JP2006041688A - Image processing apparatus, function management method of image processing apparatus, function management program, and medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image processing apparatus capable of increasing a degree of freedom of the apparatus side in the case of utilizing a function while the authentication of a user can surely and simply be attained. <P>SOLUTION: When the user makes a registration request of registration data, a communication section 44 requests an authentication server 38 to carry out external authentication and outputs data to a registration section 48 to register a user name of the user to an internal user list upon the receipt an authentication result denoting a legitimate user. The registration section 48 registers an external authentication user name of the user to the internal user list, assigns a unique identification ID to the external authentication user name and stores the result to a user list storage section 50. Thereafter a setting section 58 stores the registration data to which the identification ID is set to a registration data storage section 60. Thus, even when the user name is long, the external authentication server can manage registered data with a small data size. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an image forming apparatus (such as a copying machine) that reads image data to form an image, an image processing apparatus for processing image data, a function management method for the image processing apparatus, a function management program, and a medium.

  In an image processing apparatus such as a copying machine, an image (color or monochrome) recorded on a document is read to generate digital image data (image data), and an image is formed on a recording sheet or the like using the generated image data. be able to. An image processing apparatus such as a printer that receives image data and forms an image based on the image data on recording paper is also known. Recently, as one image processing apparatus, a scanner function that includes an image reading unit (scanner unit) to read an image, a printing function that includes a printing unit (printer unit) to print out an image, and an electric transmission unit (FAX unit) ) And a multifunction machine having a plurality of functions such as a FAX function for transmitting images via a communication line has been put into practical use.

  In the image processing apparatus, when using a large number of functions such as the scanner function, printing function, and FAX function, whether or not the user is a valid user in order to permit use only to a valid user (user). Authentication may be required. This authentication can be achieved by an authentication apparatus, but it is not preferable to provide an image processing apparatus such as a multifunction peripheral because the apparatus becomes larger and complicated. Furthermore, since authentication data must be registered in each image processing apparatus, user management cannot be managed in a unified manner, which is troublesome.

Therefore, a technique is known in which an authentication device for authenticating the validity is provided outside, and the external authentication device authenticates whether the user is a valid user (see, for example, Patent Document 1). In this technology, a user authentication is configured to be executed externally using an authentication server connected to a network as an authentication device.
JP 2003-228509 A

  However, when using an externally provided authentication device, it is common to use a user ID or the like for specifying a user, and the user ID or the like depends on the specification of the authentication device. For this reason, an image processing apparatus that uses an external authentication device must use a user ID that complies with the specifications defined by the authentication device.

  For example, for functions used in the image processing device, if registration data such as confidential box or instruction data is registered and used for each user in the image processing device, the registered data must be associated with the user. When authentication is required, a user ID or the like is used for the correspondence. However, since the user ID depends on the specification of the authentication device, it may be difficult to link the user ID to the image processing device.

  SUMMARY OF THE INVENTION The present invention has been made in view of the above facts, and is an image processing apparatus capable of increasing the degree of freedom on the apparatus side when using the function while enabling easy and reliable user authentication, and function management of the image processing apparatus It is an object to provide a method, a function management program, and a medium.

  In order to achieve the above object, the present invention provides image data when authenticated as a valid user by an external authentication device that authenticates the validity of the user based on the user name information indicating the user name and the password information. In an image processing apparatus capable of executing image processing based on image data, storage means for storing registration data for executing a predetermined image processing function as image processing based on image data, and user name information and password information of the user And an input means for inputting the user name and the user name information and the password information to externally authenticate the user, and an authentication result is input from the external authentication device. When storing the registration data in the authentication processing means and the storage means, when the authentication result indicating that the user is a valid user is input to the authentication processing means, the user name And registration means for registering a table associating the multicast and the user identification information, characterized by comprising a setting means for setting the user identification information registered in the registration means in the corresponding registration data.

  The image processing apparatus according to the present invention performs image processing based on image data when the user is authenticated as a valid user by an external authentication apparatus that authenticates the validity of the user based on the user name information indicating the user name and the password information. Can be executed. The storage means of the image processing apparatus stores registration data for executing a predetermined image processing function as image processing based on the image data. Registered data includes, for example, instruction data for linking functions in the image processing apparatus and storage area information for defining a storage area dedicated to the user (for example, a so-called confidential box). In order to register and use the registration data, authentication may be required, and the user name information and password information of the user are input by the input means. These user name information and personal identification information are output to the external authentication device in order to authenticate the validity of the user by the authentication processing means. At the same time, an authentication result is input from the external authentication device to the authentication processing means. Here, when the registration data is stored in the storage unit, it is executed when an authentication result indicating that the user is a valid user is input to the authentication processing unit. In this case, the registration means registers a table in which user name information and user identification information are associated with each other. The user identification information registered by the registration means is set to registration data corresponding to the registration by the setting means. Thus, the registration data registered in the image processing apparatus can be identified by the user identification information associated with the table without using the user name information. Therefore, it is possible to use information that can be easily handled in the image processing apparatus without being restricted by external regulations such as the specifications of the external authentication apparatus, and increase the degree of freedom of the configuration and handling of the image processing apparatus. can do.

  The storage means for storing the table preferably uses a nonvolatile memory. Although the table associates user name information with user identification information, registration data often wants to be handled continuously by the user. Therefore, by using a nonvolatile memory, a table can be secured even when the power is shut off.

  In the above, the use of a table in which user name information and user identification information are associated with each other is defined, but the present invention is not limited to this. Specifically, image processing based on image data can be executed when the user is authenticated as a valid user by an external authentication device that authenticates the validity of the user based on the user name information indicating the user name and the password information. In an image processing apparatus, storage means for storing registration data for executing a predetermined image processing function as image processing based on image data, and input for inputting user name information and password information of the user And an authentication processing means for outputting the user name information and the password information to an external authentication device in order to externally authenticate the validity of the user, and an authentication result input from the external authentication device; When storing the registration data in the storage means, when an authentication result indicating that the user is a valid user is input to the authentication processing means, the user name information is predetermined in one direction. Conversion means for converting the identification information depending on the number, characterized by comprising a setting means for setting a specific information converted by said converting means to the relevant registration data.

