[go: up one dir, main page]

CN102082887A - Image forming system and image forming device - Google Patents

Image forming system and image forming device Download PDF

Info

Publication number
CN102082887A
CN102082887A CN2010105131542A CN201010513154A CN102082887A CN 102082887 A CN102082887 A CN 102082887A CN 2010105131542 A CN2010105131542 A CN 2010105131542A CN 201010513154 A CN201010513154 A CN 201010513154A CN 102082887 A CN102082887 A CN 102082887A
Authority
CN
China
Prior art keywords
user
territory
group
license info
image processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010105131542A
Other languages
Chinese (zh)
Other versions
CN102082887B (en
Inventor
炭本治尚
佐藤正史
小熊高志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kyocera Document Solutions Inc
Original Assignee
Kyocera Mita Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2009268574A external-priority patent/JP5049333B2/en
Priority claimed from JP2009268577A external-priority patent/JP5145316B2/en
Priority claimed from JP2009268573A external-priority patent/JP5049332B2/en
Application filed by Kyocera Mita Corp filed Critical Kyocera Mita Corp
Publication of CN102082887A publication Critical patent/CN102082887A/en
Application granted granted Critical
Publication of CN102082887B publication Critical patent/CN102082887B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明涉及图像形成系统以及图像形成装置。所述图像形成系统,包括:图像形成装置,其与网络连接;目录服务器装置,其与所述网络连接,并具有域组和/或域用户的登记信息数据;终端装置(许可信息登记装置),从所述目录服务器装置获取基于所述登记信息数据的列表数据,确定所述列表中的所述域组和/或域用户的许可信息,并将所确定的所述许可信息与所述域组和/或域用户关联起来作为许可信息数据登记到所述用户管理员服务器装置;以及用户管理员服务器装置,与所述网络连接,基于所述许可信息数据将所述图像形成装置的注册用户的许可信息发送到所述图像形成装置。因此,能够对许可信息进行集中管理,并对用户和组灵活地设定许可信息。

Figure 201010513154

The present invention relates to an image forming system and an image forming apparatus. The image forming system includes: an image forming device connected to a network; a directory server device connected to the network and having registration information data of domain groups and/or domain users; a terminal device (permission information registration device) , acquiring list data based on the registration information data from the directory server device, determining permission information of the domain group and/or domain user in the list, and combining the determined permission information with the domain group and/or domain users are associated and registered to the user administrator server device as permission information data; and the user administrator server device, connected to the network, registers the registered user of the image forming device based on the permission information data The license information is sent to the image forming device. Therefore, it is possible to centrally manage permission information and flexibly set permission information for users and groups.

