JP2023012163A - IMAGE FORMING APPARATUS AND IMAGE FORMING APPARATUS CONTROL METHOD AND PROGRAM - Google Patents

Abstract

Kind Code: A1 If position information of an image forming apparatus registered in advance in an authentication server is used to determine whether or not printing is possible, when the image forming apparatus is moved after registration, the actual installation location and the registered location can be changed. There is a risk that information will be different, and printing will be done at an installation location where printing is not permitted, leading to information leakage. Kind Code: A1 An image forming apparatus according to the present invention is an image forming apparatus that can communicate with a server. (S1905), based on the fact that the installation position information registered in the registration unit and the acquired position information are separated by a predetermined distance or more, restricting a part of the functions of the image forming apparatus ( S1908). [Selection drawing] Fig. 19

Description

The present invention relates to an image forming apparatus, an image forming apparatus control method, and a program.

In recent years, the society has become more flexible in terms of time and place, and the use of telework and the cloud is becoming more advanced. Along with these changes, the locations where printing devices are installed and the environment of users are diversifying, and the number of usage methods that are not only accessed within firewalls but also directly accessed from external networks such as the Internet is increasing. there is In addition, there are problems such as attacks by malicious users inside and outside firewalls due to unauthorized operation of printing apparatuses, and information leakage due to loss of printed documents. As a concept of security measures for an image forming apparatus, it is known to control so that an authorized user can print only with an authorized printing apparatus.

According to Japanese Patent Application Laid-Open No. 2002-200014, the installation location of an image forming apparatus is registered in advance in a server, and the server determines print data that can be output from the image forming apparatus according to the security level of the installation location of the image forming apparatus. is proposed.

JP 2014-41513 A

In Japanese Patent Application Laid-Open No. 2002-200017, installation location information of an image forming apparatus registered in advance in an authentication server is used to determine whether printing is permitted. Therefore, when the location of the image forming apparatus is moved after registration, a difference occurs between the location where the image forming apparatus is currently installed and the location information of the previously registered image forming apparatus. Then, at the current installation location where printing is not permitted, a printing device having installation location information where printing is permitted outputs a printed matter, which may lead to information leakage. For example, when a printing device having installation location information inside the company is moved outside the company, if printing is permitted in the same way as inside the company despite being outside the company, information leakage may occur.

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and aims to prevent information leakage by limiting the functions of an image forming apparatus using registered installation positions and actual position information. purpose.

An image forming apparatus of the present invention is an image forming apparatus that can communicate with a server, and includes a registration unit that registers installation position information of the image forming apparatus, and acquires position information from a terminal device that is close to the image forming apparatus. Restricting a part of the functions of the image forming apparatus based on the fact that the acquisition means, the installation position information registered in the registration means, and the acquired position information are separated from each other by a predetermined distance or more. characterized by

According to the present invention, it is possible to limit the functions of the image forming apparatus by using the registered position information and the position information obtained from the terminal device close to the image forming apparatus, thereby preventing information leakage.

An example of a system configuration diagram in the embodiment (A): Example of hardware configuration diagram of MFP 1000 in embodiment (B): Example of hardware configuration diagram of authentication server 2000 and print server 2001 in embodiment (C): Mobile terminal device 3000 in embodiment An example of a hardware configuration diagram of (A): An example of a software block diagram of the MFP 1000 in the embodiment (B): An example of a software block diagram of the authentication server 2000 in the embodiment (C): An example of a software block diagram of the print server 2001 in the embodiment (D) ): An example of a software block diagram of the mobile terminal device 3000 in the embodiment An example of a login ID and password input request screen on the mobile terminal device 3000 (A): An example of a sequence diagram of MFP installation by an administrator in the embodiment (B): An example of a sequence diagram of MFP installation settings and permitted user settings by an administrator in the embodiment An example of login user information confirmation processing flowchart An example of an authentication database MFP name and installation location information setting screen example Example of print permission setting screen An example of a sequence diagram from login processing by a user to execution of printing in the embodiment (A): Example of login screen (B): Example of MFP home screen after login is permitted (C): Example of MFP home screen when login is not permitted An example of a device update sequence diagram in an embodiment Example of print permission setting screen when updating the device Example of job list display and print acceptance screen An example of a hardware configuration diagram of the print server 2001 according to the second embodiment. An example of an authentication database An example of a sequence diagram from login processing by a user to execution of printing in the second embodiment An example of a login user information confirmation processing flowchart in the second embodiment An example of a sequence diagram from login processing by a user to execution of printing in the third embodiment

BEST MODE FOR CARRYING OUT THE INVENTION The best mode for carrying out the present invention will be described below with reference to the drawings. In this embodiment, a multi-function peripheral (digital multi-function peripheral/MFP/Multi Function Peripheral) having a user authentication function is taken as an example. However, since the user authentication function is generally used in SFPs (Single Function Peripherals), the scope of application is not limited to multifunction machines.

FIG. 1 is a block diagram of a printing system according to this embodiment.

A multifunction machine 1000 having a printing function transmits and receives print data, scanned image data, management information of a multifunction machine (device), etc. between devices via an internal network 100 with other information processing devices. It is possible to MFP 1000 can also communicate with authentication server 2000 and print server 2001 through internal network 100 and external network 200 . In this embodiment, the internal network 100 is assumed to be a local network of a shared space such as a coworking space, and the external network 200 is assumed to be a public network that can be directly accessed from the Internet, but they are not particularly limited. Mobile terminal device 3000 can also communicate with authentication server 2000 and print server 2001 via external network 200 .

FIG. 2A is a hardware configuration diagram showing a schematic configuration of the MFP 1000 according to this embodiment.

