JP2004122778A - Image forming apparatus and usage control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an image forming apparatus capable of using a plurality of authentication / billing systems including an authentication / billing system using an external server on a network for a plurality of applications.
In an image forming apparatus configured to be capable of mounting a plurality of applications, a screen that allows one authentication unit to select one or a plurality of applications to be subjected to use restriction by the authentication unit is displayed on the image forming apparatus. Display means for displaying on an operation panel of the forming apparatus; and use control means for receiving an authentication result from the one authentication means, and controlling use restriction of the one or more applications based on the received authentication result. .
[Selection diagram] FIG.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an image forming apparatus that provides a user service for image forming processing such as copying, a printer, a scanner, and a facsimile, and can manage a plurality of authentication / charging apparatuses, authentication / charging applications, and the like collectively. It is.

In recent years, an image forming apparatus (hereinafter, referred to as a “multifunction peripheral”) in which functions of respective apparatuses such as a printer, a copier, a facsimile, and a scanner are housed in one housing is known. This multifunction peripheral includes a display unit, a printing unit, an imaging unit, and the like in a single housing, and three types of software corresponding to a printer, a copying machine, and a facsimile machine, respectively. Is operated as a printer, copier, scanner or facsimile machine.

By the way, in such a conventional multifunction peripheral, software corresponding to a printer, a copier, a scanner, and a facsimile machine is separately provided, and therefore, it takes a lot of time to develop each software. For this reason, the applicant has hardware resources used in image forming processing such as a display unit, a printing unit, and an imaging unit, and executes an application that performs processing unique to each user service such as a printer, a copy or a facsimile. When providing a user service by interposing between a plurality of applications and hardware resources, management, execution control, and image forming processing of hardware resources required by at least two of the applications in common Invented an image forming apparatus (multifunction peripheral) including a platform comprising various control services for performing the above.

In such a multifunction peripheral, when a user uses the multifunction peripheral, user authentication is performed using a user ID and a password, and the use of the multifunction peripheral by an unauthorized user is restricted. In some cases, usage is restricted to enhance security. In a multifunction peripheral having such an authentication function and a charging function, a user ID and a password are generally managed in an authentication database in its own storage device, and the user ID and charging information are stored in a charging database in its own storage device. It is common to manage by. In particular, in recent years, as a usage form of a multifunction peripheral, a plurality of multifunction peripherals or printers are connected to a network such as a LAN (Local Area Network) or the Internet, and are used from a computer such as a PC (Personal Computer) or a workstation on the network. It is common to do it. For this reason, it is necessary to provide an authentication database and a billing database for each MFP connected to the network, and to manage the user IDs and passwords of users who can use each MFP.
JP-A-2002-149362

However, when such authentication information and charging information such as a user ID and a password are managed by an authentication database or a charging database in the MFP, the authentication database and the charging database are stored in each MFP connected to the network. Since they must be provided and separately managed, there is a problem that management of authentication information and billing information becomes complicated.

In other words, for each multifunction device on the network, the available user and the unusable user may differ for each multifunction device, so the user-specific information, authentication information, or billing information is updated. In this case, it is necessary to determine which multifunction device can be used by the user. If a large number of multifunction devices are connected on the network, the management effort of the authentication information and the billing information increases. Even if the authentication database is updated, such as adding, changing, or deleting authentication information, or updating the accounting database is restricted to anyone other than the MFP system administrator, the authentication information or accounting information of one user is changed. In such cases, it is necessary to update the authentication database and billing database of all MFPs on the network, so if the system administrator is different for each MFP, the maintenance work on authentication and billing information would be enormous. It becomes.

Also, when managing the authentication database and billing database for each multifunction device on the network, even if the update of the authentication database is restricted to only the system administrator of the multifunction device, the system management of the user can be performed. By impersonating a person, it becomes possible to easily falsify an authentication database or a billing database, such as changing a password, and a security vulnerability becomes a problem.

Further, there are a plurality of authentication and charging methods, and there is a possibility that a plurality of authentication / charging systems are used in the multifunction peripheral. By managing these collectively, one or more of these methods can be used. There has been no technology used to restrict the use of applications.

The present invention has been made in view of the above, and has a plurality of authentication / charging systems including an authentication / charging system using an external server on a network for managing user information such as user authentication information and charging information. It is an object of the present invention to provide an image forming apparatus which can be used for an application.

In order to solve the above-mentioned problem, the invention according to claim 1 is an image forming apparatus configured to be capable of mounting a plurality of applications, wherein one authentication unit is restricted in use by the authentication unit. A display unit for displaying a screen for selecting one or a plurality of target applications on an operation panel of the image forming apparatus; receiving an authentication result from the one authentication unit; Or a use control unit for controlling use restrictions of a plurality of applications.

According to the present invention, one or a plurality of applications to which a certain authentication unit is applied can be selected, and the authentication of the authentication unit can be applied to the selected one or a plurality of applications.

According to a second aspect of the present invention, in the first aspect, the information input from the screen displayed by the display means indicates one or a plurality of applications to be restricted in use by the one authentication means. The information is stored in the image forming apparatus as information.

According to the present invention, the use control means can perform control based on the stored information.

According to a third aspect of the present invention, in the first or second aspect, the display unit displays a screen for selecting a function to be restricted.

According to the present invention, it is possible to control use restrictions for each function.

The invention according to claim 4 is an image forming apparatus configured to be capable of mounting a plurality of applications, wherein the screen for selecting one or a plurality of authentication units for restricting use of one application is displayed. Display means for displaying on an operation panel of the image forming apparatus; and use control means for receiving an authentication result from the one or more authentication means and controlling use restriction of the one application based on the received authentication result. It is provided.

According to the present invention, one or a plurality of authentication means for restricting use of one application can be selected, and authentication by the selected one or a plurality of authentication means can be applied to one application.

According to a fifth aspect of the present invention, in the fourth aspect, the information input from the screen displayed by the display means indicates one or a plurality of authentication means for restricting use of the one application. The information is stored in the image forming apparatus.

According to the present invention, the use control means can perform control based on the stored information.

According to a sixth aspect of the present invention, in the fourth aspect, the display means displays a screen for setting a relationship between a plurality of authentication means.

According to a seventh aspect of the present invention, in the sixth aspect, the screen is set such that when all the authentications of the plurality of authentication units are successful, the authentication for the use of the application is successful. It is assumed that the screen is for performing the operation.

According to an eighth aspect of the present invention, in the sixth aspect, when the authentication by at least one of the plurality of authentication units is successful, the authentication for use of the application is successful. It is assumed that the screen is a screen for setting that it is.

According to the sixth to eighth aspects of the present invention, appropriate authentication can be performed even when a plurality of authentication units are used for one application.

According to a ninth aspect of the present invention, in accordance with any one of the first to eighth aspects, the authentication means includes: user authentication information input by a user; and user authentication information registered in advance. The authentication is performed by:

According to the present invention, authentication using user authentication information can be performed. The user authentication information is an ID, a password, and the like.

According to a tenth aspect of the present invention, in accordance with any one of the first to eighth aspects, the authentication means uses the charging information input by the user and the available charging information registered in advance. Performs authentication. According to the present invention, authentication based on billing information can be performed.

According to an eleventh aspect of the present invention, in the image processing apparatus according to any one of the first to tenth aspects, the image forming apparatus includes hardware resources used in an image forming process and control of the hardware resources. A control service for performing processing on the system side, and a plurality of applications can be installed separately from the control service. The image forming apparatus includes the use restriction unit and the display unit as the control service. It is a thing.

The invention according to claims 12 to 22 is an invention of a method suitable for the above-mentioned image forming apparatus, and has the same operation and effect as the above-mentioned invention of the image forming apparatus.

According to the present invention, one or a plurality of applications to which a certain authentication unit is applied can be selected, and the authentication of the authentication unit can be applied to the selected one or a plurality of applications. Further, according to the present invention, it is possible to select one or a plurality of authentication means for restricting use of one application, and to apply authentication by the selected one or a plurality of authentication means to one application. Become.

Hereinafter, preferred embodiments of an image forming apparatus, a user authentication method, and a billing method according to the present invention will be described in detail with reference to the accompanying drawings.

(Embodiment 1)
FIG. 1 is an explanatory diagram illustrating a main configuration of an image forming apparatus (hereinafter, referred to as a “multifunction peripheral”) according to a first embodiment of the present invention and a network configuration including the multifunction peripheral. The multifunction peripheral 100 according to the first embodiment displays a user name and password input screen on the operation panel, inquires of a password to an external server on the Internet with the input user name, and checks the input password and the external server. The user authentication is performed using the password acquired from, and the use of the application of the user is restricted.

As shown in FIG. 1, the multifunction peripheral 100 according to the present embodiment is connected to the Internet 170, and the Internet 170 is connected to an LDAP server (Lightweight Directory Access Protocol) 300. Here, the communication protocol between the multifunction peripheral 100 and the LDAP server 300 uses TCP / IP.

As shown in FIG. 1, main functions for realizing the user authentication method of the present invention in the multifunction peripheral 100 of the present embodiment include applications such as an authentication application 117 and a copy application, and OCS 126, SCS 122, and CCS 129. , An inetd 141 and an httpd 142 that operate as daemons (processes) of a general-purpose OS, a network controller 103, and an operation panel 150.

The LDAP server 300 receives It is a server that provides a directory service according to a protocol that is a lightweight version of the 500-based directory service for the Internet. In the LDAP server 300, a password, a mail address, and personal information of another user are stored in association with the user name.

The authentication application 117 uses the LDAP server to perform a user authentication process using a user name and a password. The authentication application 117 includes a user information input processing unit 151, an external server communication unit 152, and an authentication unit 153.

The user information input processing unit 151 operates a user name and a password input screen for requesting a user name (user identification information) unique to the user and a password (user authentication information) indicating the validity of the user. It is displayed on the operation display unit of the panel 150, and accepts input of a user name and a password.

The external server communication unit 152 transmits the user ID input from the operation display unit of the operation panel 150 to the LDAP server 300 on the Internet 170 to the LDAP server, and transmits the password of the user whose user name is And receives a password as a search result.

The authentication unit 153 determines whether the password received from the LDAP server 300 matches the password input from the operation display unit of the operation panel, and determines the determination result (match or mismatch) by another process. It is transmitted to a certain CCS 129 by inter-process communication.

$ CCS (Certification Control Service) 129 is a control service for restricting users and for charging users. In the multifunction peripheral 100 of the present embodiment, the CCS 129 receives the determination result of the user authentication from the authentication unit 153 of the authentication application 117117, and transmits to the copy application 112 whether or not to restrict the use of the user. It has become. Control services such as OCS 126 and SCS 122 will be described later.

The inetd 141 is a daemon that constantly monitors data transmission / reception requests and, when a connection request for a specific protocol is detected, activates a server program that processes each protocol, and is similar to inetd in a normal UNIX (registered trademark). Is performed. In the multifunction peripheral 100 according to the first embodiment, a port for transmitting and receiving data by the http protocol and the https protocol is constantly monitored, and when a connection request on the port is detected, the httpd 142 is activated.

The @httpd 142 constantly monitors the port 80 for receiving messages transmitted by the http protocol and the https protocol, and receives a request message on the port 80 and transmits a response message. The structure of the request message and the response message is the same as the structure of each message in the normal http protocol, and each message includes a message body described in the html format.

The network controller 103 performs communication of various data according to the http protocol and the https protocol.

Next, the overall functional configuration of the multifunction peripheral 100 according to the present embodiment will be described. FIG. 2 is a block diagram illustrating an overall configuration of the multifunction peripheral 100 according to the first embodiment.

As shown in FIG. 2, the multifunction peripheral 100 includes a black-and-white laser printer (B & W LP) 101, a color laser printer (Color LP) 102, a network controller 103, and hardware resources 104 such as a scanner, a facsimile, and a memory. In addition, a software group 110 including a platform 120 and an application 130 is provided.

The platform 120 is a control service that interprets a processing request from an application to generate a hardware resource acquisition request, and a system resource manager that manages one or more hardware resources and arbitrates the acquisition request from the control service. (SRM) 123 and a general-purpose OS 121.

The control service is formed from a plurality of service modules, and includes an SCS (system control service) 122, an ECS (engine control service) 124, an MCS (memory control service) 125, an OCS (operation panel control service) 126, and an FCS. (Fax control service) 127, NCS (network control service) 128, and CCS (authentication control service) 129. The platform 120 has an application program interface (API) that enables a processing request to be received from the application 130 by a predefined function.

The general-purpose OS 121 is a general-purpose operating system such as UNIX (registered trademark), and executes each software of the platform 120 and the application 130 in parallel as a process.

The process of the SRM 123 controls the system and manages resources together with the SCS 122. The process of the SRM 123 includes an engine such as a scanner unit and a printer unit, a memory, an HDD file, a host I / O (centro I / F, a network I / F (network controller 103), an IEEE1394 I / F, an RS232C @ I / F, etc.). Arbitration is performed according to a request from an upper layer that uses hardware resources, and execution is controlled.

Specifically, the SRM 123 determines whether the requested hardware resource is available (whether it is not used by another request), and if it is available, the requested hardware resource is used. Inform the upper layer that it is possible. The SRM 123 also schedules use of hardware resources in response to a request from an upper layer, and directly implements the contents of the request (for example, paper transport and image forming operation, memory reservation, file generation, and the like by a printer engine). .

The SCS 122 process performs application management, operation unit control, system screen display, LED display, resource management, interrupt application control, and the like.

The process of the ECS 124 controls an engine of a hardware resource 104 including a monochrome laser printer (B & W LP) 101, a color laser printer (Color LP) 102, a scanner, a facsimile, and the like.

The MCS 125 process acquires and releases an image memory, uses a hard disk drive (HDD), and compresses and expands image data.

The process of the FCS 127 includes facsimile transmission / reception using PSTN / ISDN from each application layer of the system controller, registration / quotation of various facsimile data managed by BKM (backup SRAM), facsimile reading, facsimile reception printing, fusion transmission / reception. Provides an API to do so.

The process of the NCS 128 is a process for providing a service that can be used in common to applications requiring network I / O, and distributes data received from the network according to each protocol to each application, or distributes data from the application to the data. Mediation when sending to the network side.

The process of the OCS 126 controls an operation panel (operation panel) 150 which is a means for transmitting information between an operator (user) and main body control. The OCS 126 is an OCS process that acquires a key press (or touch operation) from the operation panel as a key event and transmits a key event function corresponding to the acquired key to the SCS 122. In addition, various screens for the operation display unit of the operation panel 150 are drawn and the other control of the operation panel is performed by calling various functions such as a drawing function registered in the OCS function library from the application 130 or the control service. This OCS function library is dynamically linked to each module of the application 130 and the control service. Note that the entire OCS 126 may be configured to operate as a process, or the entire OCS 126 may be configured as an OCS function library.

The application 130 includes a printer application 111 that is a printer application having a page description language (PDL), PCL, and PostScript (PS), a copy application 112 that is a copy application, and a fax application 113 that is a facsimile application. , A scanner application 114 as a scanner application, a network file application 115 as a network file application, a process inspection application 116 as a process inspection application, and the authentication application 117 described above.

Each process of the application 130 and each process of the control service realize user services related to image forming processing such as copy, printer, scanner, and facsimile while performing inter-process communication by transmitting a function call, transmitting a return value thereof, and transmitting and receiving a message. are doing.

As described above, in the multifunction peripheral 100 according to the first embodiment, there are a plurality of applications 130 and a plurality of control services, all of which operate as processes. Then, one or a plurality of threads are generated inside each of these processes, and the threads are executed in parallel. Then, the control service provides a common service to the application 130. For this reason, these many processes perform parallel operation and thread parallel operation, perform inter-process communication with each other, and perform cooperative operation. User services related to image forming processes such as copying, printing, scanning, and facsimile are provided.

Further, in the multifunction peripheral 100, a third party such as a customer or a third vendor of the multifunction peripheral 100 can develop and install an external application in an application layer above the control service layer. The authentication application 117 may be developed as such an external application.

In the multifunction peripheral 100 according to the first embodiment, a plurality of processes of the application 130 and a plurality of processes of the control service are operating, but the application 130 and the control service process each have a single configuration. Is also possible. Further, each application 130 can be added or deleted for each application.

FIG. 3 shows an example of a hardware configuration of the multifunction peripheral 100.

The multifunction peripheral 100 includes a controller 160, an operation panel 175, a fax control unit (FCU) 176, and an engine unit 177 that is a hardware resource specific to image forming processing such as a printer. The controller 160 includes a CPU 161, a system memory 162, a north bridge (NB) 163, a south bridge (SB) 164, an ASIC 166, a local memory 167, a HDD 168, a network interface card (NIC) 169, and an SD card. , A USB device 171, an IEEE 1394 device 172, and a Centronics 173. Note that the memories 162 and 167 include a RAM, a ROM, and the like. The FCU 176 and the engine unit 177 are connected to the ASIC 166 of the controller 160 via a PCI bus 178.

(4) The CPU 161 reads out a program such as an application and a control service installed in the multifunction peripheral 100 from the memory and executes the program.

Next, a user authentication method by the MFP 100 according to the first embodiment configured as described above will be described. FIG. 4 is an explanatory diagram showing a data flow in the user authentication process by the multifunction peripheral 100, and FIG. 5 is a flowchart showing a procedure of the user authentication process.

In the multifunction peripheral 100 according to the present embodiment, after the power is turned on, first, the copy application 112 is preferentially activated. At that time, user authentication is performed. If the authentication result is valid, the copy application 112 displays the initial screen. The data is output to the operation display unit 150a of the operation panel 150 so that a copy operation can be performed.

First, the user information input processing unit 151 of the authentication application 117 displays the user name / password input screen 501 shown in FIG. 6 on the operation display unit 150a of the operation panel 150 (Step S401). Here, the display of various screens on the operation display unit 150a is performed by calling a drawing function of the OCS function library. Hereinafter, the description of the display on the operation display unit 150a is based on the premise that the drawing function is called, and the description to that effect is omitted. When a key is input from the operation display unit 150a, a key event of the input key is acquired by the OCS 126, and is notified to the user information input processing unit 151 of the authentication application 117 via the SCS 122.

When a user name and a password are input from the user name / password input screen 501, the external server communication unit 152 of the authentication application 117 transmits the input user name and entry search request to the LDAP server 300, To search for an entry of the user name (step S402). Transmission of the user name and the entry search request to the LDAP server 300 by the external server communication unit 152 is performed by the inetd 141 activating the httpd 142 and the httpd 142 via the network controller 103. The search result is notified to the external server communication unit 152 via the network controller 103 and the httpd 142.

Here, the process of the entry search request to the LDAP server 300 by the external server communication unit 152 in step S402 will be described. FIG. 7 is a flowchart illustrating the procedure of the entry search request process.

(4) The external server communication unit 152 sets the user ID input to the search filter (step S601). Specifically, for example, the setting “userID = XXXXXXXXX” is performed.

Next, an ldap_init () function is issued in order to obtain a session handle to be used in a future operation (step S602). After obtaining the session handle, a search function for the LDAP server 300 is executed. More specifically, the IP address of the connection destination LDAP server, the connection destination port, the connection authority password, the search position, the search filter set in step S601, the search attribute (specify the password) are specified as parameters, and the ldapsearch () function is specified. Is called (step S603).

Thereby, the password corresponding to the user ID specified by the LDAP server 300 is searched, and the searched password is received from the LDAP server as a search result (step S604). Then, finally, the ldap_unbind () function is called to release the session handle (step S605). Thus, a series of search request processing is completed.

Returning to FIG. 5, next, the authentication unit 153 of the authentication application 117 compares the password as the search result received from the LDAP server 300 with the password input from the user name / password input screen 501 to determine whether they match. It is determined whether or not it is (step S403). If they match, the authentication result “match” is transmitted to the CCS 129 (step S404). On the other hand, when the two passwords do not match, the authentication result “mismatch” is transmitted to the CCS 129 (step S405).

(4) Upon receiving the authentication result, the CCS 129 determines whether the authentication result is “match” (step S406). If it is “match”, it is determined that the user is a legitimate user, and the use of the copy application 112 is not restricted. In this case, the CCS 129 requests the copy application 112 to display an initial screen (step S407). Upon receiving the initial screen display request, the copy application 112 displays the initial screen on the operation display unit 150a of the operation panel 150 (step S408).

On the other hand, in the case of “mismatch”, the CCS 129 displays an error message to the effect that the use of the copy application is restricted on the operation display unit 150a of the operation panel 150 (step S409). This completes the user authentication and use restriction processes.

In the above embodiment, the process of determining whether the input password matches the registered password may be performed by the LDAP server. Further, each of the password and the user ID may be input from a network-connected PC instead of being input from the operation panel.

As described above, in the multifunction peripheral 100 according to the first embodiment, the user information input processing unit 151 of the authentication application 117 allows the user to input a unique user ID and password, and the external server communication unit 152 connects to the Internet 170. The input user ID is transmitted to the connected LDAP server 300, the password retrieved by the LDAP server 300 is received, the password received by the external server communication unit 152 by the authentication unit 153, and the user information input processing Since it is determined whether or not the password input by the unit 151 matches, and the determination result is notified to the CCS 129, it is not necessary to hold the authentication database in its own multifunction device, and the maintenance work of the authentication database is not required. Labor can be reduced. Further, since there is no need to maintain an authentication database in each multifunction peripheral 100, falsification of information such as a password can be prevented, and security of the multifunction peripheral 100 can be enhanced.

(Embodiment 2)
The multifunction peripheral 100 according to the first embodiment displays a user name and password input screen on the operation panel, and inquires of an external server on the Internet for a password using the input user name. The MFP 700 according to the second embodiment receives a user name and billing data from the PC 200 on the Internet and makes an inquiry about billing data to an external server.

FIG. 8 is an explanatory diagram of a main configuration of the multifunction peripheral 700 according to the second embodiment and a network configuration including the multifunction peripheral. FIG. 9 is a block diagram illustrating an overall functional configuration of a multifunction peripheral 700 according to the second embodiment.

As shown in FIG. 8, the multifunction peripheral 700 according to the present embodiment is also connected to the Internet 170. The Internet 170 includes an LDAP server (Lightweight Directory Access Protocol) 300 and a PC (Personal Computer) as a client terminal. It is connected. Here, TCP / IP is used as a communication protocol between the MFP 100, the LDAP server 300, and the PC 200.

As shown in FIG. 8, the main components of the multifunction peripheral 700 of the present embodiment for realizing the billing method of the present invention include applications such as a billing application 717 and a copy application, and OCS 126, SCS 122, CCS 129, and NCS 126. It mainly includes a control service described later, such as inetd 141 and httpd 142 operating as a daemon (process) of a general-purpose OS, a network controller 103, and an operation panel 150.

In the LDAP server 300 of the present embodiment, a user name is stored in association with a password, a mail address, and billing data. The billing data includes a budget (available amount), A4 usable number, B5 usable number, and the like.

ＩＣ An IC card reader 201 that controls read of an IC card is connected to the PC 200 of the present embodiment. The IC card reader 201 reads an IC card on which a user name and billing data are recorded, and transmits the user name and billing data from the PC 200 to the MFP 700. The billing data recorded on the IC card includes the amount of money used, A4 used number, B5 used number, and the like.

The charging application 717 in the multifunction peripheral 700 uses the LDAP server 300 to perform a charging process based on a user name and charging data. The charging application 717 includes a user information receiving unit 751, an external server communication unit 752, and a charging processing unit 753.

The user information receiving unit 751 receives a user name (user identification information) and a password from the PC 200 that has read the IC card.

The external server communication unit 752 transmits the user ID input from the operation display unit of the operation panel 150 to the LDAP server 300 on the Internet 170 to the LDAP server, and charges the user of the user name of the MFP 100 with the user name. Data is searched, and billing data as a search result is received.

The billing processing unit 753 compares the billing data received from the LDAP server 300 with the billing data received from the PC 200 to determine whether or not the billing data of the user is within the usable range. , Or out of range) to another process CCS 129 by inter-process communication.

$ CCS (Certification Control Service) 129 is a control service for restricting users and for charging users. In the MFP 700 according to the present embodiment, the CCS 129 receives the determination result of the billing process from the billing processing unit 753 of the billing application 717, and transmits to the copy application 112 whether or not to restrict the use of the user. It has become. Other configurations of the multifunction peripheral 700 are the same as those of the multifunction peripheral 100 of the first embodiment.

Next, charging processing and usage restriction processing based on charging by the MFP 700 according to the second embodiment configured as described above will be described. FIG. 10 is an explanatory diagram showing the flow of data in the charging process and the usage restriction process based on charging by the MFP 700, and FIG. 11 is a flowchart showing the procedure of the charging process and the usage restriction process based on charging.

In the MFP 700 according to the present embodiment, when a user name and billing data are received from the PC 200 on the Internet 170, the billing application 717 is executed in an event-driven manner. Then, if the accounting process is performed and the processing result is valid, the copy application 112 outputs an initial screen to the operation display unit 150a of the operation panel 150 so that the copy operation can be performed.

The billing application 717 receives the user name and billing data from the PC 200 by the user information receiving unit 751. More specifically, the user name and the billing data transmitted by PC 200 are received by network controller 104 of MFP 700 and received by user information receiving unit 751 via NCS 126. Then, the external server communication unit 752 transmits the received user name and entry search request to the LDAP server 300, and causes the LDAP server 300 to search for an entry of the user name (step S1001). The processing of the entry search request to the LDAP server 300 by the external server communication unit 752 is the same as that of the MFP 100 of the first embodiment. However, it is assumed that “charging data” is set as the search attribute and the ldapsearch function is called.

Next, the billing processing unit 753 of the billing application 717 compares the billing data received as a search result from the LDAP server 300 with the billing data received from the PC 200, and compares the billing data received from the PC 200 with the usage of the MFP 700. It is determined whether it is within a possible range (step S1002). If it is within the range, the processing result “in range” is transmitted to the CCS 129 (step S1003). On the other hand, if it is out of the range, the processing result “out of range” is transmitted to the CCS 129 (step S1004).

(4) Upon receiving the processing result, the CCS 129 determines whether the processing result is “within the range” (step S1005). For example, it is determined whether the usage amount is less than the budget and whether the number of used sheets is less than the used number. If the value is “within the range”, the user determines that the MFP 700 can still be used, and does not restrict the use of the copy application 112. In this case, the CCS 129 requests the copy application 112 to display an initial screen (step S1006). Upon receiving the initial screen display request, the copy application 112 displays the initial screen on the operation display unit 150a of the operation panel 150 (step S1007).

On the other hand, when it is determined in step S1005 that “out of range”, the CCS 129 displays an error message on the operation display unit 150a of the operation panel 150 indicating that use of the copy application 112 is restricted (step S1008). . Thereby, the process of the use restriction is completed. Note that the application itself may be configured to display an error message upon receiving the authentication result.

As described above, in the MFP 700 according to the second embodiment, the user information receiving unit 751 of the authentication application 717 receives the user ID and the billing data from the PC 200 on the Internet 170, and the external server communication unit 752 outputs the Internet 170 The user ID input is transmitted to the LDAP server 300 connected to the server, the accounting data retrieved by the LDAP server 300 is received, and the accounting data received by the external server communication unit 152 by the accounting processing unit 753 is used. Is compared with the billing data received by the user information receiving unit 751 and the result of the comparison is notified to the CCS 129, so that there is no need to maintain a billing database in its own multifunction peripheral, thereby reducing the labor required for maintenance work on the billing database. Can be reduced. Further, since there is no need to maintain a billing database in each MFP 700, it is possible to prevent information such as billing data from being falsified, and to enhance the security of the MFP 700.

課 金 In addition, the accounting process for performing copying can be performed, for example, as follows. In the following example, it is assumed that the billing information received from the LDAP server is the number of copies available to the user, and the billing information read from the IC card is the number of copies used by the user.

As described above, if the number of sheets already used is smaller than the number of usable sheets, the user can make a copy. In this case, the billing application holds the available number and the used number. Then, each time the user copies a document, the copy application issues a print job to the ECS via the SCS, and the ECS notifies the billing application of a discharge completion notification. Upon receiving the paper ejection completion notification, the billing application adds 1 to the number of sheets used and compares the added number with the number of sheets available. Further, the number of sheets used in the IC card is updated. If the used number is less than the available number, copying can be continued. However, if the used number reaches the available number, the charging application notifies the CCS of the fact and the CCS notifies the copy application of the print stop. I do. Note that the above-mentioned billing application determines permission or non-permission of use of the application by the user based on a predetermined condition, and thus may be referred to as an authentication application.

(Embodiment 3)
Next, a third embodiment will be described. In the first and second embodiments, the user restriction is performed using either the authentication application or the billing application. However, the MFP according to the third embodiment includes a plurality of applications or devices for authentication / billing. It is possible to use.

The overall configuration of the multifunction peripheral according to the third embodiment is substantially the same as that shown in FIG. 2, but the multifunction peripheral according to the third embodiment may include a plurality of authentication / billing applications. Further, it is possible to connect and use a conventional external authentication / charging device such as a key counter, a coin rack, and a key card to the multifunction peripheral of the third embodiment.

FIG. 12 is a diagram for describing an outline of functions of the CCS 129 according to the third embodiment. In the following description, an external connection authentication / charging device such as a key counter, a key card, and a coin rack, and a system for performing authentication / charging using the authentication / charging application described in the first and second embodiments will be described. The term “authentication / billing system” is used to mean both.

As shown in FIG. 12, the CCS 129 connects a plurality of authentication / billing systems and a plurality of applications to be authenticated / billed, and indicates information indicating which authentication / billing system is to act on which application. to manage. The plurality of authentication / charging systems include an authentication / charging application using an LDAP server as described in the first and second embodiments, together with an external authentication device such as an existing coin rack. For example, the authentication / billing system 1 is a new authentication / billing application equipped with a multifunction peripheral, and the authentication / billing system 2 can be a conventional key counter or key card.

FIG. 13 shows an example of the software configuration of the CCS 129. The CCS 129 according to the third embodiment includes a main control unit 1291, a user code unit 1292, a key counter unit 1293, an external authentication / billing system unit 1294, an extended authentication / billing system unit 1295, and a device interface unit 1296.

(4) The main control unit 1291 executes the entire process of the CCS 129. The user code unit 1292 is for performing user authentication based on a user ID using an authentication application or an SCS. The user code unit 1292 manages setting information such as which application is to be subjected to user authentication based on a user ID. The acquisition and the authentication result are notified to the main control unit 1291, and the like. The key counter unit 1293 is for performing authentication / charging with the key counter. The external authentication / charging system unit 1294 performs authentication / charging with an external authentication / charging device such as a key card or a coin rack. The extended authentication / charging system unit 1295 performs authentication / charging by an authentication / charging system using an LDAP server as described in the first and second embodiments. As with the case of the user code unit 1292, these manage the setting information such as which application is to be authenticated / charged, acquire the authentication result, and notify the main control unit 1291 of the authentication result. I do. Note that the main control unit 1291 may refer to information about which authentication / charging is performed for which application.

The CCS 129 shown in FIG. 13 is an example, and more authentication / billing system units can be provided depending on the authentication / billing device to be connected and the authentication / billing application to be used.

The device interface unit 1296 is for connection between the CCS 129 and an external authentication / charging device such as a key card or a coin rack. For example, the code shown in FIG. 14 detects that a card has been inserted into an external connection device such as a key card device, reads authentication result information, and instructs the main control unit 1291 to perform predetermined processing. I do. As the predetermined process, for example, there is a process of instructing all applications to permit the operation because the authentication is OK.

Next, the setting for associating the authentication / billing system with the application to be authenticated / billed will be described. With this setting, it is possible to set which application uses which authentication / billing system.

FIGS. 15 to 18 show examples of setting screens displayed on the operation panel of the multifunction peripheral. These screens may be displayed by the CCS 129, or may be displayed by the SCS 122 by exchanging information for display between the SCS 122 and the CCS 129. Hereinafter, description will be given assuming that the CCS 129 performs display.

First, as shown in FIG. 15, a list of available authentication / billing systems is displayed. Here, “external charging device management” is a button for performing settings for devices such as a coin rack and a key card, and “extended authentication / charging system 1 management” is a button for a new authentication / charging application. This button is used to make settings. By pressing the “next” button, another “extended authentication / charging system 2 management” can be displayed.

す る と When “extended authentication / billing system 1 management” is selected on the screen of FIG. 15, the screen shown in FIG. 16 is displayed. By pressing the next item, another new application is also displayed as shown in FIG. On the screens shown in FIGS. 16 and 17, an application to be authenticated / billed using the selected extended authentication / billing system 1 is selected. In the screen examples shown in FIGS. 16 and 17, it is possible to select which function in the application is to be targeted. For example, when "full color" is selected in the copy application column, the authentication / billing operation by the extended authentication / billing system 1 is performed only when full-color copying is used.

The setting information set as described above is stored in the storage device as information as shown in FIG. 18, for example. In the setting of FIG. 18, the use restriction processing by the extended authentication / billing system 1 is performed only when the color function is used for the application 1, and the use restriction processing is performed for all functions for the application 2. It shows that you can be.

Then, when the application 1 is used, for example, information indicating that the application 1 is going to use color is notified from the application 1 to the CCS 129, and the CCS 129 performs any authentication / authentication for the function of the application 1. Whether the setting for performing the authentication / charging in the charging system is made with reference to the information shown in FIG. Then, it instructs the extended authentication / charging system to operate.

When setting is performed for a plurality of authentication / charging systems on the screens shown in FIGS. Further, when setting for operating the authentication / billing system 2 for the function 1 of the application 1 is performed, a screen for inputting a relationship with the former is displayed when the latter is set, and the relationship is displayed. You may make it input. For example, a setting that allows the use of the function 1 of the application 1 when the authentication of one of the authentication / billing system 1 and the authentication / billing system 2 is successful, and a setting of the authentication / billing system 1 and the authentication / billing system 2 Only when both authentications are successful, it is possible to set to allow the use of the function 1 of the application 1.

In addition, in addition to the screens shown in FIGS. 16 to 18, the screens shown in FIGS. 19 to 20 can be displayed. In this case, for example, when the extended authentication / billing system 1 is selected on the screen of FIG. 15, the screen shown in FIG. 19 is displayed. On this screen, the user selects whether to select the function of the application and perform the setting, or select the application and perform the setting.

If the user selects the function of the application and performs the setting, a screen similar to that shown in FIGS. 16 and 17 is displayed, and the same setting as that shown in FIGS. 16 and 17 can be made.

When selecting to set by selecting an application, the screen of FIG. 20 is displayed. Here, when a certain application is selected, the corresponding authentication / billing application operates for any function of the application. In the case of the setting shown in FIG. 20, for example, the information shown in FIG. 21 is recorded, and the CCS 129 operates the predetermined authentication / billing application with respect to the application to be used by referring to this table. . For example, when any one of the copy and the application 1 is used, the authentication / charging system 1 operates, authentication is performed, and the authentication result is notified to the application to be used via CCS.

In the above example, one or a plurality of applications are selected for a certain authentication / billing system. However, for one application, one or a plurality of authentication / billing systems to be applied to the application are selected. You can also make settings. FIGS. 22 to 23 show examples of screens when such settings are made.

First, the screen of FIG. 22 is displayed. When, for example, the application 1 is selected on this screen, the screen of FIG. 23 is displayed. The authentication / billing system selected on this screen is applied to the application 1. Further, if a plurality of authentication / billing systems are selected and all the results are OK, an AND setting for notifying the application that the authentication is OK can be performed. For example, an OR setting for notifying the application that the authentication is OK can be made. In this case, for example, after selecting a certain authentication / charging system, an AND or OR button is pressed, and then the authentication / charging system is further selected, so that the authentication system selected earlier and the one selected later are selected. An AND or OR relationship can be set with the authentication system. In this case, for example, information “authentication system 1 AND authentication system 2” is recorded in association with the corresponding application. Then, the CCS 129 refers to this information, and operates both the authentication / billing systems for the corresponding application. Only when the authentication result from both the authentication / billing systems is OK, the authentication is OK. Notify the app that something is happening. Then, the application becomes operable.

Depending on the specifications of the application, there may be an authentication / billing system that can be used and an authentication / billing system that cannot be used. Therefore, before displaying the screen of FIG. 23, the application sends the authentication corresponding to the application to the CCS 129. 23, the CCS 129 may display only the authentication / billing system applicable to the application on the screen of FIG. 23 based on the information.

The operation of the CCS 129 when each authentication / billing system operates is the same as in the first and second embodiments. However, in the third embodiment, the results of a plurality of authentication / billing systems are received, and If all the authentication results are OK, or if any one of the authentication results is OK, it is possible to notify one or more applications that the authentication is OK by referring to the setting information. it can. As for the trigger of the operation of the authentication / billing application, the authentication screen may be displayed for the application started when the power is turned on, as in Embodiment 1, or the CCS 129 may detect the application switching and The CCS 129 may request the authentication / billing application corresponding to the switched application to display an authentication screen. When a plurality of authentication / billing applications are in an AND relationship, for example, the authentication by the authentication / billing applications is performed sequentially.

The present invention is not limited to the above-described embodiment, but can be variously modified and applied within the scope of the claims.

FIG. 2 is an explanatory diagram illustrating a main configuration of the multifunction peripheral according to the first embodiment and a network configuration including the multifunction peripheral. FIG. 2 is a block diagram illustrating an overall configuration of the multifunction peripheral according to the first embodiment. FIG. 2 is a block diagram illustrating a hardware configuration of the MFP according to the first embodiment. FIG. 4 is an explanatory diagram illustrating a data flow in a user authentication process performed by the multifunction peripheral. It is a flowchart which shows the procedure of a user authentication process. It is an explanatory view showing a user name and password input screen. It is a flowchart which shows the procedure of an entry search request process. FIG. 7 is an explanatory diagram illustrating a main configuration of a multifunction peripheral according to a second embodiment and a network configuration including the multifunction peripheral. FIG. 7 is a block diagram illustrating an overall functional configuration of a multifunction peripheral according to a second embodiment. FIG. 4 is an explanatory diagram showing a flow of data in a charging process and a usage restriction process based on the charging by the multifunction peripheral. It is a flowchart which shows the procedure of a charging process and the use restriction process based on a charging. FIG. 15 is a diagram for explaining a function of a CCS according to a third embodiment. It is a figure showing the example of functional composition of CCS. FIG. 9 is a diagram for explaining an example of processing by a device interface unit. It is an example of a screen on which a list of authentication / billing systems is displayed on a setting screen by CCS. 6 is a screen for selecting a function of an application to be authenticated / charged. 6 is a screen for selecting a function of an application to be authenticated / charged. FIG. 18 is a diagram showing an example of setting information stored by setting using the screens of FIGS. It is a figure showing other examples of a setting screen. This is a screen for selecting an application to be authenticated / charged. 21 is a diagram illustrating an example of setting information stored by setting using the screen of FIG. 20. FIG. It is a figure showing other examples of a setting screen. FIG. 3 is a diagram for selecting an authentication / billing system applied to an application.

