JP2019160165A - Information processing system, processing execution control device, control method and control program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To efficiently manage digitized information. A processing execution control unit on a control device side uniquely identifies a user in a storage device by transmitting to the storage device character string information indicating that data transmission / reception is authorized to / from the storage device. When the storage device is requested to transmit the additional information set attached to the possible user identification information, and the processing execution control unit on the storage device side is valid for authorization to send and receive the data indicated by the character string information. In addition, the additional information is transmitted to the process execution control device, and the process execution setting unit sets the additional information as the process execution value. [Selection diagram] Fig. 1

Description

  The present invention relates to an information processing system, a process execution control device, a control method, and a control program.

  In recent years, there has been a tendency to digitize information, and image processing apparatuses such as printers and facsimiles used for outputting digitized information and scanners used for digitizing documents have become indispensable devices. Such an image processing apparatus is configured as an MFP (Multi Function Peripheral) capable of using services such as a printer, a facsimile, a scanner, and a copier by providing an imaging function, an image forming function, a communication function, and the like. There are many cases.

  There is also known an information processing system that stores digitized information files in a document management server or cloud storage, or distributes them to a specified distribution destination. In such an information processing system, a workflow is configured by combining an input service such as reading a document with a scanner and an information processing service such as distribution by e-mail and storage in a storage. The document management is effectively performed by adding additional information attached to the file for use for a purpose different from the data main body, so-called metadata.

  Further, when a service that needs to access the cloud storage is included in the workflow, user authentication is performed in the cloud storage in order to improve security. Security is improved by issuing an access token to a client device that has been authenticated by the user and restricting access to the cloud storage.

  As a technology related to access between a client device and a cloud storage, a technology that dynamically provides cloud storage according to the content of an access request from the client device is disclosed (for example, see Patent Document 1).

  In Patent Document 1, a file requested by a client device is specified by analyzing metadata included in an access request from the client device. Therefore, Patent Document 1 can only add metadata derived from a client device to a file used in common for each service constituting a workflow.

  Therefore, even if metadata is added, there is a possibility that search and sorting cannot be performed depending on the target condition of the user, and thus document management may not be performed efficiently.

  The present invention has been made to solve such problems, and an object thereof is to efficiently manage digitized information.

  In order to solve the above problems, according to one embodiment of the present invention, data transmission / reception is performed with an information processing apparatus connected via the Internet, and a storage device that stores the received data and a control of execution of a plurality of processes are performed. An information processing system configured to include a process execution control device that includes a storage device-side process execution control unit that controls execution of a process of transmitting and receiving the data via the Internet, and The process execution control device transmits / receives the data to / from the storage device when an authority to transmit / receive the data to / from the storage device is authorized based on an operation of a user of the information processing system. A control device side process execution control unit for controlling, and a process execution setting unit for setting a process execution value for each of the plurality of processes, the control device side The physical execution control unit can uniquely identify the user in the storage device by transmitting to the storage device character string information indicating that transmission / reception of the data to / from the storage device is authorized Requests the storage device to transmit additional information set attached to the user identification information, and the storage device side process execution control unit is authorized to transmit and receive the data indicated by the character string information. In this case, the additional information is transmitted to the process execution control device, and the process execution setting unit sets the additional information as the process execution value.

  According to the present invention, digitized information can be managed efficiently.

The figure which shows the operation | use form of the information processing system which concerns on embodiment of this invention. The block diagram which shows the hardware constitutions of the information processing apparatus which concerns on embodiment of this invention. 1 is a functional block diagram showing a functional configuration of an image processing apparatus according to an embodiment of the present invention. The functional block diagram which shows the function structure of the server which concerns on embodiment of this invention. The block diagram which shows the internal structure of the application part which concerns on embodiment of this invention. The functional block diagram which shows the function structure of the workflow application which concerns on embodiment of this invention. The figure which illustrated GUI displayed when performing the workflow concerning an embodiment of the present invention. The figure which illustrated GUI displayed when performing the workflow concerning an embodiment of the present invention. The figure which shows the internal structure of the token memory | storage part which concerns on embodiment of this invention. The functional block diagram which shows the function structure of the cloud storage application which concerns on embodiment of this invention. The functional block diagram which shows the function structure of the cloud storage which concerns on embodiment of this invention. The figure which illustrated the profile information of the user of the cloud storage concerning the embodiment of the present invention. The functional block diagram which shows the function structure of the cloud service which concerns on embodiment of this invention. The sequence diagram which shows the flow of the process which issues the token of the cloud storage which concerns on embodiment of this invention. The sequence diagram which shows the flow of the process which produces the workflow which concerns on embodiment of this invention. The sequence diagram which shows the flow of the process which performs the workflow which concerns on embodiment of this invention. The sequence diagram which shows the flow of the process which acquires the profile information of the user of the cloud storage which concerns on embodiment of this invention. The figure which illustrated the setting screen of the flow information concerning the embodiment of the present invention. The figure which illustrated the setting screen of the flow information concerning the embodiment of the present invention. The figure which shows the flow of the process which reissues the token of a cloud storage which concerns on embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the present embodiment, an image processing apparatus such as an MFP (Multi Function Peripheral) that performs scanner, print, mail delivery, or a printer, an information processing apparatus including computer resources provided by cloud computing, and the like. The system 1 will be described.

  FIG. 1 is a diagram illustrating an operation mode of the information processing system 1 according to the present embodiment. As illustrated in FIG. 1, the information processing system 1 is configured by connecting an image processing device 2, a workflow server 3, and a cloud 4 via a network 7. Note that the image processing apparatus 2 may be configured so as to include more than the number shown in FIG.

  Further, when the function realized by the workflow application 360 installed in the workflow server 3 can be executed in the image processing apparatus 2, the system configuration may not include the workflow server 3. In the present embodiment, a device that executes a function realized by the workflow application 360 functions as a process execution control device.

  The image processing apparatus 2 is an MFP that can be used as a printer, a facsimile, a scanner, or a copier by providing an imaging function, an image forming function, a communication function, and the like.

  Further, the image processing apparatus 2 has a function as a color printer or a monochrome printer that generates CMYK or monochrome drawing information based on the image information and executes image formation output based on the generated drawing information.

