded in the thus set area can be read.
- information to be read from the IC card can be set depending on the environment in which the image forming apparatus managing system 100 A is used.
- the format of the information can be converted into a format that can be processed by the MFP 200 C. This feature of the present embodiment enables the handling of various types of IC cards based on different standards, thus enhancing the versatility of the MFP 200 C.
- the login process according to the present embodiment is described.
- the image forming apparatus managing system 100 A if a user forgot to bring his or her IC card, the user can still login by entering his or her user ID and password for user authentication.
- FIG. 37 shows a flowchart of user authentication that is performed when the user forgot to bring his or her IC card.
- the operating/display unit 28 of the MFP 200 C displays an instructing button 28 A (see FIG. 38A ) for entering an instruction for displaying a keyboard screen.
- FIG. 38A shows an example of a standby screen displayed on the operating/display unit 28 .
- FIG. 38B shows an example of a keyboard screen displayed on the operating/display unit 28 .
- the standby screen has the instructing button 28 A for entering an instruction for keyboard input.
- the MFP 200 C in step S 2802 displays the keyboard screen shown in FIG. 38B on the operating/display unit 28 .
- the MFP 200 C acquires a user ID and a password entered on the keyboard screen.
- the MFP 200 C transmits the acquired user ID and password to the AD server 500 A via the managing server 300 A.
- the AD server 500 A it is determined whether the acquired user ID and password are valid, based on the information stored in the storage unit 510 and also using authentication processing unit 520 . If the acquired user ID and password are valid, the AD server 500 A authenticates the user.
- the IC card identifying information 531 and the user ID 532 are stored in the storage unit 510 associated with one another.
- the AD server 500 A authenticates the user if information corresponding to the user ID and password acquired in step S 2803 exists in the storage unit 510 , and if IC card identifying information corresponding to the user ID acquired in step S 2803 exists in the storage unit 510 .
- step S 2805 if the user is authenticated, the managing server 300 A in step S 2806 allows the user to log in. If in step S 2805 user authentication is unsuccessful, an authentication error message is displayed on the operating/display unit 28 of the MFP 200 C in step S 2807 . In step S 2808 , the MFP 200 C acquires authentication error history information and stores it in the auxiliary storage unit 24 . Alternatively, the authentication error history information may be stored in the managing server 300 A.
- the MFP 200 C user authentication can be performed based on a user ID and password entered on the keyboard when the user does not have the IC card.
- the user can be allowed to use the MFP 200 C in the absence of an IC card based on the user's use limit information, without having to issue a temporary IC card or the like.
- AD servers 500 A may be installed in the image forming apparatus managing system 100 A. In this way, if one of the AD servers 500 A fail to operate, the other AD servers 500 A can cover the failed AD server.
- whether or not to display the instructing button 28 A on the operating/display unit 28 of the MFP 200 C may be set by the system administrator in advance. When the setting is such that the instructing button 28 A is displayed, the AD server 500 A may authenticate a user ID entered via the keyboard screen.
- FIG. 39 shows a flowchart of a process for registering or deleting user information in the managing server 300 A according to Embodiment 4.
- the managing server 300 A in step S 3001 acquires the IC card identifying information from the MFP 200 C.
- step S 3002 the managing server 300 A performs an authentication process on the acquired IC card identifying information, based on the acquired IC card identifying information and the user information stored in the auxiliary storage unit 34 . If the authentication of the IC card identifying information in step S 3002 is unsuccessful, the managing server 300 A transmits the IC card identifying information to the AD server 500 A. In step S 3003 , the authentication processing unit 520 of the AD server 500 A, based on the acquired IC card identifying information and the user information 530 , performs an authentication process on the acquired IC card identifying information.
- step S 3003 If in step S 3003 the IC card identifying information acquired by the AD server 500 A is not authenticated, the AD server 500 A transmits an authentication error message to the MFP 200 C via the managing server 300 A.
- step S 3004 the authentication error message is displayed on the operating/display unit 28 of the MFP 200 C.
- step S 3003 the managing server 300 A receives a message from the AD server 500 A indicating the successful authentication of the user.
- the managing server 300 A in step S 3005 allows the user to login.
- step S 3006 the managing server 300 A acquires from the AD server 500 A a user ID corresponding to the authenticated IC card identifying information, and registers this user ID in the auxiliary storage unit 34 , using the user information registering unit 351 .
- the user information registering unit 351 acquires the user ID corresponding to the authenticated IC card identifying information from the AD server 500 A.
- the user information registering unit 351 then stores the IC card identifying information and the user ID in the auxiliary storage unit 34 in association with use limit information.
- the use limit information with which the IC card identifying information and the user ID are associated is stored in the auxiliary storage unit 34 in advance as an initial setting. In accordance with the present embodiment, when the use limit information is in initial setting status, all of the functions of the MFP 200 C are usable.
- the user is considered to have been authenticated if the IC card identifying information is not authenticated by the managing server 300 A but is authenticated by the AD server 500 A.
- the managing server 300 A acquires the user ID corresponding to the IC card identifying information from the AD server 500 A, and registers it in the auxiliary storage unit 34 in association with the use limit information of the initial setting.
- a system administrator when registering user information about a new user in the image forming apparatus managing system 100 A, a system administrator needs only to register relevant IC card identifying information and user ID in the AD server 500 A. This eliminates the need for registering the IC card identifying information and user ID in both the AD server 500 A and the managing server 300 A, thus reducing the burden on the system administrator.
- step S 3002 If in step S 3002 the IC card identifying information is authenticated by the managing server 300 A, the managing server 300 A transmits the user information including the IC card identifying information and the user ID to the AD server 500 A.
- step S 3007 the AD server 500 A performs an authentication process on the user information. If the user information is authenticated by the AD server 500 A, the managing server 300 A allows the user to login in step S 3008 .
- step S 3007 If in step S 3007 the user information is not authenticated by the AD server 500 A, the managing server 300 A in step S 3009 regards the IC card identifying information invalid, and transmits an authentication error message to the MFP 200 C.
- step S 3010 in the managing server 300 A, the user information deleting unit 352 deletes from the auxiliary storage unit 34 the IC card identifying information that has not been authenticated by the AD server 500 A and the corresponding user ID and use limit information.
- invalid user information stored in the managing server 300 A can be automatically deleted.
- the user information may be updated by registering new user information or deleting user information by the user information updating unit 353 .
- the user information registration or deletion process described above with reference to FIG. 39 is performed only upon acquisition of the IC card identifying information corresponding to a particular user subject to the registration or deletion process.
- the user information updating unit 353 may periodically update the user information stored in the auxiliary storage unit 34 .
- the update file acquiring unit 360 periodically acquires an update file that is prepared in advance for updating user information.
- the user information updating unit 353 rewrites the user information based on the update file.
- the update file mainly includes IC card identifying information and user ID information.
- the information in the update file corresponds to the user information 530 stored in the AD server 500 A.
- the AD server 500 A periodically writes out the user information 530 stored in the AD server 500 A in a file in a predetermined format, and supplies it to the managing server 300 A.
- the “predetermined format” is herein intended to refer to a format such that the file can be processed by the managing server 300 A, such as CSV (comma separated values) format.
- the managing server 300 A acquires the update file that is periodically supplied from the AD server 500 A, and updates the user information based on the acquired update file. Such an update process enables the user information 310 in the auxiliary storage unit 34 in the managing server 300 A to correspond to the user information within the AD server 500 A. Updating of the user information in the managing server 300 A may include updating use limit information.
- the user information updating unit 353 stores the use limit information 313 of the initial setting in the auxiliary storage unit 34 in association with the newly added user information 310 . If the user information 310 has been deleted from the update file, the user information updating unit 353 deletes the use limit information corresponding to the deleted user information 310 from the auxiliary storage unit 34 .
- the user information can be updated periodically in accordance with the AD server 500 A. This eliminates the need for double information management requiring the management of the user information 530 in the manage AD server 500 A and the management of the user information 310 in the managing server 300 A, thereby reducing the burden on the system administrator or the like for information management.
- the managing server 300 A can delete the print jobs stored in the print server 800 all at once.
- the print job deleting instruction unit 370 generates a print job deleting instruction and sends it to the print server 800 .
- the print job deleting unit 813 deletes the print jobs retained in the print instruction retaining unit 820 .
- the print job deleting instruction may be periodically generated and sent to the print server 800 .
- the print job deleting instruction unit 370 generates the print job deleting instruction at preset time intervals determined by the system administrator, and transmits the instruction to the print server 800 .
- the print job deleting instruction thus generated may instruct the deletion of the entire print jobs all at once.
- the print jobs retained in the print instruction retaining unit 820 are deleted all at once each time the print job deleting instruction is received in the print server 800 .
- a print job deleting instruction may be generated such that the print jobs accumulated in a predetermined period determined by the system administrator can be deleted. For example, the system administrator sets an 8-day period for deleting print jobs that have been accumulated between 10 days ago and 2 days ago.
- the print job deleting instruction unit 370 then transmits a print job deleting instruction and the information about the period set by the system administrator to the print server 800 .
- the print jobs accumulated during the set (8-day) period are deleted in accordance with the period information.
- the print job deleting instruction unit 370 may display a setting screen prompting the entry of a setting of period information or a print job deleting instruction on a display unit of the managing server 300 A. The system administrator can then set a period or enter a print job deleting instruction by following such a setting screen.
- accumulation of large amounts of data in the print server 800 can be prevented, thus enabling a decrease in the capacity of the print server 800 .
- the order of execution of the print jobs accumulated in the print server 800 can be changed by the print order change instruction unit 380 .
- the print order change instruction unit 380 may generate an instruction for printing the print jobs in chronological order of reception of the print jobs.
- the managing server 300 A transmits the generated print order change instruction to the print server 800 .
- the print server 800 changes the setting for the order of execution of the print jobs.
- the print order change instruction unit 380 may display a setting screen on the display unit of the managing server 300 A prompting a change in print order. The system administrator may then set a print order in accordance with the setting screen, so that a print order change instruction can be generated.
- the order of execution of print jobs by the print server 800 can be changed to an appropriate order suitable for the operation of the image forming apparatus managing system 100 A.
- FIG. 40 shows a system configuration of the image forming apparatus managing system 100 B according to Embodiment 5.
- units or components having the same or corresponding functions or structures as those of Embodiment 4 are designated by similar reference numerals and their descriptions are omitted.
- a portion corresponding to the MFP 200 C of Embodiment 4 includes an MFP 200 a , an operating terminal 50 for operating the MFP 200 a , and a biometric information reader 210 a and an IC card reader 220 a which are connected outside the operating terminal 50 .
- the MFP 200 a is connected to a network 600 .
- the biometric information reader 210 a and the IC card reader 220 a are connected to the MFP 200 a via the operating terminal 50 .
- the MFP 200 a may be serially connected to the operating terminal 50 via RS232C connection.
- the biometric information reader 210 a and the IC card reader 220 a may be connected to the operating terminal 50 via USB connection.
- the hardware structure of the MFP 200 a is the same as the MFP 200 according to Embodiment 1.
- the functions of the display control unit 260 , the individual information acquiring unit 270 , and the process history acquiring unit 280 are also the same as those of the MFP 200 according to Embodiment 1.
- the operating terminal 50 which may comprise a computer having an processor unit and a storage unit, includes a plug-in unit 230 C, a plugin setting unit 240 , and a password generating unit 250 .
- the plug-in unit 230 C includes a plugin 231 for realizing a biometric information read control function, and a plugin 290 A for realizing an IC card information acquiring function.
- the individual plugins function as described with reference to Embodiments 1 through 4.
- the plugins 231 and 290 A may be installed in the operating terminal 50 via the network 600 . Alternatively, the operating terminal 50 may acquire the individual plugins from a recording medium in which the plugins 231 and 290 A are recorded.
- the functions of the plugin setting unit 240 and the password generating unit 250 are as described with reference to Embodiment 4.
- various setting values are stored, and also calculated values obtained by the processor unit may be temporarily recorded.
- a recording unit in the operating terminal 50 there may be stored various information in case the operating terminal 50 is unable to communicate with the managing server 300 A or the print server 800 .
- Such information may include information concerning the system settings of the image forming apparatus managing system 100 A; user information including IC card identifying information, a user ID, and a password; use limit information corresponding to the user information; and history information about a user who used the MFP 200 C. These information stored in the storage unit are transmitted periodically by the operating terminal 50 to the managing server 300 A.
- the plugin 231 is set by the plugin setting unit 240 in the operating terminal 50 .
- the operating terminal 50 acquires biometric information using the functions of the biometric information reader 210 a and the plugin 231 .
- the biometric information is transmitted to the biometric authentication server 400 via the network 600 , together with the user ID inputted from the MFP 200 a .
- the process after the transmission of the biometric information to the biometric authentication server 400 is as described with reference to Embodiment 1.
- the operating terminal 50 acquires IC card identifying information using the IC card reader 220 a .
- the control unit 211 of the operating terminal 50 then acquires the IC card identifying information from the IC card reader 220 a .
- the IC card identifying information is transmitted to the managing server 300 A via the network 600 .
- a user ID corresponding to the IC card identifying information is obtained.