Figure 201010513154

Description

Image formation system and image processing system
Technical field
The present invention relates to image formation system and image processing system.
Background technology
In recent years, for the user in the network system for managing and equipment and introduced directory services such as Active Directory (Active Directory), e catalogue.In image processing systems such as printer, photocopier, digital complex machine, have network function, can carry out the management of user or group by directory service.When carrying out user management by directory service, the user at carried out the registration operation at image processing system can carry out authentification of user by the server unit of directory service.
In image processing system, the permit process that the function that is registered user permission in the various functions can be used.In permit process, preestablish the License Info that is used to specify the permission use or bans use of function for each user, limit the employed function of registered user according to this License Info.
In addition, also exist and use the intermediary service apparatus that has License Info according to each user, come to provide the system of registered user's License Info to image processing system.In this system, can manage concentratedly each user's License Info by the intermediary service apparatus, but be difficult to set License Info neatly at user and group.
For example, groups different with territory group (Domain Group) at LIST SERVER are set under the situation of License Info, owing to can't set License Info in the lump, therefore must set License Info respectively to a plurality of users that belong to this group.Therefore, the setting operation of License Info becomes numerous and diverse.Although can consider with the group to be that unit is set to the License Info interpolation in the directory service, may the directory service of having used in enterprise be exerted an influence.
Summary of the invention
The present invention relates to and to manage concentratedly and user and group are set the image formation system and the image processing system of License Info neatly License Info.
The image formation system of one aspect of the present invention comprises the image processing system, directory service apparatus, License Info calling mechanism and the customer administrator's server unit that are connected with network.Described directory service apparatus is connected with network, and has territory group and/or territory user's register information data.Described License Info calling mechanism obtains table data based on described territory group and/or territory user's described register information data from described directory service apparatus, determine described territory group in the described tabulation and/or territory user's License Info, and determined described License Info and described territory group and/or territory user associated as the License Info data register to described customer administrator's server unit.Described customer administrator's server unit sends to described image processing system based on described territory group and/or territory user's described License Info data with the registered user's of described image processing system License Info.
The image processing system of one aspect of the present invention comprises input unit, input registered user's authentication information; Judging part, by customer administrator's server unit of being connected with described network described registered user's authentication information is sent to the directory service apparatus that is connected described network from described image processing system, judge whether described authentication information is proper, be judged as under the proper situation, described registered user's user profile is not sent to described customer administrator's server unit, determine that the License Info corresponding with described registered user's user profile sends to described image processing system, and determine to forbid in the function that described image processing system has or the function of the use that allows to be undertaken whether storage representation allows the data used about described function based on described License Info by described registered user; And control part, make described registered user only use the function of licensed use based on described data.
Description of drawings
Fig. 1 is the block diagram of the structure of the image formation system that relates to of expression embodiment of the present invention;
Fig. 2 is the block diagram of the structure of the digital complex machine in the presentation graphs 1;
Fig. 3 is the block diagram of the structure of the customer administrator's server unit in the presentation graphs 1;
Fig. 4 is the figure of the structure example of admission policy (policy) data in the presentation graphs 3;
Fig. 5 is the figure of the structure of the directory service apparatus in the presentation graphs 1;
Fig. 6 is the block diagram of the structure of the terminal installation in the presentation graphs 1;
Fig. 7 is the precedence diagram that expression describes the respectively action of device of user in system shown in Figure 1 when digital complex machine has been registered;
Fig. 8 is the flow chart of expression to the action of the terminal installation when customer administrator's server unit registration permission message in system shown in Figure 1;
Fig. 9 is the figure that is illustrated in an example of the key frame that shows in the terminal installation of Fig. 1;
Figure 10 is that organization unit (group)<OU1 has been selected in expression from the tree of Fig. 9〉time, the figure of the example of the displaying contents of certain viewing area in the key frame;
Figure 11 is that organization unit (group)<OU1 has been selected in expression from the tree of Fig. 9〉time, the figure of the example of the displaying contents of certain viewing area in the key frame;
Figure 12 is that organization unit (group)<OU1 has been selected in expression from the tree of Fig. 9〉time, the figure of the example of the displaying contents of certain viewing area in the key frame;
Figure 13 is illustrated in the terminal installation of Fig. 1 to group to wait registration admission policy (Policy) to divide the figure of the example of the input picture that timing shows;
Figure 14 is the figure that is illustrated in the example of the input picture when being presented at the registration admission policy in the terminal installation of Fig. 1.
Embodiment
Fig. 1 is the block diagram of the structure of the image formation system that relates to of expression embodiments of the present invention.A plurality of digital complex machines (MFP) 1A, 1B are connected with network 2, and also are connected with customer administrator's server unit 3 and directory service apparatus 4 and terminal installation 5 (example of License Info calling mechanism) on this network 2.
MFP 1A has printer function, scanner function, copy function, facsimile function etc., is according to the instruction from the guidance panel on the MFP 1A, the host apparatus that is connected with network 2, according to the image processing system of the various tasks of these function executing.MFP 1B also is same image processing system.
Customer administrator's server unit 3 receives the user authentication request from MFP 1A, 1B, and provides License Info about the registered user to MFP 1A, 1B.In addition, directory service apparatus 4 provides directory services such as Active Directory, e catalogue.
Fig. 2 is the block diagram of the structure of the MFP 1A in the presentation graphs 1.MFP 1B also has same structure.MFP 1A has guidance panel 21, modulator-demodulator 22, network interface 23, printer 24, scanner 25 and control device 26.
Guidance panel 21 is set on the framework of MFP 1A, has to the user to show the display unit 21a of various information and the input unit 21b that receives user's operation.Display unit 21a for example is LCD, various indicating device (Indicator) etc.Input unit 21b for example is touch panel, key switch etc.
Modulator-demodulator 22 can be connected with public switch telephone network adding telephone line networks such as (PSTN), is the communicator that carries out the facsimile data transmitting-receiving.
Network interface 23 can be connected with wired or wireless computer network 2, and can and be connected between other devices (server unit 3, not shown host apparatus etc.) of network 2 and carry out data communication.
Printer 24 is the interior arrangements that print and discharge printed article according to the printing request on paper.Under the situation of electronic photo mode, printer 24 is after making photosensitive drums charged, make light source luminescent based on printed data, on photosensitive drum surface, form electrostatic latent image thus, and make this latent electrostatic image developing by toner, toner image is transferred to photographic fixing on the paper, and this paper is discharged as printed article.
Scanner 25 is following interior arrangements: to the original copy that provided by the auto document paper feed or by the single face or the two-sided irradiates light of the original copy of user's mounting, and receive its reverberation etc., original image is exported as reads image data.
Each among control device 26 control MFP 1A line data of going forward side by side is handled.Control device 26 for example is constituted as the computer of have CPU (Central Processing Unit, central processing unit), ROM (Read Only Memory, read-only memory), RAM (Random Access Memory, random access memory) etc.In control device 26, the program that CPU will be stored in ROM or other storage devices (flash memory etc.) is loaded among the RAM and execution, realizes each handling part thus.In this control device 26, realize FAX Department of Communication Force 31, network service portion 32, control part 33 and judging part 34.