  Furthermore, the image processing apparatus 2 is equipped with software for generating document data based on the image read by the scanner. The image processing apparatus 2 transmits / receives data to / from other image processing apparatuses 2, the workflow server 3, and the cloud 4 via the network 7.

  The workflow server 3 is, for example, a processing execution device that distributes and stores digitized documents by processing an image read by scanning in the image processing device 2 in accordance with a workflow registered in advance.

  The workflow server 3 is installed with a workflow application 360 that is an application for managing and controlling the workflow. Then, the workflow server 3 controls the execution of each service that constructs the workflow based on the instruction information that instructs the execution of the workflow.

  The instruction information for instructing the execution of the workflow is input to the workflow server 3 via the display panel 104 of the image processing apparatus 2 connected via the network 7 or the keyboard or display connected to the workflow server 3.

  In the present embodiment, a case where the workflow application 360 is installed in the workflow server 3 will be described as an example. However, the workflow application 360 may be installed in the image processing apparatus 2.

  Further, the workflow application 360 may be installed in the workflow server 3 without a user interface, and the function of the workflow application 360 may be used via a browser application installed in the image processing apparatus 2.

  The cloud 4 provides computer resources via a network 7 such as the Internet. The cloud 4 according to the present embodiment includes cloud storages 5A and 5B that store data via the network 7, and a cloud service 6 such as a software package and an application execution platform via the network 7. In the following description, when it is not necessary to distinguish the cloud storages 5A and 5B, they are described as “cloud storage 5”.

  With such a configuration, the information processing system 1 according to the present embodiment executes a workflow that combines services such as mail distribution of images scanned by the image processing apparatus 2 and accumulation in the cloud storage 5.

  Next, a hardware configuration of an information processing apparatus such as the image processing apparatus 2 according to the present embodiment will be described with reference to FIG. FIG. 2 is a block diagram showing a hardware configuration of the image processing apparatus 2 according to the present embodiment.

  The image processing apparatus 2 according to the present embodiment has the same configuration as an information processing apparatus such as a general PC (Personal Computer), workflow server 3, and hardware that implements the cloud 4. That is, the image processing apparatus 2 according to this embodiment includes a CPU (Central Processing Unit) 10, a RAM (Random Access Memory) 20, a ROM (Read Only Memory) 30, a storage medium 40 such as an HDD (Hard Disk Drive), and the like. / F50 is connected via the bus 90.

  In addition to the above-described configuration, the image processing apparatus 2 includes an engine 80 for realizing a scanner, a printer, and the like, a display unit such as an LCD (Liquid Crystal Display) 60, a keyboard, and the like via the I / F 50. An operation unit 70 is connected.

  The CPU 10 is a calculation means and controls the operation of the entire image processing apparatus 2. The RAM 20 is a volatile storage medium capable of reading and writing information at high speed, and is used as a work area when the CPU 10 processes information. The ROM 30 is a read-only nonvolatile storage medium and stores a program such as firmware. The storage medium 40 is a non-volatile storage medium capable of reading and writing information such as an HDD, and stores an OS (Operating System), various control programs, application programs (hereinafter, applications), and the like. The I / F 50 connects and controls the bus 90, various hardware such as the LCD 60 and the operation unit 70, the network 7, and the like.

  The LCD 60 is a user interface that allows the user to check the state of the image processing apparatus 2 received via the I / F 50. The operation unit 70 is configured by a keyboard or the like, and is a user interface for the user to input information to the image processing apparatus 2. Note that the LCD 60 and the operation unit 70 may be configured as a touch panel using a resistance film method, a surface acoustic wave method, a capacitance method, or the like as an operation principle method.

  In such a hardware configuration, the CPU 10 performs calculations according to a program stored in the ROM 30 or a program read from the storage medium 40 to the RAM 20, thereby configuring the internal functions of the controller 100 described in FIG. 4. A functional block that realizes the function of the image processing apparatus 2 is configured by a combination of the internal function of the controller 100 configured as described above and hardware.

  In such a hardware configuration, a program stored in a recording medium such as the ROM 30, the storage medium 40, or an optical disk is read into the RAM 20, and the CPU 10 performs calculations according to those programs, so that the workflow server 3 Functions inside the controller 300 are configured. Functional blocks for realizing the functions of the workflow server 3 are configured by a combination of the functions of the controller 300 configured as described above and hardware.

  Furthermore, in such a hardware configuration, a program stored in a recording medium such as the ROM 30, the storage medium 40, or an optical disk is read out to the RAM 20, and the CPU 10 performs calculations according to those programs, so that the cloud storage 5 and The internal functions of the controller 500 and the controller 600 in the cloud service 6 are configured.

  Functional blocks for realizing the functions of the cloud storage 5 and the cloud service 6 are configured by a combination of the functions inside the controller 300 and the controller 600 configured as described above and hardware.

  Next, the functional configuration of the image processing apparatus 2 according to the present embodiment will be described with reference to FIG. FIG. 3 is a block diagram illustrating a functional configuration of the image processing apparatus 2 according to the present embodiment. As illustrated in FIG. 3, the image processing apparatus 2 includes a controller 100, an ADF 101, a scanner unit 102, a paper discharge tray 103, a paper feed table 105, a print engine 106, a paper discharge tray 107, and a network I / F 108.

  The controller 100 includes a main control unit 110, an engine control unit 120, an image processing unit 130, an operation display control unit 140, and an input / output control unit 150. In FIG. 3, the electrical connection is indicated by a solid arrow, and the flow of a document or a document bundle is indicated by a broken arrow.

  The network I / F 108 is an interface for the image processing apparatus 2 to communicate with other devices via the network, and uses an Ethernet (registered trademark) or a USB (Universal Serial Bus) interface. The network I / F 108 can communicate using the TCP / IP protocol, and is realized by the I / F 50 shown in FIG.

  The controller 100 is configured by a combination of software and hardware. Specifically, a program stored in a ROM 30, a nonvolatile memory, and a nonvolatile storage medium 40 such as an optical disk is loaded into a volatile memory (hereinafter referred to as a memory) such as a RAM 20, and the CPU 10 operates according to the program. The controller 100 is configured by a software control unit configured as described above and hardware such as an integrated circuit. The controller 100 functions as a control unit that controls the entire image processing apparatus 2.

