U.S. patent application number 12/611450 was filed with the patent office on 2010-05-06 for image processing apparatus, control method therefor, and computer-readable storage medium storing program for implementing the method.
This patent application is currently assigned to CANON KABUSHIKI KAISHA. Invention is credited to Hiroshi Uchikawa.
Application Number | 20100115608 12/611450 |
Document ID | / |
Family ID | 42133104 |
Filed Date | 2010-05-06 |
United States Patent
Application |
20100115608 |
Kind Code |
A1 |
Uchikawa; Hiroshi |
May 6, 2010 |
IMAGE PROCESSING APPARATUS, CONTROL METHOD THEREFOR, AND
COMPUTER-READABLE STORAGE MEDIUM STORING PROGRAM FOR IMPLEMENTING
THE METHOD
Abstract
An image processing apparatus capable of reducing the frequency
of a user's inputting work for authentication information to
improve the convenience. When the number of the logged-in users is
one, the logged-in user is set as an executor of the predetermined
function, and when the number of the logged-in users is two or
more, the user is caused to select one of the logged-in users to
set the selected one as the executor of the predetermined
function.
Inventors: |
Uchikawa; Hiroshi;
(Yokohama-shi, JP) |
Correspondence
Address: |
ROSSI, KIMMS & McDOWELL LLP.
20609 Gordon Park Square, Suite 150
Ashburn
VA
20147
US
|
Assignee: |
CANON KABUSHIKI KAISHA
Tokyo
JP
|
Family ID: |
42133104 |
Appl. No.: |
12/611450 |
Filed: |
November 3, 2009 |
Current U.S.
Class: |
726/18 |
Current CPC
Class: |
H04N 1/00244 20130101;
G06F 2221/2149 20130101; H04N 1/00204 20130101; H04N 1/4433
20130101; H04N 1/4413 20130101; G06F 21/31 20130101; H04N 1/4426
20130101; G06F 21/608 20130101; G06F 21/84 20130101; H04N 2201/0094
20130101; H04N 2201/0039 20130101 |
Class at
Publication: |
726/18 |
International
Class: |
G06F 21/00 20060101
G06F021/00; G06F 21/22 20060101 G06F021/22 |
Foreign Application Data
Date |
Code |
Application Number |
Nov 4, 2008 |
JP |
2008-283306 |
Claims
1. An image processing apparatus enabling a user who has logged in
to multiply log in as a different user to execute a predetermined
function, the image processing apparatus comprising: a user
authentication unit adapted to perform authentication of a user; an
access restriction unit adapted to restrict access to a
predetermined function depending on the user the authentication of
which is performed by said user authentication unit; a management
unit adapted to manage user information about the user who has
multiply logged in, for each login independently; a confirmation
unit adapted to confirm the number of logged-in users by referring
to the user information managed by said management unit when the
predetermined function is to be executed; a first setting unit
adapted to, when the number of the logged-in users is one as a
result of the confirmation by said confirmation unit, set the
logged-in user as an executor of the predetermined function; and a
second setting unit adapted to, when the number of the logged-in
users is two or more as a result of the confirmation by said
confirmation unit, cause the user to select one of the logged-in
users to set the selected one as the executor of the predetermined
function.
2. The image processing apparatus according to claim 1, further
comprising a third setting unit adapted to, if the number of users
who have been logged in as the different user is one and the one
different user is permitted to execute the predetermined function,
set the one different user as the executor of the predetermined
function while said second setting unit does not cause the user to
select one of the logged-in users, even if the number of the
logged-in users is two or more as a result of the confirmation by
said confirmation unit.
3. The image processing apparatus according to claim 1, further
comprising a display unit adapted to, when an operation for
executing the predetermined function is performed, display the
username of a user who executes the predetermined function among
the users who have multiply logged in.