- the managing server 300 A then supplies use limit information corresponding to the obtained user ID to the MFP 200 a . Based on the use limit information, operation of the MFP 200 a is controlled.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Facsimiles In General (AREA)
- Accessory Devices And Overall Control Thereof (AREA)
- Control Or Security For Electrophotography (AREA)
Abstract
An image forming apparatus connected via a network with an authentication server for user authentication based on biometric information about a user. The image forming apparatus is also connected with a managing server for managing an operation of the image forming apparatus. The image forming apparatus includes a transmission unit transmitting the biometric information about the user to the authentication server, a reception unit receiving use limit information corresponding to the biometric information about the user from the managing server, and a control unit controlling the operation of the image forming apparatus based on the use limit information.
Description
- This application is a continuation application of, and claims the benefit of priority under 35 U.S.C. §120 from, U.S. application Ser. No. 12/485,206, filed Jun. 16, 2009, which claims the benefit of priority under 35 U.S.C. §119 from Japanese Patent No. 2008-176227 filed Jul. 4, 2008. The entire contents of each of the above applications are incorporated herein by reference.
- 1. Field of the Invention
- The present invention generally relates to image forming apparatuses including multifunction peripherals, and more particularly to systems and methods for managing processes in such an image forming apparatus based on user authentication.
- 2. Description of the Related Art
- In recent years, sharing of an image forming apparatus such as a multifunction peripheral (“MFP”, which includes the multiple functions of a facsimile, a scanner, and a copier, for example) has become increasingly common in offices of organizations or corporations, wherein a plurality of computer terminals are connected over a network. In such an environment, confidentiality of image data handled on the network needs to be maintained. Further, as the image forming apparatus is shared by multiple users, improvement in utilization efficiency is desirable.
- For example, in Japanese Laid-Open Patent Application No. 2004-222141 directed to a network scanner apparatus, address information including at least a user name, a password, distribution information, and a reference address is set for each address to which data is distributed via a network and registered in an address information storage unit. Based on the combination of the user name and password in the address information storage unit, user authentication is performed, and use of the network scanner apparatus is granted only to those users who have been authenticated.
- However, in the above invention, because the image data of a manuscript that has been read is transferred to a certain destination, the image data may be viewed by unintended people when the terminal at the destination is shared by multiple users. Furthermore, utilization of the network scanner apparatus is granted to all of the users who are authenticated. It should be noted that many of the modern image forming apparatuses are multifunctional and include FAX and copy functions as well as scanner function. If the multiple authenticated persons are granted utilization of all such functions of a multifunctional image forming apparatus, the image forming apparatus may possibly be used for unintended purposes.
- One or more of the disadvantages of the related art are overcome by the present invention which, in one aspect, is an image forming apparatus connected via a network with an authentication server for authenticating a user of the image forming apparatus based on biometric information about the user that is acquired by the image forming apparatus. The image forming apparatus is also connected with a managing server for managing an operation of the image forming apparatus.
- The image forming apparatus includes a transmission unit configured to transmit the biometric information about the user to the authentication server; a reception unit configured to receive use limit information corresponding to the biometric information about the user from the managing server; and a control unit configured to control the operation of the image forming apparatus based on the use limit information.
- In another aspect of the present invention, there is provided a method for managing an operation of an image forming apparatus by a user using a managing server connected with the image forming apparatus via a network. A biometric authentication server for authenticating the user of the image forming apparatus based on biometric information that is acquired by the image forming apparatus is also connected with the managing server via the network.
- The method includes storing use limit information limiting the operation of the image forming apparatus in the managing server; receiving user identifying information corresponding to the biometric information acquired by the image forming apparatus from the biometric authentication server; acquiring from the managing server the use limit information corresponding to the user identifying information; and transmitting the use limit information to the image forming apparatus.
- In yet another aspect, there is provided an image forming apparatus managing system for managing an operation of an image forming apparatus connected via a network with a biometric authentication server for authenticating a user of the image forming apparatus based on biometric information about the user that is acquired by the image forming apparatus. The image forming apparatus is also connected via the network with a managing server for managing the operation of the image forming apparatus.
- The biometric authentication server includes a transmission unit configured to transmit user identifying information corresponding to the biometric information received from the image forming apparatus to the managing server. The managing server includes a use limit information storage unit in which use limit information limiting the operation of the image forming apparatus is stored; a use limit information acquiring unit configured to acquire the use limit information corresponding to the user identifying information from the limit information storage unit; and a transmission unit configured to transmit the use limit information to the image forming apparatus.
- The image forming apparatus includes a transmission unit configured to transmit the acquired biometric information to the biometric authentication server; and a control unit configured to control the operation of the image forming apparatus based on the use limit information transmitted from the managing server.
- Other objects, features and advantages of the present invention will become apparent upon consideration of the specification and the appendant drawings, in which:
-
FIG. 1 shows an image formingapparatus managing system 100 according to an embodiment of the present invention; -
FIG. 2 shows a hardware structure of anMFP 200 in the image formingapparatus managing system 100; -
FIG. 3 shows a hardware structure of a managingserver 300 in the image formingapparatus managing system 100; -
FIG. 4 shows a system configuration of the image formingapparatus managing system 100 according toEmbodiment 1; -
FIG. 5 shows a functional configuration of the MFP 200 according toEmbodiment 1; -
FIG. 6 shows a functional configuration of the managingserver 300 according toEmbodiment 1; -
FIG. 7 shows a plugin setting screen according toEmbodiment 1; -
FIG. 8 shows an authentication server setting screen in the managingserver 300; -
FIG. 9 shows a flowchart of a biometric authentication process according toEmbodiment 1; -
FIG. 10 shows an opening screen of the biometric authentication process; -
FIG. 11 shows a user ID input screen displayed on an operating/display unit 28 of the MFP 200; -
FIGS. 12A through 12C show various error messages displayed on the operating/display unit 28; -
FIG. 13 shows a flowchart of an IC card authentication process according toEmbodiment 1; -
FIG. 14 shows a flowchart of an individual menu process according toEmbodiment 1; -
FIGS. 15A and 15B show statuses of the operating/display unit 28 upon selection of the individual menu process; -
FIG. 16 shows a flowchart of a user authentication process when abiometric authentication server 400 in the image formingapparatus managing system 100 is unusable; -
FIG. 17 shows abiometric authentication server 400A according toEmbodiment 2; -
FIG. 18 shows a functional configuration of anMFP 200A according toEmbodiment 2; -
FIG. 19 shows a screen displayed on the operating/display unit 28; -
FIG. 20 shows a screen where a group name list is shown; -
FIG. 21 shows a flowchart of a biometric authentication process according toEmbodiment 2; -
FIG. 22 shows a functional configuration of anMFP 200B according toEmbodiment 3; -
FIG. 23 shows a button setting screen produced by abutton setting unit 237 according to Embodiment 2; -
FIG. 24 shows a flowchart of a biometric authentication process according toEmbodiment 3; -
FIG. 25 shows a screen displayed on the operating/display unit 28; -
FIG. 26 shows a system configuration of an image formingapparatus managing system 100A according toEmbodiment 4; -
FIG. 27 shows a functional configuration of anMFP 200C according toEmbodiment 4; -
FIG. 28 shows a functional configuration of a managingserver 300A according to Embodiment 4; -
FIG. 29 shows anAD server 500A according to Embodiment 4; -
FIG. 30 shows aprint server 800 according to Embodiment 4; -
FIG. 31 shows a managing terminal 700A according toEmbodiment 4; -
FIG. 32A shows a format of an IC card; -
FIG. 32B shows a table of information items recorded in the IC card; -
FIG. 33 shows a screen for selecting the type of information to be read from the IC card A; -
FIG. 34 shows an area setting screen for setting an area in the IC card A; -
FIG. 35 shows a flowchart of an operation of aplugin 290A in theMFP 200C; -
FIG. 36 shows a plugin setting screen according toEmbodiment 4; -
FIG. 37 shows a flowchart of a user authentication according toEmbodiment 4 in the absence of the IC card; -
FIGS. 38A and 38B show examples of screens displayed on theMFP 200C according toEmbodiment 4; -
FIG. 39 shows a flowchart of a process for registering or deleting user information in the managingserver 300A according toEmbodiment 4; -
FIG. 40 shows a system configuration of an image formingapparatus managing system 100B according toEmbodiment 5; and -
FIG. 41 shows a configuration of anMFP 200 a, an operatingterminal 50, abiometric information reader 210 a, and anIC card reader 220 a. - In accordance with an embodiment of the present invention, biometric information of a user is acquired by an image forming apparatus, and the user is authenticated or not authenticated by a biometric authentication server based on the biometric information. Utilization of the image forming apparatus by the user is controlled by a managing server in accordance with the biometric information.
-
FIG. 1 shows an image formingapparatus managing system 100 according to an embodiment of the present invention. The image formingapparatus managing system 100 includes one or more multifunction peripherals (MFP) 200 as an image forming apparatus, a managingserver 300, abiometric authentication server 400, and an AD (ActiveDirectory)server 500, which are connected via anetwork 600. - The
MFP 200 acquires biometric information about a user of theMFP 200 as authenticating information for authenticating the user. The biometric information is transmitted to thebiometric authentication server 400 via thenetwork 600. In thebiometric authentication server 400, there is stored a user ID corresponding to the biometric information. Thebiometric authentication server 400 transmits the corresponding user ID to the managingserver 300. In the managingserver 300, there is stored use limit information concerning theMFP 200 that is associated with the user ID. The managingserver 300 supplies the use limit information corresponding to the user ID to theMFP 200. Based on the use limit information, an operation of theMFP 200 is controlled. - The
MFP 200 may employ information stored in a recording medium, such as IC card identifying information stored in an IC card, as the authenticating information. In this case, theMFP 200 transmits the acquired IC card identifying information to the managingserver 300. The managingserver 300 then transmits the user ID corresponding to the IC card identifying information to theAD server 500 for user authentication. The managingserver 300 supplies the use limit information associated with the authenticated user ID to theMFP 200. Based on the use limit information, theMFP 200 controls its operation. - Thus, in the image forming
apparatus managing system 100 according to the present embodiment, either biometric information about the user or identifying information stored in a recording medium such as an IC card may be used as the information used for user authentication. The operation of theMFP 200 is then controlled based on the use limit information associated with each user ID corresponding to the biometric information or IC card identifying information about each user. Use of the image forming apparatus is thus granted on an individual user basis, thus making it possible to maintain confidentiality of information. Further, in accordance with the present embodiment, use of biometric information for user authentication prevents impersonation, so that information that requires high level of confidentiality can be properly handled. -
FIG. 2 shows a block diagram of a hardware configuration of theMFP 200. TheMFP 200 includes ascan unit 21, aplotter unit 22, adrive unit 23, anauxiliary storage unit 24, amemory unit 25, aprocessor unit 26, aninterface unit 27, and an operating/display unit 28, which are all connected via a bus B. - The
scan unit 21, which may include a scanner engine and an engine control unit for controlling the scanner engine, is used for obtaining image data from a paper manuscript or the like. The image data is outputted by theplotter unit 22, which may include a plotter engine and an engine control unit for controlling the plotter engine. Theinterface unit 27 may include a modem and a LAN (local area network) card and is used for providing connection with thenetwork 600. Specifically, theinterface unit 27 enables theMFP 200 to exchange information with other devices on thenetwork 600. The operating/display unit 28 may include a touch panel that displays operating keys for theMFP 200 or the status of progress of a process. - The
MFP 200 is controlled by various programs of which one is an image forming program which may be either stored in arecording medium 29 for distribution, or downloaded via thenetwork 600. Therecording medium 29 with the image forming program may include various recording media that record information optically, electrically, and/or magnetically. Examples are a CD-ROM (compact disc read-only memory), a flexible disc, a magneto-optical disc, a ROM, and a flash memory. - The image forming program may be installed in the
auxiliary storage unit 24 by setting therecording medium 29 on thedrive unit 23. The image forming program may also be downloaded via thenetwork 600 and then installed in theauxiliary storage unit 24 via theinterface unit 27. TheMFP 200 loads the installed image forming program and other necessary files or data and the like. Upon starting up of the image forming apparatus, thememory unit 25 reads the image forming program from theauxiliary storage unit 24 and loads it. Theprocessor unit 26 realizes various processes as described below, in accordance with the image forming program stored in thememory unit 25. -
FIG. 3 shows a block diagram of a hardware configuration of the managingserver 300. The managingserver 300 includes aninput device 31, anoutput device 32, adrive unit 33, anauxiliary storage unit 34, amemory unit 35, aprocessor unit 36, and aninterface unit 37, which are mutually connected via a bus B. Theinput device 31, which may include a keyboard and mouse, is used for inputting various signals. Theoutput device 32 may include a display unit for displaying various windows and data. Theinterface unit 37 may include a modem or a LAN card and is used for connection with thenetwork 600. Specifically, the managingserver 300 exchange information with other devices on thenetwork 600 via theinterface unit 37. - The managing
server 300 is controlled by various programs of which one is a managing program which may be either stored in arecording medium 38 for distribution or downloaded via thenetwork 600. Therecording medium 38 in which the managing program is recorded may record information optically, electrically, and/or magnetically. Examples of the recording medium are a CD-ROM, a flexible disc, a magneto-optical disc, and various semiconductor memories that record information electrically, such as a ROM and a flash memory. - The managing program may be installed in the
auxiliary storage unit 34 by setting therecording medium 38 on thedrive unit 33. Alternatively, the managing program may be downloaded via thenetwork 600 and then installed in theauxiliary storage unit 34 via theinterface unit 37. The managingserver 300 loads the installed managing program and other necessary files and data and the like. Upon starting up of the image forming apparatus, thememory unit 35 reads the managing program from theauxiliary storage unit 34 and loads it. Theprocessor unit 36 realizes various processes as described below in accordance with the managing program stored in thememory unit 35. - Hereafter, the image forming
apparatus managing system 100 according toEmbodiment 1 of the present invention is described with reference to the drawings. In this embodiment, information used for user authentication is selectable in the image formingapparatus managing system 100.FIG. 4 shows a system configuration of the image formingapparatus managing system 100 according toEmbodiment 1. - The image forming