  The main control unit 110 plays a role of controlling each unit included in the controller 100, and gives a command to each unit of the controller 100. The engine control unit 120 serves as a driving unit that controls or drives the print engine 106, the scanner unit 102, and the like. The image processing unit 130 generates drawing information based on image information to be printed out under the control of the main control unit 110. The drawing information is information for drawing an image to be formed by the print engine 106 in the image forming operation.

  The image processing unit 130 processes image data input from the scanner unit 102 to generate image data. This image data is information stored in the storage area of the image processing apparatus 2 as a result of the scanner operation and transmitted to another information processing terminal or storage device via the network I / F 108.

  The operation display control unit 140 displays information on the display panel 104 or notifies the main control unit 110 of information input via the display panel 104. The input / output control unit 150 inputs information input via the network I / F 108 to the main control unit 110. The main control unit 110 also controls the input / output control unit 150 to access the network I / F 108 and other devices connected to the network via the network.

  When the image processing apparatus 2 operates as a printer, first, the input / output control unit 150 receives a print job via the network I / F 108. That is, the input / output control unit 150 functions as a print data acquisition unit. The input / output control unit 150 transfers the received print job to the main control unit 110. When receiving the print job, the main control unit 110 controls the image processing unit 130 to generate drawing information based on document information or image information included in the print job.

  When drawing information is generated by the image processing unit 130, the engine control unit 120 controls the print engine 106 to execute image formation on the paper conveyed from the paper feed table 105 based on the generated drawing information. Let That is, the image processing unit 130, the engine control unit 120, and the print engine 106 function as a print output unit.

  As a specific aspect of the print engine 106, an image forming mechanism using an ink jet method, an image forming mechanism using an electrophotographic method, or the like can be used. A document on which image formation has been performed by the print engine 106 is discharged to a discharge tray 107.

  When the image processing apparatus 2 operates as a scanner, the operation display control unit 140 or input / output control is performed according to a user operation on the display panel 104 or a scan execution instruction input from an external apparatus via the network I / F 108. The unit 150 transfers the scan execution signal to the main control unit 110. The main control unit 110 controls the engine control unit 120 based on the received scan execution signal.

  The engine control unit 120 drives the ADF 101 and conveys the document S to be imaged set on the ADF 101 to the scanner unit 102 as described above. Further, the engine control unit 120 drives the scanner unit 102 and images (scans) a document conveyed from the ADF 101.

  If no original is set on the ADF 101 and the original is set directly on the scanner unit 102, the scanner unit 102 images the set original according to the control of the engine control unit 120. That is, the scanner unit 102 operates as an imaging unit, and the engine control unit 120 functions as a reading control unit.

  In the imaging operation, an imaging element such as a CCD included in the scanner unit 102 optically scans the document, and imaging information generated based on the optical information is generated. The engine control unit 120 transfers the imaging information generated by the scanner unit 102 to the image processing unit 130. The image processing unit 130 generates image information based on the imaging information received from the engine control unit 120 according to the control of the main control unit 110.

  Image information generated by the image processing unit 130 is acquired by the main control unit 110, and the main control unit 110 stores the image information in a storage medium attached to the image processing apparatus 2 such as the storage medium 40. That is, the scanner unit 102, the engine control unit 120, and the image processing unit 130 work together to function as an image input unit. The image information generated by the image processing unit 130 is stored as it is in the storage medium 40 or the like according to a user instruction or transmitted to an external device via the input / output control unit 150 and the network I / F 108.

  Further, when the image processing apparatus 2 operates as a copying machine, the image processing unit 130 generates drawing information based on the imaging information received by the engine control unit 120 from the scanner unit 102 or the image information generated by the image processing unit 130. To do. Based on the drawing information, the engine control unit 120 drives the print engine 106 as in the case of the printer operation. In addition, when the information formats of drawing information and imaging information are the same, it is also possible to use imaging information as drawing information as it is.

  Next, the functional configuration of the workflow server 3 according to the present embodiment will be described with reference to FIG. FIG. 3 is a block diagram showing a functional configuration of the workflow server 3 according to the present embodiment. As illustrated in FIG. 3, the workflow server 3 according to the present embodiment includes a controller 300, a user interface device 301, and a network I / F 302. The controller 300 includes an operation control unit 310, a display control unit 320, an application unit 330, a network control unit 340, an authentication information storage unit 350a, and a token storage unit 350b.

  The user interface device 301 is an interface for the user to operate the workflow server 3 such as the LCD 60 and the operation unit 70 shown in FIG. The network I / F 302 is an interface for the workflow server 3 to communicate with other devices via the network, and uses an Ethernet (registered trademark) or a USB (Universal Serial Bus) interface. The network I / F 302 is realized by the I / F 50 shown in FIG.

  The controller 300 is configured by a combination of software and hardware. Specifically, a program stored in a ROM 30, a nonvolatile memory, and a nonvolatile storage medium such as a storage medium 40 or an optical disk is loaded into a volatile memory such as a RAM 20, and the CPU 10 performs an operation according to the program. The software control unit is configured by hardware such as an integrated circuit. The controller 300 is a control unit that controls the entire workflow server 3 and realizes a gist function.

  The operation control unit 310 acquires information input by a user operation on the user interface device 301. The display control unit 320 displays information on the user interface device 301. The network control unit 340 acquires information input via the network I / F 302 and transmits information to other devices via the network I / F 302.

  The application unit 330 is configured by reading an application program stored in a ROM 30, a nonvolatile memory, and a nonvolatile storage medium such as the storage medium 40 or an optical disk into the RAM 20, and the CPU 10 performing calculations according to the program. This is a group of applications that provide functions according to the gist of the present embodiment. Details of the application unit 330 will be described later.

  The authentication information storage unit 350a is a storage unit that stores a user ID and password of a user who has been authenticated as a user of the information processing system 1, and is realized by the storage medium 40 illustrated in FIG. The user ID is user identification information that can uniquely identify a user including a unique character string assigned to each user, and the password is a character string associated with the user ID.

  As illustrated in FIG. 5, the token storage unit 350b is a storage unit that stores the access token and the refresh token of the cloud storage 5A and 5B for each user ID. The access token and the refresh token are issued from the cloud storage 5A and 5B, respectively, corresponding to the authorization code uniquely issued to the authenticated user of the cloud storage 5A and 5B. The authenticated user indicates a user who has been authenticated as a user of the cloud storage 5A, 5B.