  Here, the conversion means converts the user name information into specific information by a predetermined one-way function. The specific information converted by the conversion means is set in the corresponding registration data by the setting means. Accordingly, the registration data registered in the image processing apparatus can be identified by the specific information obtained by converting the user name information without using the user name information and without using the table. Therefore, it is possible to use the minimum necessary information and information that can be easily handled in the image processing apparatus without being bound by external regulations based on the specifications of the external authentication apparatus or the like, and without using a table. The degree of freedom of the configuration and handling of the image processing apparatus can be increased.

  The image processing apparatus may further include a deletion unit that deletes registration data corresponding to the user name information output to the external authentication apparatus based on an authentication result input from the external authentication apparatus.

  The registration data needs to be continuously stored or deleted after the necessity / unnecessity determination is separately made. Therefore, the registration data is deleted based on the authentication result input from the external authentication device. In this case, it is preferable to receive data permitting deletion of the registration data as an authentication result input from the external authentication device. In other words, since the external authentication device is a device that authenticates the validity of the user, there is a possibility that the registration data corresponding to the corresponding user name information is not valid when the validity is not authenticated. is there. For example, data that permits deletion of registered data includes information indicating that authentication itself has not been performed in the past, and user name information that has been previously known to be invalid. As a result, it is possible to continue storing only valid registration data.

  However, even a legitimate user may be deleted if an authentication result indicating that it is not legitimate is obtained due to an incorrect input. Therefore, the deletion unit outputs at least the user name information to the external authentication device by the authentication processing unit, and when an authentication result indicating that the corresponding user does not exist is input from the external authentication device. The registration data corresponding to the user name information output to the external authentication device is deleted.

  In this way, when an authentication result indicating that the corresponding user does not exist is input from the external authentication device, the user itself does not exist on the data, and the registered data owned (associated) by the user is High accuracy that is unnecessary. Thereby, the registration data to be deleted can be automatically deleted.

  In some cases, the external authentication device actively requests deletion. In this case, when the deletion notification of the user name information is input as an authentication result from the external authentication device to the authentication processing unit, the deletion unit deletes the registration data corresponding to the user name information. You can do it.

  When the user name information deletion notification is received from the external authentication device in this way, it is necessary to delete the information related to the user name information. By deleting the related registration information, the registration data to be deleted It can be deleted automatically.

  In addition, when deleting registration data, it is preferable to inquire a user or to provide a grace period. Therefore, specifically, the deletion unit is predetermined as a granting unit that adds attribute information indicating a deletion candidate to the registration data corresponding to the user name information, and a condition that defines the deletion of the registration data. Deletion executing means for deleting registered data to which the attribute information is assigned based on a deletion condition.

  In this way, registration data with attribute information representing deletion candidates is deleted according to a predetermined deletion condition. By setting a period setting, input setting, device status, etc. in the deletion condition, the user can It is possible to make inquiries and set a grace period.

  In this case, it is preferable that a deletion condition is set such that a storage capacity that can be stored in the storage unit is equal to or less than a predetermined value.

  That is, since the storage means has a finite amount of storage capacity, it is desirable to delete unnecessary registration data quickly. Therefore, when a storage capacity that is less than or equal to a predetermined value becomes available, it is possible to easily secure a capacity sufficient to additionally register registration data by executing deletion.

  In the authentication, there are cases where an unauthorized inquiry by a third party occurs. Therefore, the authentication processing means, the measurement means for measuring the number of authentication errors in the authentication result input from the external authentication device, and when the measurement count of the measurement means exceeds a predetermined measurement count, Prohibiting means for prohibiting access to the registered data.

  As a result, when an authentication error exceeding a predetermined number of times of measurement occurs, access to the registered data is prohibited, so that unauthorized access to the registered data by a third party can be prevented.

  In this case, it is preferable that the access prohibition is canceled by powering off the image processing apparatus. This is to cope with an erroneous input of the user himself.

  In order to provide an image processing apparatus capable of increasing the degree of freedom on the apparatus side regarding the function management of the operation of the image processing apparatus, it can be achieved by the following function management method. Specifically, image processing based on image data can be executed when the user is authenticated as a valid user by an external authentication device that authenticates the validity of the user based on the user name information and the password information representing the user name. A function management method for an image processing apparatus that manages functions related to the operation of the image processing apparatus, and includes a storage unit that stores registration data for executing a predetermined image processing function as image processing based on image data The user name information and the password information of the user are input, and the user name information and the password information are output to an external authentication device in order to externally authenticate the user, and the external authentication device When the authentication result indicating that the user is a valid user is input, the user name information is determined in advance. Register the table associating the user identification information, it sets the user identification information the registration in the corresponding registration data.

  The following function management method is also effective. Specifically, image processing based on image data can be executed when the user is authenticated as a valid user by an external authentication device that authenticates the validity of the user based on the user name information and the password information representing the user name. A function management method for an image processing apparatus that manages functions related to the operation of the image processing apparatus, and includes a storage unit that stores registration data for executing a predetermined image processing function as image processing based on image data The user name information and the password information of the user are input, and the user name information and the password information are output to an external authentication device in order to externally authenticate the user, and the external authentication device When the authentication result is input from the user and the registration data is stored in the storage means, the user name information is predetermined when the authentication result indicating that the user is a valid user is input. It was converted to the specific information by a one-way function, to set the specific information mentioned above converted to the corresponding registration data.

  When managing the function of the operation of the image processing apparatus, it is possible to easily provide an image processing apparatus that can increase the degree of freedom on the apparatus side by executing the following function management program on a computer or the like. Specifically, image processing based on image data can be executed when the user is authenticated as a valid user by an external authentication device that authenticates the validity of the user based on the user name information and the password information representing the user name. A function management program for an image processing apparatus for managing functions related to the operation of the image processing apparatus, and storing means for storing registration data for executing a predetermined image processing function as image processing based on the image data The user name information and password information of the user are input, and the user name information and password information are output to an external authentication device in order to externally authenticate the user, and the external When the authentication result is input from the authentication device and the registration data is stored in the storage unit, when the authentication result indicating that the user is a valid user is input, the use To register a table associating the user identification information and the name information, to set the user identification information the registration in the corresponding registration data, characterized in that it comprises a step.