apparatus managing system 100 includes anMFP 200, a managingserver 300, abiometric authentication server 400, anAD server 500, and a managingterminal 700, which are connected via anetwork 600. - In accordance with the present embodiment, when user authentication by biometric information is selected, user authentication is performed by the
biometric authentication server 400. When user authentication by IC card identifying information is selected, user authentication is performed by the managingserver 300 and theAD server 500. In accordance with the present embodiment, the biometric information may be based on vein recognition. Biometric information is not limited to vein recognition and may include fingerprints in other embodiments of the present invention. -
FIG. 5 shows a functional configuration of theMFP 200. TheMFP 200 includes, in addition to the hardware units shown inFIG. 2 , abiometric information reader 210 and anIC card reader 220. Thebiometric information reader 210 and theIC card reader 220 are controlled by theprocessor unit 26. Thebiometric information reader 210 may comprise a finger vein imaging unit for taking an image of the veins in a user's finger. TheIC card reader 220 may comprise a contactless IC card reader. - The
MFP 200 further includes a plug-inunit 230, aplugin setting unit 240, apassword generating unit 250, adisplay control unit 260, an individualinformation acquiring unit 270, and a processhistory acquiring unit 280. - The plug-in
unit 230 is a program stored in theauxiliary storage unit 24 that is read and executed by theprocessor unit 26. The plug-inunit 230 includes aplugin 231 having a biometric information acquisition control function for controlling a process relating to the acquisition of biometric information. The plug-inunit 230 also includes aplugin 290 having an IC card information acquiring function for controlling the acquisition of information from an IC card. Theplugins recording medium 29, or may be downloaded via thenetwork 600. Theplugins recording medium 29 or downloaded are then stored in theauxiliary storage unit 24. Theplugins MFP 200. - The
plugin 231 includes a biometricinformation acquiring unit 232 for acquiring biometric information obtained by thebiometric information reader 210; and a biometricinformation processing unit 233 for rendering the biometric information into data that can be handled by theMFP 200. Theplugin 290 is configured to acquire the IC card identifying information read by theIC card reader 220. - The
plugin setting unit 240 sets a plugin that is started in the plug-inunit 230. In theMFP 200 of the present embodiment, the setting of the plugin that is started using theplugin setting unit 240 allows for the selection of biometric information or IC card identifying information for user authentication. - The
password generating unit 250 generates a password based on the IC card identifying information, in accordance with a particular algorithm. The password once generated by thepassword generating unit 250 is stored in theauxiliary storage unit 24 as individual information, as will be described later. Thedisplay control unit 260 controls the display on the operating/display unit 28 of theMFP 200. - The individual
information acquiring unit 270 acquires the individual information based on the use limit information as described later. The individual information, which is information each user can individually use on theMFP 200, may be stored in theauxiliary storage unit 24 in advance. The individual information may include the individual user's setting information and address book, and image data or electronic documents that have been or are to be processed in theMFP 200. The individual information is associated with the user ID, as will be described later, and is read upon selection of an “individual menu” in theMFP 200. In theMFP 200, when the individual menu is selected and the individual information is read, theprocessor unit 28 executes a process in theMFP 200 based on the individual information. - The process
history acquiring unit 280 acquires a history of processes executed in theMFP 200. The acquired history information may be stored in theauxiliary storage unit 24, or transmitted to a history managing apparatus (not shown) or the like via thenetwork 600. The process history may be stored in association with the user ID and the type of process so that the history of executed processes can be retrieved by referring to the user ID or the type of process. A result of such retrieval may be displayed on the operating/display unit 28 for the user. - Hereafter, the managing
server 300 according to the present embodiment is described with reference toFIG. 6 , showing a functional configuration of the managingserver 300 according toEmbodiment 1. In the managingserver 300,user information 310 anduse limit information 313 for each individual user are stored in theauxiliary storage unit 34 in advance. Theuser information 310 includes ICcard identifying information 311 and auser ID 312. The ICcard identifying information 311 is the same as the IC card identifying information recorded in theIC card reader 220, and is stored in advance. Theuser ID 312 is user identifying information corresponding to the ICcard identifying information 311, and is read based on the ICcard identifying information 311. - The
use limit information 313 includes information indicating one or more functions that a corresponding user can use in theMFP 200 and setting conditions. Theuse limit information 313 is associated with theuser ID 312. For example, theuse limit information 313 indicates whether the scan function, the FAX function, the monochrome print function, and/or the color print function of theMFP 200 may be used. In theMFP 200 according to the present embodiment, theuse limit information 313 may indicate that a user A is allowed to use the scan function, the FAX function, the monochrome print function, and the color print function while a user B is allowed to use only the scan function and the print function. - The use limit
information acquiring unit 320 acquires the use limit information associated with theuser ID 312 from theauxiliary storage unit 34. The authenticationserver setting unit 330 sets an authentication server used for user authentication. In accordance with the present embodiment, the authentication server set by the authenticationserver setting unit 330 is either thebiometric authentication server 400 or theAD server 500. Thedisplay control unit 340 controls the display on a display unit such as theoutput device 32 of the managingserver 300. - The
biometric authentication server 400 performs user authentication based on biometric authentication. In thebiometric authentication server 400, there is stored biometric information associated with individual users, and user IDs associated with the individual biometric information. TheAD server 500 performs user authentication based on the user ID. In theAD server 500, the user IDs are stored in advance. - The managing
terminal 700 is a terminal for managing the image formingapparatus managing system 100. The managingterminal 700 may be used to modify a setting in theMFP 200 or the managingserver 300, or register information therein. Although the present embodiment employs the single managingterminal 700, the managingterminal 700 may be allocated to theMFP 200 and the managingserver 300 individually. - The
biometric authentication server 400, theAD server 500, and the managingterminal 700 may each have a similar hardware configuration to that of the managingserver 300. Namely, thebiometric authentication server 400, theAD server 500, and the managingterminal 700 may be each provided by a general computer having a processor unit, an auxiliary storage unit, a memory unit, and an output device (such as a display unit). - Hereafter, an operation of the image forming
apparatus managing system 100 according to the present embodiment is described. In the present embodiment, user authentication by biometric information can be performed by setting an appropriate plugin that is started in theMFP 200, and setting the authentication server used for user authentication. In the following, the setting of the plugin and the authentication server is described. -
FIG. 7 shows aplugin setting screen 70 according toEmbodiment 1. Theplugin setting screen 70 is displayed on the operating/display unit 28 by thedisplay control unit 260 in theMFP 200 in response to a plugin setting instruction. In theplugin setting screen 70, there is displayed a list of plugins that can be started in theMFP 200. The plugin selected on theplugin setting screen 70 is set by theplugin setting unit 240 as the plugin to be started. Alternatively, theplugin setting screen 70 may be displayed on a display unit of the managingterminal 700. When the plugin is selected on the managingterminal 700, theplugin setting unit 240 may acquire plugin setting information from the managingterminal 700 and set the selected plugin as the plugin that is started. -
FIG. 8 shows an example of an authentication server setting screen in the managingserver 300 according to the present embodiment. The managingserver 300 acquires authentication server setting information, and sets an authentication server using the authenticationserver setting unit 330. The managingserver 300, in response to an authentication server setting instruction, instructs thedisplay control unit 340 to display an authenticationserver setting screen 80 on thedisplay unit 32. - In the authentication
server setting screen 80, settings concerning the URL (Uniform Resource Locator) of the authentication server on thenetwork 600, or other settings unique to the individual authentication server are made. The authenticationserver setting screen 80 shown inFIG. 8 is adapted for the setting of thebiometric authentication server 400. For example, in the authenticationserver setting screen 80, the URL of thebiometric authentication server 400 and a timeout period for acquiring biometric information are set. - The authentication
server setting unit 330 acquires the setting information generated on the authenticationserver setting screen 80 and sets the authentication server. Alternatively, the authenticationserver setting screen 80 may be displayed on the display unit of the managingterminal 700. When the authentication server is set via the managingterminal 700, the authenticationserver setting unit 330 acquires the setting information from the managingterminal 700 and sets the authentication server. - Hereafter, a description is given of a user authentication process in the image forming
apparatus managing system 100 according to the present embodiment. First, user authentication based on biometric information (hereafter referred to as “biometric authentication”) is described. In this case, in theMFP 200, theplugin 231 is set as the plugin to be started for realizing the biometric information acquisition control function, and thebiometric authentication server 400 is set as the authentication server. -
FIG. 9 shows a flowchart of a process of biometric authentication according toEmbodiment 1. In step S901, thedisplay control unit 260 of theMFP 200 causes the operating/display unit 28 to display an opening screen 10 (seeFIG. 10 ) which prompts the acquisition of biometric information.FIG. 10 shows an example of the opening screen, where astart button 10A for entering a biometric authentication start instruction is displayed. - When the
start button 10A is operated (or touched) on the opening screen, biometric authentication is started in step S902, where. In step S903, the managingserver 300, in response to the biometric authentication start instruction, determines whether thebiometric authentication server 400 is set as the authentication server. If in step S903 it is determined that the authentication server is not set, the managingserver 300 notifies theMFP 200. TheMFP 200 then causes thedisplay control unit 260 to display an error message on the operating/display unit 28 in step S904, indicating that the authentication server is not set (seeFIG. 12A ).FIGS. 12A to 12C show examples of the error message displayed on the operating/display unit 28. - Still referring to
FIG. 9 , if it is determined in step S903 that thebiometric authentication server 400 is set, the managingserver 300 notifies theMFP 200. In theMFP 200, thedisplay control unit 260 causes the userID input screen 11 shown inFIG. 11 to be displayed on the operating/display unit 28 in step S905.FIG. 11 shows an example of the user ID input screen displayed on the operating/display unit 28. - If there is no input in step S905 for a predetermined duration of time, the
display control unit 260 causes the operating/display unit 28 to display theopening screen 10 in step S901. If the user ID is inputted in step S905, biometric information is read by thebiometric information reader 210, and theauthentication button 11A displayed on the userID input screen 11 is operated in step S906. Then a biometric authentication process is performed in step S907. After the user is authenticated in step S907, the user login in the image formingapparatus managing system 100 is completed in step S908. - The biometric authentication process according to the present embodiment is described. In the present embodiment, the user ID and the biometric information acquired in step S905 by the
MFP 200 are transmitted to thebiometric authentication server 400. In thebiometric authentication server 400, if there are a user ID and biometric information that correspond to the user ID and biometric information transmitted from theMFP 200, the user is authenticated. - In step S907, if the authentication process is unsuccessful due to an input error of the user ID or a biometric information reading error, the
display control unit 260 in step S909 displays an appropriate error message on the operating/display unit 28 (seeFIG. 12B ). The user ID input error may be caused when a prohibited character or letter is inputted. If aconfirm button 12B is operated in step S910 in response to the error message displayed in step S909, thedisplay control unit 260 displays the userID input screen 11 back in step S905. If no operation is entered in step S910 for a certain duration of time, thedisplay control unit 260 displays theopening screen 10 back in step S901. - In step S907, if the authentication process cannot be performed due to a connection error between the
MFP 200 and thebiometric authentication server 400, thedisplay control unit 260 in step S911 displays an appropriate error message on the operating/display unit 28 (seeFIG. 12C ). - Thus, in accordance with the present embodiment, user authentication is performed using biometric information. Use of biometric information prevents the risk of user impersonation and enables the maintenance of high level of security. Furthermore, use of biometric information for user authentication eliminates the need for carrying an IC card or the like for login into the image forming
apparatus managing system 100, thus providing enhanced user-friendliness. - Hereafter, a description is given of a user authentication process using IC card identifying information (hereafter referred to as “IC card authentication process”). In this case, in the
MFP 200, theplugin 290 that has the IC card information acquisition function is set as the plugin to be started, and theAD server 500 is set as the authentication server. -
FIG. 13 shows a flowchart of the IC card authentication process according toEmbodiment 1. TheMFP 200 acquires the ICcard identifying information 311 via theIC card reader 220, and transmits it to the managingserver 300 via theinterface unit 27. Upon reception of the ICcard identifying information 311, the managingserver 300 in step S1301 retrieves theuser information 310 stored in theauxiliary storage unit 34, based on the ICcard identifying information 311. The managingserver 300 then determines whether there is IC card identifying information in theauxiliary storage unit 34 that corresponds to the acquired IC card identifying information. If there is the corresponding IC card identifying information in theauxiliary storage unit 34, the managingserver 300 reads theuser ID 312 associated with the acquired IC card identifying information. The managingserver 300 then determines in step S1302 whether theAD server 500 is set for the user authentication process. If in S1302 theAD server 500 is set for user authentication, the managingserver 300 in step S1303 accesses theAD server 500 and determines whether theuser ID 312 that has been read exists among the user IDs retained in theAD server 500. - If the corresponding user ID exists in the
AD server 500 in step S1303, the managingserver 300 considers the user to have been authenticated, and login of the user is completed in step S1304. If in step S1302 user authentication based on theAD server 500 is not set, the process goes to step S1304 and the login of the user is completed. In this case, the login is complete as long as the IC card identifying information corresponding to the acquired IC card information is present in theauxiliary storage unit 34. - If in S1303 there is no
user ID 312 in theAD server 500, the managingserver 300 in step S1305 determines whether use of theMFP 200 should be granted to theuser ID 312 based on theuse limit information 313 corresponding to the relevant user ID. If in step S1305 theuser ID 312 is a user ID for which use of theMFP 200 is granted, the managingserver 300 considers the user to have been authenticated. If in step S1305 theuser ID 312 is a user ID for which use of theMFP 200 is not granted, the managingserver 300 considers the login process to have failed and ends the user authentication process in step S1306. - Thus, in accordance with the present embodiment, user authentication is performed using an IC card as described above.
