JP6772009B2 - Information processing equipment and control methods in the information processing equipment, and programs and image processing equipment - Google Patents

Description

The present invention relates to an information processing apparatus, a control method and a program in the information processing apparatus, and an image processing apparatus.

In recent years, an environment has been developed in which software is installed in an image processing device to expand its functions. Such software (main body application) can be linked with an external service to expand the functions of the image processing device. As a prior art, it has been proposed that when an image processing apparatus accesses an external service, the external service is authenticated and only the authenticated external service is used (see Patent Document 1).

JP-A-2015-230669

In the method disclosed in Patent Document 1, since the external service is authenticated when accessing the external service, for example, the information processing device is not used by the external service (Web application), but the external service (Web) is used. I couldn't access the app) to get screen information. Further, when it is assumed that an external service is accessed from a Web browser, there is a problem that a Web page (for example, a corporate portal site) that is only viewed cannot be accessed.
The present invention has been made in view of the above problems. An object of the present invention is to control the use of an information processing device by an external service while enabling access to the external service.

In order to achieve the above object, the present invention has the following configuration.
That is, a service requesting means that can request a service from a connected external server,
As required by the external server, and service providing means for providing a service to the external server,
It has a holding means configured to be installable and uninstallable, which holds the identification information of the service requester authorized to provide the service by the service providing means.
The service providing means determines whether or not the service requester is permitted to provide the service by referring to the identification information held by the holding means, and if it is determined that the service is permitted, the requested service. Provide,
The service requesting means further provides an information processing device characterized by accessing an external server to acquire and display display screen information.

According to the present invention, the use of the information processing device by the external service can be managed based on the license associated with the information processing device without changing the external service.

It is a figure which constructs the network system which includes the MFP which is an example of the image processing apparatus which concerns on a preferred embodiment of this invention. It is a block diagram which shows the apparatus configuration example of an image processing apparatus (MFP). It is a block diagram which shows the software structure which concerns on the preferred embodiment of this invention. It is a block diagram which shows the software configuration example of the image processing apparatus and the Web server which concerns on a preferred embodiment of this invention. It is a block diagram which shows the software configuration example of the image processing apparatus and the Web server which concerns on a preferred embodiment of this invention. It is a sequence diagram of the image processing system which concerns on a preferred embodiment of this invention. It is a basic flow of a service provider in the first embodiment of the present invention. It is a basic flow of a service provider in the second embodiment of the present invention. It is a figure which shows an example of the structure of the application which concerns on a preferred embodiment of this invention. It is a figure which shows an example of the license file which concerns on the preferred embodiment of this invention. It is a flowchart of the installation process of the application which concerns on a preferred embodiment of this invention. It is a figure which shows an example of the structure of the application which concerns on 3rd Embodiment of this invention. It is a sequence diagram of the image processing system which concerns on 3rd Embodiment of this invention. It is a sequence diagram of the image processing system which concerns on 3rd Embodiment of this invention. It is a sequence diagram of the image processing system which concerns on 3rd Embodiment of this invention. It is a basic flow of a service provider in the third embodiment of the present invention. It is a figure which shows an example of GUI displayed in the operation part of the MFP which concerns on 3rd Embodiment of this invention. It is a flowchart which shows an example of the processing in the MFP which concerns on 3rd Embodiment of this invention. It is a figure which shows the structure of the application and software module of the MFP which concerns on 3rd Embodiment of this invention.

Hereinafter, embodiments for carrying out the present invention will be described with reference to the drawings. However, the components described in this embodiment are merely examples, and the scope of the present invention is not limited to them.

[First Embodiment]
<System configuration example>
FIG. 1 is a diagram constituting an image processing system including an image processing device which is an information processing device (that is, a computer) according to a preferred embodiment of the present invention. In FIG. 1, the Web server 100 is an information processing device that provides an external service. The Web server 100 has a Web application 1001 as a service. That is, the Web server 100 can also be said to be an application server that provides an application service. This application service is, for example, a service that extends the functions of the MFP 110. The Web application 1001 sends content information to the Web browser according to the instructions of the Web browser described later. The license server 101 is an information processing device that manages application licenses. The license server 101 holds application information, a product key assigned to the application, and a license file that activates the application in a storage unit (not shown). Further, the license server 101 has a means for receiving a request for a license file from an information processing device (not shown) via the network 120, and has a function of sending the license file to the request source in response to the request. The management device 102 is an information processing device that controls the management of the image processing system. The administrator of the image processing system uses the management device 102 to set and manage the MFP 110 and install the application.

The MFP (multifunction peripheral device) 110 is an image forming device or an image processing device, and is a device on which various applications can be installed. Although the image processing device or the image forming device is used in the present embodiment, any information processing device capable of operating various applications can be the device in the present embodiment. In the present embodiment, for the sake of simplicity of explanation, a multifunction device (MFP) having a plurality of functions such as a printer and an image scanner is used as an example of a device. In the following description, the MFP refers to an image processing device in which an application is installed. The network 120 is a network such as the Internet. The MFP 110 is connected to the Web server 100, the management device 102, and an information processing device (not shown) via the network 120.

FIG. 2 is a block diagram showing an example of a device configuration of the MFP 110. In FIG. 2, the control unit 208 includes the CPU 210, the ROM 211, and the RAM 212, and controls the operation of the entire MFP 110. The CPU 210 reads the control program stored in the ROM 211 and executes various control processes such as read control and transmission control. The RAM 212 is used as a temporary storage area such as a main memory and a work area of the CPU 210. Further, the control unit 208 is connected to the function unit 201 and controls the operations of the operation display unit 202, the scanner unit 203, and the printer unit 204. The control unit 208 also executes an installed application program (referred to as a device application or simply an application) such as a Web browser.