The FAX Department of Communication Force 31 control modulator-demodulator 22 and the data of receiving faxes.After FAX Department of Communication Force 31 received facsimile data, the request of will printing offered printing control unit 34.
Network service portion 32 Control Network interfaces 23, and by various communication protocols and network 2 on device between carry out data communication.For example, network service portion 32 is sent in user name (user ID) and the password that is input to guidance panel 21 when the user registers to customer administrator's server unit 3, and receives registered user's License Info from customer administrator's server unit 3.In addition, for example network service portion 32 receives printing requests such as PDL (Page Description Language, page-description language) data from main frame, and the request of should printing offers control part 33.
Control part 33 receives by the user operates task requests that guidance panel 21 is carried out or the task requests that receives from host apparatus by network interface 23 and network service portion 32, and each one among the control MFP1A carries out the task corresponding with this task requests.Have as task requests: printing request, scan request, facsimile transmission request etc.In addition, when having the registration operation, control part 33 uses network service portion 32 to customer administrator's server unit 3 request authentification of users, License Info etc.
In addition, control part 33 generates task record (log) information with running succeeded when the registered user's who has carried out authentification of user task, and explicitly task record information is sent to customer administrator's server unit 3 with the registered user.
Judging part 34 according to 3 that receive by network interface 23 and network service portion 32 from customer administrator's server unit, about registered user's License Info, determine the function of forbidding or allowing the registered user to use in the function that these MFP 1A are had, the data that will expression whether allow to use about each function for example are stored on the RAM.Control part 33 limits the use of registered user to MFP 1A with reference to these data.For example, limiting at the registered user under the situation of using color copying capability, in guidance panel 21, show the menu of copy function in the mode that can't select color photocopying.For example, the selector button of the colour in monochrome/colour is carried out tone demonstration (grey-out).
Fig. 3 is the block diagram of the structure of the customer administrator's server unit 3 in the presentation graphs 1.Customer administrator's server unit 3 has storage device 41, network interface 42 and transports processing unit 43.
Storage device 41 stored programs and data.Storage device 41 uses nonvolatile semiconductor memory, hard disk drive etc.Storage device 41 storing authorization policy datas 51, local user data 52 and local group data 53.
Admission policy data 51 are the License Info data that comprise License Info, and this License Info is used for determining to permit the function of registered user to MFP 1A, 1B use.In admission policy data 51, comprise user's the License Info and the License Info of group.User's License Info is applied to this user, and the License Info of group is applied to belong to the user of this group.In admission policy data 51, comprise the territory user's who registers to directory service apparatus 4 License Info and the License Info that registers to the local user of this customer administrator's server unit 3 as user's License Info.In admission policy data 51, the License Info of group comprises: register to the License Info of territory group of directory service apparatus 4 and the License Info that registers to this locality group of this customer administrator's server unit 3.The information (for example functional identity) that comprises user ID and or the function that ban use of licensed about user's License Info about this user.The License Info of group comprises the information (for example functional identity) of group ID and or the function that ban use of licensed about the user who belongs to this group.For example, the licensed or function that bans use of also comprises the subsidiary small project (for example colour/monochrome selection function) of each large project except comprising large projects such as printing, scanning, duplicating, facsimile transmission.
Fig. 4 is the figure of structure example of the admission policy data 51 of presentation graphs 3.
Territory group A IncFlds user A1, B1, C1, D1.Local group A ' comprises local user A2, B2 and territory user B1, D1.Set admission policy #1 (policy data that comprises License Info) at territory group A.Set admission policy #2 at the territory user A1 that belongs to territory group A.Set admission policy #3 at this locality group A '.Set admission policy #4 at the local user A2 that belongs to local group A '.Set admission policy #5 at the territory user B1 that belongs to territory group A.Set admission policy #6 at territory user E.Set admission policy #7 at local user C2.
Local user data 52 is register information data of the authentication information (for example user ID and password) that comprises the local user.The local user is different with territory user in registering to directory service apparatus 4, is registered in this customer administrator's server unit 3.
Local group data 53 are the register information data that comprise the local authentication information of organizing (group ID and the user ID that belongs to the user of group).Local group is different with the territory group that registers to directory service apparatus 4, is registered in this customer administrator's server unit 3.Local group comprises local user and territory user.That is, set this locality group only constitute, this locality group that only constitutes by the territory user and this locality group that constitutes by local user and territory user by the local user.
Network interface 42 is connected with wired or wireless computer network 2, and and be connected between other devices ( MFP 1A, 1B, server unit 4) on the network 2 and carry out data communication.
In addition, arithmetic processing apparatus 43 be constituted as have CPU, the computer of ROM, RAM etc., the program that is stored in ROM or the storage device 41 is loaded on the RAM, realize various handling parts by carrying out by CPU.In this arithmetic processing apparatus 43, can realize network service portion 61, user authentication process portion 62 and permit process portion 63.
Network service portion 61 Control Network interfaces 42, and by various communication protocols and network 2 on device between carry out data communication.Network service portion 61 receives user name (user ID) and password from MFP 1A, and will send to MFP 1A about this user's License Info.Network service portion 61 sends to directory service apparatus 4 with user authentication request, and receives this authentication result and user profile from directory service apparatus 4.
The registered user that user authentication process portion 62 uses network interface 42 to carry out MFP1A, 1B in directory service apparatus 4 authenticates.
In authentification of user success, the registered user of MFP 1A or MFP 1B belongs under the situation of local group, permit process portion 63 extracts the License Info at this this locality group from admission policy data 51, and as using network interface 42 to send to MFP 1A or MFP 1B about this registered user's License Info.On the other hand, in authentification of user success the registered user do not belong under the situation of local group, permit process portion 63 extracts the License Info at territory group under this registered user or territory user from admission policy data 51, and as using network interface 42 to send to MFP 1A or MFP 1B about this registered user's License Info.
For example under the situation of Fig. 4, when territory user A1 was registered on the MFP 1A, admission policy #2 and admission policy #3 were sent to MFP 1A.In addition, under the situation that the permission that has competition in the admission policy (admission policy #2 and admission policy #1) in user and group is set, can set of applications or the user in the setting of predetermined admission policy.
When territory user B1 was registered among the MFP 1A, admission policy #5, admission policy #3 and admission policy #1 were sent among the MFP 1A.When the permission that has competition in the admission policy (admission policy #1 and admission policy #3) of territory group and local group is set, the setting of predetermined admission policy among application domain group or the local user.
When territory user C1 was registered among the MFP 1A, admission policy #1 was sent among the MFP 1A.In addition, in this case, when territory user D1 was registered among the MFP 1A, admission policy #1 and admission policy #3 were sent among the MFP 1A.
When territory user E was registered among the MFP 1A, admission policy #6 was sent to MFP 1A.
When local user A2 was registered among the MFP 1A, admission policy #4 and admission policy #3 were sent among the MFP 1A.
When local user B2 was registered among the MFP 1A, admission policy #3 was sent among the MFP 1A.
When local user C2 was registered among the MFP 1A, admission policy #7 was sent among the MFP 1A.