- Hereafter, the granting of utilization of the
MFP 200 on an individual user basis after completion of the login of a user according to the present embodiment is described. In accordance with the present embodiment, after user authentication, the managingserver 300 acquires theuse limit information 313 corresponding to theuser ID 312, using the use limitinformation acquiring unit 320. Theuse limit information 313 is then transmitted to theMFP 200. TheMFP 200 then controls its operation based on theuse limit information 313 so that only one or more of the functions that are allowed to be used by the authenticated user are realized. - The process for realizing only those functions that are allowed for an authenticated user is referred to as an individual menu process. The “individual menu” may refer to the individual menu process. The functions available in the individual menu may include accessing and viewing of image data or electronic documents stored in the
MFP 200 on an individual user basis; using or editing of an address book for an individual user; and viewing of mail documents for an individual user. Furthermore, in theMFP 200 according to the present embodiment, when the individual menu is selected, the display on the operating/display unit 28 or settings in theMFP 200 can be customized by the individual user. - In the following, the individual menu process performed in the
MFP 200 is described with reference toFIGS. 14 and 15 .FIG. 14 shows a flowchart of the individual menu process.FIGS. 15A and 15B show examples of the display on the operating/display unit 28 when the individual menu process is selected. Specifically,FIG. 15A shows a status of the operating/display unit 28 before login to the individual menu, whileFIG. 15B shows a status on the operating/display unit 28 after login into the individual menu. - After the login of the user is complete in step S1401, the
MFP 200 in step S1402 renders operable the operating/display unit 28 that has been locked until completion of user login (“hard-key lock”). - In step S1403, the
MFP 200, based on theuse limit information 313 transmitted from the managingserver 300, transitions to a status where one or more predetermined functions (priority functions) alone can be realized. The priority functions may include a function that can be realized without using unique user information, such as the copy process. - If the
MFP 200 receives an instruction for executing an individual menu process in step S1404, the process goes to step S1405 where thedisplay control unit 260 causes the operating/display unit 28 to indicate that preparations are being made (seeFIG. 15A ). If there is no instruction for the individual menu process in step S1404, theMFP 200 is controlled in step S1418 so that only the priority functions determined based on the use limit information can be realized. - In step S1406, an individual menu login process is executed. In the
MFP 200, a password is generated by thepassword generating unit 250 based on theuser ID 312. Theuser ID 312 and the password that has been generated based on theuser ID 312 at the time of the last login are stored in theauxiliary storage unit 24. - In step S1407, the
MFP 200 determines whether there is a user ID and a password in theauxiliary storage unit 24 that correspond to theuser ID 312 and the password generated from theuser ID 312. In step S1407, if there is no corresponding user ID, theMFP 200 determines that theuser ID 312 is a new user ID whose user is not registered. In step S1408, thedisplay control unit 260 of theMFP 200 displays the user registration screen on the operating/display unit 28, and the process transitions to the user registration process. If the password is invalid in step S1407, theMFP 200 in step S1409 puts the operating/display unit 28 in the hard-key locked status. However, a print instruction can be issued for any print job that is retained within theMFP 200 at this point in time. - An invalid status of the password is recognized when, for example, the user changed his or her password (initial password) that has been generated by the
password generating unit 250 upon initial login to the individual menu into a user-defined password. In such a case, thedisplay control unit 260 displays in step S1410 a touch panel screen or the like on the operating/display unit 28, indicating that the input of the modified password is necessary. If a correct password is entered by the user in S1410, the hard-key lock status is cancelled in step S1411 in accordance with the use limit information. - If the login process produces an error in step S1407 for one reason or another, the
display control unit 260 in step S1412 deletes the indication of process preparations from the operating/display unit 28. In step S1413, thedisplay control unit 260 displays a message on the operating/display unit 28 indicating the error in the individual menu login process. Thereafter, theMFP 200 is controlled so that only the priority functions can be realized based on theuse limit information 313. - In step S1407, if there are the corresponding user ID and password in the
auxiliary storage unit 24, the login of the user to the individual menu is completed. This is followed by step S1414, where the individualinformation acquiring unit 270 acquires individual information from theauxiliary storage unit 24 that corresponds to theuser ID 312. Then, settings or the like are made for theMFP 200 based on the individual information. - Following step S1414, the
MFP 200 in step S1415 puts the operating/display unit 28 in a status such that operating keys used for the individual menu can be used. - Then, in step S1416, the
display control unit 260 deletes the indication on the operating/display unit 28 regarding the preparations being made for the execution of process. In step S1417, thedisplay control unit 260 displays a message on the operating/display unit 28 indicating that information regarding password can be viewed. This completes the individual menu login process in theMFP 200, and thereafter the individual menu for the particular user is displayed on the operating/display unit 28 (seeFIG. 15B ). - The information regarding password that is displayed in step S1417 may include the initial password generated by the
password generating unit 250, and a guidance for changing the initial password into a user-defined password. In accordance with the present embodiment, the screen displayed in step S1417 may transition to a password setting screen for changing the password. Alternatively, if the password has already been changed, the screen may transition to a screen that notifies the user of the initial password once again. When notifying the user of a password, the password displayed on the operating/display unit 28 may be automatically deleted after a predetermined duration of time. - Thus, in accordance with
Embodiment 1 of the present invention, the user ID is managed using the managingserver 300, and the available functions of theMFP 200 are limited based on the user ID. Thus, enhanced security can be obtained for the management of the individual information image held in the formingapparatus 200, enabling the maintenance of information confidentiality. - In accordance with the present embodiment, if the
biometric authentication server 400 is unusable, for example, theAD server 500 may be directly accessed for user authentication.FIG. 16 shows a flowchart of a user authentication process that is performed when thebiometric authentication server 400 is unusable. When thebiometric authentication server 400 is unusable, theMFP 200 in step S1601 transmits the user ID (see step S906 inFIG. 9 ) entered via the operating/display unit 28 to theAD server 500. In step S1602, theAD server 500 determines whether a user ID that corresponds to the user ID that it received exists in theAD server 500. In step S1603, if there is the corresponding user ID in theAD server 500, the user is authenticated. - If in step S1603 there is no corresponding user ID, the
AD server 500 in step S1605 notifies theMFP 200 of an authentication error. In theMFP 200, thecontrol unit 260 displays an authentication error message on the operating/display unit 28. In step S1606, in theMFP 200, the processhistory acquiring unit 280 acquires authentication error history information and stores it in theauxiliary storage unit 24 or the like. The authentication error history may be transmitted to the managingserver 300 and stored in theauxiliary storage unit 34 therein. - Thus, in the present embodiment, the login process can be performed using an entered user ID even when the
biometric authentication server 400 is unusable due to failure or the like, or when biometric information cannot be acquired, enabling the user to use theMFP 200 based on his or her individual use limit information. - In the following, an image forming apparatus managing system according to
Embodiment 2 of the present invention is described with reference to the drawings.Embodiment 2 differs fromEmbodiment 1 in that improved operability is obtained when performing user authentication based on biometric information. Thus, in the following description ofEmbodiment 2, only the differences fromEmbodiment 1 are described, with the units or components having similar or corresponding functions to those ofEmbodiment 1 being designated by similar reference numerals and their descriptions omitted. - In accordance with the present embodiment, in a biometric authentication server, biometric information about individual users and user IDs associated with the biometric information are registered on a group by group basis in advance. Each of the groups is allocated group identifying information (referred to as a “group ID”).
- Referring to
FIG. 17 , thebiometric authentication server 400A may be realized by a general computer having a processor unit, a storage unit, and the like, which are not shown. Thebiometric authentication server 400A includes adatabase 410 in the storage unit, and anauthentication processing unit 420 configured to perform an authentication process based on biometric information. - The
database 410 stores authenticating information used for the authentication process, including biometric information about individual users and user IDs associated with the biometric information, on a group by group basis. Each group is given the group ID. In the example shown inFIG. 17 , thedatabase 410 includes authenticatinginformation 411 with a group ID A; authenticatinginformation 412 with a group ID B; and authenticatinginformation 413 with a group ID C. Each of the groups may correspond to a department of a company or the like to which the individual users belong. - The
authentication processing unit 420, in response to a biometric authentication start instruction from theMFP 200A, executes the authentication process, as described in detail below. - Referring to
FIG. 18 , theMFP 200A is described.FIG. 18 shows a functional configuration of theMFP 200A according toEmbodiment 2. TheMFP 200A includes a plug-inunit 230A. The plug-inunit 230A has aplugin 231A for realizing a biometric information acquiring function. Theplugin 231A includes a biometricinformation acquiring unit 232, a biometricinformation processing unit 233, a groupname setting unit 234, alist control unit 235, and a groupID acquiring unit 236. - The group
name setting unit 234 of theplugin 231A is configured to associate a group ID stored in thebiometric authentication server 400A with a group name in a list box L10 (seeFIG. 20 ) that is displayed on the operating/display unit 28 of theMFP 200A. The groupname setting unit 234 causes thedisplay control unit 260 to display ascreen 20 shown inFIG. 19 to be displayed on the operating/display unit 28.FIG. 19 is an example of the screen displayed on the operating/display unit 28. In this example, a software keyboard is displayed. Using this software keyboard, a system administrator, for example, sets the associations between the group IDs and the group names. - On the
screen 20 shown inFIG. 19 , when a group ID and a group name associated with the group ID are inputted and asetting button 21 is pressed, the association between the group ID and the group name is set by the groupname setting unit 234. The groupname setting unit 234 may store the association between the group ID and the group name in theauxiliary storage unit 24 of theMFP 200A. - The
list control unit 235 is configured to create a list of group names (“group name list”) that have been set by the groupname setting unit 234. The list created by thelist control unit 235 is displayed in the list box L10 on the operating/display unit 28.FIG. 20 shows an example of the screen in which the group name list is displayed. The details of creation of the group name list by thelist control unit 235 will be described later. - In the
screen 30 shown inFIG. 20 , the list box L10 shows all of the group names that have been set by the groupname setting unit 234. In accordance with the present embodiment, a scroll bar S may be shown in the list box L10 when all of the group names set by the groupname setting unit 234 cannot be shown in the list box L10. The groupID acquiring unit 236 acquires a group ID corresponding to a group name selected in the list box L10 created by thelist control unit 235, from theauxiliary storage unit 24, for example, of theMFP 200A. - Hereafter, a biometric authentication process according to the present embodiment is described with reference to a flowchart shown in
FIG. 21 . The process between steps S2101 to S2104 inFIG. 21 is the same as the process between steps S901 and S904 shown inFIG. 9 . - In step S2103, if the
biometric authentication server 400A is set as the authentication server, the managingserver 300 notifies theMFP 200A. TheMFP 200A then causes thedisplay control unit 260 to display the list box L10 ofFIG. 20 to be displayed on the operating/display unit 28 in step S2105. In step S2106, after a group name is selected in the list box L10 and the biometric information is read, theauthentication button 31 is operated (seeFIG. 20 ). In step S2107, the biometric authentication process is performed, as described below. - Upon selection of the group name, the
MFP 200A acquires a group ID corresponding to the group name selected by the groupID acquiring unit 236. TheMFP 200A then transmits the acquired group ID and biometric information that is read to thebiometric authentication server 400A. In thebiometric authentication server 400A, the group ID and the biometric information are received and the authentication process is performed. Specifically, thebiometric authentication server 400A retrieves authenticating information corresponding to the group ID received, using theauthentication processing unit 420, and determines whether there is biometric information that matches the biometric information received. For example, if thebiometric authentication server 400A has received the group ID A from theMFP 200A, theauthentication processing unit 420 searches the authenticatinginformation 411 corresponding to the group ID A, and determines whether there exists biometric information that matches the biometric information received. If there is the biometric information matching the biometric information received, theauthentication processing unit 420 authenticates the biometric information. - The process between steps S2108 and S2111 is the same as the process between steps S908 and S911 shown in
FIG. 9 . Thus, description of steps S2108 to S2111 is omitted in the following. - The process of creating the group name list by the
list control unit 235 in the present embodiment is described. Thelist control unit 235, after the group name is selected in step S2106, creates the group name list once again. Specifically, thelist control unit 235, upon selection of the group name in step S2106, creates the group name list when the list box L10 is next displayed such that the group name selected in step S2106 comes at the top of the list. The group names that follow the top group name are arranged in descending order of the number of times of selection of the group name in the past. - For example, referring to
FIG. 20 , it is supposed that the group name that was selected from the list box L10 the last time it was displayed is the group name A, and that the group name C is the group name that has been most frequently selected among the group names A, B, and C in the past. In this case, thelist control unit 235 puts the group name A at the top of the list, and places the group name C next to the group name A, as shown inFIG. 20 . The group name B is placed next to the group name C. In the present embodiment, thelist control unit 235 has stored values indicating the number of times each group name has been selected, so that the number of times of selection of each group name can be determined. - Thus, the
list control unit 235 creates the group name list in which the group name selected the last time and the group names that have been selected most frequently in the past are at the top of the list. This allows a user to find and select his or her own group name the more easily the more often he or she uses the group name. - Further, in accordance with the present embodiment, it is only necessary to select a group name from the group name list in order to perform the biometric authentication process, without the need to input the user ID as in