4. An image processing apparatus enabling a user who has logged in
to multiply log in as a different user to execute a predetermined
function, the image processing apparatus comprising: a user
authentication unit adapted to perform authentication of a user; an
access restriction unit adapted to restrict access to a
predetermined function depending on the user the authentication of
which is performed by said user authentication unit; a management
unit adapted to manage at least user type information about user
classification, username information about a username, and user
authority information about the access restriction as user
information about the user who has multiply logged in, for each
login; and a determination unit adapted to determine whether or not
to permit the logged-in user to log in as the different user
according to the user type information about the logged-in
user.
5. The image processing apparatus according to claim 4, wherein the
user type information includes at least an anonymous user who does
not have user identification elements including a username and a
mail address and a real-name user who has these user identification
elements; and said determination unit permits the logged-in user to
log in as the different user if the logged-in user is the anonymous
user, and prohibits the logged-in user to log in as the different
user if the logged-in user is the real-name user.
6. The image processing apparatus according to claim 5, further
comprising a synthesis unit adapted to synthesize the user
information using the username of the real-name user as the
username information and using information obtained by adding the
user authority of the real-name user to the user authority of the
anonymous user, as the user authority information.
7. The image processing apparatus according to claim 4, further
comprising a display unit adapted to, when an operation for
executing the predetermined function is performed, display the
username of a user who executes the predetermined function among
the users who have been multiply logged in.
8. A control method for an image processing apparatus enabling a
user who has logged in to multiply log in as a different user to
execute a predetermined function, the method comprising: a user
authentication step of authenticating a user; an access restriction
step of restricting access to a predetermined function depending on
the user the authentication of which is performed in said user
authentication step; a management step of managing user information
about the user who has multiply logged in, for each login
independently; a confirmation step of confirming the number of
logged-in users by referring to the user information managed in
said management step when the predetermined function is to be
executed; a first setting step of, when the number of the logged-in
users is one as a result of the confirmation in said confirmation
step, setting the logged-in user as an executor of the
predetermined function; and a second setting step of, when the
number of the logged-in users is two or more as a result of the
confirmation in said confirmation step, causing the user to select
one of the logged-in users to set the selected one as the executor
of the predetermined function.
9. A control method for an image processing apparatus enabling a
user who has logged in to multiply log in as a different user to
execute a predetermined function, the method comprising: a user
authentication step of authenticating a user; an access restriction
step of restricting access to a predetermined function depending on
the user the authentication of which is performed in said user
authentication step; a management step of managing at least user
type information about user classification, username information
about a username, and user authority information about the access
restriction as user information about the user who has multiply
logged in, for each login; and a determination step of determining
whether or not to permit the logged-in user to log in as the
different user according to the user type information about the
logged-in user.
10. A computer-readable storage medium storing a computer-readable
program for implementing a control method for an image processing
apparatus enabling a user who has logged in to multiply log in as a
different user to execute a predetermined function, wherein the
method comprises: a user authentication step of authenticating a
user; an access restriction step of restricting access to a
predetermined function depending on the user the authentication of
which is performed in said user authentication step; a management
step of managing user information about the user who has multiply
logged in, for each login independently; a confirmation step of
confirming the number of logged-in users by referring to the user
information managed in said management step when the predetermined
function is to be executed; a first setting step of, when the
number of the logged-in users is one as a result of the
confirmation in said confirmation step, setting the logged-in user
as an executor of the predetermined function; and a second setting
step of, when the number of the logged-in users is two or more as a
result of the confirmation in said confirmation step, causing the
user to select one of the logged-in users to set the selected one
as the executor of the predetermined function.
11. A computer-readable storage medium storing a computer-readable
program for implementing a control method for an image processing
apparatus enabling a user who has logged in to multiply log in as a
different user to execute a predetermined function, wherein the
method comprises: a user authentication step of authenticating a
user; an access restriction step of restricting access to a
predetermined function depending on the user the authentication of
which is performed in said user authentication step; a management
step of managing at least user type information about user
classification, username information about a username, and user
authority information about the access restriction as user
information about the user who has multiply logged in, for each
login; and a determination step of determining whether or not to
permit the logged-in user to log in as the different user according
to the user type information about the logged-in user.