  Therefore, the token storage unit 350b stores the access tokens of the cloud storages 5A and 5B for each user. Further, since the access token and the refresh token are character strings corresponding to the authorization code uniquely issued to the user, even if the user is an authenticated user of the information processing system 1, the access token and the refresh of other users・ Tokens cannot be used.

  Next, an internal configuration of the application unit 330 according to the present embodiment will be described with reference to FIG. FIG. 6 is a functional block diagram showing an internal configuration of the application unit 330 according to the present embodiment.

  The application unit 330 includes a workflow application 360, a cloud storage application 370a, and a cloud storage application 370b. Note that the application unit 330 may include an application for using the cloud service 6.

  As shown in FIG. 7, the workflow application 360 includes a user interface unit 361, an authentication processing unit 331, a flow control unit 362, a flow creation unit 363, a service management unit 364, a metadata acquisition plug-in 365, a flow storage unit 366, a service. An information table 367, a service control unit 368, and a network communication unit 369 are included.

  The user interface unit 361 generates and outputs a screen for the display control unit 320 to display on the user interface device 301 and acquires operation information input through the operation control unit 310. The authentication processing unit 331 determines whether or not the user who has made the authentication request is a user of the information processing system 1 based on authentication information such as a user ID and a password stored in the authentication information storage unit 350a. Execute the process.

  The flow control unit 362 controls the execution of the workflow based on the workflow information stored in the flow storage unit 366. At that time, the flow control unit 362 holds a state such as the start and end of the execution of the workflow, the execution of each process included in the workflow, and the stop.

  The flow creation unit 363 operates based on the operation information input from the user interface unit 361, thereby creating a workflow according to the user's operation and storing the workflow in the flow storage unit 366. The service management unit 364 manages various services for configuring the workflow, that is, services provided by the image processing apparatus 2 as information stored in the service information table 367. The flow storage unit 366 stores flow information that is workflow information registered by the user.

  In the present embodiment, the flow information of the workflow D includes services such as “scan to folder”, “scan to webDAV”, “scan to mail”... Note that when the soft key 701 is operated on the workflow selection screen 700 illustrated in FIG. 8, a transition is made to a screen on which services constituting the workflow D are displayed.

  The flow information includes the display name of the folder and file to be distributed and the path on the computer when the services “scan to folder”, “scan to webDAV”, “scan to mail”, etc. are executed. Information to indicate can be included.

  “Scan to folder” is a service that performs processing for distributing a captured image obtained by scanning to a specified folder, or processing for generating a new file folder.

  “Scan to webDAV” is a service that performs processing such as uploading or downloading of a captured image obtained by scanning to a server or the like connected via the network 7.

  “Scan to mail” is a service that performs processing for delivering a captured image obtained by scanning as an e-mail.

  As the flow information, in addition to the information shown in FIG. 9, for each process, for example, information on a process execution setting value for setting a display name, a path, the presence / absence of an XML tag, the presence / absence of a subfolder, etc. Is also included. The flow information is stored in the storage medium 40 in the workflow server 3, and the flow control unit 362 generates display information for the workflow selection screen with reference to the flow information.

  Further, the service management unit 364 sets the user profile information of the cloud storages 5A and 5B acquired by the metadata acquisition plug-in 365 as flow information. The flow information setting mode will be described later.

  The service information table 367 stores information on devices such as the image processing apparatus 2 that can execute the service for each type of service such as “scan”, “print”, and “mail transmission”. The service information stored in the service information table 367 includes “service name” for identifying a service type, “device information” for identifying a device capable of executing each service, and the like.

  That is, the service information included in the service information table 367 includes information indicating services that can be incorporated into a workflow, information for identifying a device such as the image processing apparatus 2 that can execute the services, and each device performs each process. This is information associated with the function to be performed.

  The service control unit 368 controls the execution of each service included in the workflow based on the workflow execution control by the flow control unit 362. The service control unit 368 transmits a service execution command to a device such as the image processing apparatus 2 that is to execute the service via the network control unit 340. The network communication unit 369 transmits and receives information via the network 7.

  As illustrated in FIG. 10, the cloud storage application 370 includes a user interface unit 371, an authentication request unit 372, a token acquisition unit 373, a data acquisition unit 374, and a network communication unit 375.

  The user interface unit 371 generates and outputs a screen for the display control unit 320 to display on the user interface device 301 and acquires operation information input via the operation control unit 310.

  The authentication request unit 372 requests execution of authentication processing as to whether or not the user is a user of the cloud storage 5 based on the operation information input via the operation control unit 310. The token acquisition unit 373 is character string information indicating that a user who is authenticated as a user of the cloud storage 5 is authorized to use which function among the functions realized in the cloud storage 5. A token is acquired from the cloud storage 5.

  The data acquisition unit 374 transmits / receives information requested by the user to / from the cloud storage 5 via the network communication unit 375 based on the operation information input via the operation control unit 310. The network communication unit 375 transmits and receives information via the network 7.

  Next, the functional configuration of the cloud storage 5 will be described with reference to FIG. FIG. 11 is a functional block showing a functional configuration of the cloud storage 5 according to the present embodiment. The cloud storage 5 includes a controller 500 and a network I / F 501.

  The controller 500 includes a network control unit 510, an authentication processing unit 520, an authentication information storage unit 530, an authorization processing unit 540, a token verification unit 550, a token generation unit 560, a process execution control unit 570, and a storage unit 580.

  The controller 500 is configured by a combination of software and hardware. Specifically, a program stored in a ROM 30, a nonvolatile memory, and a nonvolatile storage medium such as a storage medium 40 or an optical disk is loaded into a volatile memory such as a RAM 20, and the CPU 10 performs an operation according to the program. The software control unit is configured by hardware such as an integrated circuit. The controller 500 is a control unit that controls the entire cloud storage 5, and realizes a gist function.

  The network control unit 510 acquires information input via the network I / F 501 and transmits information to other devices via the network I / F 501. The authentication processing unit 520 executes an authentication process for determining whether or not the user who made the authentication request is a user of the cloud storage 5 based on authentication information such as a user ID or password that is a user of the cloud storage 5. .