Embodiment 1. Thus, in accordance with the present embodiment, operations for performing the biometric authentication process can be simplified. Furthermore, thebiometric authentication server 400A only needs to retrieve the authenticating information to which the group ID associated with the selected group name is allocated, and there is no need to retrieve all of the authenticating information stored in thebiometric authentication server 400A. Thus, in accordance with the present embodiment, the time required for the authentication process can be reduced and its accuracy can be improved. - Hereafter, an image forming apparatus according to
Embodiment 3 of the present invention is described with reference to the drawings.Embodiment 3 differs fromEmbodiment 2 in that a further improved operability is obtained when performing user authentication based on biometric information. Thus, in the following description ofEmbodiment 3, only the differences fromEmbodiment 2 are described and the units or components having the same or corresponding functions as those ofEmbodiment 2 are designated with similar reference numerals while omitting their descriptions. - In accordance with the present embodiment, the group names are displayed on the operating/
display unit 28 of theMFP 200B as group name buttons. This eliminates the need to retrieve a desired group name from the list box L10, thus improving operability. -
FIG. 22 shows a functional configuration of theMFP 200B according to the present embodiment. TheMFP 200B includes a plug-inunit 230B which includes aplugin 231B for realizing a biometric information acquiring function. Theplugin 231B includes a biometricinformation acquiring unit 232; a biometricinformation processing unit 233; a groupname setting unit 234; alist control unit 235; a groupID acquiring unit 236; and abutton setting unit 237. - The
button setting unit 237 is configured to make settings for displaying on the operating/display unit 28 group name buttons corresponding to the group names that are set by the groupname setting unit 234. Specifically, thebutton setting unit 237 displays a group name button setting screen that has the same layout as the screen displayed on the operating/display unit 28 upon biometric authentication. - Referring to
FIG. 23 , the setting of the group name buttons in accordance with the present embodiment is described.FIG. 23 shows abutton setting screen 40 produced by thebutton setting unit 237. Thebutton setting screen 40 has a settingarea 41 for associating the group name buttons and group names. The layout of the settingarea 41 is the same as that of the screen that is displayed upon execution of biometric authentication as will be described later. - For example, when one of the group name buttons is pressed by a system administrator for association, the
screen 20 shown inFIG. 19 is displayed. After a group ID and a group name are entered in thescreen 20 and thesetting button 21 is pressed, the entered group name is displayed within the settingarea 41 in thescreen 40. Because the layout of thescreen 40 according to the present embodiment is the same as that of the screen displayed during actual biometric authentication, the system administrator or the like who makes the setting can make sure whether, looking at the display of the settingarea 41, a group name can be correctly displayed within the group name button at the time of actual biometric authentication. - For example, when it is desired to display “Group name A” within the
group name button 42, thegroup name button 42 within the settingarea 41 is pressed. Then, thescreen 20 ofFIG. 19 appears, where the user presses the group name A, enters the group ID corresponding to the group name A, and presses thesetting button 21. Then on thescreen 40, the group name A entered in thescreen 20 is displayed within thegroup name button 42. By pressing theOK button 43 at this time, the setting of the group name in thegroup name button 42 is complete. If the cancelbutton 44 is pressed instead, thescreen 40 transitions back to thescreen 20, where the group name to be displayed can be changed or modified. Thus, when the system administrator or the like makes the group name button setting, he or she can confirm the displayed content. - For example, when the allowed number of letters that can be displayed within the group name button is eight, if a 10-letter group name is entered, the ninth and 10th letters are not displayed within the group name button. In accordance with the present embodiment, however, such an incorrect display of the group name within the group name button is visibly displayed on the
screen 40, so that the administrator or the like can quickly change or modify the group name. - Hereafter, a biometric authentication process according to the present embodiment is described with reference to a flowchart shown in
FIG. 24 . - The process between steps S2401 and S2404 shown in
FIG. 24 is the same as the process between steps S901 and S904 shown inFIG. 9 . Therefore, description of steps S2401 to S2404 is omitted. - In step S2403, if the
biometric authentication server 400A is set as the authentication server, the managingserver 300 notifies theMFP 200A. In theMFP 200A, thedisplay control unit 260 displays thescreen 50 shown inFIG. 25 on the operating/display unit 28 in step S2405.FIG. 25 is an example of the screen displayed on the operating/display unit 28. - In step S2406, a desired group name button is pressed in the
screen 50, and biometric information is read. In step S2407, biometric authentication is performed. - The biometric authentication procedure in step S2407 is the same as in
Embodiment 2. Namely, upon selection of the group name by the pressing of the group name button, the groupID acquiring unit 236 acquires a group ID associated with the group name. TheMFP 200B then transmits the acquired group ID and the biometric information to thebiometric authentication server 400A. In thebiometric authentication server 400A, theauthentication processing unit 420 performs authentication using the group ID and biometric information. - The process between steps S2408 and S2411 is the same as the process between steps S908 and S911 shown in
FIG. 9 and therefore the description of the corresponding steps is omitted. - In accordance with the present embodiment, up to six group name buttons can be displayed in the
screen 50 shown inFIG. 25 . Preferably, the group names that are set in the group name buttons are those group names that are frequently selected. Further, in accordance with the present embodiment, a group name that is not displayed in any of the group name buttons in thescreen 50 can be selected. Specifically, when selecting a group name that is not displayed in thescreen 50, a “Select other groups”button 51 is pressed. Then, the display screen of the operating/display unit 28 transitions to thescreen 30 shown inFIG. 20 , where a list of group names other than those set in the group name buttons is shown in the list box L10. - Thus, in accordance with the present embodiment, at the time of the biometric authentication process, the group name buttons indicating group names are displayed, so that the user can select a group name simply by pressing the corresponding group name button. This eliminates the need to search the list box L10 for the desired group name, thereby further improving operability.
- Further, in accordance with the present embodiment, the group name buttons can be set in a setting screen having the same layout as that of the screen displayed when a relevant process is actually performed. This helps to reduce the burden on the system administrator or the like during the setting operation.
- Hereafter, an image forming apparatus managing system according to
Embodiment 4 of the present invention is described with reference to the drawings.Embodiment 4 is based onEmbodiment 1 to which additional functions are provided. Thus, in the following description ofEmbodiment 4, units or components having the same or similar functions to those ofEmbodiment 1 are designated by similar reference numerals while omitting their descriptions. - In accordance with the present embodiment, in the MFP, information in a preset region on an IC card can be read. Further, the AD server and the managing server can be linked when user information stored in the managing server is registered or deleted. Furthermore, print jobs executed in the MFP can be managed.
-
FIG. 26 shows a system configuration of an image formingapparatus managing system 100A according toEmbodiment 4. The image formingapparatus managing system 100A includes anMFP 200C, a managingserver 300A, abiometric authentication server 400, anAD server 500A, a managingterminal 700A, aprint server 800, and auser terminal 900, which are connected via anetwork 600. Theprint server 800 manages print jobs that are generated in theuser terminal 900 or theMFP 200C, as will be described below. Theuser terminal 900 may be used for selecting a document to be printed by theMFP 200C, or entering a print instruction into theMFP 200C. - In the following, the various units of the image forming
apparatus managing system 100A are described.FIG. 27 shows a functional configuration of anMFP 200C according toEmbodiment 4. TheMFP 200C includes a plug-inunit 230C having aplugin 290A for realizing an IC card information acquiring function. - The
plugin 290A is configured to set an area of an IC card from which information is read by theMFP 200C. Theplugin 290A includes an area settinginformation acquiring unit 291, anarea setting unit 292, a cardreader control unit 293, and an informationformat converting unit 294. The area settinginformation acquiring unit 291 acquires area setting information generated by the managing terminal 700A as described below. Based on the area setting information acquired by the area settinginformation acquiring unit 291, an area is set by thearea setting unit 292. Specifically, thearea setting unit 292 makes an area setting for theMFP 200C by storing the acquired area setting information in theauxiliary storage unit 24. Information in the area set in an IC card is read by theIC card reader 220, under the control by the cardreader control unit 293. - The information
format converting unit 294 converts IC card identifying information acquired by theIC card reader 220 into a predetermined information format. The “predetermined format” is herein intended to refer to a format handled by the image formingapparatus managing system 100A, i.e., a format that theMFP 200C can process. - For instance, when the
MFP 200C is compatible with the FeliCa (contactless RFID smart card system developed by Sony Corp.) card format, if the information read by theIC card reader 220 is in eLWISE (multifunctional IC card system developed by NTT Communications Corp.) card format, the informationformat converting unit 294 converts the eLWISE format into FeliCa format. When the information read by theIC card reader 220 is compatible with theMFP 200C, the informationformat converting unit 294 need not perform such information format converting process. Thus, the informationformat converting unit 294 enables theMFP 200C to handle different IC card formats. -
FIG. 28 shows a functional configuration of the managingserver 300A according toEmbodiment 4. The managingserver 300 includes, in addition to the various units provided in the managingserver 300 according toEmbodiment 1 shown inFIG. 6 , the following: a userinformation managing unit 350; an updatefile acquiring unit 360; a print job deletinginstruction unit 370; and a printorder change unit 380. - The user
information managing unit 350 managesuser information 310 stored in the managingserver 300A by, for example, registering, deleting, or updating the user information. The userinformation managing unit 350 includes a userinformation registering unit 351, a userinformation deleting unit 352, and a userinformation updating unit 353. - The user
information registering unit 351 is configured to register user information in theauxiliary storage unit 34. The userinformation deleting unit 352 deletes user information from theauxiliary storage unit 34. The userinformation updating unit 353 is configured to update user information stored in theauxiliary storage unit 34 based on an update file which will be described below. - The update
file acquiring unit 360 acquires the update file for updating user information stored in theauxiliary storage unit 34. The update file may be created by a device connected to the managingserver 300A via thenetwork 600 and downloaded by the managingserver 300A. The update file may also be created by a general computer not connected to the managingserver 300A and then recorded in a recording medium. In this case, the managingserver 300A can acquire the update file by reading it from the recording medium. - The print job deleting
instruction unit 370 generates a print job deleting instruction for deleting one or more print jobs stored in theprint server 800 all at once. The print orderchange instruction unit 380 generates an execution order change instruction for changing the order of execution of the print jobs stored in theprint server 800. - With reference to
FIG. 29 , theAD server 500A according toEmbodiment 4 is described. TheAD server 500A includes astorage unit 510 and anauthentication processing unit 520 that is realized by the processor unit. In thestorage unit 510, there is storeduser information 530 and apassword 540 corresponding to theuser information 530. Theuser information 530 includes ICcard identifying information 531 and auser ID 532 corresponding to the ICcard identifying information 531. Theauthentication processing unit 520 performs user authentication by determining whether theuser information 530 stored in thestorage unit 510 is valid. - With reference to
FIG. 30 , theprint server 800 according to the present embodiment is described. Theprint server 800 manages print jobs generated by theuser terminal 900 and theMFP 200C, as will be described below. Theprint server 800 includes aprint control unit 811, a printorder change unit 812, and a printjob deleting unit 813 which are realized by anprocessor unit 810, and a printjob retaining unit 820 realized by a storage unit, and acommunications unit 830. - In response to a print instruction from the
user terminal 900 or theMFP 200C, theprint control unit 811 transmits a relevant print job retained in the printinstruction retaining unit 820 to theMFP 200C, where the print job is executed. In response to a print order change instruction from the managingserver 300A, the printorder change unit 812 changes the order in which the print jobs retained in the printinstruction retaining unit 820 are executed. The printjob deleting unit 813, in response to a print job deleting instruction from the managingserver 300A, deletes the print jobs retained in the printinstruction retaining unit 820 all at once. Thecommunications unit 830 is configured to communicate with the managingserver 300A and theMFP 200C. - Referring to
FIG. 31 , the managing terminal 700A according toEmbodiment 4 is described. The managing terminal 700A may be realized by installing a suitable program in a general computer having anprocessor unit 710, astorage unit 720, adisplay unit 730, and acommunications unit 740. The managing terminal 700A includes acontrol unit 711 and an area settinginformation generating unit 712, which are realized by theprocessor unit 710. Thecontrol unit 711 controls various processes executed by the managing terminal 700A. The area settinginformation generating unit 712 generates area setting information, as will be described later. In the managing terminal 700A, theprocessor unit 710 executes an area setting program stored in thestorage unit 720 in order to realize the function of the area settinginformation generating unit 712. The area setting program is started up in the managing terminal 700A upon instruction for generating area setting information. - In the following, generation of area setting information by the area setting
information generating unit 712 is described with reference toFIGS. 32 through 34 . Initially, however, an IC card is described with reference toFIGS. 32A and 32B .FIG. 32A shows an information recording format for the IC card A.FIG. 32B shows various items of information recorded in the IC card A. In the example shown inFIG. 32A , IC card identifying information is recorded at the top. Inblock 1, employee number information is recorded. Inblock 2, information about the number of times of issuance of the IC card A is recorded. Inblock 3, information about the date of issuance of the IC card A is recorded. Inblock 4, information about the expiration date of the IC card A is recorded. - The format of the IC card may vary depending on the particular standard used and may be determined by the issuer of the IC card. The format of the information recorded in the IC card may also vary depending on the IC card standard. For example, in the case of a FeliCa card, information is recorded in FeliCa card format. In the case of an eLWISE card, the information is recorded in eLWISE card format.