A CPU 201 executes a software program of the MFP 1000 and controls the entire apparatus. A ROM 202 is a read-only memory and stores a boot program, fixed parameters, and the like for the multifunction machine 1000 . A RAM 203 is a random access memory, and is used for storing programs and temporary data when the CPU 201 controls the MFP 1000 . The HDD 204 is a hard disk drive and stores system software, applications, and various data. The CPU 201 executes a boot program stored in the ROM 202, expands the program stored in the HDD 204 in the RAM 203, and executes the expanded program to control the operation of the MFP 1000. FIG. A network I/F control unit 205 controls transmission and reception of data with the internal network 100 . A scanner I/F control unit 206 controls reading of a document by the scanner 211 . A printer I/F control unit 207 controls print processing by the printer 212 and the like. A panel control unit 208 controls the operation panel 210 to control the display of various information and the input of instructions from the user. Note that the operation panel 210 is assumed to be a touch panel type operation panel (display unit), but is not particularly limited. The short-range wireless communication I/F control unit 213 is a part that manages short-range wireless communication such as NFC (Near Field Communication), and controls data communication via the short-range wireless communication unit 214 . Bus 209 includes CPU 201 , ROM 202 , RAM 203 , HDD 204 , network I/F control unit 205 , scanner I/F control unit 206 , printer I/F control unit 207 , panel control unit 208 , short-range wireless communication I/F control unit 213 . are connected to each other. Control signals from the CPU 201 and data signals between devices are transmitted and received via this bus 209 .

FIG. 2B is a hardware configuration diagram showing a schematic configuration of the authentication server 2000 and print server 2001 according to this embodiment.

The CPU 221 executes software programs for the authentication server 2000 and the print server 2001, and controls the entire apparatus. A ROM 222 is a read-only memory and stores boot programs, fixed parameters, and the like for the authentication server 2000 and print server 2001 . A RAM 223 is a random access memory, and is used for storing programs and temporary data when the CPU 221 controls the authentication server 2000 and the print server 2001 . The HDD 224 is a hard disk drive and stores system software, applications, and various data. The CPU 221 executes the boot program stored in the ROM 222, expands the program stored in the HDD 224 into the RAM 223, and executes the expanded program to control the operations of the authentication server 2000 and the print server 2001. . A network I/F control unit 225 controls transmission and reception of data with the external network 200 . Also, the authentication server 2000 and the print server 2001 provide a user interface for interacting with information devices and mobile terminals connected to the external network 200 via the network I/F control unit 225 and receiving operation instructions. offer. In this embodiment, this user interface is called a remote UI (User Interface). A bus 226 connects the CPU 221, ROM 222, RAM 223, HDD 224, and network I/F control unit 225 to each other. Control signals from the CPU 221 and data signals between devices are transmitted and received via this bus 226 .

FIG. 2C is a hardware configuration diagram showing a schematic configuration of the mobile terminal device 3000 according to this embodiment.

The CPU 241 executes software programs of the mobile terminal device 3000 and controls the entire device. The ROM 242 is a read-only memory and stores a boot program, fixed parameters, etc. of the mobile terminal device 3000 . A RAM 243 is a random access memory, and is used for storing programs and temporary data when the CPU 241 controls the mobile terminal device 3000 . The HDD 244 is a hard disk drive and stores system software, applications, and various data. The CPU 241 executes the boot program stored in the ROM 242, develops the program stored in the HDD 244 in the RAM 243, and controls the operation of the mobile terminal device 3000 by executing the expanded program. A network I/F control unit 245 controls transmission and reception of data with the external network 200 . The short-range wireless communication I/F control unit 246 is similar to the above-described multifunction device, and is a part that controls short-range wireless communication such as NFC, and controls data communication via the short-range wireless communication unit 247. . A positional information acquisition control unit 248 controls an environmental information (environmental positioning) sensor 249 such as a positioning sensor using a GPS (Global Positioning System), an acceleration sensor, or a geomagnetic sensor, and calculates positional information such as latitude/longitude and sea level information. do. Thereby, the position information can be identified by the position information acquisition control unit 248 . The touch panel control unit 250 is a part that controls the touch panel 251, and controls the display of various information and the input of instructions from the user. A bus 252 interconnects the CPU 241 , ROM 242 , RAM 243 , HDD 244 , network I/F control unit 245 , short-range wireless communication I/F control unit 246 , position information acquisition control unit 248 , and touch panel control unit 250 . Control signals from the CPU 241 and data signals between devices are transmitted and received via this bus 252 .

FIG. 3A is a block diagram illustrating software modules included in the MFP 1000 according to the first embodiment. The software module shown in FIG. 3A is implemented by the CPU 201 executing a program developed in the RAM 203. FIG.

Network driver 301 controls network I/F control device 205 connected to internal network 100 to transmit and receive data to and from the outside via internal network 100 . A network control unit 302 controls communication below the transport layer in a network communication protocol such as TCP/IP to transmit and receive data. A communication control unit 303 is a module for controlling a plurality of communication protocols supported by the MFP 1000 . The communication control unit 303 also executes encrypted communication such as TLS (Transport Layer Security) supported by the MFP 1000 . A device control unit 305 is a module for generating control commands and control data for the MFP 1000 and controlling the MFP 1000 in an integrated manner. User authentication instructed via the operation panel 210 and the panel control unit 208, the short-range wireless communication unit 214, the short-range wireless communication I/F control unit 213, and the network I/F control unit 205 are collectively performed by the device control unit 305. is executed. A print/read processing unit 306 is a module for executing functions such as printing by the printer 212 and reading of a document by the scanner 211 . In this embodiment, scanning and printing instructions for the MFP 1000 can also be executed by user instructions via the operation panel 210 . Control of the operation panel 210 and the panel controller 208 is performed by the UI controller 307 .

The control unit having the software configuration of the MFP 1000 shown in FIG. 3A is hereinafter referred to as a control unit 1. In this specification, the control unit 1 is composed of the CPU 201, ROM 202, RAM 203, HDD 204, etc. of the MFP 1000. FIG. In the following flowcharts, the part processed by the MFP 1000 is stored in any one of the ROM 202 , RAM 203 and HDD 204 of the control unit 1 and executed by the CPU 201 .