The operation display unit 202 is arranged with a display unit such as a liquid crystal having a touch panel function, a keyboard, and the like. A screen of a Web browser or the like is displayed on the operation display unit 202. The printer unit 204 prints the image data output from the control unit 208. The scanner unit 203 reads the image of the original, generates image data, and outputs the image data to the control unit 208. The interface unit 206 connects the control unit 208 to the network 120 to receive image data for printing from an external information processing device (not shown) or screen data to be displayed on the operation display unit 202. HDD 209 stores image data and various programs. The image data for printing received from the external information processing device is temporarily stored in the image memory 207 and printed by the printer unit 204 via the control unit 208.

<Software configuration of MFP110>
FIG. 3A is a diagram showing an example of the software structure of the MFP 110 according to the present embodiment. It is assumed that each software shown in FIG. 3A is stored in the ROM 211 or the HDD 209 and executed by the CPU 210.
As the OS (Operation System) layer 301, a real-time OS is generally used, but a general-purpose OS such as Linux (registered trademark) may be used.
JavaVM302 is a virtual machine such as Java (registered trademark), and provides an application execution environment.
The application framework 303 provides a function of managing the life cycle of an application. The Native function unit 304 provides a function incorporated in the MFP 110. An example of the Native function is a function of printing with the printer unit 204 based on the print data received via the interface unit 206. The installed application can utilize the native function 304 provided by the MFP 110. In the example of FIG. 3A, a Web browser 305, an installer service 306, a cooperation permission application 307, and a service provider 308 are installed as applications. The installed application can also be uninstalled if necessary.
The Web browser unit 305 (also referred to as a Web browser 305) functions the Web browser mounted on the MFP 110. The Web browser unit 305 can display hypertext type information on the operation display unit 202, transmit the operation information or the like input from the operation display unit 202 to the Web server 100, and the like. The Web browser unit 305 can also execute the script received from the Web server 100. In this way, the Web browser unit 305 analyzes the HTML file received from the Web server 100 or the information processing device (not shown), and displays the operation screen based on the description of the analyzed HTML file on the operation display unit 202. Further, the Web browser unit 305 becomes a service request source for requesting a service to the Web application 1001 by setting the request destination to the Web application 1001.

The installer service 306 performs an installation process by registering a plurality of applications in the application framework 303. In order to activate the installed application, it is necessary to install the license file on the MFP110. If the license file is not installed, the application will be stopped by an application management function (not shown). The installer service 306 also installs this license. The license file is issued by the license server 101. Embed the identification information of the target application and the information that identifies the MFP in which the application is installed in the license file. The information that identifies the MFP is, for example, the serial number of the MFP. To install the same application on another MFP, you need to install a license file that embeds the identification information of the corresponding MFP. This makes it possible to prevent unauthorized duplication of software.

The cooperation permission application 307 is an application installed by the installer service 306 and provides various functions on the MFP 110. The cooperation permission application 307 can be downloaded and installed from the outside of the MFP 110. The cooperation permission application 307 can communicate with the user via the operation display unit 202. In addition, the cooperation permission application 307 can also generate image data using the scanner unit 204 via the Native function unit 304.
The service provider 308 controls the execution of the job instructed via the Web browser 305. For example, upon receiving a print instruction via the Web browser 305, the service provider 308 can control the printer unit 204 and execute the print job via the Native function unit 304. As described above, the service provider 308 is a service providing unit that provides the function of the MFP 110 to the outside of the MFP 110, for example, the Web application 1001.

In the present embodiment, it is assumed that the JavaVM 302, the application framework 303, the installer service 306, the Web browser 305, the cooperation permission application 307, and the service provider 308 are stored in the HDD 209. Further, it is assumed that the Native function 304 is stored in the ROM 210.

FIG. 4-1 (a) is a block diagram showing a software configuration example of an image processing device (MFP) and a Web server according to the first embodiment of the present invention. Each functional unit shown in FIG. 4-1 (a) is realized by executing a control program by a CPU 210 included in the MFP 110 or a CPU (not shown) included in the Web server 100. In the following, the software configuration of the image processing system, particularly the image processing device, will be described, but these functional blocks may be realized by hardware or a combination of hardware and software.

Each of the Web browser 305, the service provider 308, and the cooperation permission application 307 is realized by the CPU 201 of the MFP 110 executing the control program. The Web browser 305 and the Web server 100 may be clients / servers that follow other protocols as long as they can request / provide content by sharing the protocol. That is, it is not limited to displaying the contents of the Web server 100. Similarly, the Web server 100 is not limited to the Web server that sends and receives requests / responses according to the HTTP protocol. Therefore, the Web browser 305 may be a client having a function of acquiring content by communicating with the server and displaying it on the screen. Here, the content indicates information on the display screen displayed on the operation display unit 202 by the MFP 110.

The Web browser 305 includes a communication unit 421, an analysis unit 422, and a screen display unit 423. The communication unit 421 communicates with the presentation unit 411 in the Web application 110 of the Web server 100 according to the HTTP protocol. More specifically, the communication unit 421 transmits the information input via the operation screen displayed by the Web browser 305 as a request to the Web application 110. In addition, the communication unit 421 receives the response (processing result) transmitted from the Web application 110. The address (URL) of the Web application 110, which is the destination to which the Web browser 305 sends a request and receives a response, is held inside the Web browser 305. The URL of the other party can be provided at any time in response to a request from the installed application or the service provider 308 described later.

The analysis unit 422 analyzes the response received from the Web application 1001. The response includes HTML data that is a description indicating the content of the operation screen to be displayed on the Web browser 305. The screen display unit 423 functions as a display control means, and displays a screen corresponding to the HTML data, a script, or the like on the operation display unit 202 based on the analysis result of the HTML data (display screen information) by the analysis unit 422.