  The authentication information storage unit 530 stores authentication information such as a user ID and password of a user who is a user of the cloud storage 5. The user ID is a unique character string assigned to each user, and the password is a character string associated with the user ID.

  The authorization processing unit 540 is provided with a user authenticated by the authentication processing unit 520 as a user of the cloud storage 5, that is, an authenticated user by the cloud storage 5 with respect to the device that has transmitted the access request to the cloud storage 5. It is determined which of the functions to be used is authorized for use.

  In addition, the authorization processing unit 540 determines which of the functions provided by the cloud storage 5 is authorized by the authenticated user to the device that has transmitted the access request to the cloud storage 5. To request.

  When the authorization processing unit 540 requests an authorized user to authorize the use authority of which function among the functions provided by the cloud storage 5, the authorization processing unit 540 transmits the access request to the cloud storage 5 to the device. Of the functions provided by the cloud storage 5, an authorization screen is generated for selecting which function usage authority is authorized.

  The authenticated user operates the GUI displayed on the authorization screen to select which function to use is authorized among the functions provided by the cloud storage 5. Then, the authorization processing unit 540 causes the token generation unit 560 to generate a token based on the use authority of the function selected on the authorization screen.

  The token verification unit 550 verifies whether the token received from the device that has transmitted the access request to the cloud storage 5 is a valid token, and transmits the verification result to the authorization processing unit 540. When the validity period of the access token is set to 3600 seconds from the issue, the token verification unit 550 determines whether or not the validity period of the received access token has elapsed.

  If 3600 seconds have elapsed since the received access token was issued, the token verification unit 550 determines that the access token is invalid. On the other hand, if 3600 seconds have not elapsed since the received access token was issued, the token verification unit 550 determines that the access token is valid. Therefore, the token verification unit 550 functions as a character string information determination unit.

  Note that an operation to revoke the authority to use a function provided by the cloud storage 5 may be performed by the authenticated user. The token verification unit 550 determines whether the use authority of the function provided by the cloud storage 5 identified by the token has been revoked.

  The token generation unit 560 is a character string information generation unit that generates an access token, which is identification information indicating which of the functions provided by the cloud storage 5 is authorized by the authenticated user. In addition, when an access token is generated for the first time for a device that has transmitted an access request to the cloud storage 5, the token generation unit 560 generates a refresh token for regenerating the access token.

  Note that the token verification unit 550 causes the token generation unit 560 to regenerate the access token when the validity period of the access token has passed and there is a refresh token.

  The process execution control unit 570 functions as a storage device side process execution control unit that controls the execution of the process of the function provided by the cloud storage 5 authorized by the authenticated user. Specifically, the process execution control unit 570 receives the control information received via the network control unit 510 when the authenticated user is authorized to use image data or user profile information stored in the cloud storage 5. The image data and user profile information stored in the storage unit 580 are transmitted / received according to the above.

  The storage unit 580 includes a profile storage unit 581 that stores profile information such as user profile information of the user of the cloud storage 5, and a storage area that includes a data storage unit 582 that stores image data, document data, and the like. It is.

  FIG. 12 is a diagram illustrating user profile information stored in the profile storage unit 581. As shown in FIG. 12, the user profile information is additional information additionally attached to the user ID, and is “family_name”, “given_name”, “id”, “locale”, “verified_email”, This includes highly confidential information such as personal information of authenticated users.

  It is one of the gist of the present invention to perform document management in such a way that user profile information of an authenticated user of the cloud storage 5 can be used as information for identifying a file commonly used in a workflow. With such a configuration, the cloud storage 5 executes transmission / reception of information with a device operated by the authenticated user.

  Next, the cloud service 6 according to the present embodiment will be described with reference to FIG. FIG. 13 is a functional block diagram showing a functional configuration of the cloud service 6 according to the present embodiment.

  The cloud service 6 includes a controller 600 and a network I / F 601. The controller 600 includes a network control unit 610, a process execution control unit 670, and a module unit 680. The module unit 680 includes a profile acquisition module 681 and other modules 682.

  The controller 600 is configured by a combination of software and hardware. Specifically, a program stored in a ROM 30, a nonvolatile memory, and a nonvolatile storage medium such as a storage medium 40 or an optical disk is loaded into a volatile memory such as a RAM 20, and the CPU 10 performs an operation according to the program. The software control unit is configured by hardware such as an integrated circuit. The controller 600 is a control unit that controls the entire cloud service 6, and realizes the function as a gist.

  The network control unit 610 acquires information input via the network I / F 601 and transmits information to other devices via the network I / F 601. The process execution control unit 670 activates the module 682 stored in the module unit 680 based on the control information input to the cloud service 6 and controls the execution of the module 682.

  The module unit 680 stores software modules for realizing the functions provided by the cloud service 6. The module unit 680 includes a profile acquisition module 681 and a module 682.

  The profile acquisition module 681 is a software module for receiving an access token from a device that has accessed the cloud service 6 and acquiring user profile information from an authorized resource that is an information source authorized by the access token. .

  The module 682 is, for example, a software module for providing services such as document creation and groupware on the cloud service 6, and the module unit 680 may include a plurality of modules 682. With such a configuration, the cloud service 6 transmits and receives information to and from the device operated by the user.

  With the configuration described above, the information processing system 1 according to the present embodiment distributes and accumulates digitized documents according to a workflow registered in advance. Next, a flow of processing for issuing a token in the cloud storage 5 will be described with reference to FIG. FIG. 14 is a sequence diagram showing a flow of processing for issuing a token in the cloud storage 5 according to the present embodiment.

  First, the user operates the display panel 104 or the user interface device 301 to input a user ID and a password. This operation is an authentication request made by the user. The user interface unit 361 acquires the user ID and password input by the user's operation (S101).

  Here, the user ID and password input by the user are a user ID and password for authenticating that the user can use the workflow application 360.

  In addition, the information processing system 1 according to the present embodiment has the same user ID and password for enabling the use of the image processing apparatus 2 or the workflow server 3, and the user ID and password of the user who uses the cloud storage 5, respectively. Consists of a string.