- In
FIG. 32B , the areas of the individual items of information in the IC card A are shown. It is seen that, for example, the area inblock 1 in which an employee number is recorded starts ataddress 0 and ends ataddress 9. - In the managing terminal 700A according to the present embodiment, area setting information is generated using the format information about the IC card A shown in
FIGS. 32A and 32B . In the present embodiment, it is assumed that the format information about the IC card A is supplied by the IC card issuer in advance. - In the following, the generation of area setting information is described with reference to
FIGS. 33 and 34 . In accordance with the present embodiment, the information read from the IC card A may be selected from three kinds, as described below.FIG. 33 shows a screen for selecting the type of information to be read from the IC card A. In this example, the three types of information that can be read from the IC card A are the IC card identifying information, information in accordance with a standard format, and information recorded in a particular area within the IC card A. - In the managing terminal 700A, once information to be read from the IC card A is selected in the screen shown in
FIG. 33 , a screen for entering an area setting is displayed on thedisplay unit 730. Referring toFIG. 33 , when the IC card identifying information is selected as the information to be read from the IC card A, the area settinginformation generating unit 712 considers the information indicating the head area of the IC card A as the area setting information. It should be noted, however, that the area in which the IC card identifying information is recorded is not limited to the head area of the IC card A. - In
FIG. 33 , if the information according to the standard format is selected as the information to be read from the IC card A, the area settinginformation generating unit 712 uses the information indicating the standard format as the area setting information. The standard format may be supplied from the IC card issuer to the system administrator and set in the managing terminal 700A. When the standard format is followed, the format information stored in the managing terminal 700A may include information indicating the area where the IC card identifying information is recorded, and information indicating the area where the employee number is recorded. Based on such format information stored in the managing terminal 700A, the area settinginformation generating unit 712 generates area setting information. - Hereafter, a case where information recorded in a particular area in the IC card A is selected in
FIG. 33 as the information to be read from the IC card A is described. In accordance with the present embodiment, by setting a desired area in the IC card, the information in the thus set area can be read. -
FIG. 34 shows anarea setting screen 25A for setting an area in the IC card A. Thearea setting screen 25A includes ablock designating area 25B for designating a block in which information is to be read; aposition designating area 25C for designating a position (address) in the designated block; and aninformation list area 25D where information items that can be read are shown. In thearea setting screen 25A, blocks 1 and 3 of the IC card A are designated in theblock designating area 25B. In theposition designating area 25C, the entire data inblocks information generating unit 712 generates area setting information indicating that the entire data recorded inblocks - In the
information list area 25D, there are displayed an employee number, which is the entire data recorded inblock 1, and an expiration date, which is the entire data recorded inblock 3, as the information items to be acquired based on the area setting information. Thus, in accordance with the present embodiment, a block and the position of information in the block can be designated while confirming the information items to be read in the area setting screen. Thus, the area setting information can be generated by the system administrator or the like through a simple operation. - The area setting information generated by the managing terminal 700A may be supplied to the
MFP 200C via thenetwork 600. Alternatively, the area setting information may be recorded in a recording medium in the managing terminal 700A, such as a USB memory. The area setting information recorded in such a recording medium is then read by theMFP 200C, thus acquiring the area setting information. Further, while in the present embodiment an area setting program for realizing the function of the area settinginformation generating unit 712 is installed in the managing terminal 700A, this is merely an example. In another embodiment, the area setting program may be installed in theuser terminal 900. Alternatively, the area setting program may be installed in a general computer not connected to theMFP 200C. In this case, the area setting information that is generated may be recorded in a recording medium and then supplied to theMFP 200C. - Hereafter, an operation of the
plugin 290A in theMFP 200C according to the present embodiment is described. In theMFP 200C, an operation of theplugin 290A enables the reading of information based on the area setting information from the IC card.FIG. 35 shows a flowchart of an operation of theplugin 290A in theMFP 200C. Theplugin 290A starts a process when selected as the plugin executed in the plug-inunit 230C in step S2601. The selection of the plugin is described below. TheMFP 200C according to the present embodiment includes plural kinds of plugins (not shown) for controlling the reading of information from the IC card. A system administrator, for example, can select one of the plugins to be executed in theMFP 200C. The selection of the plugin may be performed by an administrator tool for managing the image formingapparatus managing system 100A. The administrator tool may be provided in the managing terminal 700A or in theMFP 200C. - Other plugins provided in the
MFP 200C may include an SSFC (Shared Security Formats Cooperation; an ID card security management system using the FeliCa contactless IC card technology) plugin in accordance with the SSFC standard, and an eLWISE plugin in accordance with the eLWISE card standard. When the SSFC plugin is selected, for example, the SSFC plugin is executed so that theMFP 200C reads information from the IC card in accordance with SSFC standard format. Theplugin 290A according to the present embodiment may be operated as a FeliCa plugin in accordance with the FeliCa standard. -
FIG. 36 shows an example of a plugin setting screen according toEmbodiment 4. Theplugin setting screen 70A may be displayed on thedisplay unit 730 of the managing terminal 700A, or on the operating/display unit 28 of theMFP 200C. Upon selection of theplugin 290A in the plugin setting screen shown inFIG. 36 , theMFP 200C starts theplugin 290A. - Referring back to
FIG. 35 , after theplugin 290A is started in theMFP 200C, the area settinginformation acquiring unit 291 acquires area setting information in step S2602. The area settinginformation acquiring unit 291 may acquire the area setting information from the managing terminal 700A via thenetwork 600, or from a recording medium. In step S2603, the acquired area setting information is set in theMFP 200C by thearea setting unit 292. Namely, thearea setting unit 292 stores the area setting information in theauxiliary storage unit 24, whereupon the setting of area setting information in theMFP 200C is completed. - In step S2604, when the IC card A is passed over the
IC card reader 220, the information recorded in a set area of the IC card A is read by theIC card reader 220 under the control of the cardreader control unit 293. The cardreader control unit 293 controls the reading of the information by theIC card reader 220 by referring to the area setting information stored in theauxiliary storage unit 24. TheIC card reader 220 may also acquire the format information about the IC card A when the IC card A is passed over it. - In accordance with the present embodiment, four patterns of area setting information can be generated for each type of an IC card. Thus, in the
MFP 200C, multiple patterns of area setting information may be acquired and set. When multiple patterns of area setting information are set in theMFP 200C, the cardreader control unit 293 determines whether each item of area setting information corresponds to the format of the IC card A, in order from the area setting information that is initially acquired. Based on the area setting information that has been determined to correspond to the format of the IC card A, the cardreader control unit 293 controls the reading of information by theIC card reader 220. - In step S2605, after the information has been read by the
IC card reader 220, the informationformat converting unit 294 converts the information into a predetermined format. The “predetermined format” is herein intended to refer to a format that can be processed by theMFP 200C. For example, when theMFP 200C is adapted for FeliCa card format, if the information read by theIC card reader 220 is in eLWISE card format, the informationformat converting unit 294 converts the eLWISE format into FeliCa card format. If the information read by theIC card reader 220 is in a format compatible with theMFP 200C, the informationformat converting unit 294 need not perform the information format converting process. - In step S2606, the
MFP 200C transmits the information whose format may have been converted by the informationformat converting unit 294 to the managingserver 300A. The managingserver 300A performs a user login process using the information transmitted from theMFP 200C. - Thus, in the
MFP 200C in accordance with the present embodiment, an area for the reading of information is set in the IC card, so that the information recorded in the thus set area can be read. Thus, in theMFP 200C, information to be read from the IC card can be set depending on the environment in which the image formingapparatus managing system 100A is used. Further, in accordance with the present embodiment, the format of the information can be converted into a format that can be processed by theMFP 200C. This feature of the present embodiment enables the handling of various types of IC cards based on different standards, thus enhancing the versatility of theMFP 200C. - Hereafter, the login process according to the present embodiment is described. In the image forming
apparatus managing system 100A according to the present embodiment, if a user forgot to bring his or her IC card, the user can still login by entering his or her user ID and password for user authentication. -
FIG. 37 shows a flowchart of user authentication that is performed when the user forgot to bring his or her IC card. In the present embodiment, the operating/display unit 28 of theMFP 200C displays aninstructing button 28A (seeFIG. 38A ) for entering an instruction for displaying a keyboard screen.FIG. 38A shows an example of a standby screen displayed on the operating/display unit 28.FIG. 38B shows an example of a keyboard screen displayed on the operating/display unit 28. As shown inFIG. 38A , in theMFP 200C, the standby screen has theinstructing button 28A for entering an instruction for keyboard input. - After the keyboard input instruction is entered via the
instructing button 28A in step S2801, theMFP 200C in step S2802 displays the keyboard screen shown inFIG. 38B on the operating/display unit 28. In step S2803, theMFP 200C acquires a user ID and a password entered on the keyboard screen. In step S2804, theMFP 200C transmits the acquired user ID and password to theAD server 500A via the managingserver 300A. In theAD server 500A, it is determined whether the acquired user ID and password are valid, based on the information stored in thestorage unit 510 and also usingauthentication processing unit 520. If the acquired user ID and password are valid, theAD server 500A authenticates the user. - Hereafter, the user authentication process in the
AD server 500A is described. In theAD server 500A, the ICcard identifying information 531 and theuser ID 532 are stored in thestorage unit 510 associated with one another. TheAD server 500A authenticates the user if information corresponding to the user ID and password acquired in step S2803 exists in thestorage unit 510, and if IC card identifying information corresponding to the user ID acquired in step S2803 exists in thestorage unit 510. - In step S2805, if the user is authenticated, the managing
server 300A in step S2806 allows the user to log in. If in step S2805 user authentication is unsuccessful, an authentication error message is displayed on the operating/display unit 28 of theMFP 200C in step S2807. In step S2808, theMFP 200C acquires authentication error history information and stores it in theauxiliary storage unit 24. Alternatively, the authentication error history information may be stored in the managingserver 300A. - Thus, in the
MFP 200C, user authentication can be performed based on a user ID and password entered on the keyboard when the user does not have the IC card. Thus, in accordance with the present embodiment, the user can be allowed to use theMFP 200C in the absence of an IC card based on the user's use limit information, without having to issue a temporary IC card or the like. - In the image forming
apparatus managing system 100A, up to fourAD servers 500A may be installed. In this way, if one of theAD servers 500A fail to operate, theother AD servers 500A can cover the failed AD server. In accordance with the present embodiment, whether or not to display theinstructing button 28A on the operating/display unit 28 of theMFP 200C may be set by the system administrator in advance. When the setting is such that theinstructing button 28A is displayed, theAD server 500A may authenticate a user ID entered via the keyboard screen. - Hereafter, management of user information in the managing
server 300A is described. In the managingserver 300A, the user information stored in theauxiliary storage unit 34 can be registered, deleted, or updated.FIG. 39 shows a flowchart of a process for registering or deleting user information in the managingserver 300A according toEmbodiment 4. - After the IC card identifying information is read by the
IC card reader 220 in theMFP 200C, the managingserver 300A in step S3001 acquires the IC card identifying information from theMFP 200C. - In step S3002, the managing
server 300A performs an authentication process on the acquired IC card identifying information, based on the acquired IC card identifying information and the user information stored in theauxiliary storage unit 34. If the authentication of the IC card identifying information in step S3002 is unsuccessful, the managingserver 300A transmits the IC card identifying information to theAD server 500A. In step S3003, theauthentication processing unit 520 of theAD server 500A, based on the acquired IC card identifying information and theuser information 530, performs an authentication process on the acquired IC card identifying information. - If in step S3003 the IC card identifying information acquired by the
AD server 500A is not authenticated, theAD server 500A transmits an authentication error message to theMFP 200C via the managingserver 300A. In step S3004, the authentication error message is displayed on the operating/display unit 28 of theMFP 200C. - If the IC card identifying information acquired by the
AD server 500A is authenticated in step S3003, the managingserver 300A receives a message from theAD server 500A indicating the successful authentication of the user. In response, the managingserver 300A in step S3005 allows the user to login. In step S3006, the managingserver 300A acquires from theAD server 500A a user ID corresponding to the authenticated IC card identifying information, and registers this user ID in theauxiliary storage unit 34, using the userinformation registering unit 351. - Specifically, in response to the message indicating the successful authentication of the IC card identifying information in the
AD server 500A, the userinformation registering unit 351 acquires the user ID corresponding to the authenticated IC card identifying information from theAD server 500A. The userinformation registering unit 351 then stores the IC card identifying information and the user ID in theauxiliary storage unit 34 in association with use limit information. The use limit information with which the IC card identifying information and the user ID are associated is stored in theauxiliary storage unit 34 in advance as an initial setting. In accordance with the present embodiment, when the use limit information is in initial setting status, all of the functions of theMFP 200C are usable. - Thus, in accordance with the present embodiment, the user is considered to have been authenticated if the IC card identifying information is not authenticated by the managing
server 300A but is authenticated by theAD server 500A. The managingserver 300A then acquires the user ID corresponding to the IC card identifying information from theAD server 500A, and registers it in theauxiliary storage unit 34 in association with the use limit information of the initial setting. - Thus, when registering user information about a new user in the image forming
apparatus managing system 100A, a system administrator needs only to register relevant IC card identifying information and user ID in theAD server 500A. This eliminates the need for registering the IC card identifying information and user ID in both theAD server 500A and the managingserver 300A, thus reducing the burden on the system administrator. - If in step S3002 the IC card identifying information is authenticated by the managing