In addition, when certain registered user's admission policy exists under a plurality of situations, in customer administrator's server unit 3, permit process portion 63 can generate an admission policy in conjunction with these admission policies, and sends the admission policy of this generation.Under this situation,, use according to predetermined regular selected any admission policy for the setting item of in a plurality of admission policies, competing.
For example, when the admission policy that should be applied to the registered user has (for example local group License Info and territory user's License Info, territory group License Info and local group License Info, local user's License Info and local group License Info) under a plurality of situations, in server unit 3, permit process portion 63 generates an admission policy in conjunction with these admission policies, and sends the admission policy of this generation.Have under a plurality of situations at the admission policy that should be applied to certain registered user, permit process portion 63 generates admission policies, this admission policy in any of these admission policies all the use of the function of permission to use permit.That is, permit process portion 63 generates admission policies, and this admission policy is forbidden the use of the function that all bans use of in any of these admission policies.
Task is followed the tracks of handling part 64 and is used network interface 42 to receive task record information from MFP 1A, 1B, and gathers task record information as user task history according to each territory user or local user.Under the situation of not setting the local user, task record information is gathered according to each territory user is user task history.Task record information be in MFP 1A, 1B, carry out the authentification of user success registered user's task the time information that generates, comprise (incidental informations) such as count values of number of pages of user ID, task classification (printing, scanning, duplicating, facsimile transmission etc.), other attribute informations (colour, monochrome, printed on both sides etc.) of registered user.Under the situation that has user shown in Figure 4, about among each and the local user A2~C2 of territory user A1~E each, the task record information with user ID of each user is gathered is user task history.Therefore, user task history is sent to predetermined address or is made as and can read by Email, file transfer protocol (FTP) etc., can confirm thus what kind of task the user has carried out in the past.
Fig. 5 is the block diagram of the structure of the directory service apparatus 4 in the presentation graphs 1.Directory service apparatus 4 has storage device 71, network interface 72 and arithmetic processing apparatus 73.
Storage device 71 stored programs and data.Storage device 71 uses nonvolatile semiconductor memory, hard disk drive etc.Storage device 71 is constructed the database 91 of directory service.Database 91 comprises user data 91a and group data 91b.User data 91a is the registration information data that comprises authentication information (for example user ID, password) and user profile (telephone number, fax number, e-mail address, other attribute informations of contact destination).Group data 91b is the registration information data that comprises authentication information (for example organize ID, belong to the user's of group user ID) and group information (contact destination, director, other attribute informations).
Network interface 72 is connected with wired or wireless computer network 2, and carries out data communication between other devices that are connected with network 2 (server unit 3 etc.).
Arithmetic processing apparatus 73 be constituted as have CPU, the computer of ROM, RAM etc., the program that is stored in ROM or the storage device 71 is loaded on the RAM, realize various handling parts by carrying out by CPU.In this arithmetic processing apparatus 73, can realize network service portion 81 and directory service handling part 82.
Network service portion 81 Control Network interfaces 72, and by various communication protocols and network 2 on device between carry out data communication.For example, network service portion 81 receives user authentication request and sends this authentication result and user data.
Directory service handling part 82 management domain users and territory group.Directory service handling part 82 is provided by the providing etc. of group information of the registration of territory user and territory group and deletion, authentification of user, territory user's user profile and territory group.In authentification of user, use LDAP (Lightweight Directory AccessProtocol, Lightweight Directory Access Protocol) authentication, kerberos authentication etc.In directory service is under the situation of Active Directory, and destination service handling part 82 moves as domain controller.
Fig. 6 is the block diagram of the structure of the terminal installation 5 (example of License Info calling mechanism) in the presentation graphs 1.Terminal installation 5 has storage device 101, network interface 102, display unit 103, input unit 104 and arithmetic processing apparatus 105.Terminal installation 5 for example is that pre-programmed personal computer is installed.
Storage device 101 stored programs and data.Storage device 101 uses nonvolatile semiconductor memory, hard disk drive etc.In storage device 101, store tactical management program 101a.
Network interface 102 is connected with wired or wireless computer network 2, and carries out data communication between other devices that are connected with network 2 ( server unit 3,4 etc.).
Display unit 103 (for example LCD etc.) shows various information to the user.Display unit 103 display field and local group and user's when the registration of execute permission information structure, admission policy list etc.Input unit 104 (for example keyboard, mouse etc.) is accepted operation, and will operate the corresponding signal of telecommunication with the user and export to arithmetic processing apparatus 105.
Arithmetic processing apparatus 105 be constituted as have CPU, the computer of ROM, RAM etc., the program that is stored in ROM or the storage device 101 is loaded on the RAM, realize various handling parts by carrying out by CPU.In arithmetic processing apparatus 105, can realize network service portion 111, GUI handling part 112, retrieval process portion 113, registration process portion 114 and location registration process portion 115 by tactical management program 101a.
Network service portion 111 Control Network interfaces 102, and by various communication protocols and network 2 on device between carry out data communication.
GUI handling part 112 makes display unit 103 show various graphical user interface (GUI) picture, and the user's operation that is input to input unit 104 is detected.GUI handling part 112 is in form display field and the group of this locality and/or user's the subordinate relation of display unit 103 with tree (tree), and demonstration has the admission policy list about the permission set point of intended function project.These trees and list show based on the information of being collected by server unit 3,4.
Retrieval process portion 113 uses network service portion 111 and network interface 102 to retrieve territory group and/or the territory user who is registered in the directory service via network 2 from directory service apparatus 4, and obtains the table data (tabulations of group name, user name or group ID, user ID etc.) based on this territory group and/or territory user's registration information data.Retrieval process portion 113 uses network service portion 111 and network interface 102 to retrieve this locality group and/or the local user who is registered via network 2 from customer administrator's server unit 3, and obtains the table data (tabulations of group name, user name or group ID, user ID etc.) based on this this locality group and/or local user's register information data.
Registration process portion 114 determines the License Infos at territory group in the table data of being obtained by retrieval process portion 113 and/or territory user, and uses network service portion 111 and network interface 102 that the License Info that is determined and this territory group and/or territory user are associated via network 2 to register to customer administrator's server unit 3 as the License Info data.This locality group in the table data that registration process portion 114 determines to be obtained by retrieval process portion 113 and/or local user's License Info, and determined License Info and this this locality group and/or local user associated via network 2 register to customer administrator's server unit 3 as the License Info data.In addition, the admission policy that registration process portion 114 will select from shown admission policy list associates with the territory group or the territory user that select from the group that is presented at display unit 103 and/or user's tree, and is set in the admission policy data about this territory group or territory user.
The user for terminal installation 5 in directory service apparatus 4 of location registration process portion 115 carries out authentification of user, and only to authentification of user success the administrator, allow the registration process of execute permission information etc.
Then, the action to each device of user in image formation system shown in Figure 1 when MFP 1A registers describes.Fig. 7 is the precedence diagram that the action of each device when user in image formation system shown in Figure 1 has been registered to MFP 1A describes.Each device also was similarly to move when the user had been registered to MFP1B.