  The user interface unit 361 transfers the received user ID and password to the authentication processing unit 331, and requests user authentication processing (S102). The authentication processing unit 331 determines whether or not the received user ID and password are stored in the authentication information storage unit 350a.

  When the received user ID and password are stored in the authentication information storage unit 350a, the authentication processing unit 331 authenticates that the user identified by the user ID is a user who can use the workflow application 360 (S103). ).

  When the user of the workflow application 360 is authenticated, the user can acquire various data via the image processing apparatus 2 or the workflow server 3 on which the workflow application 360 is installed.

  In the present embodiment, a process when a user who is authenticated as a user of the workflow application 360 acquires data stored in the cloud storage 5 via the workflow application 360 will be described as an example.

  If the user identified by the user ID is authenticated as a user who can use the workflow application 360, the authentication processing unit 331 transmits an access request together with the user ID and password to the cloud storage 5 (S104). The user ID and password in the process of S104 are those acquired by the user interface unit 361 in S101.

  The authentication processing unit 520 authenticates whether or not the user is a user of the cloud storage 5 based on the received user ID and password (S105). When the received user ID and password are stored in the authentication information storage unit 530, the authentication processing unit 520 authenticates that the user identified by the user ID is a user who can use the cloud storage 5.

  If the authentication processing unit 520 authenticates that the user can use the cloud storage 5, an authorization code is issued. The authorization code is transferred to the authorization processing unit 540.

  When the user authentication is performed by the authentication processing unit 520, the authorization processing unit 540 makes an authority authorization request for requesting the authorized user to authorize authority for the authenticated cloud storage 5 (S106).

  The authorization authorization request refers to any information stored in the cloud storage 5 based on the operation of the authenticated user by the authorized user operating the authorization screen displayed on the display panel 104 or the user interface device 301. Is a process for authorizing whether or not to be usable.

  Based on the operation of the authenticated user, the user interface unit 361 transmits information indicating which of the information stored on the cloud storage 5 is authorized to be used to the authorization processing unit 540 (S107). Therefore, which information can be used among the information stored in the cloud storage 5 is authorized based on the operation of the authenticated user. The user interface unit 361 functions as an authority request unit.

  Based on the operation of the authenticated user, the authorization processing unit 540 performs authority authorization as to which information can be used among the information recorded in the cloud storage 5 (S108). Then, the authorization processing unit 540 requests the token generation unit 560 to generate a token based on the authority authorized by the authenticated user (S109).

  The token generation unit 560 generates an access token (S110), and transfers the generated access token to the authorization processing unit 540 (S111). For example, if the authority to use the document data and user profile information stored in the cloud storage 5 is authorized, the token generation unit 560 may store the document data and user stored in the cloud storage 5.・ Generate an access token that enables transmission and reception of profile information.

  Note that when an authorization request for requesting authorization of authority for the cloud storage 5 is made to an authenticated user for the first time, and when generating an access token, the token generator 560 regenerates the access token. Generate a refresh token. The token generation unit 560 transfers the generated refresh token to the authorization processing unit 540.

  The authorization processing unit 540 transmits the transferred access token to the authentication processing unit 520 (S112). The processes from S106 to S112 are token issuing processes. If the refresh token has been generated, the authorization processing unit 540 transmits the refresh token together with the access token to the authentication processing unit 331.

  The authentication processing unit 331 stores the received access token and refresh token in the token storage unit 350b (S113). When the authentication processing unit 331 receives the access token, the user interface unit 361 displays a screen on which the user authentication is completed on the display panel 104 or the user interface device 301 (S114).

  By such processing, it becomes possible to access data and user profile information stored in the cloud storage 5. Next, a flow of processing for creating workflow flow information according to the present embodiment will be described with reference to FIG. FIG. 15 is a sequence diagram showing a flow information generation operation according to this embodiment. In the description of FIG. 15 and FIG.

  When the user operates the display panel 104 or the user interface device 301, operation information is input to the user interface unit 361 of the workflow application 360, and creation of a workflow is started (S201).

  When starting the creation of a workflow based on the notification from the user interface unit 361, the flow creation unit 363 requests the service management unit 364 for a list of services (S201). Upon receiving a request from the flow creation unit 363, the service management unit 364 determines the type of service such as “scan”, “folder”, “webDAV”, “mail”, “print”, and the like described with reference to FIGS. The list is acquired from the service information table 367 (S203) and transferred to the flow creation unit 363 (S204).

  Based on the service list input from the service management unit 364, the flow creation unit 363 generates a workflow creation screen on which services that can be incorporated into the workflow are displayed, and outputs the workflow creation screen to the user interface unit 361 (S205).

  The user interface unit 361 displays a workflow creation screen on the user interface device 301 via the display control unit 320 (S206).

  On the workflow creation screen, selectable service type buttons are displayed, and the user presses each button in the order in which the buttons are to be executed in the workflow. As a result, as shown in FIGS. 8 and 9, information indicating each service is registered in order, and the user interface unit 361 holds information indicating each service in order as flow information.

  When an operation for registering the flow information is performed, the operation information is input to the operation control unit 310, the user interface unit 361 acquires the information, and the stored flow information is stored in the flow creation unit 363. Transmit (S207).

  The flow creation unit 363 that has acquired the flow information from the user interface unit 361 stores the flow information in the flow storage unit 366 (S208). Through such processing, flow information as shown in FIGS. 8 and 9 is stored.

  In such an information processing system 1, the gist according to the present embodiment is in a selection mode when setting details of flow information at the time of workflow execution. Next, a flow of processing for executing a workflow according to the present embodiment will be described with reference to FIG. FIG. 16 is a sequence diagram showing a flow of processing for executing a workflow according to the present embodiment.

  The user interface unit 361 acquires a screen display request for selecting and executing a workflow in accordance with a user operation (S301). When acquiring the screen display request, the user interface unit 361 requests flow information from the flow control unit 362 (S302).

  In response to a request from the user interface, the flow control unit 362 acquires the flow information stored in the flow storage unit 366 (S303), and transfers the acquired flow information to the user interface unit 361 (S304). When the user interface unit 361 acquires the flow information from the flow control unit 362, the user interface 361 generates a flow selection screen for the user to select a flow and input an execution request as shown in FIG. Is displayed on the user interface device 301 (S305).