FIG. 3B is a block diagram illustrating software modules included in the authentication server 2000 according to the first embodiment. Note that the software module shown in FIG. 3B is implemented by the CPU 221 executing a program developed in the RAM 223. FIG.

Network driver 321 controls network I/F control unit 225 connected to external network 200 to perform data transmission/reception with the outside via external network 200 . The network control unit 322 controls communication below the transport layer in a network communication protocol such as TCP/IP to transmit and receive data. The communication control unit 323 is a module for controlling multiple communication protocols supported by the authentication server 2000 . Encrypted communication such as TLS supported by the authentication server 2000 is also executed by the communication control unit 323 . The database unit 324 is a module responsible for processing such as creation/deletion of various databases stored in the hard disk 224 and processing such as referencing/editing the contents of the databases based on transactions. The device control unit 325 is a module for generating control commands and control data for the authentication server 2000 and controlling the authentication server 2000 in an integrated manner. In addition, in this embodiment, operations on the authentication server 2000 are performed via a remote UI that can be accessed from an information device such as a PC or a mobile terminal device via the network I/F control unit 225 . Control of this remote UI is executed by the UI control unit 327 .

The control unit having the software configuration of the authentication server 2000 shown in FIG. 3B is hereinafter referred to as control unit 2 . In this specification, the control unit 2 is composed of the CPU 221, ROM 222, RAM 223, HDD 224, etc. of the authentication server 2000. FIG. In the following flowcharts, portions processed by the authentication server 2000 are stored in any one of the ROM 222, RAM 223, and HDD 224 of the control unit 2 and executed by the CPU 221. FIG.

FIG. 3C is a block diagram illustrating software modules included in the print server 2001 according to the first embodiment. The hardware configuration is the same as that of the authentication server 2000, and the outline of the software modules is the same as that of FIG. 3B. Since the only difference is the part related to the job store section 344, the explanation will be focused here and the other parts will be omitted.

The job store unit 344 stores a print job sent from another information processing apparatus via the external network 200 in a predetermined area of the hard disk 224, and retrieves it in response to a print request. This is the management module responsible for When printing, the fetched print job is processed by the device control unit 345 and the communication control unit 343 and input to the target printing apparatus via the external network 200 .

The control unit having the software configuration of the print server 2001 shown in FIG.

FIG. 3D is a block diagram illustrating software modules included in the mobile terminal device 3000 according to the first embodiment. Note that the software module shown in FIG. 3D is implemented by the CPU 241 executing a program developed in the RAM 243. FIG.

First, the network driver 361 to the communication control unit 363 are the same as described above, so the description is omitted. Next, the short-range wireless control unit 364 is a module that realizes, for example, NFC communication or the like via the short-range wireless communication unit 247 by controlling the short-range wireless communication I/F control unit 246 . The device control unit 365 is a module for generating control commands and control data for the mobile terminal device 3000 and controlling the mobile terminal device 3000 in an integrated manner. The UI control unit 367 is a module that controls the touch panel control unit 250 , performs various displays on the touch panel 251 , and receives instructions from the user via the touch panel 251 . The position information collection unit 366 controls the position information acquisition control unit 248, and acquires position information such as latitude, longitude, and sea level via the environment information sensor 249, such as a positioning sensor using GPS, an acceleration sensor, and a geomagnetic sensor. is a module. Furthermore, the location information collection unit 366 may be configured to be able to measure location information with even higher accuracy by using wireless LAN access points, mobile communication base station information, Beacon information using BLE, and the like. be. The login information reception unit 348 displays a screen as shown in FIG. 4 on the touch panel unit 251 in cooperation with the UI control unit 367 . It is a module that receives login information (login ID and password) input via the screen, and holds it in the hard disk 244 in an anonymized state.

Hereinafter, the controller configured by the software configuration of the mobile terminal device 3000 shown in FIG. In this specification, the control unit 4 is composed of the CPU 241, ROM 242, RAM 243, HDD 244, etc. of the mobile terminal device 3000. FIG. In the following flowcharts, portions processed by the mobile terminal device 3000 are stored in any one of the ROM 242, RAM 243, and HDD 244 of the control unit 4 and executed by the CPU 241. FIG.

FIG. 5A is a sequence diagram illustrating basic processing in this embodiment. First, the installation of the multi-function device according to the present embodiment will be described below with reference to FIG. 5 and related drawings.

In S501, a service person or an administrator (hereinafter referred to as an administrator) installs the MFP. Assume that the administrator's login ID is ID-A. Also, in this embodiment, a case will be described in which login to the MFP 1000 is performed using short-range wireless communication between the MFP 1000 and the mobile terminal device 3000 .

In S502, the administrator first uses the login authentication software installed in the mobile terminal device 3000 to set a login ID and password. As described above, this software is software corresponding to the login information reception unit 348 and displays the login information setting screen 401 illustrated in FIG. 4 on the touch panel unit 251 . In this embodiment, the login authentication software is assumed to be in the form of an application installed in the terminal device 3000, but it may be a function via a web browser, and is not limited.

The administrator enters login information on the login information setting screen 401 and presses the registration button 402 . Then, the control unit 4 of the mobile terminal device 3000 performs control to hold the input information in the hard disk 244 in a confidential state. Then, the process proceeds to S503.

It should be noted that steps S501 and S502 are steps that occur only at the time of initial registration when the MFP 1000 is installed. done.

In S503, the administrator powers on the MFP 1000 or wakes it up from sleep.