The guidance panel 21 of MFP 1A detects the user name (user ID) of being undertaken by the user and the input operation (S1) of password.Control part 33 uses network service portion 32 and network interface 23 that this username and password is sent to customer administrator's server unit 3 (S2).
In customer administrator's server unit 3, user authentication process portion 62 uses network service portion 61 and network interface portion 42 to receive this user name and password, and this username and password and authentication request are sent to directory service apparatus 4 (S3) by predetermined agreement (LDAP etc.).
In directory service apparatus 4, directory service handling part 82 uses network service portion 81 and network interface 72 by predetermined agreement this username and password and authentication request to be received, and reference list database 91 judges whether this username and password is proper user (S4).
Directory service handling part 82 use network service portions 81 and network interface 72 with this judged result (authentication result) and at authentication success under the situation this user's user profile send to customer administrator's server unit 3 (S5) as the response of authentication request.
In customer administrator's server unit 3, user authentication process portion 62 uses network service portion 61 and network interface 42 to receive the response of this authentication result as authentication request.At authentication success situation under, user authentication process portion 62 receives user profile, the License Info (being applied to this user's admission policy) that permit process portion 63 determines these users with reference to admission policy data 51 (S6).Permit process portion 63 uses network service portion 61 and network interface 42 will represent that the response of authentication success sends to MFP 1A (S7) with this License Info and user profile.
In MFP 1A, control part 33 uses network service portion 32 and network interface 23 to receive this License Info and user profile, and this License Info is offered judging part 34 (S8).Judging part 34 based on this License Info for each predetermined function that MFP 1A had and will represent that whether licensed this user's use data setting on RAM.
Under the state that carries out the function restriction according to this License Info, allow the user to use MFP 1A (S9).In MFP 1A, control part 33 is with reference to passing through the data that judging part 34 is set, only receive and carry out to have used the function tasks that allows this user to use.
At user authentication failure situation under, only will represent that the response of authentification failure sends to MFP 1A from customer administrator's server unit 3.MFP 1A is presented at the message of representing authentification failure on the guidance panel 21, and forbids using MFP1A by this user when having received the response of expression authentification failure.
In MFP 1A, the success of authentification of user of control part 33 every execution registered user's task, just generate task record information.Control part 33 uses network service portion 32 and network interface 23 that task record information is sent to customer administrator's server unit 3 (S10).
Task tracking server 64 uses network service portion 61 and network interface 42 to receive task record information, and is stored in RAM or the storage device 41.Task is followed the tracks of handling part 64 according to from the request of not shown host apparatus MFP 1A, 1B etc. or automatically gather task record information (S11) according to territory user and local user.For example, by user's the operation that MFP 1A is scheduled in the registration, the control part 33 of MFP 1A sends to customer administrator's server unit 3 with the total request of task record information with this user's user ID.The task of customer administrator's server unit 3 is followed the tracks of handling part 64 when receiving this request, extract task record information and combination with this request about the user of the user ID that received, gather and be user task history, and the task record information that will gather sends to MFP 1A as request responding.The control part 33 of MFP 1A shows on guidance panel 21 grades when this task record information of reception.In addition, task is followed the tracks of handling part 64 can be when receiving task record information, classifies and gather and be user task history according to each user.
As mentioned above, according to above-mentioned execution mode, can be under situation about the register information data of the authentication information that comprises territory group in the directory service, territory user not being exerted an influence, and in customer administrator's server unit that the server unit branch with directory service is arranged, formation comprises new group of territory user in the directory service, and this group is set License Info.Can manage concentratedly License Info, and set License Info neatly at user and user's group.
In addition,, can not exert an influence, can carry out unified management by each user to the use history of image processing system intrasystem to existing subscriber authentication server (that is, the directory service apparatus) according to above-mentioned execution mode.
Then, to used terminal installation 5 (example of License Info calling mechanism), the registration of the License Info data of customer administrator's server unit 3 is described.Fig. 8 is in image formation system shown in Figure 1, the flow chart that the action of the terminal installation 5 when License Info is registered in customer administrator's server unit 3 describes.
When implementation strategy hypervisor 101a, location registration process portion 115 carries out location registration process (S21).Location registration process portion 115 uses GUI handling part 112 to make display unit 103 show the dialogue of the input field with user ID (perhaps user name) and password, and promotes the input of user ID (perhaps user name) and password.When location registration process portion 115 uses GUI handling parts 112 to detect the input of user ID (perhaps user name) at input unit 104 and password, use network service portion 111 and network to connect 102 user authentication request sent to directory service apparatus 4 with user ID that is transfused to (perhaps user name) and password, and from the result of directory service apparatus 4 reception authentification of users.As the administrator and authentification of user success situation under, location registration process portion 115 allows to carry out following the processing.As the administrator and user authentication failure situation under, location registration process portion 115 does not allow to carry out following processing and end process.
As the administrator and authentification of user success situation under, 113 pairs of directory service apparatuses of retrieval process portion 4 carry out access, and obtain the territory group that is registered in the directory service and territory user's table data, and customer administrator's server unit 3 carried out access, obtain table data, local user's table data and the admission policy data 51 (S22) that comprise License Info of this locality group of setting at current time.Retrieval process portion 113 sends to customer administrator's server unit 3 via network 2 with the transmission request of these table datas and admission policy data 51.The permit process portion 63 of customer administrator's server unit 3 will send to retrieval process portion 113 based on this locality group of data 52,53 and local user's table data and admission policy data 51 when receiving this transmission request.
GUI handling part 112 makes display unit 103 show key frame (S23) based on the information of collecting at S22.Fig. 9 is the figure that is illustrated in an example of the key frame that shows in the terminal installation 5 of Fig. 1.Key frame comprises three viewing areas 201~203.In viewing area 201, show main menu.In key frame, main menu has " file ", " editor ", " management " and " help " these projects.Each project is made of drop-down menu, can also select the operation item of hope according to the drop-down menu of each project.For example, comprise in the project " management " about admission policy, local group and local user's the interpolation and the project of deletion.When these projects of selection, execute permission strategy, local group and local user's interpolation and deletion respectively.The tree of group of the tree of list, the group in the representative domain (" aaa.com " among Fig. 9) and the user's of demonstration admission policy structure and expression this locality and user's structure in viewing area 202.In viewing area 203, show in admission policy list and these trees current set condition, and show the GUI input part that is used to change about the choice menus of the set condition of this project or input field etc. about the project of selecting by cursor 211.In Fig. 9, owing to pass through the title of cursor 211 selection strategy lists, therefore the list of the admission policy that is registered is displayed in the viewing area 203.
Key frame begin show after, when come by user's input device 104 the selection strategy list and the tree in sundry item the time, GUI handling part 112 detects this operation (S24), and the displaying contents of viewing area 203 is changed into the information corresponding with this project (S25).