Description
BACKGROUND OF THE INVENTION
[0001] 1. Field of the Invention
[0002] The present invention relates to an image processing
apparatus, such as a multifunction peripheral, a control method
therefor, and a computer-readable storage medium storing a program
for implementing the method.
[0003] 2. Description of the Related Art
[0004] Recently, among image processing apparatuses including a
multifunction peripheral, there exist a lot of apparatuses
configured to be able to restrict access to jobs and resources
depending on a user who has logged in by a user authentication. In
such image processing apparatuses, when a user tries to perform an
operation while he has logged in, and the user does not have the
authority to execute the operation, it is common that an
authentication screen is displayed to prompt the user to log in as
a different user having the authority.
[0005] There exists a configuration for the user session
management, such that when the user logs in as a different user,
all the information related to the user (for example, a user
profile including a user name, a user's mail address and the like,
and user authority) is completely switched (hereinafter this
configuration will be referred to as Prior Art 1). In this case,
immediately before the user logs in as the different user, the user
who has logged in is automatically caused to log out (for example,
see Japanese Laid-Open Patent Publication (Kokai) No.
H11-25040).
[0006] There exists another configuration for the user session
management only re-evaluating the user authority of the user
information about the user who has already logged in while
maintaining the user profile of the user information such as the
user name, the user's mail address (hereinafter this configuration
will be referred to as Prior Art 2). As a re-evaluation method in
this case, it is common that the user authority held by the user
who has logged in later is added to the user authority held by the
user who has logged in earlier.
[0007] FIG. 16 is a timing chart showing the user session
management of Prior Art 1.
[0008] Reference numeral 4001 in FIG. 16 indicates a user profile
including a user name, a user's mail address and the like to be
actually applied in a user session. Reference numeral 4002
indicates the user authority of a user who has currently logged in.
Reference numeral 4003 indicates login user information which an
image forming apparatus stores in association with a user session
to determine the contents of the user profile 4001 and the user
authority 4002. FIG. 17 is a tabular form diagram showing settings
for the user profiles and user authorities of users A and B to be
used in FIG. 16.
[0009] According to Prior Art 1, when a user inputs user
information on a login screen at time t401, a process of logging in
as the user A is executed. Since the user A is permitted to execute
color copying in the setting information in FIG. 17, he can execute
color copying.
[0010] Next, when the user attempts to execute a network management
function at time t402, authentication as a user who is permitted to
execute the network management function is requested because the
user A is prohibited to execute the network management function.
Here, when the user inputs the authentication information about the
user B who is an administrator and is permitted to execute the
network management function, and a process of logging in as the
user B is performed, the user profile 4001 is changed to that of
the user B as indicated by reference numeral 4021 in FIG. 16, and
the user authority 4002 is change to that of the user B as
indicated by reference numeral 4022 in FIG. 16. Then, it becomes
possible for the user to execute the network management
function.
[0011] Next, when the user attempts to execute color copying again
at time t403, authentication as a user who is permitted to execute
the function is requested because the user B is prohibited to
execute color copying. In this case, if the user inputs again the
authentication information about the user A who is permitted to
execute color copying, he can execute color copying.
[0012] Thus, Prior Art 1 adopts the configuration in which, when a
new user logs in, a user who has already logged in is caused to log
out. In this configuration, since all the information related to
the user is switched, there may be a case where a function which
can be used as a certain user cannot be used after a process of
logging in as a different user is performed. In order to enable the
disabled function again, the user has to log in again. As a result,
there is a problem that the user is requested to log in again and
again, thereby degrading the usability.
[0013] FIG. 18 is a timing chart showing the user session
management of Prior Art 2.
[0014] Reference numerals 6001 to 6003 in FIG. 18 indicate the same
as indicated by reference numerals 4001 to 4003 in FIG. 16. It is
assumed that the settings for the user profiles and user
authorities of users A and B in the example of FIG. 18 are similar
to those in the example of FIG. 17.
[0015] When a user inputs user information on a login screen at
time t601, a process of logging in as the user A is performed.
Since the user A is permitted to execute color copying in the
setting information of FIG. 17, he can execute color copying.
[0016] When the user attempts to execute a network management
function at the next time t602, authentication as a user who is
permitted to execute the network management function is requested
because the user A is prohibited to execute the network management
function. Here, when the user inputs the authentication information
about the user B who is an administrator and is permitted to
execute the network management function, and a process of logging
in as the user B is performed, the user profile 6001 continues to
be that of the user A as indicated by reference numeral 6021 in
FIG. 18. However, as for the user authority 6002, all of the items,
each of which has been permitted to any of the users A and B, are
changed to be "permitted" as indicated by reference numeral 6022 in
FIG. 8,
[0017] When the user attempts to execute color copying again at the
next time t603, he can execute color copying without the need for
displaying the authentication screen again because the user A is
permitted to execute color copying even after the user authority is
changed.
[0018] Thus, in Prior Art 2, the user authority is re-evaluated so
that, if an item is permitted to any of a user who has logged in
earlier or a user who logs in later, the item is permitted.
Therefore, it does not happen that a function which can be used as
a certain user cannot be used after a process of logging in as a
different user is performed, thereby improving the usability in
comparison with Prior Art 1.
[0019] However, it is difficult for a user to intuitively determine
whether or not the user profile including a user name, a user's
mail address and the like is still the user profile of a user who
has logged in earlier or is switched to the user profile of a user
who has logged in later.
[0020] For example, it is assumed that there exists an image
processing apparatus which is provided with an e-mail transmission
function and which automatically sets a login user's mail address
as the sender address of an outgoing mail. Suppose that, while a
user has logged in this image processing apparatus as a user A, it
becomes necessary to change a certain management setting item, and
the user logs in again as a user B, who is an administrator,
changes the management setting item, and thereafter transmits an
e-mail. In this case, it is difficult to determine which of the
users A and B is automatically set as the sender address.
Furthermore, as a result of logging in again to change settings,
there may be caused problems, such as being charged as an
unintended user's print job, being set an unintended name as a fax
sender name, and being referred unintended user data as a user's
fixed work and personal data such as an address book.
SUMMARY OF THE INVENTION
[0021] In view of the above conventional problems, the present
invention provides an image processing apparatus capable of
reducing the frequency of a user's inputting work for
authentication information to improve the convenience, in a system
which restricts access to jobs and resources depending on a user
who has logged in, a control method therefor, and a
computer-readable storage medium storing a program for implementing
the method.
[0022] It is also intended to enable a user to easily determine
which user's user profile, among those of logged-in users, an
operation for executing a function is performed on the basis
of.
[0023] In a first aspect of the present invention, there is
provided an image processing apparatus enabling a user who has
logged in to multiply log in as a different user to execute a
predetermined function, the image processing apparatus comprising a
user authentication unit adapted to perform authentication of a
user, an access restriction unit adapted to restrict access to a
predetermined function depending on the user the authentication of
which is performed by the user authentication unit, a management
unit adapted to manage user information about the user who has
multiply logged in, for each login independently, a confirmation
unit adapted to confirm the number of logged-in users by referring
to the user information managed by the management unit when the
predetermined function is to be executed, a first setting unit
adapted to, when the number of the logged-in users is one as a
result of the confirmation by the confirmation unit, set the
logged-in user as an executor of the predetermined function, and a
second setting unit adapted to, when the number of the logged-in
users is two or more as a result of the confirmation by the
confirmation unit, cause the user to select one of the logged-in
users to set the selected one as the executor of the predetermined
function.
[0024] In a second aspect of the present invention, there is
provided a control method enabling a user who has logged in to
multiply log in as a different user to execute a predetermined
function, the image processing apparatus comprising a user
authentication unit adapted to perform authentication of a user, an
access restriction unit adapted to restrict access to a
predetermined function depending on the user the authentication of
which is performed by the user authentication unit, a management
unit adapted to manage at least user type information about user
classification, username information about a username, and user
authority information about the access restriction as user
information about the user who has multiply logged in, for each
login, and a determination unit adapted to determine whether or not
to permit the logged-in user to log in as the different user
according to the user type information about the logged-in
user.
[0025] In a third aspect of the present invention, there is
provided a control method for an image processing apparatus
enabling a user who has logged in to multiply log in as a different
user to execute a predetermined function, the method comprising a
user authentication step of authenticating a user, an access
restriction step of restricting access to a predetermined function
depending on the user the authentication of which is performed in
the user authentication step, a management step of managing user
information about the user who has multiply logged in, for each
login independently, a confirmation step of confirming the number
of logged-in users by referring to the user information managed in
the management step when the predetermined function is to be
executed, a first setting step of, when the number of the logged-in
users is one as a result of the confirmation in the confirmation
step, setting the logged-in user as an executor of the
predetermined function, and a second setting step of, when the
number of the logged-in users is two or more as a result of the
confirmation in the confirmation step, causing the user to select
one of the logged-in users to set the selected one as the executor
of the predetermined function.
[0026] In a fourth aspect of the present invention, there is
provided a control method for an image processing apparatus
enabling a user who has logged in to multiply log in as a different
user to execute a predetermined function, the method comprising a
user authentication step of authenticating a user, an access
restriction step of restricting access to a predetermined function
depending on the user the authentication of which is performed in
the user authentication step, a management step of managing at
least user type information about user classification, username
information about a username, and user authority information about
the access restriction as user information about the user who has
multiply logged in, for each login, and a determination step of
determining whether or not to permit the logged-in user to log in
as the different user according to the user type information about
the logged-in user.
[0027] In a fifth aspect of the present invention, there is
provided a computer-readable storage medium storing a
computer-readable program for implementing a control method for an
image processing apparatus enabling a user who has logged in to
multiply log in as a different user to execute a predetermined
function, wherein the method comprises a user authentication step
of authenticating a user, an access restriction step of restricting
access to a predetermined function depending on the user the
authentication of which is performed in the user authentication
step, a management step of managing user information about the user
who has multiply logged in, for each login independently, a
confirmation step of confirming the number of logged-in users by
referring to the user information managed in the management step
when the predetermined function is to be executed, a first setting
step of, when the number of the logged-in users is one as a result
of the confirmation in the confirmation step, setting the logged-in
user as an executor of the predetermined function, and a second
setting step of, when the number of the logged-in users is two or
more as a result of the confirmation in the confirmation step,
causing the user to select one of the logged-in users to set the
selected one as the executor of the predetermined function.
[0028] In a sixth aspect of the present invention, there is
provided a computer-readable storage medium storing a
computer-readable program for implementing a control method for an
image processing apparatus enabling a user who has logged in to
multiply log in as a different user to execute a predetermined
function, wherein the method comprises a user authentication step
of authenticating a user, an access restriction step of restricting
access to a predetermined function depending on the user the
authentication of which is performed in the user authentication
step, a management step of managing at least user type information
about user classification, username information about a username,
and user authority information about the access restriction as user
information about the user who has multiply logged in, for each
login, and a determination step of determining whether or not to
permit the logged-in user to log in as the different user according
to the user type information about the logged-in user.
[0029] According to the present invention, it is possible to reduce
the frequency of a user's inputting work for authentication
information, thus improving the convenience. Furthermore, a user
can easily determine which user's user profile, among those of
multiply logged-in users, a predetermined function is executed on
the basis of.