  When the workflow D is selected and pressed on the screen of FIG. 7, the user interface unit 361 selects the workflow D according to the user's operation, and transmits the result to the flow control unit 362 (S306). As a result, the flow control unit 362 holds information for identifying the selected workflow.

  Furthermore, when the workflow D is selected and pressed on the screen of FIG. 7, the user interface unit 361 requests the service management unit 364 to set service information and flow information in each service (S307).

  The service management unit 364 activates the metadata acquisition plug-in 365 in response to a request from the user interface unit 361, and the user profile information of the user who is the authenticated user of the cloud storage 5 is shown in the sequence diagram of FIG. Obtained according to the processing step (S308). Therefore, the service management unit 364 functions as a control device side process execution control unit.

  FIG. 17 is a sequence diagram showing a flow of processing for acquiring user profile information according to the present embodiment. In response to the request from the user interface unit 361 (S401), the service management unit 364 activates the metadata acquisition plug-in 365 (S402).

  The metadata acquisition plug-in 365 acquires an access token from the token storage unit 350b, and transmits the acquired access token to the profile acquisition module 681 together with an acquisition request for user profile information (S402). The metadata acquisition plug-in 365 acquires the access token from the token storage unit 350b based on the user ID of the authenticated user and which cloud storage 5 is requested to be accessed from the user interface unit 361.

  The profile acquisition module 681 transmits the received user profile acquisition request and access token to the authorization processing unit 540 (S403). The authorization processing unit 540 transfers the received user profile acquisition request and access token to the token verification unit 550 (S404).

  The token verification unit 550 verifies the access token and determines whether or not acquisition of the requested user profile is authorized (S405). Next, the token verification unit 550 notifies the verification processing unit 540 of the verification result (S406). The description will be continued assuming that the requested user profile is authorized to be acquired.

  The authorization processing unit 540 transfers the user profile acquisition request to the process execution control unit 570 based on the verification result that the requested user profile acquisition is authorized (S407).

  The process execution control unit 570 acquires the user profile information stored in the profile storage unit 581 according to the user profile acquisition request, and transmits it to the profile acquisition module 681 (S408).

  Upon receiving the user profile information from the process execution control unit 570, the profile acquisition module 681 transfers the received user profile information to the metadata acquisition plug-in 365 (S409). Then, the metadata acquisition plug-in 365 transfers the received user profile information to the service management unit 364 (S410).

  Returning to FIG. 16, the description will be continued. When receiving the user profile information, the service management unit 364 next acquires the service information from the service information table 367 and transmits it to the user interface unit 361 together with the user profile information (S309).

  The user interface unit 361 displays a flow information setting screen on the user interface device 301 based on the service information acquired from the service management unit 364 (S310). Thereby, the user can select the setting of the flow information for each service included in the workflow.

  Examples of the flow information setting screen displayed on the user interface device 301 in S310 are shown in FIGS. As shown in FIG. 18, in the flow information setting screen 180, in addition to the display name and path of the workflow, processing execution values that are execution conditions of the workflow such as subfolder creation items 181 and 182 for setting the creation of subfolders are displayed. The item to be specified is displayed.

  Further, as shown in FIG. 19, in the flow information setting screen 190 that is a setting screen for setting a process execution value in the lower layer of the flow information setting screen 180, an “XML tag” for managing a document used in the workflow is set. A tag setting item 191 to be set is displayed.

  The user profile information acquired from the cloud storage 5 in FIG. 17 can be used as a process execution value that can be specified in the subfolder creation items 181, 182 and the tag setting item 191, for example.

  For example, when “name” is set in the user profile information shown in FIG. 12 in the tag setting item 191, the file name generated in the distribution destination by the execution of the workflow is not the user ID “KANICREMECROQUETTES”. , “Hans Schmidt” is displayed. Therefore, in the information processing system 1 according to the present embodiment, the user profile information of the cloud storage 5 can be set as workflow metadata.

  When an operation for setting flow information is performed on the flow information setting screens 180 and 190 shown in FIGS. 18 and 19, the user interface unit 361 performs service management according to the operation information input from the operation control unit 310. The set flow information is transmitted to the unit 364 (S311).

  The service management unit 364 sets flow information for each service constituting the workflow and notifies the user interface unit 361 (S312). Therefore, the service management unit 364 functions as a process execution setting unit that sets a process execution value in the subfolder creation items 181 and 182 and the tag setting item 191. Upon receiving a notification from the service management unit 364, the user interface unit 361 displays a start operation screen for performing an operation for instructing the user to start the workflow.

  When an operation to instruct the start of the workflow is performed on the start operation screen, the user interface unit 361 requests the flow control unit 362 to execute the workflow (S313). Upon receiving the execution request from the user interface unit 361, the flow control unit 362 makes a service execution request to the service control unit 368 based on the order of each service in the workflow (S314).

  When the service control unit 368 receives a service execution request from the flow control unit 362, the service control unit 368 causes the image processing apparatus 2 or the like that executes the service to execute the service and acquires the execution result. Then, the service control unit 368 notifies the flow control unit 362 of the execution result of the workflow (S315).

  Next, the flow control unit 362 transfers the execution result notified from the service control unit 368 to the user interface unit 361 (S316). Through such processing, the workflow execution operation according to the present embodiment is completed.

  In some cases, the authenticated user is not authorized to acquire the requested user profile in the process of S405, for example, when the authenticated user performs an operation of excluding the workflow application 360 from the authorization application of the cloud storage 5. In such a case, the authorization processing unit 540 causes the token generation unit 560 to generate the access token and the refresh token again.

  FIG. 20 illustrates a flow of processing for generating again an access token and a refresh token according to the present embodiment. Note that the description of FIG. 20 does not describe a process in which the token generation unit 560 regenerates an access token after the access token expires.

  As described above, since the workflow application 360 is excluded from the authorization application of the cloud storage 5, this processing is executed when acquisition of the requested user profile is not authorized. In the description of FIG. 20, the same reference numerals are given to the processing steps for executing the same processing as in FIG.

  The token verification unit 550 verifies the access token and determines whether or not acquisition of the requested user profile is authorized (S405). Next, the token verification unit 550 notifies the verification processing unit 540 of the verification result (S406). In FIG. 20, the description will be continued assuming that acquisition of the requested user profile is not authorized.