Figure 10, Figure 11 and Figure 12 are that organization unit's (group)<OU1 is selected in expression from the tree of Fig. 9〉time, the figure of the example of the displaying contents of viewing area 203.When the group in the selection tree, tactful label 221, group label 222 and user tag 223 are displayed in the viewing area 203.As shown in figure 10, when selecting tactful label 221, set based on the permission of the current time that obtains in S22, display application is in the admission policy list 231 of this group and from the list 232 of the admission policy of the last hyte succession of this group.As shown in figure 11, when selection group label 222, show this group<OU1 based on setting in the permission of the current time that obtains by S22〉the list of following hyte (son group).As shown in figure 12, when selecting user tag 223, set, show to belong to this group<OU1 based on the permission of the current time that obtains at S22〉user's list.
When importing based on user to the GUI input part in main menu 201 or the viewing area 203, and when detecting any edit operation of interpolation, change and deletion that the interpolation, change and the deletion that are used for admission policy and admission policy distribute, GUI handling part 112 changes the displaying contents of key frame based on this content of edit.When detecting definite operation of the content that is used for determining this edit operation (S26), registration process portion 114 will carry out based on edit operation and in interpolation, change and the deletion of interpolation, change and the deletion of the admission policy of appointment and admission policy distribution the request of any send to customer administrator's server unit 3 (S27).Customer administrator's server unit 3 upgrades admission policy data 51 according to this request when receiving this request.In admission policy server unit 3, permit process portion 63 receives this request, and admission policy data 51 are edited.Under the situation of the interpolation of carrying out the distribution of admission policy or admission policy or change, the content that new admission policy or admission policy distribute is sent out with request, in customer administrator's server unit 3, upgrade admission policy data 51 based on this content.
After key frame begins to show, when GUI handling part 112 detects predetermined end operation (S28), finish the execution of tactical management program 101a.
Here, specify the registration that the admission policy to group etc. distributes and the registration of admission policy.
(a) registration that distributes to the admission policy of group etc.
Figure 13 is illustrated in registration in the terminal installation 5 of Fig. 1 divides figure from the example of the input picture that timing shows to the admission policy of group etc.The admission policy that distributes is to select by cursor 211 in the admission policy list from viewing area 202.When detecting this operation, GUI handling part 112 makes viewing area 203 show folding three panels 241,242,243, application button 251 and pause button 252.
The registration to the group etc. admission policy divide timing, panel 241 is opened.When detecting this operation, as shown in figure 13, GUI handling part 112 makes panel 241 show that strategy names about selecteed admission policy (in Figure 13<policy1 〉), group that this admission policy is assigned with and user's list 261, strategy distribute button 262,263 and tactful de-allocation button 264.
When pressing strategy distribution button 262, the list of GUI handling part 112 explicit users (territory user and local user).When the user who detects the user who select to distribute this admission policy when GUI handling part 112 operates, selecteed user is added in the list 261.When pressing strategy distribution button 263, the list of GUI handling part 112 demonstration groups (territory group and local group).When the user who detects the group of select distributing this admission policy when GUI handling part 112 operates, selecteed group is added in the list 261.When tactful de-allocation button 264 was pressed, GUI handling part 112 will be deleted from list 261 from group or the user that list 261 is selected.
When application button 251 is pressed, when GUI handling part 112 detects this operation, the request that registration process portion 113 will change the distribution of admission policy sends to customer administrator's server unit 3 with the group and/or the access list that are comprised in constantly at this in list 261.Pressing of application button 251 is equivalent to determine operation.
(b) registration of admission policy
Figure 14 is the figure of the example of the input picture that shows when being illustrated in registration admission policy in the terminal installation 5 of Fig. 1.
The admission policy that distributes is selected in the list of the admission policy from viewing area 202 by cursor 211.When detecting this operation, GUI handling part 112 makes viewing area 203 show folding three panels 241,242,243, application button 251 and pause button 252.
When the registration admission policy, panel 242,243 is opened.When detecting this operation, as shown in figure 14, GUI handling part 112 will be about the registered user of selecteed admission policy (in Figure 14<policy1 〉) to the access rights rank of MFP 1A, 1B in the set point (general user or administrator) of current time can be presented at panel 243 by the state of changes such as drop-down list box or drop-down menu.GUI handling part 112 is carried out the set point of the current time that limits being presented in the panel 243 by the state of changes such as drop-down list box or drop-down menu with task.In example shown in Figure 14, carry out projects (that is, each function of MFP 1A, 1B) of restriction at task, be set at some in " closing ", " restriction " and " not having setting ".At the project that is set to " do not have set ", inherit in this project on the value set of hyte.
When the application button 251 that is pressed, when GUI handling part 112 detects this operation, request each project in counter plate 242,243 that registration process portion 113 will change the distribution of admission policy sends to customer administrator's server unit 3 in this value of setting constantly.Pressing of application button 251 is equivalent to determine operation.
As mentioned above, according to above-mentioned execution mode,, therefore can the License Info data be registered to customer administrator's server unit 3 by shirtsleeve operation because the License Info calling mechanism is automatically collected the group and the user that should set the License Info data.
In image formation system of the present invention, when registration, need not the user user name is input to MFP1A, and can use the ID card (for example IC-card) of distributing to the user.
Connect the IC card reader on MFP 1A, when nearly this IC card reader of ID clamping, control part 33 uses the IC card reader to read the card ID of ID card from the ID card.Control part 33 will block ID and send to customer administrator's server unit 3 with the password with execution mode 1 same input.
Store translation data in advance in the storage device 4 of customer administrator's server unit 3, described translation data associates the card ID of ID card with the user ID that has been assigned with the user of this ID card.User authentication process portion 62 determines and the corresponding user ID of this card ID with reference to translation data when receiving card ID and password, carries out authentification of user based on user ID of determining and the password that is received in directory service apparatus 4.
Although used IC-card, also can use the card (magnetic card etc.) of recording medium with other modes as the ID card.In this case, can replace the IC card reader and use the card reader that from this has the card of recording medium of other modes, reads card ID.And, also can not use the ID card and use Biont informations such as fingerprint.Under this situation, do not use the IC card reader and use the card reader that can obtain this Biont information from the user, the characteristic quantity that obtains from this Biont information is used as ID.
As mentioned above, the storage device 41 of customer administrator's server unit 3 has translation data, and described translation data comprises the card ID of ID card and has been assigned with corresponding relation between user's the user ID of this ID card.User authentication process portion 62 receives the card ID and the password of ID card from MFP 1A, 1B, and determines registered user's user ID according to this translation data from the card ID that is received, and uses this user ID to carry out authentification of user.
Thus, in customer administrator's server unit 3,, in the system that directory service has been turned round, can add Accreditation System simply based on the ID card because therefore the card ID of energy management ID card does not need control card ID in directory service.
In the above-described embodiment, local user and territory user mix and are comprised in the local group, but also can be this locality groups that this locality group of local user is only arranged or the territory user is only arranged.
In the above-described embodiment, can customer administrator's server unit 3 be connected with network 2, but be connected on other networks different with network 2, be connected directory service apparatus 4 on these other networks and network 2, customer administrator's server unit 3 carries out data communication with directory service apparatus 4 via this different network.
Although used MFP 1A, 1B as image processing system, also can replace, use printer, photocopier etc.In addition, in the above-described embodiment, the image processing system of system is two, but also can use more than one or three.
In License Info, can comprise access rights rank to MFP.For example, be set at some among keeper and the general user as the access rights rank.Be set under keeper's the situation, can working service etc. the function that can't use of general user.