In S504, when the controller 1 of the MFP 1000 returns, it displays a login acceptance screen 1101 illustrated in FIG. The control unit 1 receives a direct login instruction via the operation panel (display unit), and also receives communication from the short-range wireless communication unit 214 via the short-range wireless communication I/F control unit 213 (login waiting state). ). Note that the screen 1101 may include a notation prompting the user to bring the mobile terminal closer to the short-range wireless communication unit 214 .

In S<b>505 , the administrator brings the mobile terminal device 3000 close to the short-range wireless communication unit 214 of the multifunction device 1000 .

At S506, control unit 4 of mobile terminal device 3000 causes login processing to occur via short-range wireless communication I/F control unit 246 and short-range wireless communication unit 247 provided in mobile terminal device 3000. detect. Next, the control unit 4 of the mobile terminal device 3000 acquires position information via the position information acquisition control unit 248 and the environment information sensor 249 provided in the mobile terminal device 3000 .

In S507, the control unit 4 of the mobile terminal device 3000 combines the login information registered in advance in the processing of S502 and the location information acquired in S506 with the login request to the short-range mobile terminal device 1000. It transmits to the wireless communication unit 214 .

In S508, upon receiving the login request from the mobile terminal 3000 via the short-range wireless communication I/F control unit 213 and the short-range wireless communication unit 214, the control unit 1 of the multi-function device 1000 receives a Acquire the identification number (serial number) information assigned by .

Then, in S509, a login request is sent to the authentication server 2000 by combining the login information and location information transmitted from the mobile terminal device 3000 in S507 and the identification number information acquired in S508. In this embodiment, communication from the MFP 1000 to the authentication server 2000 is realized via the internal network 100 by the network I/F control unit 205 provided in the MFP 1000 .

Next, at S510, control unit 2 of authentication server 2000 accepts a login request from multifunction peripheral 1000 via network I/F control unit 225 provided in authentication server 2000 and external network 200. The operating user information confirmation process for performing the operation is performed.

<How to confirm the operating user information>
Here, the login user information confirmation processing in S510 will be explained using the flowchart in FIG. 6 and the example of the related database in FIG.

First, in S601, the control unit 2 of the authentication server 2000 checks whether or not the login ID received from the MFP 1000 in S509 is registered in the user list database 701 illustrated in FIG. 7A. A user list database 701 in FIG. 7A is composed of a login ID item 705 and a role item 706 such as an administrator or a general user, and each login ID and role are associated with each other. It is possible to confirm which role each registered login ID belongs to. The user list database 701 is registered in advance by an administrator, and the data is stored in the authentication server.

If it is determined in S601 that the login ID is not registered, the process proceeds to S606, the control unit 2 of the authentication server 2000 determines that login is not possible, and terminates this process. On the other hand, if it is determined in S601 that there is registration, the process proceeds to S602.

At S602, the control unit 2 of the authentication server 2000 identifies the role of the received login ID from the contents of the user list database 701. FIG.

Next, in S603, the control unit 2 of the authentication server 2000 confirms whether or not the identification number information received from the MFP 1000 in S509 is registered in the device list database 702 illustrated in FIG. 7B. do. The device list database 702 in FIG. 7B is composed of an item 707 of device serial number (S/N), an item 708 of installation location information, an item 709 of location information, and an item 710 of last update date and time. The device serial number is a list in which each installation location and each installation position information are associated. The device serial number is a code consisting of a predetermined number of digits assigned as a unique value to each multifunction device, and can be used to identify an individual device. The device list database 702 can confirm where each MFP registered and managed by the serial number is installed and with what kind of positional information. It should be noted that, at the time of initial registration, the flow does not proceed to the fact that it has been registered.

In S604, if it is determined that the identification number information received in S603 is not registered in the device list database 702, the control unit 2 of the authentication server 2000 determines whether the role of the login ID requested for login is an administrator. to judge. If it is determined in S604 that the user is not an administrator, the control unit 2 of the authentication server 2000 determines that login is not possible when proceeding to S606, and terminates this processing. If it is determined in S604 that the user is the administrator, the process proceeds to S607.

In S607, control unit 2 of authentication server 2000 determines that login is permitted. Then, in response to the login request in S509, roll information and a response to the effect that printing is not possible are created.

It should be noted that S607 assumes that the MFP is installed. Normally, the MFP is not registered in the device list database 702 when the MFP is installed. Therefore, even if the MFP is not registered in the device list database 702, the login request from the administrator is determined to be registration work, and control is performed so that the login is permitted.

When the administrator logs in for the second time or later, the process advances to the flow registered in S603 and shifts to S605.

In S<b>605 , the control unit 2 of the authentication server 2000 determines whether the location information received from the MFP 1000 in S<b>509 matches the location information of the MFP registered in the device list database 702 . If it is determined in S605 that they do not match, the process proceeds to S607. Here, control may be performed so as to notify the administrator of the mismatch. On the other hand, if it is determined in S605 that they match, the process proceeds to S608.

In S607, considering that the location has moved since the device was installed and registered, it is determined that login is permitted, and printing is prohibited, and a response to the login request in S509 is created.

In S608, the control unit 2 of the authentication server 2000 refers to the function permission setting database 704 illustrated in FIG. to confirm. Here, the function permission setting database 704 in FIG. 7D has a configuration in which the login IDs registered in the user list database 701 are arranged in a horizontal column 711 and the MFPs registered in the device list database 702 are arranged in a vertical column 712. It's becoming Then, the user of each login ID can confirm which multifunction device is permitted to print. If it is determined in S608 that printing is not permitted, the process proceeds to S607. On the other hand, if it is determined in S608 that printing is permitted, the process proceeds to S609.

In S607, the control unit 2 of the authentication server 2000 determines that login is permitted and printing is prohibited, thereby creating a response to the login request in S509.

In S609, the control unit 2 of the authentication server 2000 permits both login and printing, and creates a response to the login request in S509.

The above is the confirmation processing method of the login user information in the control unit 2 of the authentication server 2000 processed in S510.