The service provider 308 includes a communication unit 431, a job generation unit 432, a content generation unit 433, and a permission URL verification unit 434. The communication unit 431 receives a processing request from the logic unit 412 in the Web application 1001. Further, when the communication unit 431 receives a request from the communication unit 421 of the MFP 110, the communication unit 431 returns the content information (HTML data) generated by the content generation unit 433 described later as a response. The job generation unit 432 receives the processing request received by the communication unit 431, and generates and executes a job for executing the requested processing. The content generation unit 433 generates content information (HTML data) for the Web browser 305 to display the screen when the communication unit 431 receives a request from the communication unit 421 of the MFP 110. Further, the content generation unit 433 may refer to and use the content stored in advance in a storage device such as HDD 209 without dynamically generating the content. When the communication unit 431 receives the processing request, the permission URL verification unit 434 determines whether the URL of the request source matches the permission URL described later, and if it matches, permits the job generation unit 432 to generate a job. .. If they do not match, do not allow job generation.

The cooperation permission application 307 is an application installed in the MFP 110. The federation authorization application 307 was installed on the MFP 110 to manage job generation by the service provider 308. The information of the permission URL 441 possessed by the cooperation permission application 307 is information that can be referred to by another application or the service provider 308, and is used by the permission URL verification unit 434 as a criterion for determining the permission to generate a job. This may be the identification information of the Web application having the authority to use the resources of the MFP 110, or may be the permission information for permitting the use thereof.

<File contents>
Next, the application file will be described with reference to FIG. An application file is a file that contains an application program file (which may be compressed) and its metadata file. In FIG. 8, the application file 800 is composed of one file obtained by compressing a plurality of files such as a CAB file, a JAR (Java (registered trademark) Archive) file, and a ZIP file. The manifest file 801 and the application program 802 are included in the application file 800. In the manifest file 801, information attached to the application such as the application name, the application ID for uniquely identifying the application, and the version is described. The manifest file 801 is read by the installer service 306 during installation. The information described in the manifest file 801 of the installed application can be referred to by other installed applications and the service provider 308 via the application framework 303. The application program 802 in the application file 800 is encrypted to prevent falsification of the program by a third party. The application file 802 is distributed to users via a recording medium such as a CD or a medium such as the Internet, and is decrypted and executed by the MFP to be installed. The application file 802 is decrypted and then installed on the application framework 303.

In the present embodiment, the items described in the manifest file 801 are defined as follows.
The application name 8011 represents the name of the application.
The application ID 8012 represents an identifier for uniquely identifying the application.
Application type 8013 represents the type of application. For example, the value 100 represents an application used to permit the use (cooperation) of the MFP from an external service, that is, the cooperation permission application 307 in the present embodiment.
Version 8014 represents the version of the application.
The service host 8015 represents the address of the server providing the service in URL format. Regarding the cooperation permission application 307, the address described in this item is the permission URL 441. That is, the service at the address indicated in this item is permitted to use the MFP in which the cooperation permission application 307 is installed. This item is set by the application developer when the application is created.

FIG. 9A is a diagram showing an example of a license file installed on the MFP 110 in order to enable the application. In this embodiment, the items described in the license file are defined as follows.
In FIG. 9A, the license ID 901 represents a unique ID for identifying the license. Types of licenses include trial licenses with a limited number of activations and period, restricted licenses with restrictions on functions such as simultaneous activation, and licenses without any restrictions.
In FIG. 9A, the application ID 902 represents an application ID that uniquely identifies the application for which the license is set. In FIG. 9A, the validity period 903 represents the period during which the application covered by this license can be used. In FIG. 9, the device ID 904 represents a device ID that uniquely identifies the MFP on which the application covered by this license can be installed. In FIG. 9A, the decryption data 905 stores information and the like for decrypting the encrypted application program 802 of the licensed application. The installer service 304 determines whether the application is valid or invalid based on the information described in the license file. When all of the following conditions are satisfied, the license of the application shall be valid.-The application ID 902 described in the license file and the application ID 8102 described in the manifest file of the target application match.
-The validity period 903 described in the license file has not passed.
-The device ID 904 described in the license file matches the device ID obtained from the MFP to be installed.

<Application installation process>
Next, an example of the application installation process in the present embodiment will be described with reference to FIG. It is assumed that the installation program of the application to be installed and various setting values required for installation have been passed to the management device 102 by the administrator. The applications installed by this procedure include, for example, a service provider 308, a Web browser 305, a cooperation permission application 307, and the like.
In S1000, the management device 102 acquires device identification information from the MFP 110. The device identification information is information that uniquely identifies the image processing device. For example, a serial number.
Next, in S1001, the management device 102 sends the application identification information and the device identification information to the license server 101. The application identification information is an application ID, an application name, a version, or the like.
Next, in S1002, the license server 101 sends the license file to the management device 102 based on a predetermined method. The license server sets the application identification information and the device identification information received in S1001 to the application ID 902 and the device ID 904 in FIG. 9A, and creates a license file. The created license file is sent to the management device 102.
Next, in S1003, the management device 102 sends the application installation program and the license file acquired in S1002 to the installer service 306 of the MFP110.
Next, in S1004, the MFP 110 is installed. That is, the installer service 306 of the MFP 110 starts the installation program received in S1003 and registers the application file in the application framework 303.
Next, in S1005, the MFP 110 activates the installed application. That is, the installer service 306 of the MFP 110 compares the information described in the license file acquired in S1003 with the device information of the MFP 110 and the information of the application installed in S1004. For example, if the value of the device ID 905 described in the license file acquired in S1003 and the device ID acquired from the MFP 110 are different, it is regarded as an unauthorized installation and the activation fails. When the activation fails, the application registered in the application framework 303 cannot be started. Similarly, if the application ID 903 described in the license file acquired in S1003 and the application ID of the application installed in S1004 are different, the activation fails.
When the activation is successful in S1005, the MFP110 returns the activation success to the management device 102 in S1006. For example, by sending information indicating the success of the application to a Web browser (not shown) of the management device 102, the Web browser (not shown) of the management device 102 notifies the management device 102 of the success of the installation.
If the activation is not successful in S1005, the MFP110 returns the activation failure to the management device 102 in S1007. For example, the user is notified of the installation failure by sending information indicating the failure of the application to a Web browser (not shown) of the management device 102.
The web browser usually receives a response to the HTTP request. From this, when using the Web browser of the management device 102, for example, the management device 102 sends a request for a URL indicating whether the installation succeeded or failed immediately after S1003 to the MFP 110, and the installation failed / failed as a response. It may be configured to return success to management device 102. Further, a script may be sent to the management device 102, and the failure / success of the installation may be received by the script. Of course, the installation result may be notified without using HTTP.