Claims (10)

1. image formation system comprises:
Image processing system is connected with network;
The directory service apparatus is connected with described network, and has territory group and/or territory user's register information data;
The License Info calling mechanism, obtain table data from described directory service apparatus based on described territory group and/or territory user's described register information data, determine described territory group in the described tabulation and/or territory user's License Info, and determined described License Info and described territory group and/or territory user associated as the License Info data register to described customer administrator's server unit; And
Customer administrator's server unit is connected with described network, based on described territory group and/or territory user's described License Info data the registered user's of described image processing system License Info is sent to described image processing system.
2. image formation system as claimed in claim 1, wherein,
Described image processing system sends to described customer administrator's server unit with registered user's authentication information,
The described authentication information that described customer administrator's server unit will receive sends to described directory service apparatus,
Described destination service apparatus carries out registered user's authentication based on described authentication information and described territory user's register information data, and this authentication result and described registered user's user profile is sent to described customer administrator's server unit.
3. image formation system as claimed in claim 1, wherein,
Described customer administrator's server unit has territory group different with described territory group that registers to described directory service apparatus and/or described territory user and/or local user's register information data.
4. image processing system as claimed in claim 3, wherein,
Described License Info calling mechanism obtains table data based on described local group and/or local user's register information data from described customer administrator's server unit, and determine described local group in the described table data and/or local user's License Info, will determined described License Info organize with described this locality and/or the local user associates as described License Info data and registers to described customer administrator's server unit.
5. image processing system as claimed in claim 4, wherein,
Described customer administrator's server unit is carried out following action:
(i) belong under the situation of described local group described registered user, described local group and/or local user's License Info sent to described image processing system as this registered user's License Info,
(ii) do not belong under the situation of described local group, described territory group and/or territory user's License Info is sent to described image processing system as the License Info about this registered user described registered user.
6. image formation system as claimed in claim 1, wherein,
Described image processing system generates task record information when carrying out described registered user's task, send to described customer administrator's server unit after described task record information and described registered user are associated,
Described customer administrator's server unit receives described task record information from described image processing system, and according to each described territory user described task record information is gathered as user task history.
7. image formation system as claimed in claim 6, wherein,
Described customer administrator's server unit has the local user's different with the described territory user's who is registered in described directory service apparatus register information data register information data, and according to described territory user and described local user described task record information is gathered as user task history.
8. image processing system as claimed in claim 1, wherein,
Described License Info calling mechanism show expression described territory group and/or described territory user subordinate relation tree and about the admission policy list of the function that described image processing system had, and the admission policy that will select from described admission policy list associates with described territory group of selecting from described tree or described territory user and is made as the License Info data.
9. an image processing system is connected with network, and this image processing system comprises:
Input unit, input registered user's authentication information;
Judging part, by customer administrator's server unit of being connected with described network described registered user's authentication information is sent to the directory service apparatus that is connected described network from described image processing system, judge whether described authentication information is proper, be judged as under the proper situation, described registered user's user profile is sent to described customer administrator's server unit, determine that the License Info corresponding with described registered user's user profile sends to described image processing system, and determine based on described License Info whether the function of forbidding or allowing to be used by described registered user in the function that described image processing system has, storage representation allow the data of using about described function; And
Control part makes described registered user only use the function of licensed use based on described data.
10. image processing system as claimed in claim 9, wherein,
That described registered user's License Info comprises is different with territory group that is registered in described directory service apparatus and/or territory user's License Info, be registered in this locality group in described customer administrator's server and/or local user's License Info.
CN201010513154.2A 2009-11-26 2010-10-12 Image forming system and image forming apparatus Expired - Fee Related CN102082887B (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
JP2009-268573 2009-11-26
JP2009268574A JP5049333B2 (en) 2009-11-26 2009-11-26 Authorization information registration device and authorization information registration program
JP2009-268574 2009-11-26
JP2009268577A JP5145316B2 (en) 2009-11-26 2009-11-26 Image forming system and user manager server device
JP2009-268577 2009-11-26
JP2009268573A JP5049332B2 (en) 2009-11-26 2009-11-26 Image forming system and user manager server device