server 300A, the managingserver 300A transmits the user information including the IC card identifying information and the user ID to theAD server 500A. In step S3007, theAD server 500A performs an authentication process on the user information. If the user information is authenticated by theAD server 500A, the managingserver 300A allows the user to login in step S3008. - If in step S3007 the user information is not authenticated by the
AD server 500A, the managingserver 300A in step S3009 regards the IC card identifying information invalid, and transmits an authentication error message to theMFP 200C. In step S3010, in the managingserver 300A, the userinformation deleting unit 352 deletes from theauxiliary storage unit 34 the IC card identifying information that has not been authenticated by theAD server 500A and the corresponding user ID and use limit information. - Thus, in accordance with the present embodiment, invalid user information stored in the managing
server 300A can be automatically deleted. Further, in accordance with the present embodiment, the user information may be updated by registering new user information or deleting user information by the userinformation updating unit 353. The user information registration or deletion process described above with reference toFIG. 39 is performed only upon acquisition of the IC card identifying information corresponding to a particular user subject to the registration or deletion process. On the other hand, the userinformation updating unit 353 may periodically update the user information stored in theauxiliary storage unit 34. For example, in the managingserver 300A, the updatefile acquiring unit 360 periodically acquires an update file that is prepared in advance for updating user information. Upon acquisition of the update file, the userinformation updating unit 353 rewrites the user information based on the update file. - The update file mainly includes IC card identifying information and user ID information. The information in the update file corresponds to the
user information 530 stored in theAD server 500A. TheAD server 500A periodically writes out theuser information 530 stored in theAD server 500A in a file in a predetermined format, and supplies it to the managingserver 300A. The “predetermined format” is herein intended to refer to a format such that the file can be processed by the managingserver 300A, such as CSV (comma separated values) format. - The managing
server 300A acquires the update file that is periodically supplied from theAD server 500A, and updates the user information based on the acquired update file. Such an update process enables theuser information 310 in theauxiliary storage unit 34 in the managingserver 300A to correspond to the user information within theAD server 500A. Updating of the user information in the managingserver 300A may include updating use limit information. - For example, if
new user information 310 has been added to the update file, the userinformation updating unit 353 stores theuse limit information 313 of the initial setting in theauxiliary storage unit 34 in association with the newly addeduser information 310. If theuser information 310 has been deleted from the update file, the userinformation updating unit 353 deletes the use limit information corresponding to the deleteduser information 310 from theauxiliary storage unit 34. - Thus, in the managing
server 300A according to the present embodiment, the user information can be updated periodically in accordance with theAD server 500A. This eliminates the need for double information management requiring the management of theuser information 530 in the manageAD server 500A and the management of theuser information 310 in the managingserver 300A, thereby reducing the burden on the system administrator or the like for information management. - Furthermore, in accordance with the present embodiment, the managing
server 300A can delete the print jobs stored in theprint server 800 all at once. For example, in the managingserver 300A, the print job deletinginstruction unit 370 generates a print job deleting instruction and sends it to theprint server 800. In response, in theprint server 800, the printjob deleting unit 813 deletes the print jobs retained in the printinstruction retaining unit 820. - In the managing
server 300A, the print job deleting instruction may be periodically generated and sent to theprint server 800. For example, the print job deletinginstruction unit 370 generates the print job deleting instruction at preset time intervals determined by the system administrator, and transmits the instruction to theprint server 800. The print job deleting instruction thus generated may instruct the deletion of the entire print jobs all at once. In this case, the print jobs retained in the printinstruction retaining unit 820 are deleted all at once each time the print job deleting instruction is received in theprint server 800. - In the managing
server 300A, a print job deleting instruction may be generated such that the print jobs accumulated in a predetermined period determined by the system administrator can be deleted. For example, the system administrator sets an 8-day period for deleting print jobs that have been accumulated between 10 days ago and 2 days ago. The print job deletinginstruction unit 370 then transmits a print job deleting instruction and the information about the period set by the system administrator to theprint server 800. In theprint server 800, the print jobs accumulated during the set (8-day) period are deleted in accordance with the period information. - The print job deleting
instruction unit 370 may display a setting screen prompting the entry of a setting of period information or a print job deleting instruction on a display unit of the managingserver 300A. The system administrator can then set a period or enter a print job deleting instruction by following such a setting screen. - Thus, in accordance with the present embodiment, accumulation of large amounts of data in the
print server 800 can be prevented, thus enabling a decrease in the capacity of theprint server 800. - Further, in the managing
server 300A, the order of execution of the print jobs accumulated in theprint server 800 can be changed by the print orderchange instruction unit 380. For example, when theprint server 800 is set to execute print jobs in reverse-chronological order of reception so that the latest print job is executed first, the print orderchange instruction unit 380 may generate an instruction for printing the print jobs in chronological order of reception of the print jobs. The managingserver 300A then transmits the generated print order change instruction to theprint server 800. In response to the print order change instruction, theprint server 800 changes the setting for the order of execution of the print jobs. - Preferably, the print order
change instruction unit 380 may display a setting screen on the display unit of the managingserver 300A prompting a change in print order. The system administrator may then set a print order in accordance with the setting screen, so that a print order change instruction can be generated. - Thus, in accordance with the present embodiment, the order of execution of print jobs by the
print server 800 can be changed to an appropriate order suitable for the operation of the image formingapparatus managing system 100A. - Hereafter, an image forming apparatus managing system according to
Embodiment 5 of the present invention is described with reference to the drawings.FIG. 40 shows a system configuration of the image formingapparatus managing system 100B according toEmbodiment 5. In the following description of the image formingapparatus managing system 100B, units or components having the same or corresponding functions or structures as those ofEmbodiment 4 are designated by similar reference numerals and their descriptions are omitted. - In the image forming
apparatus managing system 100B, a portion corresponding to theMFP 200C ofEmbodiment 4 includes anMFP 200 a, an operatingterminal 50 for operating theMFP 200 a, and abiometric information reader 210 a and anIC card reader 220 a which are connected outside the operatingterminal 50. - Referring to
FIG. 41 , theMFP 200 a, the operatingterminal 50, thebiometric information reader 210 a, and theIC card reader 220 a are described in detail. In accordance with the present embodiment, theMFP 200 a is connected to anetwork 600. Thebiometric information reader 210 a and theIC card reader 220 a are connected to theMFP 200 a via the operatingterminal 50. TheMFP 200 a may be serially connected to the operatingterminal 50 via RS232C connection. Thebiometric information reader 210 a and theIC card reader 220 a may be connected to the operatingterminal 50 via USB connection. - The hardware structure of the
MFP 200 a is the same as theMFP 200 according toEmbodiment 1. The functions of thedisplay control unit 260, the individualinformation acquiring unit 270, and the processhistory acquiring unit 280 are also the same as those of theMFP 200 according toEmbodiment 1. - The operating
terminal 50, which may comprise a computer having an processor unit and a storage unit, includes a plug-inunit 230C, aplugin setting unit 240, and apassword generating unit 250. The plug-inunit 230C includes aplugin 231 for realizing a biometric information read control function, and aplugin 290A for realizing an IC card information acquiring function. The individual plugins function as described with reference toEmbodiments 1 through 4. Theplugins terminal 50 via thenetwork 600. Alternatively, the operatingterminal 50 may acquire the individual plugins from a recording medium in which theplugins - The functions of the
plugin setting unit 240 and thepassword generating unit 250 are as described with reference toEmbodiment 4. - In the storage unit of the operating
terminal 50, various setting values are stored, and also calculated values obtained by the processor unit may be temporarily recorded. In a recording unit in the operatingterminal 50, there may be stored various information in case the operatingterminal 50 is unable to communicate with the managingserver 300A or theprint server 800. Such information may include information concerning the system settings of the image formingapparatus managing system 100A; user information including IC card identifying information, a user ID, and a password; use limit information corresponding to the user information; and history information about a user who used theMFP 200C. These information stored in the storage unit are transmitted periodically by the operatingterminal 50 to the managingserver 300A. - Hereafter, a biometric authentication process according to
Embodiment 5 is described. When performing biometric authentication in the image formingapparatus managing system 100B, theplugin 231 is set by theplugin setting unit 240 in the operatingterminal 50. The operatingterminal 50 acquires biometric information using the functions of thebiometric information reader 210 a and theplugin 231. The biometric information is transmitted to thebiometric authentication server 400 via thenetwork 600, together with the user ID inputted from theMFP 200 a. The process after the transmission of the biometric information to thebiometric authentication server 400 is as described with reference toEmbodiment 1. - Hereafter, an IC card authentication process according to
Embodiment 5 is described. The operatingterminal 50 acquires IC card identifying information using theIC card reader 220 a. The control unit 211 of the operatingterminal 50 then acquires the IC card identifying information from theIC card reader 220 a. From the operatingterminal 50, the IC card identifying information is transmitted to the managingserver 300A via thenetwork 600. In the managingserver 300A, a user ID corresponding to the IC card identifying information is obtained. The managingserver 300A then supplies use limit information corresponding to the obtained user ID to theMFP 200 a. Based on the use limit information, operation of theMFP 200 a is controlled. - As described above, in accordance with
Embodiment 5 of the present invention, utilization of the image forming apparatus is granted on an individual user basis as inEmbodiments terminal 50, whereby the confidentiality of information can be maintained. - Although this invention has been described in detail with reference to certain embodiments, variations and modifications exist within the scope and spirit of the invention as described and defined in the following claims.
Claims (15)
1. An apparatus comprising:
a first receiving unit implemented by circuitry and configured to receive biometric information of a user;
a second receiving unit implemented by the circuitry and configured to receive identification information of the user, which is distinct from the biometric information of the user;
a first authentication processing unit implemented by the circuitry and configured to perform a first user authentication process based on the received biometric information of the user; and
a second authentication unit implemented by the circuitry and configured to perform a second user authentication process based on the received identification information of the user when the first user authentication process is unavailable.
2. The apparatus according to claim 1 , further comprising:
a first connection unit implemented by the circuitry and configured to connect to a first authentication apparatus which implements user authentication using a biometric information storage that stores the biometric information of the user,
wherein the first authentication processing unit is further configured to perform the first user authentication process based on the received biometric information of the user using the first authentication apparatus, and
wherein the second authentication processing unit is further configured to perform the second user authentication process based on the received identification information of the user without using the received biometric information of the user when the first authentication apparatus is unavailable.
3. The apparatus according to claim 2 , further comprising:
a second connection unit implemented by the circuitry and configured to connect to a second authentication apparatus which implements user authentication using a user identification information storage that stores the identification information of the user,
wherein the second authentication processing unit is further configured to perform the second user authentication process by authenticating the received identification information of the user, which is received by user input.
4. The apparatus according to claim 3 ,
wherein the first user authentication process is unavailable when, at least one of, a connection error occurs in the connection to the first authentication apparatus, the first authentication apparatus fails, and the first receiving device cannot receive the biometric information of a user.
5. The apparatus according to claim 2 ,
wherein the first connection device is configured to connect, via a network, to the first authentication apparatus, which performs user authentication using the biometric information storage,
wherein the biometric information storage further stores the identification information of the user in association with the biometric information of the user, and
wherein the first authentication processing unit is further configured to transmit the received biometric information of the user and the received identification information of the user to the first authentication apparatus in the performance of the first user authentication process.
6. The apparatus according to claim 1 , further comprising:
a third receiving unit implemented by the circuitry and configured to receive information recorded in a recording medium; and
a third authentication processing unit implemented by the circuitry and configured to perform a third user authentication process in response to receipt of the information recorded in the recording medium.
7. A method comprising:
receiving biometric information of a user;
performing, using circuitry, a first user authentication process based on the received biometric information of the user when the first user authentication process is available; and
when the first user authentication process is unavailable:
receiving identification information of the user, which is distinct from the biometric information of the user, and
performing, using the circuitry, a second user authentication process based on the received identification information of the user.
8. The method according to claim 7 , further comprising:
connecting to a first authentication apparatus which implements user authentication using a biometric information storage that stores the biometric information of the user; and
performing the first user authentication process based on the received biometric information of the user using the first authentication apparatus; and
performing the second user authentication process based on the received identification information of the user without using the received biometric information of the user when the first authentication apparatus is unavailable.
9. The method according to claim 7 , further comprising:
connecting to a second authentication apparatus which implements user authentication using a user identification information storage that stores the identification information of the user; and
performing the second user authentication process by authenticating the received identification information of the user, which is received by user input.
10. The method according to claim 9 ,
wherein the first user authentication process is unavailable when, at least one of, a connection error occurs in the connection to the first authentication apparatus, the first authentication apparatus fails, and the first receiving unit cannot receive the biometric information of a user.
