JP5104895B2 - Image processing apparatus and login control method - Google Patents

Description

  The present invention relates to an image processing apparatus and a login control method, and more particularly, to a technique for shifting to a state in which an image processing apparatus can execute a job by accessing an authentication server and performing user authentication.

  2. Description of the Related Art Conventionally, an image processing apparatus called a digital multifunction peripheral or MFP (Multi Function Peripheral) installed in an office or the like can specify a user by accessing a network authentication server and performing user authentication. It is configured as follows. For example, the image processing apparatus is in a logout state when the user is not performing an operation. When the user inputs authentication information such as a user ID or password in order to use the image processing apparatus, the image processing apparatus accesses the authentication server, performs user authentication, and can execute a job when the user can be specified. To a valid login state. Such an image processing apparatus can be prohibited from being used by unspecified users, and can prevent information leakage and improve security.

  In this type of image processing apparatus, for example, when large-size image data is acquired from outside and printed out, it takes a long time to acquire the image data, and the user performs no operation during that time. Otherwise, there are some that automatically return from the login state to the logout state. In this case, the image data acquired in the image processing apparatus cannot be printed out. For this reason, a conventional image processing apparatus is known in which a set job can be executed within a predetermined time even after returning from a login state to a logout state (for example, a patent). Reference 1).

JP 2007-245627 A

  Incidentally, in recent years, when an image processing apparatus accesses an authentication server to perform user authentication, the amount of data transmitted and received between the image processing apparatus and the authentication server tends to increase. For example, the authentication server holds function restriction information that restricts the function when using the image processing apparatus for each user. If the user can be successfully authenticated and the user can be identified, the user can be identified. The function restriction information is transmitted to the image processing apparatus. In this function restriction information, whether or not the user can use all functions installed in the image processing apparatus is defined. Therefore, as the functions installed in the image processing apparatus increase, the amount of function restriction information transmitted from the authentication server to the image processing apparatus when the user authentication is successful increases.

  The authentication server holds billing information for charging the user or the department to which the user belongs when the user executes a job, and identifies the user after successful user authentication. If it is possible, the accounting information corresponding to the user is transmitted to the image processing apparatus. The billing information defines information for billing all jobs that can be executed by the user. Therefore, as the functions installed in the image processing apparatus increase and the types of jobs that can be executed by the user increase, the amount of billing information transmitted from the authentication server to the image processing apparatus when the user authentication is successful increases.

  Therefore, in recent image processing apparatuses, it takes a long time to receive an authentication result from the authentication server after transmitting the authentication information to the authentication server. Therefore, for the user, it is necessary to wait for a long time without performing any operation from the time when the authentication information such as the user ID or the password is input until the user enters the login state. There is a problem in that the efficiency and operability during use are reduced.

  Even if the amount of data transmitted and received between the image processing apparatus and the authentication server is not so large, if the image processing apparatus starts user authentication at a timing when a large load is applied to the authentication server or the network. The same problem as described above may occur.

  On the other hand, as one method for reducing the time required for user authentication in the image processing apparatus, for example, information transmitted and received when the user authentication is successful is held inside the image processing apparatus, and then the user has a user ID, a password, etc. It is conceivable to perform user authentication inside the image processing apparatus without accessing the authentication server when the command is input. However, in this case, since the image processing apparatus can execute a job without receiving authentication by the authentication server, there is a problem that security is significantly lowered.

  Therefore, the present invention has been made to solve the above-described conventional problems, and while minimizing the impact on security, it shortens the time required for job execution and improves operability. An object of the present invention is to provide an improved image processing apparatus and login control method.

  In order to achieve the above object, an invention according to claim 1 is an image processing apparatus that performs data communication via a network with a computer operated by a user and an authentication server that performs user authentication. Receiving means for receiving authentication information for user authentication and job setting information relating to job setting when executing a job, storage means for storing authentication information received by the receiving means, When authentication information is received by the receiving means, user authentication is performed as preceding authentication by transmitting the authentication information to the authentication server, and the result of the preceding authentication is held by successful user authentication. Preceding authentication means for performing authentication, input means for inputting authentication information based on an operation by a user, and via the input means If the authentication information is input, the result of the preceding authentication is reflected within the range of the job setting information on the condition that the authentication information matches the authentication information stored in the storage unit. And a control unit that enables the job to be executed.

  According to a second aspect of the present invention, in the image processing apparatus according to the first aspect, the user usable function transmitted from the authentication server when the user authentication as the preceding authentication is successful is limited. Acquires function restriction information, checks whether the job setting in the job setting information exceeds the function restriction range defined in the function restriction information, and invalidates the setting value of the job setting that exceeds the function restriction range And a job setting confirmation unit.

  According to a third aspect of the present invention, in the image processing apparatus according to the first or second aspect, the authentication information input through the input unit is transmitted to the authentication server, thereby being in parallel with the control unit. The configuration further includes background authentication means for performing user authentication in the background.

  According to a fourth aspect of the present invention, in the image processing apparatus according to the third aspect, the control means is executed by the background authentication means in a state where the job can be executed within the range of the job setting information. If the user authentication is successful, the system is shifted to a state in which the job can be executed within the range of the function restriction defined in the function restriction information for restricting the function that can be used by the user. It is.

  According to a fifth aspect of the present invention, in the image processing apparatus according to any one of the first to fourth aspects, authentication information by the input means in a state where the preceding authentication means holds the result of the preceding authentication. Is not performed for a predetermined time or longer, the result of the preceding authentication is discarded.

  According to a sixth aspect of the present invention, there is provided a login control method for an image processing apparatus, which receives authentication information for user authentication and job setting information relating to job settings when executing a job, transmitted from a computer. A step of storing the authentication information in a predetermined storage means when receiving the authentication information transmitted from the computer; and a step of storing the authentication information when receiving the authentication information transmitted from the computer. Executing user authentication as preceding authentication by transmitting to the server, holding the result of the preceding authentication by succeeding the user authentication, inputting authentication information based on an operation by the user; The authentication information input based on the operation by the authentication information stored in the storage means And a step of transitioning to a first login state that allows execution of a job within the range of the job setting information by reflecting the result of the preceding authentication on the condition that it matches. It is the structure to do.

  According to a seventh aspect of the present invention, in the login control method according to the sixth aspect, the user usable function transmitted from the authentication server when the user authentication as the preceding authentication is successful is limited. Acquires function restriction information, checks whether the job setting in the job setting information exceeds the function restriction range defined in the function restriction information, and invalidates the setting value of the job setting that exceeds the function restriction range It is the structure characterized by further having a step to make.

  According to an eighth aspect of the present invention, in the login control method according to the sixth or seventh aspect, the authentication information input based on an operation by a user is transmitted to the authentication server, whereby the first login state is backed up. The configuration further includes a step of executing user authentication at the ground.

  Further, the invention according to claim 9 is the login control method according to claim 8, wherein, in the first login state, when the user authentication in the background is successful, the functions usable by the user are limited. The method further includes a step of shifting to a second login state in which a job can be executed within a function restriction range defined in the function restriction information.

  The invention according to claim 10 is the login control method according to any one of claims 6 to 9, wherein the input of authentication information based on a user operation is performed for a predetermined time in a state where the result of the preceding authentication is retained. If not performed as described above, the method further includes a step of discarding the result of the preceding authentication.

  According to the present invention, when the user authentication performed as the preceding authentication is successful, the result of the preceding authentication is held. When the authentication information is input based on the operation by the user, the range of the job setting information is reflected by reflecting the result of the previous authentication on the condition that the authentication information matches the authentication information stored in the storage unit. Allows jobs to run in Therefore, it is possible to reduce the time required until the job can be executed after the authentication information is input by the user, so that the operability can be improved. In addition, since the range in which the job can be executed by reflecting the result of the prior authentication is limited to the range of the job setting information, it is possible to minimize the influence on security.

1 is a diagram illustrating a configuration example of an image processing system. It is a block diagram which shows the example of 1 structure of a computer. It is a figure which shows an example of the operation screen displayed on the display part of a computer. It is a figure which shows the concept of the prior | preceding authentication request | requirement transmitted to an image processing apparatus from a computer. It is a block diagram which shows an example of the detailed hardware constitutions of an image processing apparatus. It is a block diagram which shows an example of a function structure of the control part in an image processing apparatus. It is a figure which shows an example of the login operation guidance screen displayed on the operation panel of an image processing apparatus. It is a figure which shows an example of the operation screen in an operation panel at the time of transfering to a temporary login state based on user operation. It is a figure which shows an example of a screen transition in case a user presses a normal login button and transfers to a normal login state. It is a figure which shows the outline | summary of the data communication performed between the process in a computer, an image processing apparatus, and an authentication server, and each apparatus. It is a flowchart which shows an example of the process sequence in an image processing apparatus. It is a flowchart which shows an example of the detailed process sequence of a prior | preceding authentication process. It is a flowchart which shows an example of the detailed process sequence of a prior | preceding authentication result deletion determination process. It is a flowchart which shows an example of the detailed process sequence of a temporary login process.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings. In the embodiments described below, members that are common to each other are denoted by the same reference numerals, and redundant descriptions thereof are omitted.

  FIG. 1 is a diagram illustrating a configuration example of an image processing system 1 according to the present invention. The image processing system 1 is installed in an office environment, for example. In the image processing system 1, a computer 2 operated by a user, an image processing device 3 that executes a job related to image processing, and an authentication server 4 that authenticates a user who uses the image processing device 3 are connected to a network 5. It is a configuration. The network 5 is a network such as a LAN (Local Area Network). Each of the computer 2, the image processing device 3, and the authentication server 4 can communicate data with each other via the network 5. In the example of FIG. 1, a case where one image processing apparatus 3 is connected to the network 5 is shown, but a plurality of image processing apparatuses 3 may be connected. When a plurality of image processing apparatuses 3 are connected to the network 5, the authentication server 4 centrally manages users who use each of the plurality of image processing apparatuses 3.

  The image processing apparatus 3 is an apparatus generally referred to as a digital multifunction peripheral or MFP, and has a plurality of functions such as a printer function, a copy function, a FAX function, a scanner function, and a Box function, and supports these functions. Execute the job to be executed. The Box function is a function of storing image data in a storage area (so-called Box) provided in the image processing apparatus 3 or reading out image data stored in the storage area. is there.

  The image processing apparatus 3 includes an operation panel 27 serving as a user interface when used by a user. The operation panel 27 is used by the user to select one function from a plurality of functions and to perform a job setting operation for the selected function. The operation panel 27 is provided with a start key for instructing the start of job execution. The user can instruct the image processing apparatus 3 to execute the job by operating the start key. .

  Normally, the image processing apparatus 3 is in a logout state in which a job cannot be executed when the user is not performing an operation. When the user inputs authentication information such as a user ID or a password by operating the image processing apparatus 3 in this logout state, the image processing apparatus 3 performs user authentication by transmitting the authentication information to the authentication server 4. . When the user authentication is successful, the image processing apparatus 3 shifts from the logout state to the login state, and is ready for job execution.

  The authentication server 4 holds various types of information related to users who are permitted in advance to use the image processing apparatus 3. For example, user information in which a user name and authentication information are registered for each user, function restriction information for restricting usable functions of the image processing apparatus 3 registered for each user, and a user executed a job In such a case, billing information or the like for billing corresponding to the user is held in the authentication server 4. These various types of information are registered in the authentication server 4 by an administrator of the authentication server 4, for example.

  Upon receiving the authentication information transmitted from the image processing apparatus 3, the authentication server 4 performs user authentication by comparing the received authentication information with the authentication information registered in the user information. If authentication information that matches the authentication information received from the image processing device 3 is registered in the user information in advance, the user authentication is successful and the user is specified. In this case, the authentication server 4 reads out the function restriction information and billing information corresponding to the user specified by the user authentication, and transmits the authentication result with the added information to the image processing apparatus 3. On the other hand, if authentication information that matches the authentication information received from the image processing apparatus 3 is not registered in the user information, the user authentication fails. In this case, the authentication server 4 transmits an authentication result indicating that the user authentication has failed to the image processing apparatus 3.

  The computer 2 is configured by a general personal computer (PC) or the like. Such a computer 2 is disposed, for example, in a user's seat. Normally, the user performs duties near the computer 2, and when using the image processing apparatus 3, the user moves to the installation location of the image processing apparatus 3 and operates the image processing apparatus 3.

  In this embodiment, when using the image processing apparatus 3, the user first inputs his / her authentication information such as a user ID and password by operating his / her computer 2, and executes it on the image processing apparatus 3. Set the job. When the user performs an instruction operation for preceding authentication, the computer 2 generates a preceding authentication request including authentication information input by the user and job setting information set by the user via the network 5. To the image processing apparatus 3.

  FIG. 2 is a block diagram illustrating a configuration example of the computer 2. The computer 2 includes a CPU 10 that executes various programs, a memory 11 that stores temporary data as the CPU 10 executes programs, a display unit 12 that includes a liquid crystal display device, a keyboard, a mouse, and the like. And a network interface 14 for connecting to the network 5. These components are connected to the data bus 15. The CPU 10 can exchange data with each of the memory 11, the display unit 12, the operation unit 13, and the network interface 14 via the data bus 15.

  The computer 2 is preinstalled with a program serving as a transmission tool for transmitting the preceding authentication request described above to the image processing apparatus 3. The CPU 10 functions as the preceding authentication request unit 16 by reading and executing the program. As shown in FIG. 2, the preceding authentication request unit 16 includes an authentication information setting unit 17, a job setting information generation unit 18, and a transmission processing unit 19. When the CPU 10 functions as the preceding authentication request unit 16, the preceding authentication request unit 16 displays an operation screen for accepting authentication information and a job setting operation on the display unit 12.

  FIG. 3 is a diagram illustrating an example of an operation screen displayed on the display unit 12 of the computer 2. As shown in FIG. 3, the operation screen includes an authentication information input field 12a for inputting authentication information, and a transmission destination designation field 12b for designating the image processing apparatus 3 that is the transmission destination of the preceding authentication request. A job setting field 12c for performing a job setting operation, and a preceding authentication button 12d for instructing transmission of a preceding authentication request to the image processing apparatus 3 are displayed. In addition, on this operation screen, a mouse pointer 13a that moves in the screen in conjunction with a mouse operation by the user is displayed.

  The user operates the operation unit 13 to input a combination of his / her user ID and password as authentication information in the authentication information input field 12a. In this embodiment, a combination of a user ID and a password is illustrated as an example of authentication information, but the authentication information is not necessarily limited to this. For example, the card information recorded on the IC card possessed by the user may be read and the card information used as authentication information. Alternatively, the biometric information such as the user's fingerprint pattern or vein pattern may be read and the biometric information may be used as authentication information. In this case, the computer 2 is separately provided with a card information reading device that reads card information from the IC card and a biological information reading device that reads biometric information, and the information read by these reading devices is displayed in the authentication information display field 12a. Is done. The authentication information setting unit 17 illustrated in FIG. 2 generates authentication information to be transmitted to the image processing apparatus 3 based on the authentication information input in the authentication information input field 12a as described above.

  Further, the user operates the operation unit 13 to input information for designating the image processing apparatus 3 in the transmission destination designation field 12b. For example, when a click operation is performed in a state where the mouse pointer 13a is moved to the transmission destination designation field 12b, a list of image processing apparatuses 3 connected to the network 5 is displayed. The user can designate one image processing apparatus 3 as a transmission destination of the preceding authentication request by selecting one image processing apparatus 3 from the list. The transmission processing unit 19 illustrated in FIG. 2 specifies the image processing apparatus 3 that is a transmission destination based on information input to the transmission destination designation field 12b.

  Further, the user operates the operation unit 13 in advance to perform a job setting operation when using the image processing apparatus 3 in the job setting field 12c. The job setting field 12c has almost the same display mode as the job setting field displayed on the operation panel 27 after the image processing apparatus 3 shifts to the login state. Therefore, the user can perform the job setting operation with the same operation feeling as performing the job setting operation on the operation panel 27.

  Here, when the image processing apparatus 3 shifts from the logout state to the login state, the image processing apparatus 3 restricts functions when using the image processing apparatus 3 based on the function restriction information corresponding to the login user. For example, when the function restriction information corresponding to the login user restricts the use of full-color copy by the login user, the image processing apparatus 3 cannot perform settings related to full-color copy on the operation screen after shifting to the login state. To control. That is, the image processing apparatus 3 accepts a job setting operation within the range of function restriction information for each user.

  The function restriction information as described above is information transmitted from the authentication server 4 to the image processing device 3 when the user authentication is successful. Therefore, the computer 2 cannot grasp what the user's function restriction information is. Therefore, in the present embodiment, when a user performs a job setting operation on the job setting field 12c by operating the computer 2, the job setting operation can be performed without any particular limitation. For example, when the image processing apparatus 3 is actually used, even a user who is restricted from using full-color copies can perform full-color copy setting operations when performing job setting operations on the job setting field 12c. It is like that. However, when the user performs a job setting operation beyond the range of his / her own function restriction information, the setting values of such setting items are later invalidated in the image processing apparatus 3.

  In the example of FIG. 3, a case where the user selects a copy tab and performs a setting operation screen related to the copy function in order to perform a job setting operation related to the copy function is illustrated. On the other hand, when the user performs a job setting operation related to the scan function or the Box function, if the scan tab or the Box tab is selected, the setting operation screen related to them is displayed in the foreground.

  The job setting information generation unit 18 illustrated in FIG. 2 receives the input operation to the job setting field 12c as described above, and transmits job setting information to be transmitted to the image processing apparatus 3 based on the setting contents of the job set by the user. Is generated.

  When the operation as described above is completed, the user performs a click operation on the preceding authentication button 12d and instructs transmission of the preceding authentication request. When there is an instruction to send a prior authentication request from the user, the CPU 10 causes the transmission processing unit 19 to function and transmits the prior authentication request to the image processing apparatus 3 designated in the transmission destination designation field 12b.

  FIG. 4 is a diagram showing the concept of the preceding authentication request D1 transmitted from the computer 2 to the image processing apparatus 3. As shown in FIG. 4, the preceding authentication request D1 includes authentication information D2 generated by the authentication information setting unit 17 and job setting information D3 generated by the job setting information generation unit 18. Such a prior authentication request D1 is transmitted to the image processing apparatus 3 as a job ticket written in a specific language such as PJL (Printer Job Language). Various information such as commands and job settings can be added to the job ticket. Therefore, by sending a preceding authentication request D1 as a job ticket from the computer 2 to the image processing apparatus 3, it is possible to instruct the image processing apparatus 3 to perform the preceding authentication using the authentication information D2, and the user Can notify the image processing apparatus 3 in advance of job setting information when using the image processing apparatus 3 as job setting information D3.

  When receiving the preceding authentication request D1 as described above, the image processing apparatus 3 starts the preceding authentication by transmitting the authentication information D2 to the authentication server 4 at the received timing. That is, the image processing apparatus 3 starts user authentication in advance based on the authentication information D2 received from the computer 2 before the user moves from his / her seat and starts operating the operation panel 27. When a user authentication result based on the authentication information D2 is obtained from the authentication server 4, the authentication result is held. However, the user authentication result is retained in the image processing apparatus 3 when the user authentication is successful. Thereafter, when the user moves to the installation location of the image processing apparatus 3 and operates the operation panel 27 to input, for example, authentication information that is a combination of a user ID and a password, the image processing apparatus 3 Perform user authentication. Since the user authentication performed inside the image processing apparatus 3 does not cause data communication with the authentication server 4, the authentication process can be performed efficiently. Then, when the user authentication inside the apparatus is successful, the image processing apparatus 3 shifts to a state where the job can be executed. Hereinafter, such an image processing apparatus 3 will be described in detail.

  FIG. 5 is a block diagram illustrating an example of a detailed hardware configuration of the image processing apparatus 3. The image processing apparatus 3 includes a control unit 20, a scanner unit 23, a printer unit 24, a FAX unit 25, a network interface 26, an operation panel 27, and a storage device 30, which are a data bus 34. In this configuration, data can be input / output mutually.

  The control unit 20 includes a CPU 21 and a memory 22. The CPU 21 controls each unit by executing a predetermined program. The memory 22 is for storing temporary data necessary for the execution of the program by the CPU 21.

  The scanner unit 23 functions when executing, for example, a copy job, a scan job, a FAX transmission job, and the like, and is a processing unit that generates and outputs image data by optically reading a document. The scanner unit 23 applies a setting value specified by the control unit 20 to perform a document reading operation.

  The printer unit 24 is a processing unit that functions when executing, for example, a copy job, a print job, a FAX reception job, and the like, and forms and outputs an image on a print medium such as paper based on input image data. The printer unit 24 can selectively perform full-color image formation or monochrome image formation. The printer unit 24 can also perform duplex printing on a print medium. Such a printer unit 24 performs an image forming operation by applying a setting value designated by the control unit 20.

  The FAX unit 25 functions when executing, for example, a FAX transmission job or a FAX reception job, and is a processing unit that transmits and receives FAX data using a telephone line or the like. For example, the FAX unit 25 transmits FAX data to a transmission destination designated by the control unit 20.

  The network interface 26 is for connecting the image processing apparatus 3 to the network 5. The control unit 20 can perform data communication with the computer 2 and the authentication server 4 via the network interface 26.

  The operation panel 27 serves as a user interface for a user who uses the image processing apparatus 3 as described above, and includes a display unit 28 for displaying various types of information to the user, and for performing various operations by the user. And an operation unit 29. The display unit 28 is configured by, for example, a liquid crystal display capable of displaying a color image. The display screen of the display unit 28 is controlled by the control unit 20. The operation unit 29 includes touch panel keys arranged on the display screen of the display unit 28 and push button keys arranged around the display unit 28. The push button key includes a start key for instructing the image processing apparatus 3 to start job execution. The operation unit 29 outputs an operation signal to the control unit 20 based on an operation performed by the user.

  The storage device 30 is a non-volatile storage unit configured by, for example, a hard disk device. The storage device 30 is provided with an authentication information storage unit 31 for storing authentication information D2 received from the computer 2 and a job setting information storage unit 32 for storing job setting information D3. The storage device 30 is provided with a plurality of storage areas 33 called “Boxes” described above, for example, for each user.

  In the configuration as described above, when receiving the preceding authentication request D1 from the computer 2, the control unit 20 stores the authentication information D2 included in the preceding authentication request D1 in the authentication information storage unit 31 and also the preceding authentication request D1. Is stored in the job setting information storage unit 32. The control unit 20 sends an authentication request to the authentication server 4 by transmitting the received authentication information D2 to the authentication server 4. Hereinafter, functions of the control unit 20 in the image processing apparatus 3 will be described in detail.

  FIG. 6 is a block diagram illustrating an example of a functional configuration of the control unit 20 in the image processing apparatus 3. As shown in FIG. 6, the control unit 20 includes a reception processing unit 41, a preceding authentication unit 42, a job setting confirmation unit 43, as processing units that function in response to receiving the preceding authentication request D <b> 1 from the computer 2. A login control unit 44 and a background authentication processing unit 45 are provided.

  When receiving the preceding authentication request D1 via the network interface 26, the reception processing unit 41 stores the authentication information D2 included in the preceding authentication request D1 in the authentication information storage unit 31. Further, the job setting information D3 included in the preceding authentication request D1 is stored in the job setting information storage unit 32. For example, a storage area is set for each user in each of the authentication information storage unit 31 and the job setting information storage unit 32, and the reception processing unit 41 receives the authentication information D2 and the job setting information D3 included in the preceding authentication request D1. Are stored in a storage area corresponding to the user. Only one authentication information D2 and job setting information D3 can be stored in the storage area for each user. Therefore, when the authentication information D2 and the job setting information D3 are already stored in the storage area corresponding to the user when the preceding authentication request D1 is received, the reception processing unit 41 newly receives the preceding authentication request D1. The authentication information D2 and the job setting information D3 included in are not stored.

  The reception processing unit 41 stores the authentication information D2 and the job setting information D3 included in the preceding authentication request D1 in the authentication information storage unit 31 and the job setting information storage unit 32 as described above. Make it work.

  The preceding authentication unit 42 is a processing unit that performs user authentication as preceding authentication by transmitting authentication information D2 included in the preceding authentication request D1 received by the reception processing unit 41 to the authentication server 4. That is, the preceding authentication unit 42 authenticates as a preceding process in a state where the user has not yet operated the operation panel 27, for example, in a state where the user is moving from the installation location of his computer 2 to the installation location of the image processing apparatus 3. User authentication is performed by performing data communication with the server 4.

  When the preceding authentication unit 42 transmits the authentication information D2 to the authentication server 4, the authentication server 4 performs user authentication. When the user authentication in the authentication server 4 ends, the preceding authentication unit 42 receives the authentication result from the authentication server 4. When the user authentication is successful, the function restriction information and billing information corresponding to the user specified by the user authentication are added to the authentication result received from the authentication server 4 as described above. In this case, the preceding authentication unit 42 holds the function restriction information and the billing information added to the authentication result together with the authentication result. The function restriction information added to the authentication result is also output to the job setting confirmation unit 43. On the other hand, if the user authentication has failed, the preceding authentication unit 42 deletes the authentication information D2 stored in the authentication information storage unit 31 and the job setting information D3 stored in the job setting information storage unit 32. The process ends.

  The job setting confirmation unit 43 functions when the user authentication executed as the preceding authentication is successful, and confirms the job setting information D3 stored in the job setting information storage unit 32 based on the function restriction information corresponding to the user. Is a processing unit. The job setting confirmation unit 43 confirms whether or not the job setting in the job setting information D3 exceeds the function restriction range defined in the function restriction information in order to restrict the functions usable by the user. Disable job setting values that exceed the range of function restrictions. For example, in the function restriction information, when the user uses the copy function, monochrome copying is permitted, but when full color copying is restricted (prohibited), the job setting confirmation unit 43 sets the full color copying in the job setting information D3. If is set, the setting value of full color copy is invalidated and rewritten to a monochrome copy usable by the user. That is, the job setting confirmation unit 43 performs a process of rewriting the job setting information D3 stored in the job setting information storage unit 32 so that the job setting corresponds to the user function restriction information. When the job setting in the job setting information D3 does not exceed the function restriction range defined in the function restriction information, the job setting confirmation unit 43 stores the job setting information D3 stored in the job setting information storage unit 32. The state is kept as it is without rewriting. When the confirmation process by the job setting confirmation unit 43 is completed in this way, the login control unit 44 enters a standby state.

  The login control unit 44 is a processing unit that shifts the operation state of the image processing apparatus 3 to either the logout state or the login state. The logout state is a state in which a job cannot be executed when the user is not performing an operation as described above. On the other hand, the login state is a state where a job can be executed. In the present embodiment, this login state has two states, a first login state and a second login state. The first login state is a provisional login state in which the job can be executed using the authentication result of the user authentication performed as the preceding authentication. In the second login state, a job can be executed based on a result of user authentication performed by transmitting authentication information D2 input when the user actually uses the image processing apparatus 3 to the authentication server 4. It is a normal login state.

  When the operation state of the image processing apparatus 3 is a logout state, the login control unit 44 displays a login operation guidance screen for prompting the user to perform a login operation on the display unit 28 of the operation panel 27. FIG. 7 is a diagram showing an example of the login operation guidance screen. As shown in FIG. 7, a user ID input field 28a for inputting a user ID and a password input field 28b for inputting a password are displayed on the login operation guidance screen. These input fields 28a and 28b are input fields for inputting authentication information for user authentication. The user operates the operation unit 29 to input authentication information to these input fields 28a and 28b. When card information or biometric information is used as authentication information, the image processing device 3 is provided with a card information reading device that reads card information from an IC card and a biometric information reading device that reads biometric information. Information read by the reading device is displayed in the input field.

  Further, as shown in FIG. 7, a preceding authentication login button 28c and a normal login button 28d are displayed at the bottom of the login operation guidance screen. The preceding authentication login button 28c is a button for shifting to a temporary login state in which a job can be executed using the authentication result of user authentication performed as the preceding authentication. The normal login button 28d performs user authentication by transmitting the authentication information input to the image processing apparatus 3 to the authentication server 4 as described above, and waits for the result of the user authentication to be obtained before normal login. It is a button to shift to the state.

  When the user inputs the authentication information and then presses the preceding authentication login button 28c, the login control unit 44 acquires the authentication information input in each of the input fields 28a and 28b, and the authentication information is stored in the authentication information storage unit. Executing a job within the range of the job setting information D3 stored in the job setting information storage unit 32 by reflecting the result of the preceding authentication on condition that it matches the authentication information D2 stored in the job 31 Enable. That is, in this case, the operation state of the image processing apparatus 3 shifts from the logout state to the temporary login state.

  Since the user authentication process for shifting to the temporary login state is performed inside the image processing apparatus 3 by the login control unit 44, data communication with the authentication server 4 does not occur. Therefore, after the user presses the preceding authentication login button 28c, it is possible to promptly shift to the temporary login state. However, in this case, it is possible to execute a job in the image processing apparatus 3 without receiving authentication by the authentication server 4, so it is necessary to suppress a decrease in security. For this reason, when the login control unit 44 shifts to the temporary login state, the login control unit 44 does not fall within the range of the function restriction information acquired from the authentication server 4 at the time of the preceding authentication, but the Jobs can be executed only within the range, and jobs executed by the image processing apparatus 3 are limited. That is, control is performed so that a job different from the job set by operating the user's own computer 2 cannot be executed in the temporary login state. Thereby, it is possible to prevent an unlimited number of jobs from being executed by the user in the temporary login state, and it is possible to suppress a decrease in security.

  FIG. 8 is a diagram illustrating an example of an operation screen when the user presses the preceding authentication login button 28c and shifts to a temporary login state. When the user presses the preceding authentication login button 28c on the login operation guidance screen shown in FIG. 7, the operation screen shown in FIG. 8 is displayed relatively early on the display unit 28 on condition that the authentication information matches. A display field 28e indicating a login state is displayed at the top of the operation screen in FIG. 8, indicating that the user is in a provisional login state. A job setting field 28f for performing a job setting operation is displayed at the center of the operation screen of FIG. The job setting field 28f has a display form substantially similar to the job setting field 12c displayed on the computer 2 described above.

  When the login control unit 44 shifts to the temporary login state and displays the operation screen of FIG. 8, the job setting information D3 stored in the job setting information storage unit 32 is set as each setting item in the job setting field 28f. To reflect. Therefore, when the image processing apparatus 3 shifts to the temporary login state, the job setting field 28f displays the setting contents of the job set in advance by the user operating the computer 2. For this reason, the user does not have to perform a job setting operation from the beginning when the temporary login state is entered.

  However, as described above, when the job setting information D3 has set a job that exceeds the function restriction range defined in the user function restriction information, the job setting confirmation unit 43 sets the job that exceeds the function restriction range. The setting is rewritten so that it is within the range of the function restriction. Therefore, for example, when the user A cannot use the full-color copy, but has selected the full-color copy when operating the computer 2 to set the job (see FIG. 3), the user enters the temporary login state. Then, on the operation screen displayed on the operation panel 27, as shown in FIG. 8, the color item is displayed in a state where it is rewritten to “monochrome”. At this time, the login control unit 44 displays the rewritten color item in a display mode different from other items in order to make the user know that the value of the job setting item has been rewritten. In the example shown in the figure, the setting column “monochrome” is displayed in a different display color. However, the display mode is not limited to this, and for example, the rewritten setting item may be displayed in a grayed-out manner or may be displayed in a blinking manner.

  Since the setting values reflecting the setting contents based on the job setting information D3 are displayed in the items of the job setting field 28f displayed after the transition to the temporary login state as described above, the user can set the job settings. The setting contents for executing the job can be confirmed without performing the operation from the beginning.

  Further, the login control unit 44 changes the setting within the range of the job setting information D3 when the user performs a job setting change operation on the job setting field 28f displayed on the display unit 28 as described above. If it is a setting change within the range of the job setting information D3, the setting change is accepted and the display of the job setting field 28f is updated. On the other hand, if the job setting change operation by the user is a setting change exceeding the range of the job setting information D3, the login control unit 44 does not accept the setting change and does not update the job setting field 28f. At this time, the login control unit 44 may display a warning on the display unit 28 indicating that the setting change operation performed by the user exceeds the range of the job setting information D3.

  The setting change within the range of the job setting information D3 is, for example, that the function selected as the job execution target (copy function, scan function, box function, etc.) is not changed to another function, and This means that, in each setting item displayed in the job setting field 28f, the setting value for the high function is limited to the setting value for the low function. For example, in the operation screen of FIG. 8, the setting change for changing the color item to “full color” is a setting change that exceeds the range of the job setting information D3. Therefore, the login control unit 44 performs such setting change operation. Will not accept. On the other hand, the setting change for changing the item of Buplex (double-sided printing) to “OFF” is the setting of “ON” selected to use the double-sided printing function (that is, the high function setting), and the duplex printing function is changed. Since this is a change to the setting of “OFF” selected not to be used (that is, low function setting), the login control unit 44 accepts the setting change operation and updates the display state in the job setting field 28f to “OFF”. . Similarly, the login control unit 44 also accepts a setting change for changing the Punch item to “OFF” and a setting change for changing the Staple item to “OFF”. . For the item of the number of copies, only a setting change that reduces the number of copies is accepted.

  As described above, in the provisional login state, only setting changes within the range of the job setting information D3 are accepted. For this reason, jobs that can be executed in the temporary login state are limited within the job range defined by the job setting information D3. As a result, it is possible to prevent a new function from being additionally set by the user immediately before executing the job, and thus it is possible to suppress a decrease in security.

  When the user presses the start key included in the operation unit 29, the login control unit 44 controls the execution of the job based on the setting content in the job setting field 28f. For example, in the case of a copy job, the execution of the copy job is started by controlling the above-described scanner unit 23 and printer unit 24, and control is performed so as to perform copy output based on the setting contents of the job setting field 28f.

  On the other hand, when the user inputs the authentication information and then presses the normal login button 28d on the login operation guidance screen of FIG. 7, the login control unit 44 acquires the authentication information input in the input fields 28a and 28b. The user authentication is executed by transmitting the authentication information to the authentication server 4. However, in this case, since data communication occurs between the login control unit 44 and the authentication server 4, it takes time until the user authentication succeeds and the logout state shifts to the normal login state.

  FIG. 9 is a diagram illustrating an example of screen transition when the user presses the normal login button 28d to shift to the normal login state. When the user presses the normal login button 28d on the login operation guide screen shown in FIG. 7, data communication between the login control unit 44 and the authentication server 4 is started, and the login control unit 44 is shown in FIG. Thus, the notification information 28g indicating that the authentication server 4 is being accessed is displayed. Thereby, the user can grasp that user authentication is currently performed. Such notification information 28g is continuously displayed until the login control unit 44 receives the authentication result from the authentication server 4.

  When the user authentication is successful, it takes a certain time for the login control unit 44 to complete the reception of the authentication result including the function restriction information and the billing information from the authentication server 4, and in recent years, in particular, the time tends to increase. is there. Therefore, when the user authentication is successful, the notification information 28g as shown in FIG. 9A is displayed for about several seconds to several tens of seconds. After that, the display screen of the display unit 28 is switched from FIG. 9A to FIG. 9B.

  FIG. 9B shows an example of the operation screen when the normal login state is entered. In the operation screen of FIG. 9B, the display field 28e displayed at the top indicates that the normal login state is “login”. Further, in the center of the operation screen of FIG. 9B, a job setting field 28f for performing a job setting operation is displayed as in the temporary login state.

  When the login control unit 44 shifts to the normal login state and displays the operation screen of FIG. 9B, the login control unit 44 can use the user based on the function restriction information corresponding to the user acquired from the authentication server 4. All functions can be set and operated. Therefore, when the image processing apparatus 3 shifts to the normal login state, the user can perform a setting operation for the job setting field 28f within the range of the function restriction information of the user.

  When the operation screen of FIG. 9B is displayed, the job setting information D3 stored in the job setting information storage unit 32 is set in each setting item in the job setting field 28f as in the case of the temporary login state. You may make it reflect. In this case, when the image processing apparatus 3 shifts to the normal login state, the job setting field 28f displays the job setting contents preset by the user operating the computer 2, so that the user can perform the job setting operation. There is no need to start from the beginning. In the normal login state, when the user performs a setting change operation, the setting change operation can be performed within the range of the function restriction information without being limited to the range of the job setting information D3.

  Returning to FIG. 6, the background authentication processing unit 45 functions as the login control unit 44 starts the process of shifting to the temporary login state, and performs the back-up in parallel with the process performed by the login control unit 44. It is a processing unit that performs data communication with the authentication server 4 in the ground and performs user authentication. The background authentication processing unit 45 acquires authentication information input by the user from the login control unit 44. Then, the user authentication is started by transmitting the authentication information to the authentication server 4. After transmitting the authentication information to the authentication server 4, the background authentication processing unit 45 is in a standby state until receiving an authentication result from the authentication server 4.

  While the background authentication processing unit 45 is in the standby state, the login control unit 44 executes processing based on the operation performed by the user in the temporary login state as described above. For example, if the user performs a setting change operation within the range of the job setting information D3, a process for reflecting the setting change operation is performed. If the user instructs the start of job execution by pressing the start key, the execution of the job is controlled accordingly. Therefore, in the present embodiment, it is possible to execute a job in the image processing apparatus 3 even when the background authentication processing unit 45 has not obtained an authentication result from the authentication server 4.

  When the background authentication processing unit 45 receives the authentication result from the authentication server 4, it is determined whether or not the user authentication is successful. As a result, if the user authentication is successful, the function restriction information and the billing information included in the authentication result are output to the login control unit 44 together with the authentication result. On the other hand, if the user authentication fails, the login control unit 44 is notified of the authentication result.

  When the login control unit 44 acquires the authentication result, the function restriction information, and the billing information from the background authentication processing unit 45 in the temporary login state, the login control unit 44 changes the operation state of the image processing apparatus 3 from the temporary login state to the normal login state. And migrate. As a result, the user can use the image processing apparatus 3 not only within the range of the job setting information D3 but also within the range of the function restriction information. Further, even after the execution of the job is completed within the range of the job setting information D3, the image processing apparatus 3 can be continuously used within the range of the function restriction information.

  On the other hand, when the login control unit 44 receives notification that the user authentication has failed from the background authentication processing unit 45 in the temporary login state, the login control unit 44 forcibly shifts from the temporary login state to the logout state. As a result, the user cannot use the image processing apparatus 3, but the authentication information of the user is deleted from the authentication server 4 at the timing when the user intends to use the image processing apparatus 3. Thus, unauthorized use of the image processing apparatus 3 can be prevented.

  Next, FIG. 10 is a diagram showing an outline of processing processes in the computer 2, the image processing apparatus 3, and the authentication server 4, and data communication performed between the apparatuses. As shown in FIG. 10, the user first performs a job setting operation on the computer 2. The computer 2 accepts this job setting operation (process P1). At this time, an authentication information input operation by the user is also accepted. Then, when there is an instruction to send a preceding authentication request by the user, the computer 2 sends a preceding authentication request D1 to the image processing apparatus 3 (process P2). Thereafter, the user moves to the installation location of the image processing apparatus 3 as indicated by a broken-line arrow in the figure.

  When receiving the preceding authentication request D1 from the computer 2, the image processing apparatus 3 starts the preceding authentication by transmitting the authentication information D2 included in the preceding authentication request D1 to the authentication server 4 (process P3). The authentication server 4 executes authentication processing for user authentication by receiving the authentication information D2 (process P4), and transmits the authentication result D4 to the image processing apparatus 3. When the user authentication is successful, the authentication result D4 includes function restriction information D5 and billing information D6 corresponding to the user specified by the user authentication.

  When the image processing apparatus 3 receives the authentication result D4 from the authentication server 4, the image processing apparatus 3 confirms the job setting information in the job setting information D3 received from the computer 2 based on the function restriction information D5 included in the authentication result D4 ( Process P5). At this time, if the job setting information D3 includes a job setting exceeding the function restriction range in the function restriction information D5, such job setting is invalidated and the job setting information D3 is rewritten. When the job setting confirmation process is completed in the image processing apparatus 3, the function restriction information D5 received as the authentication result D4 of the preceding authentication may be discarded.

  By the processing process as described above, when the user moves to the installation location of the image processing apparatus 3, the user authentication as the preceding authentication is completed in the image processing apparatus 3. As the user performs an operation for inputting authentication information in order to execute a job in the image processing apparatus 3, the image processing apparatus 3 inputs the authentication information (process P6). The image processing apparatus 3 performs user authentication inside the image processing apparatus 3 based on the authentication information input by the user (process P7). When the internal authentication is successful, the image processing apparatus 3 shifts from the logout state to the temporary login state (process P8). As a result, the user can execute the job within the range of the job setting in the job setting information D3 transmitted from the computer 2.

  Further, the image processing apparatus 3 performs user authentication in the background in accordance with the transition to the temporary login state (process P9). In the example shown in the figure, the background authentication is started after the transition to the temporary login state. However, the present invention is not necessarily limited to this, and the internal authentication performed by inputting the authentication information D2 by the user ( Background authentication (process P9) may be started in parallel with process P7). In this background authentication, the authentication information D2 input by the user is transmitted to the authentication server 4 as in the case of normal user authentication. As a result, the authentication server 4 performs an authentication process for user authentication based on the authentication information D2 input by the user (process P10).

  On the other hand, in the image processing apparatus 3, when the user issues a job execution instruction while the background authentication is being performed, the job is executed in the temporary login state accordingly (process P11). Therefore, after the user inputs the authentication information D2 to the image processing apparatus 3, even if the authentication result of the user authentication performed in the background is not obtained, the user transmits in advance from the computer 2. If it is within the range of the job setting in the placed job setting information D3, the job can be executed in the temporary login state.

  As described above, the image processing apparatus 3 according to the present embodiment performs user authentication as advance authentication with the authentication server 4 based on the preceding authentication request received from the computer 2. Such advance authentication is performed while the user is moving from the installation location of the computer 2 to the installation location of the image processing apparatus 3. If the user authentication is successful, the result of the preceding authentication is sent to the image processing apparatus 3. Retained. When the user performs an authentication information input operation when actually using the image processing device 3, the image processing device 3 uses the result of the preceding authentication to shift the operation state from the logout state to the temporary login state, The job can be executed only within the range of the job setting information D3 preset by the user.

  Here, there is a problem if the period for holding the result of the preceding authentication in the image processing apparatus 3 is made unlimited. For example, if the image processing apparatus 3 keeps the result of the preceding authentication for several days, the user information and function restriction information held in the authentication server 4 may be rewritten and updated during that period. There is a possibility that the consistency between the result of the preceding authentication held in the image processing apparatus 3 and the information held in the authentication server 4 is significantly lowered. Therefore, it is preferable that the period for holding the result of the preceding authentication in the image processing apparatus 3 is limited to a predetermined time. In this embodiment, the period for holding the result of the preceding authentication is also set to the predetermined time. Restrict to.

  Hereinafter, detailed operations in the image processing apparatus 3 of the present embodiment will be described. 11 to 14 are flowcharts illustrating an example of a processing procedure in the image processing apparatus 3. This process is executed by the control unit 20 of the image processing apparatus 3, for example. FIG. 11 shows the main flowchart, which is a process repeatedly executed by the control unit 20.

  As shown in FIG. 11, when the process starts, the control unit 20 determines whether or not the preceding authentication request D1 from the computer 2 has been received (step S1). Here, if the preceding authentication request D1 has been received (YES in step S1), the preceding authentication process is started (step S2). On the other hand, if the preceding authentication request D1 has not been received, the process proceeds to step S3 without performing the preceding authentication process.

  Next, the control unit 20 determines whether or not the previous authentication result is being held (step S3). For example, if the authentication information D2 received from the computer 2 is stored in the authentication information storage unit 31, the preceding authentication result corresponding to the authentication information D2 is held. If the preceding authentication result is being held (YES in step S3), the preceding authentication result deletion determination process is started (step S4). On the other hand, if the preceding authentication result is not held, the process proceeds to step S5 without performing the preceding authentication result deletion determination process.

  Next, the control unit 20 determines whether or not authentication information has been input by performing an operation on the operation panel 27, for example (step S5). When the authentication information is input by the user (YES in step S5), the control unit 20 further determines whether or not the preceding authentication login button 28c is operated by the user (step S6). When the preceding authentication login button 28c is operated by the user (YES in step S6), the control unit 20 starts a temporary login process (step S7). On the other hand, if the user has not operated the pre-authentication login button 28c (NO in step S6), the normal login button 28d has been operated by the user, so the control unit 20 starts the normal login process ( Step S8). On the other hand, when the authentication information is not input by the user (NO in step S5), the processes in steps S6, S7, and S8 are skipped and the process is terminated. And the process after step S1 is repeated again.

  FIG. 12 is a flowchart illustrating an example of a detailed processing procedure of the preceding authentication process (step S2). When receiving the preceding authentication request D1 transmitted from the computer 2, the control unit 20 first determines whether or not the preceding authentication request D1 from the same user has already been received (step S11). For example, the determination is made based on whether or not authentication information D2 of the same user is already stored in the authentication information storage unit 31. If the authentication information D2 of the same user has already been stored (YES in step S11), the preceding authentication process is terminated without performing the subsequent process.

  That is, if the preceding authentication request D1 by the same user has already been received, the job setting information D3 received along with it has already been stored in the job setting information storage unit 32. When the image processing apparatus 3 shifts to the temporary login state using the preceding authentication result, the image processing apparatus 3 executes the job within the limited range of the job setting information D3 stored in the job setting information storage unit 32. In order to make it possible, it is not preferable to store job setting information D3 relating to a plurality of jobs in the job setting information storage unit 32. Temporary login status is limited to the range of job setting information D3 related to one job until the authentication result by background authentication is obtained. It is to suppress. Therefore, if the next preceding authentication request D1 is normally received in a state where the preceding authentication request D1 from the same user has already been received, the job executable range in the temporary login state is thereby expanded. In order to prevent this, duplicate preceding authentication requests D1 from the same user are not accepted.

  On the other hand, when the authentication information D2 of the same user is not yet stored in the authentication information storage unit 31 (NO in step S11), the control unit 20 performs the authentication information D2 and the job included in the preceding authentication request D1 received from the computer 2 The setting information D3 is stored and saved in the storage device 30 (step S12). And the user authentication as a prior | preceding authentication is started by transmitting the authentication information D2 with respect to the authentication server 4 (step S13). After transmitting the authentication information D2, the control unit 20 waits until an authentication result is received from the authentication server 4 (step S14). When receiving the authentication result from the authentication server 4, the control unit 20 determines whether or not the user authentication performed as the preceding authentication is successful (step S15).

  When the user authentication as the preceding authentication has failed (NO in step S15), the control unit 20 uses the authentication information D2 stored in the authentication information storage unit 31 and the job setting information D3 stored in the job setting information storage unit 32. Delete (step S16), and the preceding authentication process is terminated. In this case, when the user moves to the image processing apparatus 3 and inputs authentication information, a login operation using the result of the preceding authentication cannot be performed.

  On the other hand, when the user authentication is successful as the preceding authentication (YES in step S15), the control unit 20 acquires the function restriction information included in the authentication result received from the authentication server 4 (step S17). Then, based on the function restriction information, the job setting content of the job setting information D3 stored in the job setting information storage unit 32 is confirmed (step S18). The control unit 20 determines whether or not the job setting content in the job setting information D3 exceeds the function restriction range defined in the function restriction information (step S19), and if it exceeds the function restriction range (step S19). Based on the function restriction information, the job setting value in the job setting information D3 is rewritten so as to be within the function restriction range (step S20). On the other hand, when the job setting content in the job setting information D3 does not exceed the function restriction range defined in the function restriction information, the rewriting process in step S20 is not performed.

  Thereafter, the control unit 20 holds information indicating that the user authentication as the preceding authentication has succeeded (step S21), and starts time measurement so as to continue the holding state for a predetermined time (step S22). Thus, the preceding authentication process is completed.

  Next, FIG. 13 is a flowchart illustrating an example of a detailed processing procedure of the preceding authentication result deletion determination process (step S4). When the preceding authentication result is held in the image processing device 3, the control unit 20 acquires the measurement time after the preceding authentication result is held (step S31). Then, it is determined whether or not the measurement time has passed a predetermined time (step S32). This predetermined time can be set as appropriate. However, if the predetermined time is set too long, the consistency between the result of the preceding authentication held in the image processing apparatus 3 and the information held in the authentication server 4 as described above. It can be significantly reduced. Therefore, the predetermined time is preferably set to about several minutes to several hours, for example.

  If the predetermined time has not elapsed (NO in step S32), the preceding authentication result deletion determination process is terminated without performing the subsequent process. On the other hand, when the measurement time has passed the predetermined time (YES in step S32), the control unit 20 ends the time measurement (step S33). Then, the preceding authentication result is discarded (step S34). Further, the control unit 20 deletes the authentication information D2 stored in the authentication information storage unit 31 and the job setting information D3 stored in the job setting information storage unit 32. As a result, it becomes impossible to shift to the temporary login state using the preceding authentication result. Thus, the preceding authentication result deletion determination process ends.

  Next, FIG. 14 is a flowchart illustrating an example of a detailed processing procedure of the temporary login process (step S7). When the authentication information is input by the user and the preceding authentication login button 28c is further operated, the control unit 20 reads the authentication information D2 stored in the authentication information storage unit 31 of the storage device 30 (step S41). The read authentication information D2 is collated with the authentication information input by the user (step S42). And it is judged whether those authentication information corresponds (step S43). Thus, user authentication is performed inside the image processing apparatus 3. If the authentication information does not match (NO in step S43), the control unit 20 ends the temporary login process without performing the subsequent process.

  On the other hand, when the authentication information matches (YES in step S43), the control unit 20 starts background authentication (step S44). That is, the authentication information input by the user is transmitted to the authentication server 4 and a process of waiting until an authentication result is obtained from the authentication server 4 is executed in the background. Further, the control unit 20 reads the job setting information D3 stored in the job setting information storage unit 32 when the internal user authentication is successful (step S45). The job setting information D3 read at this time is within the function restriction range defined in the user function restriction information when the preceding authentication is successful.

  Thereafter, the control unit 20 shifts the operation state of the image processing apparatus 3 from the logout state to the temporary login state, and displays the operation screen as shown in FIG. 8 on the display unit 28 of the operation panel 27 (step S46). ). At this time, the control unit 20 displays the job setting value based on the job setting information D3 read from the job setting information storage unit 32 in a state in which the setting value is reflected in each setting item of the job setting field 28f. This eliminates the need for the user to perform a job setting operation from the beginning, and improves operability when executing a job in a provisional login state.

  Then, the control unit 20 determines whether or not a job setting change operation has been performed by the user (step S47). When a job setting change operation is performed (YES in step S47), the control unit 20 determines whether or not the setting change is within the range of the job setting information D3 (step S48), and is within the range of the job setting information. If so (YES in step S48), the setting change operation is accepted and reflected in the setting items of the job setting field 28f to update the operation screen (step S49). On the other hand, when the setting change exceeds the range of the job setting information D3, such setting changing operation is not accepted. If the job setting change operation is not performed by the user, steps S48 and S49 are skipped.

  Then, the control unit 20 determines whether or not a job execution instruction has been issued by the user (step S50). When a job execution instruction is issued (YES in step S50), the control unit 20 drives each unit based on the setting value of each setting item in the current job setting field 28f and executes the job (step S51). . Note that if the user has not instructed execution of the job, step S51 is skipped.

  Further, the control unit 20 receives the result of user authentication performed in the background from the authentication server 4, and determines whether or not the background authentication is successful (step S52). If the background authentication is successful, the temporary login state is shifted to the normal login state (step S53), and the temporary login process is terminated. If the result of user authentication performed in the background has not yet been received from the authentication server 4, the process returns to step S47 and the above-described processing is repeatedly executed. If background authentication fails, the illustration is omitted, but the temporary login state is changed to the logout state, and the process is terminated.

  By performing the processing as described above, the image processing apparatus 3 receives the preceding authentication request D1 from the computer 2 and executes user authentication as preceding authentication. When the user authentication as the preceding authentication is successful, the image processing apparatus 3 holds the result of the preceding authentication for a predetermined time, and when authentication information is input by the user during the predetermined time, the authentication server The authentication process is performed inside the image processing apparatus 3 without accessing the image processing apparatus 4. If the authentication process inside the image processing apparatus 3 is successful, the operation state of the image processing apparatus 3 is shifted to the temporary login state. In this temporary login state, the job can be executed within the range of the job setting information D3 by reflecting the result of the preceding authentication to the image processing apparatus 3.

  As described above, when the image processing apparatus 3 according to the present embodiment receives the authentication information D2 for user authentication and the job setting information D3 related to job setting when executing a job transmitted from the computer 2, The authentication information D2 and the job setting information D3 are stored in the storage device 30, and the received authentication information D2 is transmitted to the authentication server 4 to execute user authentication as preceding authentication. When the user authentication as the pre-authentication is successful, the result of the pre-authentication is stored. Further, when the image processing apparatus 3 thereafter inputs authentication information based on an operation by the user, the preceding authentication is performed on condition that the input authentication information matches the authentication information D2 stored in the storage device 30. By reflecting the result of the above, the state is shifted to a state where the job can be executed within the range of the job setting information D3.

  Therefore, when the user inputs authentication information to the image processing apparatus 3 in order to use the image processing apparatus 3, the temporary login state can be executed in a relatively short time, and the job can be executed. Can efficiently use the image processing apparatus 3, and the efficiency and operability when using the image processing apparatus 3 are improved.

  In addition, when the user actually tries to use the image processing apparatus 3, the authentication server 4 cannot be accessed because the authentication server 4 is down or the network cable is disconnected. Even so, the image processing apparatus 3 of the present embodiment can execute a job by using the result of the preceding authentication. Therefore, even in the above situation, the user can execute a job using the image processing apparatus 3.

  In addition, when the image processing apparatus 3 according to the present embodiment shifts to the temporary login state, only the execution of the job within the range of the job setting information D3 can be performed, and thus the formal user authentication by the authentication server 4 is not received. The executable range of jobs in the state is limited to a minimum range. For this reason, it is possible to prevent an unlimited number of jobs from being executed in the temporary login state, thereby minimizing the impact on security.

  Further, the image processing apparatus 3 according to the present embodiment acquires function restriction information for restricting a user's usable function transmitted from the authentication server 4 when the user authentication as the preceding authentication is successful, and the job setting information It is checked whether or not the job setting in D3 exceeds the function restriction range defined in the function restriction information, and the setting value of the job setting exceeding the function restriction range is invalidated. Therefore, when setting a job by operating the computer 2, the user does not need to know what the function restriction information is. In this case, there is a possibility that the setting exceeding the range of the function restriction is performed by the user, but at that time, such setting is invalidated in the image processing apparatus 3, so that the job exceeding the range of the function restriction of the user Can be prevented from being executed.

  In addition, the image processing apparatus 3 according to the present embodiment transmits authentication information input by the user to the authentication server 4, thereby performing a process for shifting to a state where the job can be executed within the range of the job setting information D 3. And perform user authentication in the background. Therefore, if user authentication in the background is successful, formal authentication by the authentication server 4 is obtained, and the job executable range in the image processing device 3 can be expanded. As a result, after executing the job set by the computer 2, the user can continue to use the image processing apparatus 3 and execute another job.

  In addition, the image processing apparatus 3 according to the present embodiment is configured to discard the result of the preceding authentication when the user does not input the authentication information for a predetermined time or longer while the result of the preceding authentication is held. Therefore, it is possible to prevent the result of the previous authentication from being held for a long time. Thereby, it becomes possible to suppress that the security of the image processing apparatus 3 falls remarkably.

  Furthermore, when the image processing apparatus 3 according to the present embodiment shifts to the temporary login state, the job setting value is displayed on the display unit 28 of the operation panel 27 based on the job setting information D3 received from the computer 2, so that the user can It is not necessary to start the job setting operation from the beginning in the provisional login state, and the operability is improved in this respect as well.

(Modification)
Although one embodiment related to the present invention has been described above, the present invention is not limited to the above-described embodiment. That is, various modifications other than the above-described embodiment can be applied to the present invention.

  For example, in the above-described embodiment, the case where the authentication information D2 and the job setting information D3 are added to the preceding authentication request D1 when the preceding authentication request D1 is transmitted from the computer 2 to the image processing apparatus 3 is illustrated. . However, the present invention is not limited to this, and job data (for example, image data to be printed) may be added to the prior authentication request D1. When receiving the preceding authentication request D1 to which job data is added, the image processing apparatus 3 stores the job data in the storage device 30, and executes user authentication as preceding authentication as described above. When the user inputs authentication information by operating the image processing device 3, the image processing device 3 executes internal authentication processing. When the authentication processing is successful, the job data is read from the storage device 30 and the job is executed. Execute. Such a job execution form may be used.

  In the above-described embodiment, the case where both the authentication information D2 and the job setting information D3 stored in the storage device 30 are deleted when a predetermined time elapses after holding the result of the preceding authentication is exemplified. Only D2 may be deleted, and the job setting information D3 may retain the storage state. In this case, for example, when the user inputs authentication information to use the image processing apparatus 3 and operates the normal login button 28d, the job setting information D3 corresponding to the user is stored when shifting to the normal login state. If so, it can be read out and reflected on the operation screen. In this case, since the user does not need to perform the job setting operation from the beginning, there is an advantage that the operability is improved.

  In the above-described embodiment, the example in which the image processing apparatus 3 includes a plurality of functions such as a printer function, a copy function, a FAX function, a scanner function, and a Box function, and executes a job corresponding to each function. However, the image processing apparatus 3 does not necessarily have the plurality of functions described above, and may be a single function apparatus having any one of the plurality of functions.

DESCRIPTION OF SYMBOLS 1 Image processing system 2 Computer 3 Image processing apparatus 4 Authentication server 5 Network 20 Control part 27 Operation panel (input means)
30 storage device (storage means)
41 Reception processing unit (receiving means)
42 Pre-authentication part (pre-authentication means)
43 Job setting confirmation section (Job setting confirmation means)
44 Login control unit (control means)
45 Background authentication processing unit (background authentication means)
D1 Pre-authentication request D2 Authentication information D3 Job setting information

Claims (10)

An image processing apparatus that performs data communication via a network with each of a computer operated by a user and an authentication server that performs user authentication,
Receiving means for receiving authentication information for user authentication and job setting information relating to job settings when executing a job, transmitted from the computer;
Storage means for storing authentication information received by the receiving means;
When authentication information is received by the receiving means, user authentication is performed as preceding authentication by transmitting the authentication information to the authentication server, and the result of the preceding authentication is held by successful user authentication. A prior authentication means,
An input means for inputting authentication information based on an operation by a user;
When authentication information is input via the input unit, the job setting is performed by reflecting the result of the preceding authentication on condition that the authentication information matches the authentication information stored in the storage unit. Control means that allow the execution of jobs within the scope of the information;
An image processing apparatus comprising:   When the user authentication as the preceding authentication is successful, the function restriction information for restricting the usable function of the user transmitted from the authentication server is acquired, and the job setting in the job setting information is included in the function restriction information. The job setting confirmation unit according to claim 1, further comprising job setting confirmation means for confirming whether or not a predetermined function restriction range is exceeded and invalidating a setting value of a job setting exceeding the function restriction range. Image processing device.   The system further comprises background authentication means for executing user authentication in the background in parallel with the control means by transmitting authentication information input via the input means to the authentication server. Item 3. The image processing apparatus according to Item 1 or 2.   When the user authentication executed by the background authentication unit succeeds in a state where the job can be executed within the range of the job setting information, the control unit is configured to limit a user's usable functions. The image processing apparatus according to claim 3, wherein the image processing apparatus shifts to a state in which a job can be executed within a function restriction range defined in the function restriction information.   The preceding authentication means discards the result of the preceding authentication if the input of authentication information by the input means is not performed for a predetermined time or more in a state where the result of the preceding authentication is held. The image processing apparatus according to claim 1. A login control method in an image processing apparatus,
Receiving authentication information for user authentication and job setting information related to job settings when executing a job, transmitted from a computer;
Storing the authentication information in a predetermined storage means when receiving the authentication information transmitted from the computer;
When the authentication information transmitted from the computer is received, the authentication information is transmitted to the authentication server to execute the user authentication as the preceding authentication, and the result of the preceding authentication is retained by succeeding the user authentication. And steps to
Inputting authentication information based on a user operation;
On the condition that the authentication information input based on the operation by the user matches the authentication information stored in the storage unit, the result of the preceding authentication is reflected to reflect the job information within the job setting information. Transitioning to a first login state allowing execution;
A login control method characterized by comprising:   When the user authentication as the preceding authentication is successful, the function restriction information for restricting the usable function of the user transmitted from the authentication server is acquired, and the job setting in the job setting information is included in the function restriction information. 7. The login control method according to claim 6, further comprising a step of confirming whether or not a predetermined function restriction range is exceeded and invalidating a setting value of a job setting exceeding the function restriction range. .   8. The method according to claim 6, further comprising a step of executing user authentication in the background of the first login state by transmitting authentication information input based on an operation by a user to the authentication server. Login control method described in.   When the user authentication in the background is successful in the first login state, the job can be executed within the function restriction range defined in the function restriction information for restricting the function that can be used by the user. The login control method according to claim 8, further comprising a step of shifting to a second login state.   The method further comprises a step of discarding the result of the preceding authentication when the input of authentication information based on a user operation is not performed for a predetermined time or more in a state where the result of the preceding authentication is held. Item 10. A login control method according to any one of Items 6 to 9.

Images