Then, when permitting the use of the device application such as the service provider 308 by the Web application 101, the cooperation permission application 307 in which the URL for the Web browser 305 to access the Web application 101 is described in the manifest file 800 is registered. You need to be. The cooperation permission application 307 may be installed one by one for each Web application that uses the device application, or the URLs of one or more Web applications that use the device application are described in the manifest file of one cooperation permission application 307. You may.

<Procedure in image processing device>
Next, a series of processes in the image processing apparatus according to the present embodiment will be described with reference to FIG. This sequence is started when the Web browser 305 of the MFP 110 is started by the user. It is the Web server 100 that exchanges the HTTP request / response with the Web browser 305, and the Web application 1001 exchanges the request / response with the Web browser via the Web server 100. However, in FIG. 5, the intervention of the Web server 100 is omitted, and the Web browser 305 is described and described as if it is directly communicating with the Web application 1001. First, in S500, the Web browser 305 makes an HTTP request to the Web application 1001 of the Web server 100. At this time, the destination of the HTTP request is the Web application corresponding URL determined for each Web application 1001. The Web application 1001 that has received the request returns the HTML content (display screen information) of the screen displayed by the Web browser 305 as an HTTP response in S501. For example, when the HTTP request is a request for the print setting screen, the Web application 1001 responds with HTML for displaying the scan setting screen.
When the user operates the content displayed on the operation display unit 202 by the Web browser 305, in S502, the Web browser 305 requests the Web application 1001 to execute the function to the service provider 308 according to the operation. Send. Here, for example, if the user presses the scan execution button as an operation of the content, the Web browser 305 sends an HTTP request requesting the execution of the scan to the URL corresponding to the Web application. In response to the request, the Web application 1001 determines that the Web browser 305 has requested the execution of the scan. The request may include information indicating the destination of the service provider 308 of the MFP performing the requested function.

In S503, the Web application 1001 responds to the Web browser 305 with HTML content for screen display. The content that responds here is HTML content that informs the user that processing is being executed.
In S504, the Web application 1001 gives a function execution instruction to the service provider 308. For example, when the user instructs the service provider 305 to execute the scan in S502, the service provider 305 is instructed to perform the scan. Since the transmission of the function execution instruction is between the logic unit 412 and the service provider 308, it does not have to be HTTP. Alternatively, the service provider 308 may be provided with a Web server function and transmitted as an HTTP request. Further, since the Web application 1001 provides the application service in response to the request by the MFP 110, when the Web application 1001 requires the service by the MFP, the service is requested from the MFP that requests the application service. To do. That is, the MFP of the service request source for the Web application 1001 becomes the MFP of the service request destination by the Web application 1001.
In S505, the service provider 308 acquires the connection URL from the Web browser 305. That is, the URL of the Web application 1001 that transmitted the response in S503 immediately before is acquired.
Next, in S506, the service provider 308 acquires the permission URL held by the cooperation permission application 307.
Next, in S507, the service provider 308 determines whether the URLs acquired in S505 and S506 match.
When it is determined in S507 that they match, the service provider 308 executes the job in S508. For example, when the user instructs S502 to execute the scan, a scan job is generated and the scan is executed. The image data generated by the scan is transmitted to, for example, the Web application 101, or is stored in the storage unit of the MFP 110, depending on the job execution request.
If it is not determined in S507 that they match, the service provider 308 notifies the Web application 1001 of an error in S509. For example, error code information indicating a license violation is notified by a predetermined method.

In the above example, scanning is used as a function, but the above procedure can be applied to any function provided to the Web application 101 via the service provider 308.

<Processing procedure by service provider>
Next, the basic flow of the service provider 308 will be described with reference to FIG. The process described below is realized by executing the program read from the storage device such as HDD 209 by the CPU 210.
In S601, the service provider 308 receives a job execution instruction from the Web application 1001 (corresponding to S504 in FIG. 5). It is assumed that the detailed information about the job is appropriately transmitted from the Web application to the service provider 308.
Next, in S602, the service provider 308 acquires the connection destination URL from the Web browser 305. This step corresponds to S505 in FIG.
Next, in S603, the service provider 308 acquires the permission URL from the cooperation permission application 307. This step corresponds to S506 in FIG.
In S604, the service provider 308 determines if the URLs match. That is, when the two URLs acquired in S602 and S603 are the same, it is determined that the URLs match. This step corresponds to S507 in FIG.
When it is determined in S604 that the URLs match, the service provider 308 executes the job in S605. That is, the job instructed by the Web application 1001 is executed in S601. This step corresponds to S508 in FIG.
When it is determined in S604 that the URLs do not match, the service provider 308 notifies the Web application 101 of an error in S606. That is, the error information is notified to the Web application 1001 which is the sender of the job execution instruction received in S601 by using a predetermined method. This step corresponds to S509 in FIG.

As described above, in the image processing system according to the first embodiment, the use of the image processing device from the Web application can be easily managed. That is, when a job execution instruction is given from the Web application to the image processing device, the job can be executed only when the cooperation permission application having the URL of the corresponding Web application is already installed. When it is desired to permit the use of the image processing device to a specific Web application, the use can be permitted by installing the cooperation permission application having the URL of the corresponding Web application. Also, if you want to disallow the use from permission, you can disallow it by uninstalling the installed application. Since no special changes are made to the Web browser, Web application, and Web server, communication from the image processing device to the Web application and communication from the Web application that does not involve the use of the image processing device are not restricted.

The above is not limited to job execution. When using the resources of the image processing device from the Web application, the cooperation permission application having the identification information (for example, URL) of the Web application permitted to be used is installed in the image processing device. The service provider can determine whether or not the Web application has the authority to access the resources of the image processing device by referring to the identification information of the cooperation permission application. In addition, although scanning is taken as an example as a service, it is also possible to provide printer functions that can be provided by the MFP 110, both scanning and printer functions, and functions such as facsimile and data storage box.

[Second Embodiment]
As the number of Web applications that use the image processing device increases, it is necessary to install the cooperation permission application each time, which increases the management man-hours by the administrator. An improvement is conceivable in which a special authority is prepared for the image processing system, and in the system having this special authority, the use of the image processing device is permitted from the Web application even if there is no cooperation permission application. For the sake of simplicity, only the points different from the first embodiment will be described. This will be described with reference to FIGS. 4-1 (b), 7 and 9 (b).

An example of granting special authority by the license file of the Web browser 305 will be described. The authority to be granted to the image processing system can be specified by the license ID of the license file installed together with the Web browser 305. FIG. 9B is an example of a license file of the Web browser 305 having special authority. The license ID 911 is set with a value meaning a special authority. The image processing device 110 on which the Web browser 305 is installed together with the license file indicating this special authority shall have the special authority. The special authority (hereinafter referred to as a special authority) means that the Web application 1001 that uses the image processing device 110 is not restricted. That is, the application having this special authority, particularly the Web application 1001 that provides the service by request from the Web browser 305, can use the image processing device 110 for any Web application, and the cooperation permission application 305 must be installed for use. do not need.

<Software configuration example>
FIG. 4-1 (b) is a block diagram showing a software configuration example of an image processing device (MFP) and a Web server according to a second embodiment of the present invention.
When the communication unit 431 receives a processing request from the Web application 1001, the license verification unit 435 determines whether the license of the Web browser 305 is a special authority for causing the Web application 1001 to use the image processing device 110. If there is special authority, the job generation unit 432 is allowed to generate a job. If there is no special authority, the permission URL verification unit 434 is made to determine permission to generate a job. This is as described in the first embodiment. The license of the Web browser 305 can be referred to by other installed applications or the service provider 308 via the application framework.

<Basic flow of service provider>
FIG. 7 is a basic flow of the service provider 308 in the second embodiment. S601 to 606 are the same as S601 to 606 in the flow of FIG.
In S601, the service provider 308 receives the job execution instruction from the Web application 1001. The procedure of FIG. 7 may be started when the job execution instruction is received. The same is true for FIG.
In S701, service provider 308 determines if he has special authority. That is, the service provider 308 examines the license ID 911 of the license file of the Web browser 305, and if a value meaning special authority is set, it determines that the service provider 308 has special authority.
When it is determined in S701 that the Web browser 305 has special authority, the service provider 308 executes the job instructed by the Web application 1001 in S605.
When it is not determined in S701 that the person has special authority, the processes S602 to S606 of FIG. 6 are executed. As described above, in S701, prior to the determination of the cooperation permission described in the first embodiment, the special authority is preferentially determined in the present embodiment, and if there is the special authority, the provision of the service is permitted.
For the sake of simplicity, the license file is used as an example to determine the special authority of the image processing system, but the description is not limited to this. It may be judged by the product name and version of the Web browser. Further, the license of the application having other functions may be used as the criterion for determining the special authority instead of the Web browser.

As described above, in the image processing system according to the second embodiment, the use of the image processing device can be permitted from the Web application without installing the cooperation permission application. Therefore, in the image processing system having special authority, it is not necessary to install the cooperation permission application for each Web application, and the application management load of the administrator is reduced.

[Third Embodiment]
In the first embodiment, in order to connect to the Web application, it is necessary to make an HTTP request to the Web application corresponding URL determined for each Web application 101 in step S500. However, whether or not the linking permission URL corresponding to the Web application corresponding URL to be connected is permitted (whether or not the cooperation permission application corresponding to the Web application compatible URL is installed) must be performed up to step S507 in the sequence of FIG. I do not understand. In addition, the user needs to know in advance the Web application URL determined for each Web application 101. Therefore, in the present embodiment, the configuration described in the first embodiment or the second embodiment is improved so that the cooperation permission application has a connection function to the Web application. Also in this embodiment, the system configuration and the hardware configuration of the MFP are as shown in FIGS. 1 and 2, respectively, and the description thereof will be omitted because they are the same as those in the first embodiment.

FIG. 3B is a diagram showing an example of the software structure of the MFP110 according to the present embodiment, similarly to FIG. 3A. The difference from FIG. 3A is that there are a plurality of cooperation permission applications 450 and 460 and that there is a menu application 310. In the following description, the cooperation permission application 450 will be described, but the same applies to the cooperation permission application 460 or other cooperation permission applications.

<Software configuration example of MFP and Web server>
FIG. 4-2 is a block diagram showing a software configuration example of an image processing device (MFP) and a Web server according to a third embodiment of the present invention. Unless otherwise specified, the configurations and blocks have the same roles as those in FIGS. 4-1 (a) and 4-1 (b). The difference between FIGS. 4-1 and 4-2 described above is that it is possible to hold a plurality of URLs of the Web application in the cooperation permission application. The cooperation permission application 450 of FIG. 4-2 holds two URLs, the permission URL 441 and the Web application corresponding URL 451. The permission URL 441 is a URL used for confirming whether or not the Web application is permitted to cooperate as described in the first embodiment, that is, the access to the resource of the MFP 110 is permitted. The Web application-compatible URL 451 is the URL of the top page (hereinafter, also referred to as the top page URL) that serves as the entrance to the Web application. Further, the top page URL may be used for confirming whether or not the Web application is permitted to cooperate with the permission URL 441. Of the two URLs, the Web application-compatible URL 451 is indispensable. When the domain and path of the Web application compatible URL and the permitted URL are the same, the permitted URL 441 can be omitted. That is, when only the Web application-compatible URL 451 is included, it can be determined that the Web application-compatible URL 451 is also a permitted URL. On the other hand, if the domain or path of the URL corresponding to the Web application and the permitted URL are different, the permitted URL cannot be omitted. For example, when the top page is provided by a subdomain for authentication (example: auto.mysite.org) and the Web application is provided by a dedicated subdomain (example: app1.mysite.org), the URL corresponding to the Web application (that is, the top page). It is necessary to specify both the URL) and the permitted URL.

<Software of cooperation permission application 450>
FIG. 18 is a diagram showing a configuration of a software module of the cooperation permission application 450 according to the embodiment. The explanation here also targets the cooperation permission application 450, but the same applies to other cooperation permission applications. The cooperation permission application 450 holds the setting information required for each Web application in the manifest file 1801. That is, one cooperation permission application is required for one Web application. The cooperation permission application corresponding to the Web application to be used is installed in the MFP110. When using a plurality of Web applications, a plurality of cooperation permission applications are installed in the MFP 110. In that case, the plurality of cooperation permission applications share and use one Web browser 305. These software modules presented in FIG. 18 are stored in the HDD 209 of the MFP 110, expanded in the RAM 212 at the time of execution, and executed by the CPU 210.

The manifest file 1801 is a file that describes the basic information of the cooperation permission application 450 and the information for connecting to the Web application. The permission URL 441 and the Web application compatible URL 451 are registered in this manifest file 1801. The menu application cooperation unit 1811 informs the Web browser cooperation unit 1812 of the top page URL 8016 (see FIG. 11 (a)) of the Web application registered in the manifest file 1801, and the application operating in the Web browser 305 starts operation. It can be so. The top page URL 8016 corresponds to the Web application compatible URL 451. The service host 8015 corresponds to the permission URL 441.

FIG. 11 describes the application file 800 of the cooperation permission application. 11 (a) and 11 (b) are views in which a part of FIG. 8 is modified. The manifest files 801,802 included in the application file 800 correspond to the manifest file 1801 shown in FIG. In this description, only the difference from FIG. 8 will be described. FIG. 11A shows an example in which the service host (that is, the permitted URL) 8015 and the top page URL (that is, the URL corresponding to the Web application) 8016 are arranged on the same site. For example, a case where the site (top page URL) that stores the scanned document and the site (service host) that performs processing on the document (for example, file format conversion processing, image resolution conversion processing, etc.) are the same. I'm assuming. In the case of this example, since the service host 8015 and the top page URL 8016 are the same site, the service host 8015 can be omitted. In FIG. 11A, the top page URL 8016 represents the address of the top page of the Web application of the server providing the service in the URL format. Regarding the cooperation permission application 450 of FIG. 4-2, the address described in this item is the Web application compatible URL 451. On the other hand, FIG. 11B shows an example in which the service host 8025 and the top page URL 8026 are located on different sites. For example, it is assumed that the service host 8025 continues the process at another site after the authentication is performed at the site of the top page URL 8026. In the case of this example, since the service host 8015 and the top page URL 8016 are located on different sites, it is not possible to omit the service host 8015.

<Installation process of cooperation permission application>
The flow of registering a button in the main menu at the time of installation and activation of the cooperation permission application in steps S1004 and S1005 of FIG. 10 will be supplementarily described with reference to FIG.

FIG. 15 is a flowchart for explaining the installation process of the cooperation permission application performed by the MFP 110. The CPU 210 reads, analyzes, and executes the program stored in the HDD 209 of the MFP 110 into the RAM 212, so that each step of the flowchart of FIG. 15 is executed.

As a preliminary preparation, it is assumed that the purchaser of the cooperation permission application receives the encrypted cooperation permission application and the license access number from the seller of the cooperation permission application and receives the license file from the license server 101 as described above. ..

First, the installer service 306 receives the encrypted cooperation permission application and the encrypted license file as installation instructions from the PC 140 operated by the cooperation permission application purchaser (step S1501). The installer service 306 decrypts the received cooperation permission application and the license file. (Step S1502).

The installer service 306 checks whether both the license file and the cooperation permission application can be decrypted (step S1503). If both of them can be decrypted, the installer service 306 proceeds to step S1504. If either one or both cannot be decrypted, the installer service 306 notifies an error (step S1510) and ends the process.

In step S1504, the installer service 306 compares the device ID described in the decrypted license file with the device ID preset in the MFP 110, and determines whether or not the license file is correct and conforms to the MFP 110. If the installer service 306 determines that the license file is correct, the installer service 306 proceeds to step S1505. If the installer service 306 determines that the license file is not correct, it notifies an error (step S1510) and ends the process.

Next, the installer service 306 saves the decrypted cooperation permission application and the license file in the HDD 209. Subsequently, the installer service 306 reads the cooperation permission application saved in the HDD 209 into the RAM 212 and starts it (step S1507). The started cooperation permission application registers a GUI button (or icon) for calling the cooperation permission application in the menu application 310 (step S1508).

FIG. 16 is a diagram showing an example of a GUI displayed on the operation display unit 202 when the menu application 310 of the MFP 110 is called in a state where two cooperation permission applications are installed on the MFP 110 according to the embodiment. The GUI buttons 1601, 1602, and 1603 are GUI buttons for calling an application that is included in the MFP 110 from the beginning. Both the GUI button 1604 and the GUI button 1605 are GUI buttons for calling the cooperation permission application. As shown in FIG. 16, GUI buttons are displayed for each cooperation permission application. The GUI button 1606 is a GUI button for calling an application running on an MFP different from the cooperation permission application. As shown in FIG. 16, the menu application 310 displays GUI buttons without distinguishing between application types.

<Web application usage sequence by MFP>
FIG. 13 is a sequence diagram showing a flow of a series of processes when using the Web application from the MFP 110. Here, as an example, the processing when the GUI button 1605 displayed by the menu application 310 is selected by the user will be described.

First, when the menu application 310 of the MFP 110 accepts the user to press the GUI button 1605, it calls the cooperation permission application 450 corresponding to the GUI button 1605 (step S1301). The called cooperation permission application 450 creates information necessary for calling the top page of the Web application based on the information defined in the manifest file 1801 of the cooperation permission application 450 (for example, the top page URL 8016) (step S1302). Subsequently, the cooperation permission application 450 calls the top page of the Web application based on the information created in step S1302 by using the Web browser 305 (step S1303).

Upon receiving the call, the Web server 100 verifies the call (step S1304). As verification for the call, for example, whether or not the URL exists is called, and the version of the browser is checked. Based on the result of the verification, the Web server 100 returns a response to the call to the MFP 110 (Web browser 305) (step S1305). If the verification result is OK (that is, success), the Web server 100 responds with HTML content for configuring the screen required for the next operation. On the other hand, if the verification is unsuccessful, a message to that effect is responded.

The Web browser 305 renders the received HTML (or unsuccessful message) and displays the screen on the operation unit 111 (step S1306). If the verification is successful, the Web browser 305 then receives the user's screen operation instruction (step S1307), and then sends a corresponding request to the Web server 100 using the HTTP protocol (step S1308).

The Web server 100 that has received the request processes the request (step S1309), and responds to the MFP 110 (Web browser 305) with HTML content for configuring the next screen based on the processing result (step S1310). After that, by repeating steps S1306 to S1310, the processing of the Web application and the screen transition are realized.

FIG. 12 describes a series of processes in the image processing apparatus according to the present embodiment. The sequence of FIG. 5 is partially modified according to the present embodiment. Therefore, in this description, only the difference will be described. Note that FIG. 12 is a diagram detailing a case where the sequence of FIG. 13 is shown as an operation for each software module and the resources of the Web application 101 to the MFP 110 are used. In S1201, the top page URL is transmitted from the cooperation permission application 450 to the Web browser 305. Since the description of the top page URL has been described in the description of FIG. 4-2, the description is omitted in this description. The service provider 308 that received the job execution request in S504 acquires the permission URL 441 held by the cooperation permission application 450 and the Web application corresponding URL 451 as the top page URL in S1202. When the permitted URL can be acquired, the service provider 308 compares it with the connection destination URL acquired in S505, and if they match, executes the requested job. On the other hand, when the acquired URL does not include the permission URL 441, the URL 451 corresponding to the Web application is compared with the connection destination URL acquired in S505, and if they match, the requested job is executed. If they do not match, an error is notified to the Web application 101.

<Call processing of top page by cooperation permission application>
FIG. 17 is a flowchart for explaining a process when the cooperation permission application calls the top page of the Web application. Each step of the flowchart of FIG. 17 is executed by the CPU 201 reading, analyzing, and executing the program stored in the HDD 204 of the MFP 110 into the RAM 203.

The flowchart of FIG. 17 is a detailed description of the processes of steps S1301 to S1303 of FIG. Step S1301 in FIG. 13 corresponds to step S1701 in FIG. Step S1302 in FIG. 13 corresponds to steps S1702 to S1705 in FIG. Step S1303 in FIG. 13 corresponds to step S1706 in FIG. Examining the Handling In FIG. 17, the menu application cooperation unit 1811 of the cooperation permission application 450 receives a call instruction from the menu application 310 that has received the GUI button press by the user (step S1701). Next, the Web browser cooperation unit 812 acquires the top page URL 8016 (see FIG. 11A), which is the information of the Web application, from the manifest file 1801 (step S1702).

Next, the Web browser cooperation unit 1812 sets the acquired top page URL as the connection destination in the Web browser 305 (step S1704). The Web browser cooperation unit 1812 switches the display of the operation unit 202 from the menu application 310 to the GUI window of the Web browser 305 (step S1705). The Web browser 305 accesses the URL set in step S1704 in order to call the top page of the Web application corresponding to the GUI button (step S1706).

By executing the above processing, the cooperation permission application corresponding to the GUI button instructed by the menu application 310 can call the top page of the Web application.

<Basic flow of service provider>
Next, the basic flow of the service provider 308 will be described with reference to FIG. Note that FIG. 14 is a flow added based on FIG. The flow without particular explanation is the same as that in FIG. In this description, the added difference will be described. The procedure of FIG. 14 corresponds to steps S507 to S509 of FIG.

In S1407, the service provider 308 acquires the permission URL 441 and the top page URL (that is, the Web application corresponding URL 451) from the cooperation permission application 450. This step corresponds to S1202 in FIG. The URL of the top page is omitted because it is described in FIG. 4-2. In S1408, the service provider 308 determines if there are two URLs. That is, it is determined whether or not the number of URLs acquired in S1407 is one or less. If there is only one URL, proceed to S604. If there are two or more URLs, proceed to S1409. Since there is no difference between S604, S605, and S606 from FIG. 6, the description thereof will be omitted. If no URL is included, it branches to S606.

In S1409, the service provider 308 determines whether either the Web application compatible UR451L or the permission URL 441 matches. If at least one of them matches, the process proceeds to S605. If none of them match, the process proceeds to S606. This step corresponds to S1309 in FIG. In S604 and S1409, when comparing URLs, it is not an exact match of URLs but a partial match. Specifically, it compares whether the strings that identify the site of the service match. The reason is that we originally expect to compare by site, but if we compare by exact URL match, it will be compared by page of site. Therefore, only the corresponding page is permitted. On the other hand, if the character strings that make it possible to identify the site unit of the service are compared by partial match, it is possible to correctly compare whether the site is applicable or not. For example, compare up to the top level folder. If either the top page URL or the permitted URL matches the connection destination URL, it is OK.