Returning to the sequence in FIG. 5, the description continues.

At S511, the control unit 2 of the authentication server 2000 transmits the determination result (authentication result) generated at S509 to the MFP 1000 based on the result generated at S510.

Next, in S512, the control unit 1 of the MFP 1000 performs screen display and function control based on the authentication result of S511, and controls printing for the user. Specifically, when a print permission response is returned in S511, the control unit 1 of the MFP 1000 via the operation panel control unit 208 displays a print permission home screen 1102 illustrated in FIG. It controls to display on the operation panel 210 provided in the machine 1000 . A screen 1102 has a layout in which a plurality of icons that can transition to function screens of the functions of the MFP 1000 are arranged.

On the other hand, if a print disapproval response is returned in S511, the control unit 1 of the MFP 1000 displays a print disapproval home screen 1103 on the operation panel 210 as shown in FIG. 11C. Here, FIG. 11C shows a screen in which the print function 1104 is hidden from the print permission home screen 1102 . Although it is the print function 1104 in the drawing, the function to be hidden is not limited to the print function. Although not shown in the drawings, the print function 1104 may be grayed out, and when the displayed print function 1104 is pressed, a warning sound is generated and control is performed so that the function screen of the print function is not displayed. It may be done, and is not limited.

In this embodiment, the control unit 1 controls the screen displayed on the operation panel 210 of the MFP 1000 according to the authentication result acquired in S511, but the control method is not limited to this. For example, if the authentication result is disapproval, control may be performed such that an error is displayed when the user issues a print execution instruction.

Next, with reference to FIG. 5B, processing for registering installation information of the MFP 1000 and information of a user permitted to print on the MFP 1000 when the administrator registers for the first time will be described.

In S513, when the administrator logs in to the MFP 1000, the login screen 1102 displayed on the operation panel 210 can be changed to a setting screen that can be viewed only by the administrator. 8A is displayed on the operation panel 210 of the multi-function device 1000 when the administrator gives an operation instruction from the operation panel 210. FIG. The name and installation location of the MFP 1000 are set via a device information setting screen 801 illustrated in FIG. 8A. This setting screen 801 has a device name field 803 for inputting the name of the MFP, and an installation location field 804 for inputting installation location information. After inputting desired setting values, the administrator presses an OK button 805 to confirm the contents. When the OK button 805 is pressed in S513, the process proceeds to S514.

In S514, the control unit 1 of the MFP 1000 combines the location information received from the mobile terminal device 3000 in S507 and the identification number information of the MFP 1000 acquired in S508 and transmits a device registration request. Here, the device registration request is sent to the authentication server 2000 via the internal network 100 by the network I/F control section 205 provided in the MFP 1000 .

At S515, when control unit 2 of authentication server 2000 receives a device registration request from multifunction peripheral 1000 via network I/F control unit 225 provided in authentication server 2000 and external network 200, Perform device registration processing. Note that the device list database 703 in FIG. 7C exemplifies the state after device registration is performed in S515. Thus, the installation location information set in S513 and the location information received from the mobile terminal device 3000 in S507 are registered in the device list database 703 together. After completing the device registration process in S515, the process proceeds to S516.

At S516, the control unit 2 of the authentication server 2000 returns a response to the MFP 1000 to the effect that the device registration process has been completed.

Subsequently, when the MFP 1000 receives the response in S516, in S517, the control unit 1 of the MFP 1000 indicates completion of registration on the device information setting screen 801 for which the OK button was pressed in S513. The completion of work is also notified to the administrator by displaying a pop-up 806 .

Through the processing up to S517, the device registration processing for the device list database 703 is completed. Next, a user (login ID) who is permitted to print is set for the registered multifunction peripheral.

First, in S518, the administrator instructs the mobile terminal device 3000 to display a screen for confirming the print permission status of the registered device.

Subsequently, in S519, the control unit 4 of the mobile terminal device 3000 requests information of the function permission setting database 704 from the authentication server. In S520, upon receiving the information request in S519, the control unit 2 of the authentication server 2000 refers to the function permission setting database 704, and in S521 returns the information of the function permission setting database 704 to the mobile terminal device 3000.

When the information of the function permission setting database 704 is provided in S521, in S522, the control unit 4 of the mobile terminal device 3000 causes the touch panel control unit 250 of the mobile terminal 3000 to display the information shown in FIG. An exemplary screen 901 is displayed. A screen 901 is a print permission setting screen for displaying/editing the contents of the function permission setting database 704 . When the registration processing of the MFP 1000 is completed, the device of the MFP 1000 is registered as indicated by 902 , but there is no user who can print as indicated by 903 .

Subsequently, at 523 , the administrator makes entries in the print permission setting input field 903 for each login ID, and presses the update button 904 after completion. When the update button 904 is pressed in S523, the process proceeds to S524.

At S524, control unit 4 of mobile terminal device 3000 transmits a setting change request for function permission setting database 704 to authentication server 2000 based on the content input at S523.

Next, at S525, upon receiving the setting change request sent at S524, the control unit 2 of the authentication server 2000 updates the function permission setting database 704 based on the contents thereof). When the update process of S525 is completed, the process proceeds to S526.

In S526, the control unit 2 of the authentication server 2000 notifies the mobile terminal 3000 that the process has been completed.

In S<b>527 , control unit 4 of mobile terminal 3000 controls touch panel control unit 250 of mobile terminal 3000 to display update completion popup 904 illustrated in FIG. 9B on touch panel 251 . As shown by check marks 905 in FIG. 9B, settings are made so that printing by the multifunction peripheral 1000 is permitted for the login IDs ID-A and ID-E.

The above is the procedure performed when installing the MFP 1000 . Through the steps shown in FIG. 5, detailed information about the installation location can be registered in the authentication server 2000 and used for authentication processing.

Next, execution of print processing when a user performs printing in this embodiment will be described using the sequence diagram of FIG. 10 . In this embodiment, it is assumed that ID-E is the login ID of the user who performs printing, and that printing by the MFP 1000 is permitted by the processing of S523 to S527.

The processing from S1001 to S1011 corresponds to S502 to S512 described above with reference to FIG. 5, respectively, so the description is omitted. Note that in the present description, in the login user information confirmation process of S1009 (similar to S510), the flow is such that it is determined in S603 that the MFP is registered in the device list database. As a result, in S605, confirmation processing is performed to determine whether the location information registered in the authentication server matches the delivery location information at the time of login. Also, in S608, printing permission confirmation processing is performed based on the function permission database. It should be noted that when logging in for the second time or later, the step of S1001 is not performed, and the processing is performed from the step of S1002.

When the process of S1011 ends, the user whose login ID is ID-E is permitted to log in to the multifunction peripheral 1000, and the print permission shown in FIG. home screen 1102 is displayed. Then, the process proceeds to S1012.

At S<b>1012 , the user presses print button 1104 . Then, the process proceeds to S1103.

In S1013, the control unit 1 of the MFP 1000 requests the print server 2001 for the job list of the user (login ID). Here, in this embodiment, communication from the MFP 1000 to the print server 2001 is realized via the internal network 100 by the network I/F control unit 205 provided in the MFP 1000 in the same manner as the communication to the authentication server 2000. shall be

Next, in S1014, control unit 3 of print server 2001 accepts a job list request from MFP 1000 via network I/F control unit 225 provided in print server 2001 and external network 200. Search for jobs.

In step S<b>1015 , the control unit 3 of the print server 2001 selects the job of the user (login ID) from the print jobs received in advance through the processing of the job store unit 344 and stored in the HDD 224 . Select the one that corresponds to Then, the result is returned to the MFP 1000 as a job list. When the job list is returned in S1015, the process proceeds to S1016.

Next, in S1016, the control unit 1 of the MFP 1000 displays a job list screen 1401 illustrated in FIG. 14 on the operation panel 210 via the operation panel operation unit 208 of the MFP 1000. The screen 1401 has a job list portion 1402 in which the logged-in user's own jobs are displayed in a list. The job displayed here can be selected, and the print settings can be changed, deleted, or instructed to start printing. . A job 1403 is a selected job. For example, the selected job is displayed so that the fact can be understood, for example, the background is filled with color.

In S<b>1017 , the user selects a job displayed on screen 1401 by touching operation panel 210 and presses print start button 1404 . In this embodiment, the button 1404 is arranged on the screen 1401 displayed on the operation panel 210, but it may be a hardware button.

When a job is selected and a print instruction is issued in S1017, the process proceeds to S1018.

In S<b>1018 , control unit 1 of MFP 1000 transmits a print instruction for the job to print server 2001 .

Subsequently, in S<b>1019 , upon receiving the print instruction in S<b>1018 , the control unit 3 of the print server 2001 submits the job to the MFP 1000 .

Then, in S<b>1020 , the printer 212 prints the print job input to the MFP 1000 .

As described above, by performing the control shown in FIG. 10, after ensuring that the installation location of the MFP has not changed, only the MFP for which printing is permitted for the user (login ID) can be performed. It is possible to realize the control that makes it possible.

Finally, information update processing for registered devices in this embodiment will be described using the sequence diagram of FIG. 12 . For example, it is assumed that the device information registered in the authentication server is updated in accordance with the change of installation location of the multifunction device. In the present embodiment, the description will proceed with ID-A as the administrator's login ID. Note that the processing from S1201 to S1211 corresponds to the processing from S502 to S512, respectively, so the explanation is omitted. In addition, in the flow shown in FIG. 6 in S1209, the flow advances to the flow of being registered in S603.

First, in S1212, the administrator performs update settings related to the name and installation location of the MFP 1000 via the device information setting screen 801 illustrated in FIG. . When the OK button 805 is pressed in S1212, the process proceeds to S1213.

In S1213, the control unit 1 of the MFP 1000 combines the location information received from the mobile terminal device 3000 in S1206 and the identification number information of the MFP 1000 acquired in S1207 and transmits a device update request.

Next, in S1214, the control unit 2 of the authentication server 2000 receives the device update request from the MFP 1000, and performs device information update processing.

Subsequently, in S1215, the function permission setting database 704 is updated. Further, in S1215, control may be performed to clear the print permission setting that was set before the device information was updated.

When the location of the device is changed, it is conceivable that the print permission settings set for each login ID will be changed accordingly. If only the location of the device is changed, the user who was previously able to print will be able to continue to print even at the new location. This is because there is a possibility that printing may be permitted. Therefore, when the device information is changed in S1214, the administrator performs the processing from S1218 onwards, and again sets the print permission setting for each login ID for the MFP 1000 for which the installation location information has been updated. control. Also, before proceeding to S1214, for example, a pop-up display may be displayed so as to reset the print permission setting for each login ID for the updated MFP.

After that, the processes of S1216 and S1217 correspond to the processes of S516 to S517 in FIG. 5, respectively, so the description is omitted.

In S1218, the administrator instructs the mobile terminal device 3000 to display a screen for confirming the print permission status of the device.

Subsequently, in S1219, the control unit 4 of the mobile terminal device 3000 requests information of the function permission setting database 704 from the authentication server. In S1220, upon receiving the information request in S519, control unit 2 of authentication server 2000 refers to function permission setting database 704, and in S1221 returns the information in function permission setting database 704 to mobile terminal device 3000. FIG.