  If acquisition of the requested user profile is not authorized in the verification result in S406, the authorization processing unit 540 issues an authorization request for requesting authorization of the authority for the authenticated cloud storage 5 to the authenticated user. This is performed (S501).

  Based on the operation of the authenticated user, the user interface unit 361 transmits to the authorization processing unit 540 information indicating which of the information stored on the cloud storage 5 is authorized to be used (S502).

  Based on the operation of the authenticated user, the authorization processing unit 540 performs authority authorization as to which information can be used among the information recorded in the cloud storage 5 (S503). Then, the authorization processing unit 540 requests the token generation unit 560 to generate a token based on the authority authorized by the authenticated user (S504).

  The token generation unit 560 generates an access token (S505), and transfers the generated access token to the authorization processing unit 540 (S506). At this time, a refresh token is also generated.

  The authorization processing unit 540 transmits the generated access token and refresh token to the metadata acquisition plug-in 365 (S507). The metadata acquisition plug-in 365 stores the received access token and refresh token in the token storage unit 350b (S506), and receives the received access token and the user profile information acquisition request transmitted in S403 as a profile acquisition module. 681 (S509).

  The processing after S509 is performed according to the same processing steps as the processing after S402 shown in FIG.

  As described above, in the information processing system 1 according to the present embodiment, when executing a plurality of services according to a workflow, the user profile information of the cloud storage 5 in which the user of the workflow application 360 is authenticated is stored in the workflow. It can be used as metadata.

  Therefore, the user profile information of the cloud storage 5 can be selected as the file name and metadata of the file generated at the distribution destination as a result of executing the workflow. Therefore, when document management is performed using the cloud service 6, document management based on user profile information can be executed.

DESCRIPTION OF SYMBOLS 1 Information processing system 2 Image processing apparatus 3 Workflow server 4 Cloud 5 Cloud storage 6 Cloud service 7 Network 10 CPU
20 RAM
30 ROM
40 storage medium 50 I / F
60 LCD
70 Operation Unit 80 Engine 90 Bus 330 Workflow Application 365 Metadata Acquisition Plug-in 540 Authorization Request Unit 550 Token Verification Unit 570 Process Execution Control Unit 580 Storage Unit

JP 2011-003187 A

Claims (9)

An information processing system that includes a storage device that executes data transmission / reception with an information processing device connected via the Internet, stores the received data, and a process execution control device that controls execution of a plurality of processes. There,
The storage device
A storage device side process execution control unit for controlling execution of a process for transmitting and receiving the data via the Internet,
The process execution control device includes:
Control device side processing for controlling transmission / reception of the data to / from the storage device when an authority to transmit / receive the data to / from the storage device is authorized based on an operation of a user of the information processing system An execution control unit;
A process execution setting unit for setting a process execution value for each of the plurality of processes;
Including
The control device side process execution control unit,
By sending character string information indicating that transmission / reception of the data to / from the storage device is authorized to the storage device, it is attached to user identification information that can uniquely identify the user in the storage device. Requesting the storage device to transmit the additional information set in the
The storage device side process execution control unit
When authorization of transmission / reception of the data indicated by the character string information is valid, the additional information is transmitted to the processing execution control device,
The process execution setting unit
The information processing system, wherein the additional information is set as the process execution value. The storage device
Character string information for generating the character string information when transmission / reception of the data is requested from the processing execution control device and the processing execution control device is authorized to transmit / receive the data based on an operation of the user Including the generator,
The character string information generation unit
The information processing system according to claim 1, wherein the character string information is regenerated when an expiration date of an authority to transmit and receive the data has elapsed. The storage device
A character string information determination unit that determines whether authorization of transmission / reception of the data indicated by the character string information is valid;
Including
The string information generator
The character string information is regenerated when it is determined that the data transmission / reception authorization is invalid and the processing execution control apparatus is authorized to transmit / receive the data based on the user's operation. The information processing system according to claim 1, wherein the information processing system is an information processing system. The process execution control device includes:
The information processing system according to any one of claims 1 to 3, further comprising: an authority requesting unit that requests authorization of the authority to transmit / receive the data based on an operation of the user to the storage device. . A process execution control device that controls execution of a plurality of processes,
When the right to transmit / receive data to / from a storage device connected via the Internet is authorized based on an operation of a user of an information processing system including the processing execution control device and the storage device A control device side process execution control unit for controlling transmission and reception of the data to and from the storage device;
A process execution setting unit for setting a process execution value for each of the plurality of processes;
Including
The control device side process execution control unit,
By sending character string information indicating that transmission / reception of the data to / from the storage device is authorized to the storage device, it is attached to user identification information that can uniquely identify the user in the storage device. Requesting the storage device to transmit the additional information set in the
The process execution setting unit
The process execution control device, wherein the additional information received from the storage device is set as the process execution value. The processing execution control device according to claim 5, further comprising: an authority requesting unit that requests authorization of the authority to transmit / receive the data based on an operation of the user to the storage device. The authority request unit
The authorization requesting the right to transmit / receive the data is requested to the storage device based on the operation of the user when it is determined that the authorization to transmit / receive the data is invalid in the storage device. 6. The process execution control device according to 6. A control method of a process execution control device that controls execution of a plurality of processes,
When the right to transmit / receive data to / from a storage device connected via the Internet is authorized based on an operation of a user of an information processing system including the processing execution control device and the storage device In addition, by transmitting to the storage device character string information indicating that transmission / reception of the data to / from the storage device is authorized, user identification information that can uniquely identify the user in the storage device is obtained. Requesting the storage device to transmit additional information set as an attachment,
For each of the plurality of processes, the additional information received from the storage device is set as a process execution value. A control program of a process execution control device that controls execution of a plurality of processes,
When the right to transmit / receive data to / from a storage device connected via the Internet is authorized based on an operation of a user of an information processing system including the processing execution control device and the storage device In addition, by transmitting to the storage device character string information indicating that transmission / reception of the data to / from the storage device is authorized, user identification information that can uniquely identify the user in the storage device is obtained. Requesting the storage device to transmit additional information that is attached and set;
A control program causing a computer to execute the step of setting the additional information received from the storage device as a process execution value for each of the plurality of processes.

Images