  The following function management program is also effective. Specifically, image processing based on image data can be executed when the user is authenticated as a valid user by an external authentication device that authenticates the validity of the user based on the user name information and the password information representing the user name. A function management program for an image processing apparatus for managing functions related to the operation of the image processing apparatus, and storing means for storing registration data for executing a predetermined image processing function as image processing based on the image data The user name information and password information of the user are input, and the user name information and password information are output to an external authentication device in order to externally authenticate the user, and the external When the authentication result is input from the authentication device and the registration data is stored in the storage unit, when the authentication result indicating that the user is a valid user is input, the use It is converted to the specific information by a predetermined one-way function name information, characterized in that it comprises a step of setting the registration data corresponding to the specific information described above transformation.

  Also, by storing the function management program in the next medium, an image processing apparatus that can increase the degree of freedom on the apparatus side can be easily provided. Specifically, image processing based on image data can be executed when the user is authenticated as a valid user by an external authentication device that authenticates the validity of the user based on the user name information and the password information representing the user name. A program storage medium that stores a function management program of an image processing apparatus that manages functions relating to the operation of the image processing apparatus, and stores registration data for executing a predetermined image processing function as image processing based on the image data And storing the user name information and personal identification information of the user in advance, and inputting the user name information and personal identification information to an external authentication device in order to authenticate the validity of the user externally. An authentication result indicating that the user is a valid user when outputting the authentication result from the external authentication device and storing the registration data in the storage means A step of registering a table in which the user name information and the user identification information are associated with each other, and setting the registered user identification information in corresponding registration data when input. .

  The following media are also effective. Specifically, image processing based on image data can be executed when the user is authenticated as a valid user by an external authentication device that authenticates the validity of the user based on the user name information and the password information representing the user name. A program storage medium that stores a function management program of an image processing apparatus that manages functions relating to the operation of the image processing apparatus, and stores registration data for executing a predetermined image processing function as image processing based on the image data And storing the user name information and personal identification information of the user in advance, and inputting the user name information and personal identification information to an external authentication device in order to authenticate the validity of the user externally. An authentication result indicating that the user is a valid user when outputting the authentication result from the external authentication device and storing the registration data in the storage means An image processing apparatus comprising: a step of converting the user name information into specific information by a predetermined one-way function when set, and setting the converted specific information in corresponding registration data A program storage medium storing the function management program.

  As described above, according to the present invention, the registration data registered in the image processing apparatus can be set so as to be identifiable by the user identification information corresponding to the user name information. Without being restricted by external regulations, it is possible to use information that can be handled easily in the image processing apparatus, and easily provide an image processing apparatus that can increase the degree of freedom of configuration and handling of the image processing apparatus The effect that it is possible can be acquired.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 shows a schematic configuration of an image forming apparatus 10 having various functions including a copying function according to an embodiment of the present invention. This image forming apparatus 10 is formed by connecting a print output device (printer) 12 and an image reading device (scanner) 14. Note that an image processing apparatus 16 that handles image data is provided inside the print output apparatus 12 of the present embodiment. The image forming apparatus 10 further includes an input device 26 for inputting instructions and a display device 28 for displaying various information.

  As shown in FIG. 2, the image forming apparatus 10 includes an image processing device 16 to which a print output device 12, an image reading device 14, a transport device 34, and a fax device 36 are connected. The basic configuration of the image processing device 16 includes a control unit having a computer configuration that allows the CPU 20, ROM 22, and RAM 24 to exchange commands and data with each other via the input / output interface 25, an input device 26 connected to the input / output interface 25, It comprises a display device 28, a table memory 30, a communication interface 31, and an HDD (hard disk drive) 32.

  The communication interface 31 exchanges data with the authentication server 38 via a communication line such as a network. The communication interface 31 mainly includes an external authentication user name (user name information) and password (password information) whose details will be described later, and The authentication result is exchanged. The HDD 32 also includes instructions describing processing for handling image data using various functions of devices (such as the print output device 12, the image reading device 14, and the fax device 36) that are components provided in the image forming apparatus 10. Stores registration data which is document data or image data itself.

  The authentication server 38 is a computer-structured device including an HDD (hard disk device) 39 that stores an external authentication user name (user name information) and a password (password information) registered in advance. A user who owns or uses an external authentication user name (user name information) and password (password information) input from another apparatus such as the image forming apparatus 10 is authenticated as a valid user. At the same time, the authentication result is output.

  Note that the communication performed between the image processing device 16 and the authentication server 38 is preferably performed using a predetermined encryption algorithm in order to increase confidentiality. This encryption can be realized by a generally known method such as a common key method.

  In the following description, a user who uses the image forming apparatus 10 is referred to as a user.

  The input / output interface 25 of the image processing apparatus 16 includes, as components of the image forming apparatus 10, an image reading apparatus 14 and a conveyance apparatus 34 that conveys a sheet-like recording medium (for example, a sheet) such as a document when the image reading apparatus 14 reads the image. A fax machine 36 for transmitting / receiving electronic image data via a communication line is connected. In addition to these configurations, components such as an optional mechanism for realizing the double-sided printing function and an additional memory for expanding the storage capacity of the RAM 24 can be added.

  The image reading device 14 outputs digital image data (hereinafter referred to as “image data”) generated by reading an image recorded on a document. The print output device 12 is a printing mechanism that forms an image on recording paper (not shown). As a result, the image reading device 14 outputs the generated image data to the image processing device 16, and the print output device 12 performs print processing based on the image data from the image processing device 16. Accordingly, the image forming apparatus 10 can form and output an image corresponding to the image data generated by the image reading apparatus 14 on a recording sheet. In addition, as such an image forming apparatus 10, a conventionally well-known general structure can be applied, and detailed description is abbreviate | omitted in this Embodiment.

  The ROM 22 of the image processing device 16 stores at least a function program for executing a print function by the print output device 12 and a management program for managing the function program. Various types of image processing can be performed by executing the program recorded in the ROM 22. The table memory 30 stores information related to the components of the hardware resources of the image forming apparatus 10 and various tables used when operating the function program, various settings, and various data indicating the usage state of the image forming apparatus 10. The In the present embodiment, the table memory 30 stores an internal user list in which a user name used for authentication is associated with an identification ID for uniquely identifying the user name (details will be described later). The table memory 30 is a non-volatile memory that retains data even when the power is turned off. Further, the table memory 30 may be stored in the HDD 32 without being provided.

  The input device 26 is a device composed of various keys, and the display device 28 is configured to function as a control panel having an input and display unit (display). Thus, in the image forming apparatus 10, various processing settings can be performed by performing input display using the user interface (GUI) of the display device 28 and key operations using the input device 26.

  FIG. 3 shows a functional block diagram of the image processing apparatus 16 that uses the hardware resources of FIG. 2 and operates using software resources such as a function program. The image processing device 16 includes a control unit 40 that controls the print output device 12, the image reading device 14, the transport device 34, and the fax device 36 in order to execute basic functions. In the present embodiment, the image processing device 16 includes a communication unit 44 in order to exchange data and commands for authentication between the image processing device 16 and the authentication server 38. The communication unit 44 inputs data for authentication (external authentication user name (user name information) and password (password information)) using the input device 26 or the display device 28, or requests registration of registration data. The input unit 42 is connected.

  When a user requests registration of registration data, the communication unit 44 requests external authentication from the authentication server 38 and receives an authentication result indicating that the user is a valid user. The registration unit 48 stores the user name of the user in the internal user list. Output data to register. The registration unit 48 registers the user's external authentication user name in the internal user list, assigns a unique identification ID to the external authentication user name, and stores it in the user list storage unit 50. Thereafter, the registration data in which the identification ID is set is stored in the registration data storage unit 60 in the setting unit 58.

  FIG. 4 shows the data transition state. The internal user list 61 includes a correspondence relationship between the identification ID 62 and the external authentication user name 64. The user's external authentication user name 64 is registered in the internal user list 61 and a unique identification ID 62 is assigned to the external authentication user name. This identification ID 62 is set in the registration data 66. For example, in the example of FIG. 4, the instruction sheet data is registration data 68 owned by the user whose identification ID 62 is “001”, and the confidential box is registration data 69 owned by the user whose identification ID 62 is “002”.

  In addition, when a legitimate user registers data in the image processing apparatus 16, the registration unit 48 and the user list storage unit 50 are not limited to functioning. That is, as shown in FIG. 3, when the communication unit 44 requests the authentication server 38 to perform external authentication and receives an authentication result indicating that the user is a valid user, the communication unit 44 sets the user name of the user to a hash function or the like. Data is output so that the data converted by the direction function is set as registered data. The conversion unit 46 outputs one-way data (hash function value) obtained by converting the input external authentication user name by a one-way function such as a hash function to the setting unit 58. The setting unit 58 stores the registration data in which the one-way data (hash function value) is set in the registration data storage unit 60 in the setting unit 58.

  FIG. 5 shows the data transition state. The user's external authentication user name 70 here is converted into one-way data 72. The one-way data 72 is set in the registration data 74. For example, in the example of FIG. 5, registration data 74 owned by a user whose one-way data 72 is set as the owner of instruction data is shown. That is, in this example, the user list storage unit 50 does not need to function.

  Here, the internal user list stored in the user list storage unit 50 and the registration data stored in the registration data storage unit 60 need to be deleted when the user no longer exists. Therefore, as shown in FIG. 3, when there is a deletion request from the communication unit 44 or the authentication result indicates that there is no user, the deletion unit 52 includes the internal user list stored in the user list storage unit 50. And the corresponding registration data stored in the registration data storage unit 60 are deleted. In this case, a deletion mark can be assigned by the assigning unit 54 and deleted according to the deletion condition.

  Further, when the authentication error in the authentication server 38 exceeds a predetermined number of times (for example, three times), the prohibition unit 56 can prohibit access to the registration data stored in the registration data storage unit 60.

  The registration data storage unit 60 corresponds to the storage unit of the present invention, and the input unit 42 corresponds to the input unit. The communication unit 44 corresponds to a function unit that exchanges information with the authentication processing unit of the present invention, the registration unit 48 corresponds to a registration unit, and the setting unit 58 corresponds to a setting unit.

  The conversion unit 46 corresponds to the conversion unit of the present invention, and the function of setting the one-way data 72 in the registration data 74 by the setting unit 58 corresponds to a part of the function of the setting unit.

  Further, the deletion unit 52 corresponds to the deletion unit of the present invention. The assigning unit 54 corresponds to the assigning unit of the present invention, and the function of deleting the registration data to which the deletion mark is assigned according to the delete condition in the deleting unit 52 corresponds to the delete executing unit of the present invention.

  Furthermore, the prohibition unit 56 has a function of detecting that an authentication error has exceeded a predetermined number of times (for example, three times) in the authentication result in the authentication server 38, corresponding to the measuring means of the present invention, and accessing stored registration data. The function for prohibiting corresponds to the prohibiting means of the present invention.

[Action]
Next, an outline of the processing of the image forming apparatus 10 of the present embodiment will be described. Here, an outline of processing for registering registration data in the image forming apparatus 10 will be described as a main flow. Note that a user who wants to have registration data in the image forming apparatus 10 has already registered the external authentication user name 64 and password in the authentication server 38 in advance in order to enable external authentication by another method not shown. Suppose that

(Use / Registration)
FIG. 6 shows the flow of processing from when the image forming apparatus 10 is turned on. When the image forming apparatus 10 is powered on, the process proceeds to step 100, and a startup process is performed. In this activation process, a process of initializing each of the hardware resource components of the image forming apparatus 10 and a process of enabling the function of the software resource are performed. In this activation process, the number k of authentication errors used for prohibiting access due to an authentication error described later is reset (k = 0). In addition, when there is registration data in an access prohibited state, it is canceled in this step.

  When the activation process ends, it is determined in next step 102 whether to use the registration data (use process) or register (register process). This determination can be made based on whether or not an input instruction has been given by the user through the display device 28 or the input device 26. If the result in Step 102 is negative, the process proceeds to Step 104 where the normal operation of the image forming apparatus 10 is performed and the use / registration process execution determination (Step 102) and normal are performed until the power is turned off (Yes in Step 138). The operation (step 104) is repeatedly executed.

  If the result in step 102 is affirmative, the routine proceeds to step 106, where data input processing for use of registration data or authentication for registration is executed. This process is a process for prompting the display device 28 to input the external authentication user name 64 (and password) and waiting for the input data. When data for authentication is input, external authentication processing is executed in the next step 108. This process is a process of transmitting the external authentication user name 64 (and password) to the authentication server 38 and requesting the user to authenticate the validity of the user. Next, the authentication result from the authentication server 38 is received, and it is determined in step 110 whether or not the user is authenticated as a valid user.

  Note that the processing in step 106 corresponds to a part of the function of the input unit 42 in FIG. 3 and also corresponds to a part of the function of the input means of the present invention. Moreover, the process of the said step 108 respond | corresponds to a part of function of the communication part 44 of FIG. 3, and also corresponds to a part of function of the authentication process means of this invention.

  When an authentication result indicating that the user is a valid user is obtained (Yes in Step 110), in Step 112, based on the input values of the input device 26 and the display device 28, it is determined whether the process to be performed is a use process or a registration process. If the determination in step 112 is affirmative, the internal user list 61 is acquired in step 120, then the registration process is executed in step 122, and the process proceeds to step 138.

  In the registration process in step 122, the following steps 124, 126, and 128 are executed in order. In step 124, the user is prompted to specify selection of data desired to be registered, input of additional instructions, change or update of existing data, and the input value is obtained. In the next step 126, the external authentication user name 64, that is, the user name used for authentication in the authentication server 38 is recorded in the internal user list 61 and the identification ID 62 is assigned. The identification ID 62 is assigned by a serial number or a symbol arrangement according to a certain rule. If the user has already been registered in the user list, step 126 is unnecessary, and the process skips to step 128. In the next step 128, the registration data 66 is completed by setting the identification ID 62 recorded (assigned) in step 126 to the registration data designated in step 124 as data representing the owner of the data.

  As described above, when using external authentication for a user, when the user establishes or registers a resource in which the user of the confidential box or the instruction is the owner, the external authentication user name is stored in the internal user list 61. 64 is registered and an identification ID 62 is assigned (FIG. 4). The user's identification ID 62 is set in the confidential box and the instruction sheet data. Note that if the user does not register registration data inside the device, the user name is not registered inside the device.

  Note that the processing of step 126 corresponds to a part of the function of the registration unit 48 in FIG. 3 and also corresponds to a part of the function of the registration means of the present invention. The processing in step 128 corresponds to a part of the function of the setting unit 58 in FIG. 3 and also corresponds to a part of the function of the setting means of the present invention.

  On the other hand, if the result in step 112 is negative, the registration data is used, so after the internal user list 61 is acquired in step 114, the registered data 66 that has been registered is displayed in step 116 and the user's selection instruction is waited for. To do. When the registration data 66 is selected by the user, image processing that handles image data based on the registration data selected in step 118 is executed.

  Note that the processing of steps 106, 108, and 110 may be performed only during data registration processing. In this case, it is preferable to cope with whether or not authentication is required when using the registered data in advance by setting or the like.

  Here, when external authentication is used in the image forming apparatus 10, an unauthorized inquiry by a third party may occur. Therefore, in the present embodiment, the number of authentication errors among the authentication results input from the authentication server 38 is measured, and when the measured number exceeds a predetermined number (for example, three times), access to the registered data is performed. It is prohibited. This function is a part of the function executed by the prohibition unit 56 in FIG.

  That is, when an authentication result indicating that the user is a valid user cannot be obtained (No in Step 110), the process proceeds to Step 130 and the authentication error count k is incremented (k = k + 1). Next, in step 132, it is determined whether or not the number k of authentication errors has exceeded a predetermined number (three times in the present embodiment). If the determination is negative, the process proceeds to step 136 as it is, indicating that an authentication error has occurred. Then, the process proceeds to step 138.

  On the other hand, if the number k of authentication errors exceeds the predetermined number (k> 3) and the result is affirmative in step 132, a setting for prohibiting access to registered data is made in step 134. This access prohibition is applied to the registration data 66 owned by the user of the external authentication user name 64 who performed the external authentication performed in step 108.

  In this way, the number of authentication errors (for example, errors due to password fraud) is counted by external authentication, and if this count value exceeds a predetermined value, it is determined that there has been unauthorized access, and the user's registration data 66 (for example, confidential) Lock access to access to boxes and instructions. This access prohibition state is canceled by rebooting the device. That is, the release process is executed at step 100.

  As a result, when an authentication error exceeding a predetermined number of times of measurement occurs, access to the registered data is prohibited, so that unauthorized access to the registered data by a third party can be prevented.

  Note that the processing of step 130 corresponds to the function of measuring the number of authentication errors by the prohibition unit 56 of FIG. 3, and also corresponds to a part of the function of the measuring means of the present invention. Further, the processing of step 134 corresponds to a part of the function of the prohibition unit 56 of FIG. 3 and also corresponds to a part of the function of the prohibiting means of the present invention.

  As described above, only the user who performs data registration in the image forming apparatus 10 is registered in the internal user list 61 and the owner of the registration data 66 is managed using the identification ID 62, so that it is used by the external authentication server 38. Even when the user name is long (when the data is large), the owner management of the registered data can be performed with a small data size.

  Note that although this processing routine has been described on the assumption that external authentication is used, local authentication processing 140 inside the apparatus may be combined. In the local authentication process 140, a user name and password used in the apparatus are registered in the image forming apparatus 10 in advance, and are used as internal authentication. In this case, data linkage can be easily performed by using the external authentication user name 64 as the user name used in the internal authentication.