11. The method according to claim 8 , further comprising:
connecting, via a network, to the first authentication apparatus, which performs user authentication using the biometric information storage; and
storing the identification information of the user in association with the biometric information of the user; and
transmitting the received biometric information of the user and the received identification information of the user to the first authentication apparatus in the performance of the first user authentication process.
12. The method according to claim 7 , further comprising:
receiving information recorded in a recording medium; and
performing a third user authentication process in response to receipt of the information recorded in the recording medium.
13. A non-transitory computer readable recording medium, comprising:
a first authentication processing unit that when executed causes circuitry to perform a first user authentication process based on biometric information of the user which is received by a first receiving unit,
a second authentication processing unit that when executed causes the circuitry to perform a second user authentication process based on identification information of the user, which is received by a second receiving unit, when the first user authentication process is unavailable,
wherein the identification information of the user is distinct from the biometric information of the user and is used to identify users.
14. The recording medium according to claim 13 ,
wherein the first authentication processing unit, when executed, causes the circuitry to further perform the first user authentication process by transmitting the biometric information of the user to a first authentication apparatus which is connected via a network and which implements user authentication using a biometric information storage that stores the biometric information of the user, and
wherein the second authentication processing unit, when executed, causes the circuitry to perform the second user authentication process based on the received identification information of the user without using the received biometric information of the user when the first user authentication process is unavailable.
15. The recording medium according to claim 14 , further comprising:
a second connection unit that when executed causes the circuitry to connect a second authentication apparatus which implements the user authentication using a user identification information storage that stores the identification information of the user,
wherein the second authentication processing unit, when executed, causes the circuitry to perform the second user authentication process by transmitting the identification information of the user, which is received by user input, to the second authentication apparatus, which is connected via a network and which implements user authentication using a user identification information storage that stores the identification information of the user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/028,159 US20140016158A1 (en) | 2007-07-12 | 2013-09-16 | Management of image forming apparatus based on user authentication |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2007183399 | 2007-07-12 | ||
JP2008176227A JP2009038795A (en) | 2007-07-12 | 2008-07-04 | Image forming apparatus management system, image forming apparatus, management device, image forming method, image forming program, management method, and management program |
JP2008-176227 | 2008-07-04 | ||
US12/485,206 US8553245B2 (en) | 2007-07-12 | 2009-06-16 | Management of image forming apparatus based on user authentication |
US14/028,159 US20140016158A1 (en) | 2007-07-12 | 2013-09-16 | Management of image forming apparatus based on user authentication |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/485,206 Continuation US8553245B2 (en) | 2007-07-12 | 2009-06-16 | Management of image forming apparatus based on user authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
US20140016158A1 true US20140016158A1 (en) | 2014-01-16 |
Family
ID=40440304
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/485,206 Expired - Fee Related US8553245B2 (en) | 2007-07-12 | 2009-06-16 | Management of image forming apparatus based on user authentication |
US14/028,159 Abandoned US20140016158A1 (en) | 2007-07-12 | 2013-09-16 | Management of image forming apparatus based on user authentication |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/485,206 Expired - Fee Related US8553245B2 (en) | 2007-07-12 | 2009-06-16 | Management of image forming apparatus based on user authentication |
Country Status (2)
Country | Link |
---|---|
US (2) | US8553245B2 (en) |
JP (1) | JP2009038795A (en) |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009044328A (en) | 2007-08-07 | 2009-02-26 | Seiko Epson Corp | Conference system, server, image display method, computer program, and recording medium |
JP4655120B2 (en) * | 2008-07-29 | 2011-03-23 | コニカミノルタビジネステクノロジーズ株式会社 | Authentication system and authentication device |
JP2011233031A (en) * | 2010-04-28 | 2011-11-17 | Canon Inc | Image forming apparatus and control method thereof |
US20120167181A1 (en) * | 2010-12-22 | 2012-06-28 | Toshiba Tec Kabushiki Kaisha | Image forming apparatus, image forming method and image forming system |
WO2013100952A1 (en) * | 2011-12-28 | 2013-07-04 | Intel Corporation | Automated user preferences for a document processing unit |
JP2013164835A (en) * | 2012-01-13 | 2013-08-22 | Ricoh Co Ltd | Authentication system, authentication method, apparatus, and program |
KR20130143263A (en) * | 2012-06-21 | 2013-12-31 | 에스케이플래닛 주식회사 | Method for authentication users using open id based on trusted platform, apparatus and system for the same |
JP6107042B2 (en) * | 2012-10-12 | 2017-04-05 | 富士ゼロックス株式会社 | Information processing apparatus, information processing program, and information processing system |
JP6056384B2 (en) | 2012-10-31 | 2017-01-11 | 株式会社リコー | System and service providing apparatus |
JP6098151B2 (en) * | 2012-12-14 | 2017-03-22 | 株式会社リコー | Information processing system and information processing method |
JP6393988B2 (en) * | 2013-02-28 | 2018-09-26 | 株式会社リコー | Apparatus, information processing system, control method, program, and storage medium |
JP6300467B2 (en) | 2013-08-20 | 2018-03-28 | キヤノン株式会社 | Image processing apparatus, information processing method, and program |
JP6201835B2 (en) * | 2014-03-14 | 2017-09-27 | ソニー株式会社 | Information processing apparatus, information processing method, and computer program |
JP2017097295A (en) * | 2015-11-27 | 2017-06-01 | 株式会社東芝 | Display device |
US10650036B2 (en) * | 2016-09-13 | 2020-05-12 | Ricoh Company, Ltd. | Information processing apparatus, information processing system, and information processing method |
JP6780437B2 (en) * | 2016-10-18 | 2020-11-04 | ブラザー工業株式会社 | Image processing equipment, processing methods and programs |
JP6804287B2 (en) * | 2016-12-21 | 2020-12-23 | キヤノンメディカルシステムズ株式会社 | Mobile X-ray equipment |
JP6772893B2 (en) * | 2017-02-28 | 2020-10-21 | 株式会社リコー | Authentication management system, management device, authentication device, authentication management method |
JP7254616B2 (en) * | 2019-05-17 | 2023-04-10 | キヤノン株式会社 | Management device, method and program |
KR20210043237A (en) | 2019-10-11 | 2021-04-21 | 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. | Providing a unique initial password |
JP2022050124A (en) * | 2020-09-17 | 2022-03-30 | 富士フイルムビジネスイノベーション株式会社 | Information processing device and program |
US11734404B2 (en) * | 2021-01-21 | 2023-08-22 | Kyocera Document Solutions Inc. | Robot gatekeeper for authentication prior to meeting attendance |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040255168A1 (en) * | 2003-06-16 | 2004-12-16 | Fujitsu Limited | Biometric authentication system |
US20060156028A1 (en) * | 2005-01-04 | 2006-07-13 | Fujitsu Limited | Security management method, program, and information device |
US20080030780A1 (en) * | 2004-08-27 | 2008-02-07 | Kyocera Corporation | Portable Terminal Apparatus, and Printing System and Method |
Family Cites Families (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000311138A (en) * | 1999-04-28 | 2000-11-07 | Nec Corp | System and method for decentralized authentication of server |
JP4107878B2 (en) * | 2002-05-17 | 2008-06-25 | 株式会社リコー | Network printing system |
JP3656617B2 (en) * | 2002-06-18 | 2005-06-08 | セイコーエプソン株式会社 | Printing control system and printing method |
JP4115285B2 (en) | 2003-01-17 | 2008-07-09 | 株式会社リコー | Network scanner device |
JP2005122656A (en) * | 2003-10-20 | 2005-05-12 | Nippon Telegr & Teleph Corp <Ntt> | Data transmission distribution control method, network transfer device, user terminal, service management server and recording medium |
JP2005278143A (en) * | 2003-12-11 | 2005-10-06 | Ricoh Co Ltd | Information-processing apparatus, information-processing method, information-processing program, recording medium, image-processing apparatus, image-processing method, printer driver, and storage medium |
JP4537045B2 (en) * | 2003-12-11 | 2010-09-01 | キヤノン株式会社 | Electronic paper, electronic paper connecting device, system, control method and computer program in electronic paper |
JP2005203928A (en) * | 2004-01-14 | 2005-07-28 | Nec Corp | Information delivery system and method |
US7542590B1 (en) * | 2004-05-07 | 2009-06-02 | Yt Acquisition Corporation | System and method for upgrading biometric data |
US20060044589A1 (en) * | 2004-08-26 | 2006-03-02 | Shuichi Nakagawaji | Printing device and method for printing |
JP2006113953A (en) * | 2004-10-18 | 2006-04-27 | Nec Corp | System, apparatus and program for setting management of information terminal, and setting method of information terminal |
JP4449762B2 (en) * | 2005-01-24 | 2010-04-14 | コニカミノルタビジネステクノロジーズ株式会社 | Person verification device, person verification system, and person verification method |
US7821660B2 (en) * | 2005-03-30 | 2010-10-26 | Ricoh Company, Ltd. | System and method for compensating for resource unavailability in an image processing system |
JP2007004478A (en) * | 2005-06-23 | 2007-01-11 | Oki Electric Ind Co Ltd | Personal identification system |
US20070016777A1 (en) * | 2005-07-08 | 2007-01-18 | Henderson James D | Method of and system for biometric-based access to secure resources with dual authentication |
JP4856409B2 (en) * | 2005-08-12 | 2012-01-18 | 株式会社リコー | Image processing system and authentication method |
JP2007094541A (en) * | 2005-09-27 | 2007-04-12 | Ricoh Co Ltd | Peripheral equipment device, its control method, and program for making computer execute processing at the peripheral equipment device |
US8149437B2 (en) * | 2005-12-14 | 2012-04-03 | Kabushiki Kaisha Toshiba | Image forming apparatus with user authentication |
US20070245152A1 (en) * | 2006-04-13 | 2007-10-18 | Erix Pizano | Biometric authentication system for enhancing network security |
US8125667B2 (en) * | 2006-09-15 | 2012-02-28 | Avery Levy | System and method for enabling transactions by means of print media that incorporate electronic recording and transmission means |
JP4804302B2 (en) * | 2006-10-06 | 2011-11-02 | キヤノン株式会社 | Image processing apparatus, control method therefor, program for executing the control method, and storage medium |
JP4323511B2 (en) * | 2006-12-07 | 2009-09-02 | シャープ株式会社 | Image processing device |
JP2008176407A (en) * | 2007-01-16 | 2008-07-31 | Toshiba Corp | Biometrics system, device, and program |
JP4637203B2 (en) * | 2008-04-22 | 2011-02-23 | シャープ株式会社 | Information processing apparatus, multifunction device, external authentication system for multifunction device, program, and recording medium |
JP4709254B2 (en) * | 2008-07-03 | 2011-06-22 | シャープ株式会社 | Authentication system and terminal device |
US20100083000A1 (en) * | 2008-09-16 | 2010-04-01 | Validity Sensors, Inc. | Fingerprint Sensor Device and System with Verification Token and Methods of Using |
-
2008
- 2008-07-04 JP JP2008176227A patent/JP2009038795A/en active Pending
-
2009
- 2009-06-16 US US12/485,206 patent/US8553245B2/en not_active Expired - Fee Related
-
2013
- 2013-09-16 US US14/028,159 patent/US20140016158A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040255168A1 (en) * | 2003-06-16 | 2004-12-16 | Fujitsu Limited | Biometric authentication system |
US20080030780A1 (en) * | 2004-08-27 | 2008-02-07 | Kyocera Corporation | Portable Terminal Apparatus, and Printing System and Method |
US20060156028A1 (en) * | 2005-01-04 | 2006-07-13 | Fujitsu Limited | Security management method, program, and information device |
Also Published As
Publication number | Publication date |
---|---|
US8553245B2 (en) | 2013-10-08 |
JP2009038795A (en) | 2009-02-19 |
US20100002250A1 (en) | 2010-01-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8553245B2 (en) | Management of image forming apparatus based on user authentication | |
US11463604B2 (en) | Image forming apparatus management system, image forming apparatus, managing apparatus, terminal apparatus, image forming apparatus managing method, and image forming program | |
JP4850311B2 (en) | Print control system, print control server, image forming apparatus, processing method thereof, and program | |
JP4049173B2 (en) | Data communication system, image processing apparatus, and data management method in image processing apparatus | |
JP6079420B2 (en) | Information processing system, information processing method, program, and recording medium | |
EP1729499A2 (en) | Management of physical security credentials at a multifunction device | |
US8630007B2 (en) | Image forming apparatus, method for managing print job, and computer-readable storage medium for computer program | |
JP2009042991A (en) | Image processing apparatus and management system thereof | |
JP6762823B2 (en) | Image forming apparatus, control method of image forming apparatus, and program | |
JP2018206397A (en) | Authentication information management system, image forming apparatus, processing method thereof, and program | |
US10203844B2 (en) | Information processing apparatus, information processing system, and method | |
JP4826428B2 (en) | Information processing system, information processing apparatus, and information processing program | |
JP7124609B2 (en) | Information processing device, authentication method and program | |
JP4221030B2 (en) | Image reading system | |
JP4724028B2 (en) | Communication terminal device | |
US20040158745A1 (en) | Digital combined apparatus, control method therefor, and digital combined apparatus system | |
JP6981516B2 (en) | Image forming device, control terminal, information processing method and program | |
JP4426628B2 (en) | Information processing system and information processing method | |
JP2010140158A (en) | Information processing apparatus, processing method thereof, and program | |
JP2017118220A (en) | Image forming apparatus, method of processing the same, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |