JP2016126714A - Apparatus, image forming apparatus, information processing method, information processing program and information processing system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce the time and effort of an input operation of user's authentication information.SOLUTION: A Web server function 61 of an MFP 1 generates and displays a user authentication screen of a WebAP to be executed through a network 40. A Web browser function 62 transmits authentication information inputted through the user authentication screen to an authentication server device 52 provided on the network 40. The authentication server device 52 performs user authentication processing with the authentication information, and returns an authentication result to the MFP 1. A management function 63 of the MFP 1 allows a user to use prescribed functions, such as a network communication function, and a printer function in the case of acquiring a user authentication result of being a normal user from the authentication server device 52. That is, user authentication processing is put together into one by using the user authentication result of the WebAP side in user authentication processing of the MFP 1 side so that the time and effort of an input operation of user's authentication information can be reduced.SELECTED DRAWING: Figure 3

Description

  The present invention relates to a device, an image forming apparatus, an information processing method, an information processing program, and an information processing system.

  Today, a multifunction peripheral (MFP) having a plurality of image forming functions such as a copy function, a printer function, a facsimile function, and a scanner function is known. When an MFP can be used only between specific users, user registration of a user to whom a use authority is given is performed in advance with respect to the MFP. When using the MFP, the user inputs the user ID and password registered at the time of user registration. The MFP performs user authentication processing using the input user ID, password, and the like, and enables use of each function when it can be authenticated as a legitimate user.

  In addition, today, Web APIs for using MFP functions from a remote network have been released due to the evolution of Web technology. As a result, Web application development cases and use cases by third parties and the like are increasing. Web is an abbreviation for “World Wide Web”. API is an abbreviation for “Application Programming Interface”.

  A normal application program is installed in a device such as an MFP, and is read and operated. On the other hand, the Web application program is downloaded from a server device on the network and operates as an application on software such as a Web browser.

  Since the Web application program is used without being installed in a device such as an MFP, user authentication processing for confirming the authority to use the Web application program is executed by an authentication server device provided on a predetermined network. . That is, when using a Web application program, the user inputs authentication information such as a user ID and a password via a user authentication screen of the Web application program. The input authentication information is transmitted to the authentication server device. The authentication server device performs user authentication processing using a user ID, a password, and the like, and transmits an authentication result to the MFP. The MFP enables the use of each function when the authentication result received from the authentication server device is an authentication result indicating that the user is an authorized user.

  On the other hand, Patent Document 1 (Japanese Patent Application Laid-Open No. 2010-113599) discloses an information processing system that reduces the effort for a user to input authentication information. In the case of this information processing system, the authentication information obtained by the MFP authentication application is transmitted to the Web server device. This eliminates the need for authentication processing on the Web application side, thereby reducing the effort for the user to input authentication information.

  However, when a Web application program is used in a conventional device such as an MFP that requires user authentication for use of the device main body, two authentication information input operations are required. For this reason, there was a problem that user authentication was troublesome.

  That is, on the device side such as an MFP, a user authentication screen is generated and displayed by the device application. On the Web application side, a user authentication screen created by a vendor (third party) is displayed. The user authentication screen generated by the device application and the user authentication screen generated by the Web application have different created entities. For this reason, it is difficult to share each user authentication screen with one user authentication screen.

  For this reason, the user needs to input authentication information for the first time on the user authentication screen generated by the application of the device at the start of using the device body. Also, after the first authentication information input operation, when using the Web application program, the second authentication information input operation on the user authentication screen created by the vendor for user authentication performed on the authentication server device side. Is required.

  In the case of the technology disclosed in Patent Document 1, the user authentication screen is not a Web-based but an MFP authentication application. For this reason, there is a problem that it is difficult to share the above-described user authentication screens. In addition, there is a problem that it is difficult to cope with a change in the specification of the user authentication screen for each vendor.

  The present invention has been made in view of the above-described problems, and provides an apparatus, an image forming apparatus, an information processing method, an information processing program, and an information processing system that reduce the effort of inputting authentication information for user authentication. Objective.

  In order to solve the above-described problems and achieve the object, the present invention includes a screen generation unit that generates a user authentication screen of a network application to be executed via a predetermined network and displays the screen on a display unit, and a user authentication screen. A communication unit that transmits authentication information input via the authentication server device that is provided on the network and performs user authentication of a network application, and obtains a user authentication result returned from the authentication server device; and an authentication server device And a management unit that makes a predetermined function available to the user when a user authentication result indicating that the user is a regular user is acquired.

  According to the present invention, it is possible to reduce the labor of inputting authentication information for user authentication.

FIG. 1 is a hardware configuration diagram of an MFP provided in the information processing system according to the embodiment. FIG. 2 is a schematic diagram of a software configuration of the MFP provided in the information processing system according to the embodiment. FIG. 3 is a system configuration diagram of the information processing system according to the embodiment. FIG. 4 is a sequence diagram illustrating a flow of installing the authentication WebAP in the MFP provided in the information processing system according to the embodiment. FIG. 5 is a sequence diagram illustrating a flow in which a user authentication screen of a Web application created on the vendor side is displayed when a desired application is activated in the MFP of the information processing system according to the embodiment. FIG. 6 shows the authentication result of the user authentication performed by the external authentication server device via the user authentication screen of the Web application created on the vendor side in the MFP of the information processing system according to the embodiment. It is a sequence diagram which shows the flow used for. FIG. 7 is a diagram illustrating an example of a desired authentication process using an authentication result of user authentication performed by an external authentication server device via a user authentication screen of a Web application created on the vendor side in the MFP of the information processing system according to the embodiment. It is a sequence diagram which shows the flow which browses a web page.

  Hereinafter, as an example, an information processing system according to an embodiment to which the present invention is applied will be described.

  First, FIG. 1 shows a hardware configuration diagram of a MFP (Multifunction Peripheral) 1 provided in an information processing system according to an embodiment. The MFP 1 is an example of a device and an image forming apparatus. As shown in FIG. 1, the MFP 1 includes a main body 10 having various functions such as a copy function, a scanner function, a facsimile function, and a printer function, and an operation unit 20 that receives an input corresponding to a user operation. The main body 10 and the operation unit 20 are connected via a dedicated communication path 30 so that they can communicate with each other. The communication path 30 may be, for example, a USB (Universal Serial Bus) standard, but may be of any standard regardless of wired or wireless. The main body 10 may have one function or a plurality of functions among image generation functions such as a copy function, a scanner function, a facsimile function, and a printer function.

  As the operation unit 20, an electronic device capable of executing complete information processing independently can be used. As an example, an information processing terminal such as a smartphone or a tablet terminal can be used as the operation unit 20. In this case, the information processing terminal used as the operation unit 20 functions as the operation unit of the MFP 1. Hereinafter, the term “operation panel” simply refers to an operation panel that is fixed and installed in the conventional MFP 1.

  More specifically, an information processing terminal used as the operation unit 20 is detachably connected to the MFP 1 instead of an operation panel that has been conventionally fixed and installed as an operation unit dedicated to the MFP 1. That is, the information processing terminal used as the operation unit 20 is installed integrally with the MFP 1 while being detachable (separable) at a predetermined position such as a position where the operation panel of the MFP 1 is disposed. Therefore, the information processing terminal and the MFP 1 used as the operation unit 20 may be grasped as a single device. When the information processing terminal that is the operation unit 20 is removed from the MFP 1, the information processing terminal performs wireless communication such as Bluetooth (registered trademark) or infrared communication with the MFP 1 and functions as an operation unit of the MFP 1.

  The main body 10 performs an operation according to the input received by the operation unit 20. The main body 10 can also communicate with an external device such as a client PC (personal computer), and performs an operation according to an instruction received from the external device.

  Next, the hardware configuration of the main body 10 will be described. As shown in FIG. 1, the main body 10 includes a CPU 11, a ROM 12, a RAM 13, and an HDD (hard disk drive) 14. The main body 10 includes a communication I / F (interface) 15, a connection I / F 16, and an engine unit 17. The units 11 to 17 are connected to each other via a system bus 18.

  The CPU 11 comprehensively controls the operation of the main body 10. The CPU 11 controls the overall operation of the main body 10 by executing a program stored in the ROM 12 or the HDD 14 or the like using the RAM 13 as a work area (work area), and the above-described copy function, scanner function, facsimile function, printer function, etc. Implement various functions.

  The communication I / F 15 is an example of a network communication function, and is an interface for communicating with an external device such as a client PC (personal computer), a Web server device, or an authentication server device on the network 40. The connection I / F 16 is an interface for communicating with the operation unit 20 via the communication path 30. 1 and 2, the communication path 30 is illustrated in a wired manner, but the operation unit 20 is provided to be detachable from the main body 10 of the MFP 1 as described above. Therefore, it is understood that the communication path 30 functions as a wired communication path when the operation unit 20 is attached to the MFP 1, and the communication path 30 functions as a wireless communication path when the operation unit 20 is detached from the MFP 1. I want.

  The engine unit 17 is hardware that performs processing other than general-purpose information processing and communication for realizing a copy function, a scanner function, a facsimile function, and a printer function. The engine unit 17 includes, for example, a scanner (image reading unit) that scans and reads an image of a document, a plotter (image generation unit) that performs printing on a sheet material such as paper, and a facsimile communication unit that performs facsimile communication. . Furthermore, a specific option such as a finisher for sorting printed sheet materials and an automatic document feeder (ADF) for automatically feeding a document can be provided.

  Next, the hardware configuration of the operation unit 20 will be described. As shown in FIG. 1, the operation unit 20 includes a CPU 21, a ROM 22, a RAM 23, a flash memory 24, a communication I / F 25, a connection I / F 26, and an operation panel 27, which are a system bus 28. Are connected to each other.

  The CPU 21 comprehensively controls the operation of the operation unit 20. The CPU 21 controls the entire operation unit 20 by executing a program stored in the ROM 22 or the flash memory 24 using the RAM 23 as a work area (work area). And CPU21 implement | achieves the various functions mentioned later, such as a display of the information (image) according to the input received from the user.

  The communication I / F 25 is an interface for communicating with a server device on the network 40, for example. The connection I / F 26 is an interface for communicating with the main body 10 via the communication path 30.

  The operation panel 27 is an example of an operation unit and a display unit, and includes a liquid crystal display device (LCD) provided with a touch sensor. The operation panel 27 receives various types of input in accordance with user operations, and displays various types of information such as information in accordance with the received input, information indicating the operation status of the MFP 1, information indicating a setting state, and the like. In addition, the operation panel 27 displays a user authentication screen and a web page screen to be described later. The operation panel 27 may be composed of an organic EL display device that includes a touch sensor. Further, in addition to or instead of this, an operation unit such as a hardware key and a display unit such as a lamp may be provided.

  FIG. 2 shows an example of the software configuration of the MFP 1. As illustrated in FIG. 2, the main body 10 includes an application layer 101, a service layer 102, and an OS layer 103. The entities of the application layer 101, the service layer 102, and the OS layer 103 are various software stored in the ROM 12, the HDD 14, or the like. Various functions are provided by the CPU 11 executing these software.

  The software of the application layer 101 is application software for operating a hardware resource to provide a predetermined function (in the following description, it may be simply referred to as “application”). For example, examples of the application include a copy application for providing a copy function, a scanner application for providing a scanner function, a facsimile application for providing a facsimile function, a printer application for providing a printer function, and the like.

  The software of the service layer 102 is software that is interposed between the application layer 101 and the OS layer 103 and provides an interface for using hardware resources included in the main body 10 for the application. Specifically, it is software for providing a function of accepting an operation request for a hardware resource and arbitrating the operation request. As an operation request received by the service layer 102, a request such as reading by a scanner or printing by a plotter can be considered.

  Note that the interface function by the service layer 102 is provided not only to the application layer 101 of the main body 10 but also to the application layer 201 of the operation unit 20. That is, the application layer 201 (application) of the operation unit 20 can also realize a function using hardware resources (for example, the engine unit 17) of the main body 10 via the interface function of the service layer 102.

  The software of the OS layer 103 is basic software (operating system) for providing a basic function for controlling hardware included in the main body 10. The software of the service layer 102 converts a hardware resource use request from various applications into a command interpretable by the OS layer 103 and passes the command to the OS layer 103. Then, when the command is executed by the software of the OS layer 103, the hardware resource performs an operation according to the request of the application.

  Similarly, the operation unit 20 includes an application layer 201, a service layer 202, and an OS layer 203. The application layer 201, the service layer 202, and the OS layer 203 included in the operation unit 20 have the same hierarchical structure as that of the main body 10 side. However, the functions provided by the applications in the application layer 201 and the types of operation requests that can be accepted by the service layer 202 are different from those on the main body 10 side. The application of the application layer 201 is software for operating a hardware resource included in the operation unit 20 and providing a predetermined function. Mainly, software for providing a UI (user interface) function for performing operations and display related to functions (copy function, scanner function, facsimile function, printer function) provided in the main body 10.

  In the example of the embodiment, the software of the OS layer 103 on the main body 10 side and the software of the OS layer 203 on the operation unit 20 side are different from each other in order to maintain the independence of functions. That is, the main body 10 and the operation unit 20 operate independently of each other with different operating systems. For example, it is possible to use Linux (registered trademark) as the software of the OS layer 103 on the main body 10 side and Android (registered trademark) as the software of the OS layer 203 on the operation unit 20 side.

  By operating the main body 10 and the operation unit 20 with different operating systems, communication between the main body 10 and the operation unit 20 is performed as communication between different devices, not communication between processes in a common device. The operation (command communication) for transmitting the input (instruction content from the user) received by the operation unit 20 to the main body 10 and the operation for the main body 10 notifying the operation unit 20 of an event correspond to this. Here, the function of the main body 10 can be used when the operation unit 20 performs command communication with the main body 10. The event notified from the main body 10 to the operation unit 20 includes the execution status of the operation in the main body 10 and the contents set on the main body 10 side.

  In the example of the embodiment, since the power supply to the operation unit 20 is performed from the main body 10 via the communication path 30, the power control of the operation unit 20 is performed separately from the power control of the main body 10 ( Can be done independently).

  In this example, the main body 10 and the operation unit 20 are electrically and physically connected via the communication path 30, but the operation unit 20 may be removable from the main body 10 as described above. In this case, the main body 10 and the operation unit 20 are provided with a short-range wireless communication unit such as an infrared communication unit, an RF communication unit, or a Bluetooth (registered trademark) communication unit. RF is an abbreviation for “Radio Frequency”. Alternatively, the main body 10 and the operation unit 20 are provided with a wireless LAN communication function such as Wi-Fi (registered trademark), and communicate with each other via the wireless LAN access point (wireless LANAP) 41 and the network 40 as shown in FIG. It may be possible. LAN is an abbreviation for “Local Area Network”. When the operation unit 20 can be removed from the main body 10, the operation unit 20 stores the power supplied from the main body 10 via the communication path 30 in the secondary battery, and when the operation unit 20 is removed from the main body 10, It operates using the power stored in the secondary battery to communicate with the main body 10.

  Next, FIG. 3 shows a system configuration diagram of the information processing system according to the embodiment. As shown in FIG. 3, the information processing system according to the embodiment includes the MFP 1, the Web server device 51, and the authentication server device 52 described above. The MFP 1, the Web server device 51, and the authentication server device 52 are connected to each other via a predetermined network 40 such as the Internet.

  The web server device 51 is an example of a distribution server device, and includes a communication unit 81, a storage unit 82, and a control unit 83. The communication unit 81 performs communication between the MFP 1 and the authentication server device 52 via the network 40. The storage unit 82 stores a Web application program (hereinafter referred to as WebAP) that is an example of a network application that is downloaded to the MFP 1 and operates as an application on software such as a Web browser. The control unit 83 controls the overall operation of the web server device 51.

  The authentication server device 52 includes a communication unit 84, a storage unit 85, and a control unit 86. The communication unit 84 performs communication via the network 40 between the MFP 1 and the Web server device 51. The storage unit 85 stores authentication information for WebAP user authentication. The control unit 86 controls the overall operation of the authentication server device 52 in addition to WebAP user authentication processing.

Here, the information processing system according to the embodiment allows a user who inputs authentication information by sharing user authentication processing for enabling the functions of the MFP 1 and user authentication processing for enabling the use of WebAP. Has been reduced. As an example, in the case of the information processing system according to the embodiment, such an effort to input authentication information is reduced by an authentication Web application program (hereinafter referred to as authentication WebAP) shown in the HDD 14 of the MFP 1 in FIG. It is realized by software. The authentication WebAP is an example of an information processing program, and is a user authentication WebAP that is uniquely extended by a vendor. The authentication WebAP includes authentication server information of the authentication server device 52 that performs user authentication and a URL (designated URL) of the Web server device 51 that is a WebAP download source. URL is an abbreviation for “Uniform Resource Locator”.

  The CPU 11 of the MFP 1 reads out the authentication WebAP from the HDD 14 and develops it on the RAM 13 shown in FIG. The authentication application program function (authentication AP function) 60, the Web server function 61, the Web browser function 62, and the management function 63 shown in the CPU 11 of FIG. 3 are realized by software when the CPU 11 executes the authentication WebAP. Indicates the function.

  In this example, the description is given assuming that the authentication AP function 60 to the management function 63 are realized by software. However, all or a part of the authentication AP function 60 to the management function 63 may be realized by hardware. Good.

  Further, the authentication WebAP may be provided by being recorded on a recording medium readable by a computer device such as a CD-ROM or a flexible disk (FD) as an installable or executable file. The authentication WebAP may be provided by being recorded on a recording medium readable by a computer device such as a CD-R, DVD, Blu-ray disc (registered trademark), or semiconductor memory. DVD is an abbreviation for “Digital Versatile Disk”. Further, the authentication WebAP may be provided via a network such as the Internet. Further, the MFP 1 may download the authentication WebAP via a network, install it on the operation unit 20 (or the main body 10), and execute it. Further, the authentication WebAP may be provided by being incorporated in advance in a ROM or the like in the device.

  The authentication AP function 60 includes an update unit 71, an authentication processing unit 72, and a communication unit 73. The update unit 71 registers, in the HDD 14, the authentication server information of the authentication server device 52 that performs user authentication and the URL (designated URL) of the Web server device 51 that is the WebAP download source when installing the authentication WebAP. The updating unit 71 updates the authentication server information and the specified URL at the time of updating. The authentication processing unit 72 notifies the Web browser function 62 and the management function 63 of the result of user authentication performed by the authentication server device 52 via a user authentication screen created on the vendor side. The communication unit 73 performs communication control between the Web server function 61, the Web browser function 62, and the management function 63 in the MFP 1.

  The web server function 61 includes a communication unit 74 and a page generation unit 75. The communication unit 74 performs communication control between the authentication AP function 60, the Web browser function 62, and the management function 63 in the MFP 1. The page generation unit 75 is an example of a screen generation unit, and generates a user authentication screen created on the vendor side according to WebAP included in the authentication WebAP.

  The web browser function 62 includes a communication unit 76 and a display processing unit 77. The communication unit 76 performs communication control between the authentication AP function 60, the Web server function 61, and the management function 63 in the MFP 1, and between the Web server apparatus 51 and the authentication server apparatus 52 via the communication I / F 15. Control communication. Specifically, the communication unit 76 transmits authentication information input from the user to the authentication server device 52. In addition, the communication unit 76 acquires the user authentication result returned from the authentication server device 52. The display processing unit 77 displays the user authentication screen generated by the page generation unit 75 of the Web server function 61 and created on the vendor side on the operation panel 27 which is an example of a display unit.

  The management function 63 includes an authentication management unit 78, an application program management unit (AP management unit) 79, and an installation management unit 80. The authentication management unit 78 requests activation of the authentication AP function 60 when the user uses the MFP 1, and performs user authentication using the user authentication result from the authentication server device 52. The AP management unit 79 performs execution management of WebAP whose activation is designated by the user. The installation management unit 80 manages the authentication WebAP installation operation for the MFP 1.

  Next, the Web server device 51 connected to the MFP 1 via the network 40 includes a communication unit 81, a storage unit 82, and a control unit 83. The communication unit 81 communicates with the Web browser function 62 or the like via the communication I / F 15 of the MFP 1 and transmits a WebAP Web page screen or the like. The storage unit 82 stores WebAP created by the vendor. The control unit 83 controls the overall operation of the web server device 51.

  The authentication server device 52 connected to the MFP 1 via the network 40 includes a communication unit 84, a storage unit 85, and a control unit 86. The communication unit 84 communicates with the Web browser function 62 and the like via the communication I / F 15 of the MFP 1 and transmits a user authentication result to the MFP 1. The storage unit 85 stores user identification information of each user who uses the MFP 1 and authentication information such as a password. The control unit 86 controls the overall operation of the authentication server device 52.

  Next, the installation operation of the authentication WebAP in the MFP 1 will be described using the sequence diagram of FIG. First, the user downloads an authentication WebAP from a predetermined Web server device such as the Web server device 51. The authentication WebAP includes WebAP for generating a user authentication screen, authentication server information of the authentication server device 52 that performs user authentication, and a URL (designated URL) of the Web server device 51 that is a WebAP download source. .

  When the download of the authentication WebAP is completed, the user operates the operation panel 27 to instruct the installation of the authentication WebAP. When installation is instructed, the CPU 11 reads the downloaded authentication WebAP and expands the authentication AP function 60. In step S <b> 1, the CPU 11 issues an authentication WebAP installation request to the authentication AP function 60 from the installation management unit 80 of the management function 63.

  When receiving the authentication WebAP installation request, the updating unit 71 of the authentication AP function 60 registers the above-described authentication server information and the designated URL in the HDD 14 in steps S2 and S3. The updating unit 71 updates the authentication server information and the specified URL registered in the HDD 14 to the new authentication server information and the specified URL when updating the authentication WebAP.

  In addition, the user can select whether or not to keep the WebAP for generating the user authentication screen included in the authentication WebAP as described above in the MFP 1 (whether or not to leave it). It has become. The user operates the operation panel 27 to select whether or not to hold WebAP. If the user selects to have WebAP, the update unit 71 performs a process of associating the Web server function 61 with the WebAP of the HDD 14 in step S4 (WebAP installation). On the other hand, when the user selects not to have WebAP, the updating unit 71 skips the process of step S4.

  As will be described later, the Web browser function 62 generates a user authentication screen created on the vendor side using WebAP held in the MFP 1. However, if the MFP 1 does not have WebAP, the user authentication created by the vendor by accessing the Web server device 51 indicated by the designated URL registered (or updated) in the HDD 14 in step S3 and acquiring WebAP. Generate a screen.

  When the installation of WebAP in step S4 is completed or the processing in step S4 is skipped, the updating unit 71 sends an installation completion notification (authentication processing replacement completion notification) to the installation management unit 80 in the management function 63 in step S5. Do. Thereby, the installation of the authentication WebAP is completed.

  Next, FIG. 5 is a sequence diagram showing a flow of displaying a user authentication screen using WebAP held in the MFP 1 when a user activates a desired application. First, when a desired application is activated by the user via the operation panel 27, the AP management unit 79 of the management function 63 makes a user authentication request to the authentication AP function 60 in step S11. Upon receiving the user authentication request, the authentication AP function 60 issues an activation request to the web browser function 62 in step S12.

  The activated web browser function 62 makes a web page read request to the web server function 61 in step S13. In the Web server function 61 that has received the read request, the page generation unit 75 checks whether or not WebAP is held in the HDD 14. If it is held, the page generation unit 75 of the Web server function 61 generates a user authentication screen according to WebAP held in the HDD 14 in step S14. As described above, the WebAP held in the HDD 14 is a WebAP developed on the vendor side. For this reason, in step S14, a user authentication screen created by the vendor is displayed.

  When the Web AP is not held in the HDD 14, the Web server function 61 reads the designated URL registered in the HDD 14 and transfers it to the Web browser function 62. The web browser function 62 accesses the web server device 51 indicated by the designated URL and acquires the web AP. The page generation unit 75 of the Web server function 61 generates a Web page of a user authentication screen created on the vendor side according to WebAP acquired from the Web server device 51.

  Next, the display processing unit 77 of the web browser function 62 displays the user authentication screen generated by the page generation unit 75 on the operation panel 27 in step S15. As a result, a user authentication screen created on the vendor side is displayed on the operation panel 27.

  Next, FIG. 6 is a sequence diagram showing a flow of performing user authentication with the external authentication server device 52 via the user authentication screen displayed as described above. Steps S21 to S25 in the sequence diagram of FIG. 6 correspond to steps S11 to S15 of the sequence diagram of FIG. That is, when a desired application is activated by the user via the operation panel 27, the AP management unit 79 of the management function 63 makes a user authentication request to the authentication AP function 60 in step S21. Upon receiving the user authentication request, the authentication AP function 60 issues an activation request to the web browser function 62 in step S22.

  The activated web browser function 62 issues a web page read request to the web server function 61 in step S23. In the Web server function 61 that has received the read request, the page generation unit 75 checks whether or not WebAP is held in the HDD 14. If so, the page generation unit 75 of the Web server function 61 generates a user authentication screen according to WebAP in step S24. As described above, the WebAP held in the HDD 14 is a WebAP developed on the vendor side. For this reason, in step S24, a user authentication screen created by the vendor is displayed.

  When the Web AP is not held in the HDD 14, the user authentication screen created on the vendor side is generated according to the Web AP acquired from the Web server device 51 as described above.

  Next, the display processing unit 77 of the web browser function 62 displays the web page of the user authentication screen generated by the page generation unit 75 on the operation panel 27 in step S25. As a result, a user authentication screen created on the vendor side is displayed on the operation panel 27.

  The user operates the operation panel 27 to input authentication information such as user identification information and a password on the displayed user authentication screen. Then, when the user completes the input of authentication information, the user performs an authentication information confirmation operation. The authentication management unit 78 of the management function 63 transfers the input authentication information to the web browser function 62 in step S26. In step S27, the authentication management unit 78 of the management function 63 notifies the Web browser function 62 of confirmation of authentication information at the timing of the user's confirmation operation.

  When the Web browser function 62 receives the confirmation notification, the communication unit 76 transfers the authentication information input from the user to the authentication server device 52 via the communication I / F 15 and the network 40 in step S28, and the authentication information is displayed. Make an inquiry. The authentication server device 52 performs user authentication processing by comparing the transferred authentication information with the authentication information stored in advance in the storage unit 85. In step S29, the authentication server device 52 returns an authentication result to the MFP 1. The returned authentication result is acquired by the Web browser function 62 via the communication I / F 15 and notified to the authentication processing unit 72 of the authentication AP function 60.

  The authentication processing unit 72 of the authentication AP function 60 recognizes the authentication result, temporarily stores it in the storage unit such as the HDD 14 or the RAM 13, and notifies the authentication result to the authentication management unit 78 of the management function 63 in step S30. . In step S31, the authentication management unit 78 notifies the Web browser function 62 of the authentication result. As a result, both the user authentication process on the WebAP side and the user authentication process on the MFP 1 side can be performed only by the user inputting authentication information on the WebAP user authentication screen (by performing the input operation only once). Can be completed.

  That is, the MFP 1 of the information processing system according to the embodiment transfers the authentication information input by the user via the WebAP user authentication screen developed by the vendor to the authentication server device 52 that performs WebAP user authentication, and Perform authentication processing. Then, the MFP 1 receives the authentication result of the user authentication performed by the authentication server device 52 and notifies the management function 63, the Web server function 61, and the like. Thereby, the authentication result of the user authentication performed by the authentication server device 52 can be used for the user authentication process of the user who uses the MFP 1. Therefore, both the user authentication process on the WebAP side and the user authentication process on the MFP 1 side can be completed by the user performing the authentication information input operation only once.

  Next, the flowchart of FIG. 7 shows a flow of an operation for displaying a Web page corresponding to WebAP by performing communication between the MFP 1 and the Web server device 51 using the above authentication result. First, step S41 corresponds to step S11 to step S15 in FIG. 5 and step S21 to step S25 in FIG. In step S41, the user authentication screen created on the vendor side is displayed on the operation panel 27 in accordance with WebAP as described above. The user performs an input operation on the operation panel 27 to input authentication information on the user authentication screen. Step S42 corresponds to step S26 and step S27 in FIG. In step S42, the authentication management unit 78 of the management function 63 monitors whether or not authentication information is input from the user. When the authentication management unit 78 detects the input of authentication information from the user (step S42: Yes), the process proceeds to step S43.

  Step S43 corresponds to step S28 and step S29 in FIG. When the authentication information is input from the user, the authentication information input from the user is transferred from the Web browser function 62 to the authentication server device 52 in step S43. The authentication server device 52 collates the user authentication information stored in advance in the storage unit 85 with the authentication information transferred from the Web browser function 62 to perform user authentication processing, and returns an authentication result to the MFP 1.

  In step S44, the authentication processing unit 72 of the authentication AP function 60 of the MFP 1 uses the authentication result returned from the authentication server device 52 to check whether the authentication information input by the user is correct authentication information. Is determined. If the authentication result returned from the authentication server device 52 is an authentication result indicating that the user is not a legitimate user (step S44: No), the display processing unit 77 of the web browser function 62 determines that the authentication has failed in step S45. The screen is displayed on operation panel 27, and the process returns to step S41.

  Next, if the authentication result returned from the authentication server device 52 is an authentication result indicating that the user is a legitimate user (step S44: Yes), the process proceeds to step S46 corresponding to step S29 to step S31 in FIG. Advances. The authentication AP function 60, the web browser function 62, and the management function 63 are examples of a management unit. The authentication result indicating that the user is an authorized user is notified to the authentication AP function 60, the Web browser function 62, and the management function 63 as described above. Thus, the user can use each function of MFP 1 (each function of MFP 1 is released to the user).

  Next, in step S47, the Web browser function 62 monitors the operation state of the operation panel 27 by the user, and determines whether or not activation of a desired WebAP is designated by the user. When the activation of a desired WebAP is designated by the user (step S47: Yes), the web browser function 62 activates the designated webAP in step S48.

  Next, in step S49, the Web browser function 62 sends a Web page transmission request to the Web server device 51 corresponding to the activated WebAP together with the user authentication authentication result received from the authentication server device 52. The Web server device 51 uses the authentication result received from the Web browser function 62 of the MFP 1 to determine whether the request is a Web page transmission request from a legitimate user. If the Web server device 51 determines that the request is a Web page transmission request from a legitimate user, the Web server device 51 transmits the Web page to the MFP 1.

  In step S50, the web browser function 62 of the MFP 1 monitors whether or not a web page is received from the web server device 51. Then, when the web browser function 62 receives a web page from the web server device 51 (step S50: Yes), the display processing unit 77 displays the web page on the operation panel 27 in step S51, and FIG. The process of the flowchart ends.

  The above description is an example in which a web page can be acquired via the web browser function 62 by authenticating that the user is a legitimate user. However, if the user is authenticated, various functions such as a copy function and a printer function of the MFP 1 can be used.

  As is apparent from the above description, the information processing system according to the embodiment installs an authentication WebAP, which is an application package for authentication including WebAP that generates a user authentication screen, in the MFP 1. In addition, the WebAP included in the authentication WebAP is associated with the Web server function 61. At the time of user authentication, the Web server function 61 generates a user authentication screen according to WebAP. The web browser function 62 displays a user authentication screen on the operation panel 27. WebAP installed in association with the Web server function 61 is created on the vendor side. For this reason, an authentication screen created on the vendor side is also displayed as the user authentication screen.

  The user inputs authentication information via the user authentication screen. The web browser function 62 transmits authentication information input from the user to the authentication server device 52 via the communication I / F 15 and the network 40. Authentication server device 52 collates the authentication information stored in storage unit 85 with the authentication information received from MFP 1 and returns an authentication result. The authentication AP function 60 of the MFP 1 notifies the authentication result to the web browser function 62 and the like.

  The web browser function 62 communicates by adding an authentication result to communication information such as a web page transmission request when communicating with the web server device 51 as a connection destination corresponding to any activated web AP. I do. The Web server device 51 transmits the authentication result added to the communication information to the authentication server device 52 to perform user authentication processing. If the user is an authorized user, the Web server device 51 generates a requested Web page and sends it to the MFP 1. Send. The web browser function 62 of the MFP 1 displays the received web page on the operation panel 27.

  That is, the user authentication processing specification of MFP 1 is replaced with the user authentication processing specification originally developed by the vendor by the authentication WebAP installed in MFP 1. Thereby, the user authentication process on the MFP 1 side and the user authentication process on the WebAP side can be combined into one. Therefore, the user authentication process on the MFP 1 side can be completed using the authentication result of the user authentication process performed on the WebAP side via the authentication server device 52. Therefore, the authentication information input operation performed by the user can be reduced to only one time, and the labor of inputting authentication information for user authentication can be reduced.

  The above-described embodiments are presented as examples, and are not intended to limit the scope of the present invention. The novel embodiment can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention.

  For example, the MFP 1 in the embodiment is an example of a device to which the present invention is applied. Therefore, the present invention may be applied to devices other than the MFP 1 such as a projector device, a video conference system, or a digital camera device.

  The embodiments and modifications of the embodiments are included in the scope and gist of the invention, and are also included in the invention described in the claims and the equivalents thereof.

1 MFP (MFP)
10 Body 11 CPU
12 ROM
13 RAM
14 HDD
15 Communication I / F
16 Connection I / F
17 Engine part 18 System bus 20 Operation part 21 CPU
22 ROM
23 RAM
24 Flash memory 25 Communication I / F
26 Connection I / F
27 Operation Panel 28 System Bus 30 Communication Channel 40 Network 51 Web Server Device 52 Authentication Server Device 60 Authentication Application Program Function (Authentication AP Function)
61 Web Server Function 62 Web Browser Function 63 Management Function 71 Update Unit 72 Authentication Processing Unit 75 Page Generation Unit 77 Display Processing Unit 78 Authentication Management Unit 79 AP Management Unit 80 Installation Management Unit 82 Storage Unit 85 Storage Unit

JP 2010-113599 A

Claims (9)

A screen generation unit that generates a user authentication screen of a network application to be executed via a predetermined network and displays the screen on the display unit;
The authentication information input via the user authentication screen is transmitted to an authentication server device provided on the network for performing user authentication of the network application, and the user authentication result returned from the authentication server device is acquired. A communication unit
A management unit that allows a user to use a predetermined function when a user authentication result indicating that the user is a legitimate user is acquired from the authentication server device. A storage unit storing the network application;
The device according to claim 1, wherein the screen generation unit generates the user authentication screen using the network application read from the storage unit. A storage unit that stores a URL (Uniform Resource Locator) of a distribution server device on the network that distributes the network application;
The screen generation unit acquires the network application from the distribution server device indicated by the URL via the communication unit, and generates the user authentication screen using the acquired network application. The device according to claim 1. A screen generation unit that generates a user authentication screen of a network application to be executed via a predetermined network and displays the screen on the display unit;
The authentication information input via the user authentication screen is transmitted to an authentication server device provided on the network for performing user authentication of the network application, and the user authentication result returned from the authentication server device is acquired. A communication unit
An image forming apparatus comprising: a management unit that allows a user to use a predetermined function when a user authentication result indicating a legitimate user is acquired from the authentication server apparatus. A screen generation step in which a screen generation unit generates a user authentication screen of a network application to be executed via a predetermined network and displays the screen on the display unit;
A communication unit transmits authentication information input via the user authentication screen to an authentication server device provided on the network for performing user authentication of the network application, and a user returned from the authentication server device A communication step for obtaining an authentication result;
An information processing method comprising: a management step of making a predetermined function available to a user when a management unit acquires a user authentication result indicating that the user is a legitimate user from the authentication server device. Computer
A screen generation unit that generates a user authentication screen of a network application to be executed via a predetermined network and displays the screen on the display unit;
The authentication information input via the user authentication screen is transmitted to an authentication server device provided on the network for performing user authentication of the network application, and the user authentication result returned from the authentication server device is acquired. A communication unit
An information processing program that causes a predetermined function to be used by a user when a user authentication result indicating a legitimate user is acquired from the authentication server device. The information processing program according to claim 6, wherein the screen generation unit generates the user authentication screen using the network application read from the storage unit. The screen generation unit is configured to obtain the network application acquired via the communication unit from a distribution server device on the network that distributes the network application indicated by a URL (Uniform Resource Locator) stored in a storage unit. The information processing program according to claim 6, wherein the user authentication screen is generated. A distribution server device for distributing a network application to be executed via a predetermined network;
An authentication server device for performing user authentication of the network application;
A device having a predetermined function,
A screen generation unit that generates a user authentication screen of a network application to be executed via a predetermined network and displays the screen on the display unit;
The authentication information input via the user authentication screen is transmitted to an authentication server device provided on the network for performing user authentication of the network application, and the user authentication result returned from the authentication server device is acquired. A communication unit
An information processing system comprising: a management unit configured to allow a function of the device to be used when a user authentication result indicating a legitimate user is acquired from the authentication server device.

Images