(One-way function conversion)
In the above description, the case where the identification ID 62 and the external authentication user name 64 are registered in the internal user list 61 and then the identification ID 62 is set in the registration data 66 has been described. An example in which the internal user list 61 is unnecessary will be described below. Specifically, this can be achieved by omitting step 112 in FIG. 6 and changing the specific processing in step 122 as follows.

  As shown in FIG. 7, the registration process of step 122 here executes steps 142, 144, and 146 in order. Note that the processing when the result in Step 110 is negative is simply described in Step 136 only. When an authentication result indicating that the user is a valid user is obtained (Yes in step 110), in step 142, the user name (external authentication user name 70 in FIG. 5) is subjected to hash conversion using a hash function, and a hash value (in FIG. 5) is obtained. One-way data 72) is obtained. In the next step 144, as in the above step 124, the user is prompted to specify the data selection input, and the input value is obtained. In the next step 146, the hash-converted one-way data 72 (corresponding to the external authentication username 64) is obtained. ) Is set directly in the registration data designated in step 144 as data representing the owner of the data, and the registration data 66 is completed.

  Thus, instead of creating the internal user list 61 inside the image forming apparatus 10, it is possible to convert the user name in the external authentication into a unique number using a hash function. For example, if MD5 hash is used, a user name of 64 bytes can be converted into a unique number of 16 bytes, and the converted number (hash value) of the user is set in the confidential box and instruction data. .

  Accordingly, only the user who performs data registration in the image forming apparatus 10 manages the owner of the registration data 66 using the one-way data 72 obtained by hash-converting the external authentication user name 70, so that it is used by the external authentication server 38. Even when the user name to be registered is long (the data length is long), the owner management of the registered data can be performed with a small data size.

  The processing in step 142 corresponds to a part of the function of the conversion unit 46 in FIG. 3 and also corresponds to a part of the function of the conversion means of the present invention. The processing in step 146 corresponds to a part of the function of the setting unit 58 in FIG. 3 and also corresponds to a part of the function of the setting means of the present invention.

(Internal user list and one-way function conversion)
Using both the internal user list 61 and the one-way data by one-way function conversion is effective. This example will be described below. Specifically, this can be achieved only by changing the specific processing of step 122 in FIG. 6 as follows.

  As shown in FIG. 8, the registration processing in step 122 here executes steps 142, 144, 148, and 149 in order. Note that the processing when the result in Step 110 is negative is simply described in Step 136 only. As in the process of FIG. 7, when an authentication result indicating that the user is a valid user is obtained (Yes in step 110), the hash value (one-way data 72 in FIG. 5) is obtained by hashing the external authentication user name 70. Obtain (step 142). Next, after data designation (step 144), in step 148, the one-way data 72 (the hash value of the external authentication user name 64) is recorded as a user name in the internal user list 61 and an identification ID 62 is assigned. In the next step 149, the identification ID 62 recorded (assigned) in step 148 is set in the registration data designated in step 144 as data representing the owner of the data, and the registration data 66 is completed.

  In this way, the data length can be reduced by registering the one-way data 72 subjected to the hash conversion instead of registering the external authentication user name 70 as it is in the internal user list 61 inside the image forming apparatus 10. .

(Delete registration data)
When external authentication is performed, if the user registration is deleted in the authentication server 38 or the like is not present, authentication as a valid user cannot be obtained, so that the necessity of storing the registration data 66 in the image forming apparatus 10 is reduced. To do. Accordingly, a process for deleting registration data when there is no user at the time of external authentication will be described below. Specifically, the process of FIG. 9 is executed for the process of step 136 of FIG.

  As shown in FIG. 9, in step 150, it is determined whether or not the authentication result of the authentication server 38 is “no corresponding user” indicating the absence of the user. If the result in step 150 is negative, there is a valid user, so the process proceeds to step 152, the same processing as in step 136 is performed, and this routine is terminated.

  On the other hand, if the determination in step 150 is affirmative, the internal user list 61 is read, and it is determined whether or not a user corresponding to the internal user list 61 has been registered. If the result in Step 154 is negative, this routine is terminated as it is. When the result in step 154 is affirmative, first, after deleting the registration data 66 in which the identification ID 62 of the user is set in step 156, the correspondence between the corresponding external authentication user name 64 and identification ID 62 from the internal user list 61 in step 158 Is deleted and this routine is terminated.

  As described above, when an error indicating the absence of the user is received from the external authentication server 38 at the time of authentication (this corresponds to the fact that the data related to the user has been deleted in the authentication server 38), or the user from the external authentication server 38 When the deletion notification is received, it is confirmed whether or not the user is registered in the internal user list 61. If registered, the registration data having the identification ID 62 of the user as an owner is deleted. The identification ID 62 may be set as a hash value of the external authentication user name 64 of the user.

  Accordingly, when the user is deleted by the external authentication server 38, when the user is authenticated, an error indicating that the user is absent from the authentication server 38 is detected. The registration data is automatically deleted, so that the data capacity can always be optimized so that the user registration data deleted by the external authentication server 38 does not remain in the image forming apparatus 10.

  Note that the processing in steps 150 to 158 corresponds to part of the function of the deletion unit 52 in FIG. 3 and also corresponds to part of the function of the deletion unit of the present invention.

(Registration data deletion mark attached)
As described above, when deleting the registration data 66, the user may desire to reuse the registration data, or another user may wish to use it. Therefore, the following describes a process of deleting registered data according to a deletion condition instead of immediately deleting registered data when there is no user at the time of external authentication. Specifically, the processing of FIG. 10 and FIG. 11 is executed for the processing of step 136 of FIG.

  As shown in FIG. 10, when the authentication result of the authentication server 38 is negative ("No" in step 150) indicating that there is no user (No in step 150), the same processing as step 136 is performed (step 152). This routine is terminated.

  On the other hand, in the case of the authentication result of “No applicable user” (Yes in Step 150), it is determined whether or not the user corresponding to the internal user list 61 has been registered (Step 154). finish. If the determination is affirmative, the routine proceeds to step 160, where a deletion mark is assigned to the corresponding registered data 66 and the corresponding external authentication user name 64 and identification ID 62 in the internal user list 61, and this routine is terminated.

  Next, actual data deletion processing is performed in the processing routine of FIG. Note that the processing routine of FIG. 11 is executed every predetermined time while the image forming apparatus 10 is in operation.

  As shown in FIG. 11, in step 162, the deletion condition is read. This deletion condition is a condition indicating the timing and state of deleting registered data. When the image forming apparatus 10 is restarted, the timing condition such as a predetermined date and time, and the remaining capacity that can be stored in the HDD 32 are stored. There are apparatus state conditions such as a state in which the battery capacity becomes a predetermined capacity or less. In the present embodiment, apparatus state conditions are adopted.

  In step 164, it is determined whether or not the current time and the current state match the deletion conditions read in step 162. Here, it is determined whether or not the remaining capacity that can be stored in the HDD 32 is equal to or less than a predetermined capacity (for example, 50 kBytes). If the result in Step 164 is negative, this routine is terminated as it is. On the other hand, if the determination is affirmative, in step 166, the registration data to which the deletion mark given in step 160 is given is deleted, and in the next step 168, the external authentication user name 64 given the deletion mark in step 160 is given. The internal user list 61 corresponding to the correspondence of the identification ID 62 is deleted, and this routine is terminated.

  As described above, when a user deletion is detected as an authentication result of the authentication server 38, the registration data of the user is not immediately deleted, but a deletion mark as a deletion candidate is given, and the registration data registration is not available. The deletion process can be delayed so as to be deleted when the area becomes a predetermined value or less. As a result, the registered data is not deleted immediately, but can be deferred to be deleted when the internal capacity decreases.

  Note that the processing in FIG. 10 corresponds to a part of the function of the providing unit 54 in FIG. 3 and also corresponds to a part of the function of the providing means of the present invention. The processing in FIG. 11 corresponds to a part of the function for deleting the registration data to which the deletion mark 52 given in FIG. 3 is given, and a part of the function of the deletion execution means of the present invention. It corresponds also to.

  As described above, in the present embodiment, the external authentication user name 64 is registered in the internal user list only for the user who registers data in the image processing apparatus 16 in detail from the inside of the image forming apparatus 10, and the external authentication user name is registered. Since the registration data owner is managed using the identification ID 62 corresponding to 64, even if the user name used in the external authentication server 38 is long, the registration data owner management can be performed with a small data size. it can.

  In addition, since the hash value obtained by hash-converting the external authentication user name 64 can be used, the owner management of registered data can be performed with a smaller size.

  Further, when a user corresponding to the user of the image forming apparatus 10 is deleted on the external authentication server 38, an error indicating that there is no user from the authentication server is detected when the user is authenticated. Therefore, the registration data of the user corresponding to the user can be automatically deleted in the image forming apparatus 10 so that the deleted registration data of the user does not remain in the image forming apparatus 10.

  Even when a user deletion notification is received from the external authentication server 38, the user registration data corresponding to the user is automatically deleted in the image forming apparatus 10 and deleted in the image forming apparatus 10. It is possible to prevent registered user data from remaining.

  When deleting the registration data, the registration data is not deleted immediately, but is deleted according to the deletion conditions (in this embodiment, when the internal capacity is reduced), so that the registration data can be deleted as necessary. Can be put on hold or deleted.

  In addition, this Embodiment demonstrated above does not limit the structure of this invention. In the present embodiment, the image forming apparatus 10 has been described as an image processing apparatus. However, the image processing apparatus to which the present invention is applied is not limited to this, and can be used for a fee in addition to the basic functions for image processing. The present invention can be applied to an image processing apparatus having an arbitrary configuration having an extended function.

1 is a schematic perspective view of an image forming apparatus according to an embodiment of the present invention. 1 is a schematic configuration diagram of an image forming apparatus. It is a functional block diagram of an image processing apparatus. 6 is a conceptual diagram illustrating a data transition state based on an internal user list in the image forming apparatus. FIG. FIG. 4 is a conceptual diagram illustrating a data transition state when conversion is performed using a one-way function in the image forming apparatus. 4 is a flowchart illustrating a flow of processing from power-on in the image forming apparatus. It is a flowchart which shows the flow of registration including the conversion process of a one-way function. It is a flowchart which shows the flow of registration which combined the internal user list and the one-way function. It is a flowchart which shows the flow of the deletion process of registration data. It is a flowchart which shows the flow of the deletion process which gives a deletion mark to registration data. It is a flowchart which shows the flow of a deletion process of registration data with a deletion mark.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Image forming apparatus 12 ... Print output apparatus 14 ... Image reading apparatus 16 ... Image processing apparatus 20 ... CPU
22 ... ROM
24 ... RAM
25 ... Input / output interface 26 ... Input device 28 ... Display device 30 ... Table memory 32 ... HDD
36 ... Fax machine 38 ... Optional mechanism

Claims (14)

In an image processing apparatus capable of executing image processing based on image data when authenticated as a valid user by an external authentication apparatus that authenticates the validity of the user based on user name information and personal identification information representing the user name ,
Storage means for storing registration data for executing a predetermined image processing function as image processing based on image data;
Input means for inputting user name information and personal identification information of the user;
An authentication processing means for outputting the user name information and the password information to an external authentication device in order to externally authenticate the user, and an authentication result input from the external authentication device;
When storing the registration data in the storage unit, the user name information and the user identification information are associated when an authentication result indicating that the user is a valid user is input to the authentication processing unit. A registration means for registering the table;
Setting means for setting the user identification information registered by the registration means in the corresponding registration data;
An image processing apparatus comprising: In an image processing apparatus capable of executing image processing based on image data when authenticated as a valid user by an external authentication apparatus that authenticates the validity of the user based on user name information and personal identification information representing the user name ,
Storage means for storing registration data for executing a predetermined image processing function as image processing based on image data;
Input means for inputting user name information and personal identification information of the user;
An authentication processing means for outputting the user name information and the password information to an external authentication device in order to externally authenticate the user, and an authentication result input from the external authentication device;
When storing the registration data in the storage means, when an authentication result indicating that the user is a valid user is input to the authentication processing means, the user name information is specified by a predetermined one-way function. Conversion means for converting to
Setting means for setting the specific information converted by the conversion means in corresponding registration data;
An image processing apparatus comprising:   2. The apparatus according to claim 1, further comprising a deletion unit that deletes registration data corresponding to the user name information output to the external authentication device based on an authentication result input from the external authentication device. 2. The image processing apparatus according to 2.   The deletion unit outputs at least the user name information to the external authentication device by the authentication processing unit, and when an authentication result indicating that the corresponding user does not exist is input from the external authentication device, 4. The image processing apparatus according to claim 3, wherein registration data corresponding to the user name information output to the external authentication apparatus is deleted.   The deletion unit is configured to delete registration data corresponding to the user name information when a deletion notification of the user name information is input as an authentication result from the external authentication device to the authentication processing unit. The image processing apparatus according to claim 3. The deleting means is
An assigning means for assigning attribute information representing deletion candidates to registration data corresponding to the user name information;
5. A deletion execution means for deleting registration data to which the attribute information is assigned based on a predetermined deletion condition as a condition for specifying that the registration data is deleted. 5. The image processing apparatus according to 5.   The image processing apparatus according to claim 6, wherein the deletion condition is a condition representing a state in which a storage capacity that can be stored in the storage unit is equal to or less than a predetermined value. The authentication processing means includes
Measuring means for measuring the number of authentication errors among the authentication results input from the external authentication device;
Prohibiting means for prohibiting access to the registered data when the number of times of measurement of the measuring means exceeds a predetermined number of times of measurement;
The image processing apparatus according to claim 1, further comprising: An image processing apparatus capable of executing image processing based on image data when the user is authenticated as an authorized user by an external authentication apparatus that authenticates the validity of the user based on the user name information and the password information representing the user name. A function management method for an image processing apparatus that manages functions related to operation,
A storage means for storing registration data for executing a predetermined image processing function as image processing based on image data is provided,
Enter the user name information and password information of the user,
In order to externally authenticate the user's validity, the user name information and the password information are output to an external authentication device, and an authentication result is input from the external authentication device,
When storing the registration data in the storage unit, when an authentication result indicating that the user is a valid user is input, a table in which the user name information and the user identification information are associated with each other is registered,
Setting the registered user identification information in the corresponding registration data;
A function management method for an image processing apparatus. An image processing apparatus capable of executing image processing based on image data when the user is authenticated as an authorized user by an external authentication apparatus that authenticates the validity of the user based on the user name information and the password information representing the user name. A function management method for an image processing apparatus that manages functions related to operation,
A storage means for storing registration data for executing a predetermined image processing function as image processing based on image data is provided,
Enter the user name information and password information of the user,
In order to externally authenticate the user's validity, the user name information and the password information are output to an external authentication device, and an authentication result is input from the external authentication device,
When storing the registration data in the storage means, when an authentication result indicating that the user is a valid user is input, the user name information is converted into specific information by a predetermined one-way function,
Set the converted specific information in the corresponding registration data,
A function management method for an image processing apparatus. An image processing apparatus capable of executing image processing based on image data when the user is authenticated as an authorized user by an external authentication apparatus that authenticates the validity of the user based on the user name information and the password information representing the user name. A function management program for an image processing apparatus that manages functions related to operation,
Storage means for storing registration data for executing a predetermined image processing function as image processing based on image data is provided in advance.
The user name information and password information of the user are input,
In order to externally authenticate the user's legitimacy, the user name information and password information are output to an external authentication device, and an authentication result is input from the external authentication device,
When storing the registration data in the storage unit, when an authentication result indicating that the user is a valid user is input, a table in which the user name information and the user identification information are associated with each other is registered,
The registered user identification information is set in the corresponding registration data.
A function management program for an image processing apparatus, comprising a process. An image processing apparatus capable of executing image processing based on image data when the user is authenticated as an authorized user by an external authentication apparatus that authenticates the validity of the user based on the user name information and the password information representing the user name. A function management program for an image processing apparatus that manages functions related to operation,
Storage means for storing registration data for executing a predetermined image processing function as image processing based on image data is provided in advance.
The user name information and password information of the user are input,
In order to externally authenticate the user's legitimacy, the user name information and password information are output to an external authentication device, and an authentication result is input from the external authentication device,
When storing the registration data in the storage means, when an authentication result indicating that it is a valid user is input, the user name information is converted into specific information by a predetermined one-way function,
The converted specific information is set in the corresponding registration data.
A function management program for an image processing apparatus, comprising a process. An image processing apparatus capable of executing image processing based on image data when the user is authenticated as an authorized user by an external authentication apparatus that authenticates the validity of the user based on the user name information and the password information representing the user name. A program storage medium storing a function management program of an image processing apparatus that manages functions related to operations,
Storage means for storing registration data for executing a predetermined image processing function as image processing based on image data is provided in advance.
The user name information and password information of the user are input,
In order to externally authenticate the user's legitimacy, the user name information and password information are output to an external authentication device, and an authentication result is input from the external authentication device,
When storing the registration data in the storage unit, when an authentication result indicating that the user is a valid user is input, a table in which the user name information and the user identification information are associated with each other is registered,
The registered user identification information is set in the corresponding registration data.
A program storage medium storing a function management program for an image processing apparatus, comprising a step. An image processing apparatus capable of executing image processing based on image data when the user is authenticated as an authorized user by an external authentication apparatus that authenticates the validity of the user based on the user name information and the password information representing the user name. A program storage medium storing a function management program of an image processing apparatus that manages functions related to operations,
Storage means for storing registration data for executing a predetermined image processing function as image processing based on image data is provided in advance.
The user name information and password information of the user are input,
In order to externally authenticate the user's legitimacy, the user name information and password information are output to an external authentication device, and an authentication result is input from the external authentication device,
When storing the registration data in the storage means, when an authentication result indicating that it is a valid user is input, the user name information is converted into specific information by a predetermined one-way function,
The converted specific information is set in the corresponding registration data.
A program storage medium storing a function management program for an image processing apparatus, comprising a step.

Images