When the information of the function permission setting database 704 is provided in S1221, the control unit 4 of the mobile terminal device 3000 displays the print permission setting screen 1301 illustrated in FIG. 13 on the touch panel 251 in S1222. FIG. 13 shows a screen 1301 for displaying and editing the contents of the function permission setting database 704, which has also been explained in FIG. This is the login ID that originally had print permission for the MFP 1000, but since the registration information of the MFP 1000 was updated in S1214, the print permission was once cleared in S1215. Although 1302 is displayed in halftone dots in FIG. 13, the display method is not limited to this. In addition, by displaying a warning message such as that shown in S1303, the user is prompted to reset printing permission.

S1223 to S1227 correspond to S523 to S527 in FIG. 5, respectively, so description thereof will be omitted.

The above is the information update processing of the registered device. By performing control in this manner, it is possible to update the information of the registered MFPs without creating an unintended print-permitted state by the administrator.

In the first embodiment, when a user logs in, it is determined whether or not the pre-registered location information of the MFP matches the location information of the MFP acquired from the mobile terminal at the time of login. It was determined whether the user is authorized to use the MFP. In other words, the location information obtained from the mobile terminal is used to determine whether the installation location information of the MFP has changed since it was registered. The location information may be used to determine the security level assigned to the setting environment of the multi-function device. In the second embodiment, when a user logs in, if the pre-registered location information of the multifunction device matches the location information of the multifunction device obtained from the mobile terminal at the time of login, the security level assigned to the multifunction device is used. , a method for determining whether or not printing is possible according to the security level associated with the document.

In this embodiment, the network configuration diagram, the hardware configuration and software configuration of the MFP 1000 and the management server 2000 which are information processing devices, the mobile terminal device 3000, print instruction reception, print processing such as print execution, etc. , are the same as those of the first embodiment.

FIG. 15 shows a print server 2001 according to the second embodiment, which includes a data censoring processor 226. FIG. The data censorship processing unit 226 is a module for controlling censorship processing for print data.

FIG. 17 is a sequence diagram of a print processing execution method when censorship processing is performed.

The processing from S1701 to S1711 corresponds to S502 to S512 described above with reference to FIG. output the security level of

In S1710, the security level of the MFP 1000 is transmitted from the authentication server 2000 to the MFP 1000 as the authentication result.

At S<b>1711 , upon receiving the authentication result from the authentication server 2000 at S<b>1010 , the control unit 2 displays a screen 1102 on the operation panel 210 .

In S1719, the data inspection processing unit 226 of the print server 2001 inspects the job for which the print instruction was issued in S1018. Security levels are assigned in the censorship process. Here, the method of censorship processing may be, for example, dictionary comparison using NG words, and is not limited.

Next, in S1720, the print server 2001 submits the print job to the MFP 1000 together with the censorship result.

Subsequently, in S1721, the control unit 1 compares the security level assigned to the printing apparatus obtained in S1710 and the security level of the print job obtained in S1720, and executes print processing based on the comparison result.

Here, the position information confirmation processing performed in S1709 described above will be described with reference to FIG.

In S1801, the control unit 2 of the authentication server 2000 determines whether the location information registered in the device data list 702 in FIG. 7B matches the location information received by the MFP 1000 in S1008. do. If they do not match, the process moves to S1802, and if they match, the process moves to S1803. A mismatch is determined when the registered position information and the position information received by the MFP 1000 are separated by a predetermined distance or more. The predetermined distance may be, for example, 0, 10 cm, or several meters. The predetermined distance may be set by an administrator of the MFP 1000. FIG.

In S1802, since the registered location information does not match the location information received from the mobile terminal at the time of login, it is determined that the registered location information is unreliable, the security level is determined to be "printing is restricted", and processing is continued. finish.

In S1803, the registered location information matches the location information received from the mobile terminal at the time of login, so the security level corresponding to the location information registered in the device data list 702 can be trusted. Therefore, the security level is determined by referring to the security level database 1601 shown in FIG. For example, in the case of the MFP 1001, it is determined that "no printing restrictions". Then the process ends.

With the above processing, printing restrictions can be implemented according to the security level of the current location received from the mobile terminal and the security level of the print job.

In Embodiments 1 and 2, location information in the vicinity of the image forming apparatus is used to determine whether or not the login user can print. In the third embodiment, location information in proximity to the image forming apparatus may be used to uniformly permit or restrict use of some functions of the image forming apparatus for all users.

In this embodiment, the network configuration diagram, the hardware configuration and software configuration of the MFP 1000 and the management server 2000 which are information processing devices, the mobile terminal device 3000, print instruction reception, print processing such as print execution, etc. , are the same as those of the first embodiment.

A method of logging in to the MFP 1000 will be described with reference to FIG.

The processing from S1901 to S1906 respectively corresponds to the processing from S1001 to S1006.

In S<b>1007 , the MFP 1000 checks whether the location information acquired from the mobile terminal 3000 matches the location information registered in advance in the MFP 1000 . Note that location information obtained from the mobile terminal 3000 when the administrator installs the MFP 1000 and logs in for the first time is registered in the MFP 1000 . If the location information acquired from the mobile terminal 3000 matches the location information pre-registered in the MFP 1000 , it is determined that there is no printing restriction, and the location information acquired from the mobile terminal 3000 matches the location information pre-registered in the MFP 1000 . If they do not match, it is determined that printing is restricted.

In S1908, the screen displayed on the operation panel 210 of the MFP 1000 is controlled based on the confirmation processing result determined in S1907. If it is determined in S1907 that there is no print restriction, a screen 1102 is displayed, and if it is determined in S1907 that there is a print restriction, a screen 1103 is displayed.

A method of print processing when there is no print restriction will be described below.

In S<b>1909 , the user presses the print button on screen 1103 of operation panel 210 .

In S1910, the MFP 1000 transmits to the authentication server 2000 the login user ID and password acquired from the mobile terminal 3000 in S1906.

In FIG. 19, it is described that the operation of S1910 is performed after the processing of S1909. You may make a request.

In S1911, the authentication server 2000 authenticates the logged-in user. The authentication processing method determines whether the password associated with the login user ID saved in the authentication server matches the password acquired in S1910. Authentication server 2000 in S1912. The judgment result is transmitted to the MFP 1000 .

The processing from S1913 to S1920 corresponds to S1013 to S1020, respectively.

[Other Examples]
The present invention supplies a program that implements one or more functions of the above-described embodiments to a system or device via a network or a storage medium, and one or more processors in the computer of the system or device reads and executes the program. It can also be realized by processing to It can also be implemented by a circuit (for example, ASIC) that implements one or more functions.

Claims (19)

An image forming apparatus capable of communicating with a server,
registration means for registering installation position information of the image forming apparatus;
Acquisition means for acquiring position information from a terminal device in proximity to the image forming apparatus;
An image characterized by restricting a part of functions of the image forming apparatus based on the fact that the installation position information registered in the registration means and the acquired position information are separated by a predetermined distance or more. forming device. A part of the functions of the image forming apparatus is not restricted based on whether the installation position information registered in the registration means and the acquired position information are within a predetermined distance. Item 1. The image forming apparatus according to item 1. 3. The image forming apparatus according to claim 1, wherein said partial function is a print function for printing a document stored in said server. 4. The image forming apparatus according to any one of claims 1 to 3, wherein the installation position information to be registered in the registration means is the position information first acquired from the acquisition means. The image forming apparatus has a display unit for displaying a screen,
When the installation position information registered in the registration unit and the acquired position information are separated by a predetermined distance or more, transition to a function screen of a part of functions of the image forming apparatus is restricted. 5. The image forming apparatus according to any one of claims 1 to 4, wherein the image forming apparatus displays an image displayed on the screen. In a printing system comprising a server and one or more image forming apparatuses,
The image forming apparatus is
Acquisition means for acquiring position information from a terminal device in proximity to the image forming apparatus;
a first transmission unit that transmits the acquired position information and the identification number of the image forming apparatus to the server;
The server is
a first storage unit that associates and stores the identification number of the image forming apparatus and installation position information of the image forming apparatus;
Judging whether or not the function of the image forming apparatus can be used based on whether the received position information and the position information associated with the received identification number stored in the first storage means are separated by a predetermined distance or more. and
a second transmitting means for transmitting the determination result to the image forming apparatus;
with
The printing system, wherein the image forming apparatus performs printing control according to the determination result. The determination means determines that the received position information and the installation position information associated with the received identification number stored in the first storage means are separated by a predetermined distance or more, and the image forming means is determined. 7. The printing system according to claim 6, wherein it is determined that use of some functions of the device is not permitted. 8. A printing system according to claim 6, wherein said installation position information to be registered in said registration means is the position information obtained for the first time from said acquisition means. The image forming apparatus has a display unit for displaying a screen,
9. The printing system according to any one of claims 6 to 8, wherein a screen corresponding to the determination result received from the server is displayed on the display unit. A screen capable of transitioning to function screens of all the functions of the image forming apparatus is displayed on the basis of the determination by the determining means that the use of the functions of the image forming apparatus is permitted. 10. The printing system according to Item 9. a screen in which a transition to a function screen of a part of the functions of the image forming apparatus is restricted based on the judgment by the judgment means that the use of the part of the functions of the image forming apparatus is not permitted; 10. The printing system of claim 9, further comprising a display. 12. The image forming apparatus according to any one of claims 6 to 11, wherein the identification number of the image forming apparatus stored in the first storage means and the installation position information of the image forming apparatus are associated with each other by an administrator of the image forming apparatus. A printing system according to any one of the preceding claims. The first transmission means transmits operating user information to the server,
The server is
a second storage means for storing an identification number of an image forming apparatus and information of a user permitted to use the image forming apparatus in association with each other;
The determining means determines use of a part of the functions of the image forming apparatus based on the fact that the received operating user information is not permitted to be used by the image forming apparatus stored in the second storage means. 13. The printing system according to claim 6 and 12, wherein it determines that the printing is not permitted. The judging means judges that use of the function of the image forming apparatus is permitted based on the fact that the received operating user information is permitted to be used by the image forming apparatus stored in the second storage means. 14. The printing system of claim 13, wherein: 15. The printing system according to claim 13, wherein the information of a user who is permitted to print by said image forming apparatus stored in said second storage means is associated with said user information by an administrator of said image forming apparatus. . When the identification number of the image forming apparatus and the location information of the image forming apparatus stored in the first storage unit are updated by the administrator,
16. The apparatus according to any one of claims 13 to 15, wherein control is performed such that the user information permitted to print corresponding to the updated image forming apparatus stored in the second storage means is also updated. 2. The printing system according to item 1. The acquisition unit acquires the location information and the operating user information from the terminal device via network communication between the terminal device and the image forming device when a user performs login authentication to the image forming device. 12. The printing system according to any one of claims 1 to 11, characterized in that it acquires. An image forming apparatus capable of communicating with a server,
a registration step of registering installation position information of the image forming apparatus;
an acquisition step of acquiring location information from a terminal device in proximity to the image forming apparatus;
has
An image forming apparatus, wherein a part of functions of the image forming apparatus is restricted based on the fact that the registered installation position information and the acquired position information are separated from each other by a predetermined distance or more. control method. In a printing system comprising a server and one or more image forming apparatuses,
an obtaining step of obtaining location information from a terminal device in the vicinity of the image forming apparatus;
a first transmission step of transmitting the acquired position information and the identification number of the image forming apparatus to the server;
At the server,
a storage step of correlating and storing the identification number of the image forming apparatus and the installation position information of the image forming apparatus;
a determination step of determining whether the received position information matches the position information associated with the received identification number stored in the first storage means;
a second transmission step of transmitting the determination result to the image forming apparatus;
has
A method of controlling a printing system, wherein the image forming apparatus performs printing control according to the determination result.

Images