Publications (2)

Publication Number Publication Date
CN102082887A true CN102082887A (en) 2011-06-01
CN102082887B CN102082887B (en) 2014-10-15

Family

ID=44088634

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010513154.2A Expired - Fee Related CN102082887B (en) 2009-11-26 2010-10-12 Image forming system and image forming apparatus

Country Status (1)

Country Link
CN (1) CN102082887B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103092537A (en) * 2011-11-07 2013-05-08 富士施乐株式会社 Image forming system
CN105262716A (en) * 2014-07-10 2016-01-20 柯尼卡美能达株式会社 Connection control system, management server, connection support method, and non-transitory computer-readable recording medium encoded with connection support program
CN105574427A (en) * 2014-10-31 2016-05-11 株式会社理光 Data processing system and data processing method
CN110933251A (en) * 2018-09-20 2020-03-27 富士施乐株式会社 Processing system and recording medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1658648A (en) * 2004-02-16 2005-08-24 株式会社东芝 Image forming apparatus and method of controlling image forming apparatus
CN1753450A (en) * 2004-09-20 2006-03-29 株式会社东芝 Image forming apparatus and method of controlling apparatus
US20090070864A1 (en) * 2007-09-11 2009-03-12 Ricoh Company, Limited. Image forming apparatus, image forming method, recording medium, and image forming system
US20090119755A1 (en) * 2004-02-04 2009-05-07 Kodimer Marianne L System and method for role based access control of a document processing device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090119755A1 (en) * 2004-02-04 2009-05-07 Kodimer Marianne L System and method for role based access control of a document processing device
CN1658648A (en) * 2004-02-16 2005-08-24 株式会社东芝 Image forming apparatus and method of controlling image forming apparatus
CN1753450A (en) * 2004-09-20 2006-03-29 株式会社东芝 Image forming apparatus and method of controlling apparatus
US20090070864A1 (en) * 2007-09-11 2009-03-12 Ricoh Company, Limited. Image forming apparatus, image forming method, recording medium, and image forming system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103092537A (en) * 2011-11-07 2013-05-08 富士施乐株式会社 Image forming system
CN103092537B (en) * 2011-11-07 2017-03-01 富士施乐株式会社 Image formation system
CN105262716A (en) * 2014-07-10 2016-01-20 柯尼卡美能达株式会社 Connection control system, management server, connection support method, and non-transitory computer-readable recording medium encoded with connection support program
CN105262716B (en) * 2014-07-10 2018-07-06 柯尼卡美能达株式会社 Connect control system, management server and connection support method
CN105574427A (en) * 2014-10-31 2016-05-11 株式会社理光 Data processing system and data processing method
CN105574427B (en) * 2014-10-31 2019-01-11 株式会社理光 Data processing system and data processing method
CN110933251A (en) * 2018-09-20 2020-03-27 富士施乐株式会社 Processing system and recording medium

Also Published As

Publication number Publication date
CN102082887B (en) 2014-10-15

Similar Documents

Publication Publication Date Title
CN102195961B (en) Image forming system and image forming method
US7117493B2 (en) Image formation system, software acquisition method, and computer product
JP4136325B2 (en) Image forming system, software acquisition method, image forming apparatus, and computer-readable recording medium storing program for causing computer to execute the method
JP5821903B2 (en) Cloud server, cloud printing system and computer program
US8392967B2 (en) Image forming system, image forming apparatus, and method for creating, maintaining, and applying authorization information
US8810834B2 (en) Image processing apparatus, charging management system, charging management method, and recording medium
US20040205261A1 (en) Image forming apparatus and control method therefor, program for executing the control method and storage medium storing the program
KR20080011660A (en) Scanning method
JP4298371B2 (en) Image forming apparatus, program activation method in the apparatus, image forming system, program thereof, and storage medium
JP2005039411A (en) Image processing system
CN101742051A (en) Information processing device and information processing method
JP2005300605A (en) Image processing apparatus, information processing system and control method thereof
RU2633113C2 (en) Information processing device, information processing system and information processing method
US8326901B2 (en) Data processing apparatus, data transmission method, and computer-readable recording medium for data transmission
JP5453145B2 (en) Image forming system and user manager server device
US9250840B2 (en) Image forming apparatus capable of executing applications, image forming method, and recording medium
CN102082887A (en) Image forming system and image forming device
JP6793370B2 (en) Equipment use system, equipment, program, information processing equipment
JP2016015095A (en) Function providing device, function providing system, and program
US8266526B2 (en) Distributed and decentralized document management system and method
JP5186521B2 (en) Image forming system and user manager server device
JP5448948B2 (en) Image forming system and user manager server device
JP5049333B2 (en) Authorization information registration device and authorization information registration program
JP5145316B2 (en) Image forming system and user manager server device
JP5899733B2 (en) Data processing system and job execution method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent of invention or patent application
CB02 Change of applicant information

Address after: Osaka Japan

Applicant after: KYOCERA Document Solutions Inc.

Address before: Osaka Japan

Applicant before: Kyocera Mita Corp.

COR Change of bibliographic data

Free format text: CORRECT: APPLICANT; FROM: KYOCERA CORP TO: KYOCERA DOCUMENT SOLUTIONS INC.

C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20141015