Explanation of reference numerals

100, 700 MFP 101 B / W laser printer 102 Color laser printer 103 Network controller 104 Hardware resource 110 Software group 111 Printer application 112 Copy application 113 Fax application 114 Scanner application 115 Net file application 116 Process inspection application 117 Authentication application 717 Billing application 120 Platform 121 General-purpose OS
122 SCS
123 SRM
124 ECS
125 MCS
126 OCS
127 FCS
128 NCS
129 CCS
130 application 150 operation panel 150a operation display unit 151 usage information input processing unit 152, 752 external server communication unit 153 authentication unit 170 Internet 200 PC
201 IC card reader 300 LDAP server 501 User ID / password input screen 751 Usage information receiving unit 753 Billing processing unit 1291 Main control unit 1292 User code unit 1293 Key counter unit 1294 External authentication / billing system unit 1295 Extended authentication / billing system unit

Claims (22)

An image forming apparatus configured to be capable of mounting a plurality of applications,
Display means for displaying, on one operation unit of the image forming apparatus, a screen for selecting one or a plurality of applications to be subjected to use restriction by the authentication means,
A use control unit that receives an authentication result from the one authentication unit and controls a use restriction of the one or more applications based on the received authentication result,
An image forming apparatus comprising: 2. The image forming apparatus according to claim 1, wherein information input from a screen displayed by the display unit is stored in the image forming apparatus as information indicating one or a plurality of applications subject to use restriction by the one authentication unit. Image forming device. 3. The image forming apparatus according to claim 1, wherein the display unit displays a screen for selecting a function to be restricted. An image forming apparatus configured to be capable of mounting a plurality of applications,
Display means for displaying, on an operation panel of the image forming apparatus, a screen for selecting one or a plurality of authentication means for restricting use of one application;
A use control unit that receives an authentication result from the one or more authentication units and controls a use restriction of the one application based on the received authentication result,
An image forming apparatus comprising: 5. The image forming apparatus according to claim 4, wherein information input from the screen displayed by the display unit is stored in the image forming apparatus as information indicating one or a plurality of authentication units that restrict use of the one application. Image forming device. The image forming apparatus according to claim 4, wherein the display unit displays a screen for setting a relationship between the plurality of authentication units. 7. The image forming apparatus according to claim 6, wherein the screen is a screen for setting that authentication for use of the application is successful when all authentications of the plurality of authentication units are successful. 7. The screen for setting that authentication for use of the application is successful when authentication by at least one of the plurality of authentication means is successful. 5. The image forming apparatus according to claim 1. The image forming apparatus according to any one of claims 1 to 8, wherein the authentication unit performs authentication based on user authentication information input by a user and user authentication information registered in advance. The image forming apparatus according to any one of claims 1 to 8, wherein the authentication unit performs authentication based on charging information input by a user and available charging information registered in advance. The image forming apparatus includes hardware resources used in image forming processing, and a control service for performing processing on the system side including control of the hardware resources, and can include a plurality of applications separately from the control service. Is composed of
The image forming apparatus according to any one of claims 1 to 10, wherein the image forming apparatus includes the use restriction unit and the display unit as the control service. A method for controlling use of an application in an image forming apparatus configured to be capable of mounting a plurality of applications,
A display step of displaying, on one operation unit of the image forming apparatus, a screen that allows one authentication unit to select one or a plurality of applications to be subjected to use restriction by the authentication unit,
A use control step of receiving an authentication result from the one authentication unit and controlling a use restriction of the one or more applications based on the received authentication result,
A usage control method comprising: 13. The image forming apparatus according to claim 12, wherein the information input from the screen displayed in the display step is stored in the image forming apparatus as information indicating one or a plurality of applications subject to use restriction by the one authentication unit. Usage control method. 14. The use control method according to claim 12, wherein in the displaying step, the image forming apparatus displays a screen for selecting a function subject to use restriction. A method for controlling use of an application in an image forming apparatus configured to be capable of mounting a plurality of applications,
A display step of displaying, on an operation panel of the image forming apparatus, a screen for selecting one or a plurality of authentication means for restricting use of one application;
A use control step of receiving an authentication result from the one or more authentication units and controlling a use restriction of the one application based on the received authentication result,
A usage control method comprising: 16. The image forming apparatus according to claim 15, wherein information input from the screen displayed in the display step is stored in the image forming apparatus as information indicating one or a plurality of authentication units that restrict use of the one application. Usage control method. 16. The use control method according to claim 15, wherein in the displaying step, the image forming apparatus displays a screen for setting a relationship between a plurality of authentication units. 18. The use control method according to claim 17, wherein the screen is a screen for setting that authentication for use of the application is successful when all authentications of the plurality of authentication units are successful. 18. The screen according to claim 17, wherein when the authentication by at least one of the plurality of authentication units is successful, the authentication for use of the application is set to be successful. Usage control method described in 1. 20. The use control method according to claim 12, wherein the authentication unit performs authentication based on user authentication information input by a user and user authentication information registered in advance. 20. The use control method according to claim 12, wherein the authentication unit performs authentication based on charging information input by a user and available charging information registered in advance. The image forming apparatus includes hardware resources used in image forming processing, and a control service for performing processing on the system side including control of the hardware resources, and can include a plurality of applications separately from the control service. Is composed of
22. The use control method according to claim 12, wherein the display step and the use control step are executed by the control service.

Images