As described above, in the image processing system according to the third embodiment, the cooperation permission application is provided with the connection function to the Web application. Therefore, the corresponding Web application can be used by associating the specific cooperation permission application with the specific Web application and starting the specific cooperation permission application. Further, the cooperation permission application manages the access authority to the resource of the MFP given to the Web application to which it is associated. Therefore, the service provider determines whether or not the linking permission URL corresponding to the Web application corresponding URL to be connected is permitted (whether or not the linking permission application corresponding to the Web application compatible URL is installed) (S507 in FIG. 5). It becomes possible to grasp without implementing. The top page URL is always registered in the cooperation permission application, and in the present embodiment, access to the resources of the MFP is permitted for the top page URL. This is because if the cooperation permission application is installed, it can be determined that the Web service associated with the cooperation permission application is permission to cooperate.

Further, the user does not need to know the Web application URL determined for each Web application 101 in advance. Therefore, it is possible to simplify the steps for connecting to the Web application and reduce the complexity of operability.

[Other Examples]
The present invention supplies a program that realizes one or more functions of the above-described embodiment to a system or device via a network or storage medium, and one or more processors in the computer of the system or device reads and executes the program. It can also be realized by the processing to be performed. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.

100 Web server, 102 Management device, 110 MFP, 202 Display operation unit, 303 Application framework, 305 Web browser, 308 Service provider

Claims (15)

A service request method that can request a service from a connected external server,
As required by the external server, and service providing means for providing a service to the external server,
It has a holding means configured to be installable and uninstallable, which holds the identification information of the service requester authorized to provide the service by the service providing means.
The service providing means determines whether or not the service requester is permitted to provide the service by referring to the identification information held by the holding means, and if it is determined that the service is permitted, the requested service. Provide,
The service requesting means is an information processing device that further accesses an external server to acquire and display display screen information. The service providing means acquires the identification information of the service requesting destination for which the service requesting means has requested the service from the service requesting means, and the acquired identification information of the service requesting destination is used as the identification information of the service requesting source. The information processing apparatus according to claim 1, wherein it is determined whether or not the service requester is permitted to provide the service based on the identification information held by the holding means. The holding means further holds the identification information of the service request destination by the service request means in addition to the identification information of the service request source for each service request source.
The information processing device according to claim 1, wherein the service request means accesses the identification information of the service request destination for a service request. When the service request source identification information and the service request destination identification information are the same, the holding means holds at least one of the service request source identification information and the service request destination identification information. The information processing apparatus according to claim 3. The service providing means acquires the identification information of the request destination to which the service request means has requested the service from the service request means, and the acquired identification information of the request destination is combined with the identification information held by the holding means. The information processing apparatus according to claim 3 or 4, wherein if at least one of them matches, it is determined that the provision of the service to the service requesting source is permitted. It also has a framework on which applications can be installed
The information processing apparatus according to any one of claims 1 to 5, wherein the holding means is realized by a cooperation permission application that can be installed and uninstalled in the framework. The information processing device according to claim 6, wherein the cooperation permission application is installed in the framework as one application that holds identification information of the service request source for each service request source. When the application is installed, the GUI button is registered in the main menu, and when the cooperation permission application is started, the Web browser is opened and the service request destination is based on the identification information of the service request destination held by the cooperation permission application. The information processing apparatus according to claim 6, wherein the information processing apparatus according to claim 2, wherein the information processing apparatus is used to access the device. Has more license verification means
The information processing device according to any one of claims 6 to 8, wherein the cooperation permission application is activated when it is determined by the license verification means that there is a license. The service request means is realized by an application that can be installed and uninstalled in the framework.
The service providing means preferentially determines whether or not the identification information of the application that realizes the service requesting means is a value indicating a special authority, and if it is a value indicating a special authority, the above-mentioned The information processing apparatus according to any one of claims 6 to 9, wherein it is determined that the service requester is permitted to provide the service. Scanning means to scan images and
It also has a printer means for printing images,
The information processing apparatus according to any one of claims 1 to 10, wherein the service provided by the service providing means includes a service using the scanning means, the printer means, or both of them. It is an image processing device
An application framework for installing applications and running installed applications,
With the scanner part
It has a printer unit and
As an application installed in the application framework, a service provider that provides the function of the image processing device to an external server , and
A web browser that accesses an external server and receives services from a web application,
It has a cooperation permission application that holds permission information indicating whether or not the provision of services by the image processing device by the Web application is permitted and information for accessing the top page of the Web application.
The service provider determines whether the provision of the service is permitted to the Web application by referring to the permission information held by the cooperation permission application or the information for accessing the Web application, and determines that the service is permitted. If you do, provide the requested service,
The Web browser is an image processing device characterized by accessing an external server, acquiring display screen information, and displaying the information. A service request process that can request services from a connected external server,
As required by the external server, and a service providing step for providing a service to the external server,
It has a retention process configured to be installable and uninstallable, which retains the identification information of the service requester authorized to provide the service by the service provision process.
The service providing process determines whether or not the service requester is permitted to provide the service by referring to the identification information held by the holding process, and if it is determined that the service is permitted, the requested service. Provide,
In the service request process, a control method in an information processing device, which comprises accessing an external server to acquire and display display screen information. In the holding step, in addition to the identification information of the service request source, the identification information of the service request destination by the service request process is further held for each service request source.
The control method in the information processing apparatus according to claim 13, wherein in the service request process, the identification information of the service request destination is accessed for the service request. A program for operating a computer as the information processing device according to any one of claims 1 to 11.

Images