[0030] The above and other objects, features, and advantages of the
invention will become more apparent from the following detailed
description taken in conjunction with the accompanying
drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0031] FIG. 1 is a schematic diagram showing the configuration of a
system including an image processing apparatus according to the
present invention.
[0032] FIG. 2 is a block diagram showing the hardware configuration
of the image processing apparatus.
[0033] FIG. 3 is a block diagram showing the software configuration
of the image processing apparatus.
[0034] FIG. 4 is a timing chart showing user session management
according to a first embodiment of the present invention.
[0035] FIG. 5 is a diagram showing a login screen according to the
first embodiment.
[0036] FIG. 6 is a diagram showing a menu screen used in the first
embodiment.
[0037] FIG. 7 is a diagram showing a login screen to be displayed
when authority lacks, which is used in the first embodiment.
[0038] FIG. 8 is a diagram showing an execution user selection
screen used in the first embodiment.
[0039] FIG. 9 is a flowchart showing a procedure for characteristic
processing according to the first embodiment.
[0040] FIG. 10 is a timing chart showing user session management
according to a second embodiment of the present invention.
[0041] FIG. 11 is a tabular form diagram showing settings for user
profiles and user authorities used in FIG. 10.
[0042] FIG. 12 is a diagram showing a menu screen used in the
second embodiment.
[0043] FIG. 13 is a diagram showing a login screen to be displayed
when authority lacks, which is used in the second embodiment.
[0044] FIG. 14 is a diagram showing an error screen used in the
second embodiment.
[0045] FIG. 15 is a flowchart showing a procedure for processing
according to the second embodiment.
[0046] FIG. 16 is a timing chart showing the user session
management of Prior Art 1.
[0047] FIG. 17 is a tabular form diagram showing settings for user
profiles and user authorities used in FIG. 16.
[0048] FIG. 18 is a timing chart showing the user session
management of Prior Art 2.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0049] The present invention will now be described in detail with
reference to the drawings showing preferred embodiments thereof. It
should be noted that the relative arrangement of the components,
the numerical expressions and numerical values set forth in these
embodiments do not limit the scope of the present invention unless
it is specifically stated otherwise.
First Embodiment
<System Configuration>
[0050] FIG. 1 is a schematic diagram showing the configuration of a
system including an image processing apparatus according to the
present invention.
[0051] This system is configured by a server PC (personal computer)
1000, a user information server apparatus 1001, a ticket issuing
server apparatus 1002, a client PC 1003, and an image processing
apparatus 1004 which are connected with each other on a network.
This system is a print management system which performs restriction
of access by users who use the devices and restriction of execution
of jobs, such as restriction of the number of prints. It should be
noted that the users here include individual users, divisions,
organizations and the like.
[0052] In the server PC 1000, a system administrator utility
operates so that the server PC 1000 can perform setting and
management of this system. Especially, the server PC 1000 can set
function restriction information, more specifically access control
entry (hereinafter referred to as ACE), to the user information
server apparatus 1001. The user information server apparatus 1001
hold user information such as user IDs and passwords, and further
hold function restriction information lists, more specifically
access control lists (hereinafter referred to as ACL), which are a
set of ACEs, indicating which functions are permitted to each of
the users and the devices in the system.
[0053] The ticket issuing server apparatus 1002 issues a ticket on
which information about available functions are described, on the
basis of the ACL stored in the user information server apparatus
1001.
[0054] The client PC 1003 is in an available state in this system
after login is performed. Specifically, after the login is
performed, it is possible to use a printer driver for the image
processing apparatus 1004 on the client PC 1003, and it is known on
the server PC 1000 which user is using the client PC.
[0055] The image processing apparatus 1004 is, for example, a
multifunctional copying machine. The image processing apparatus
1004 has not only a function of copying an original paper document
but also a function of printing print data sent from an external
printer driver and a function of reading an original paper document
and transmitting its image data to an external file server or a
mail address (a send function). Furthermore, the image processing
apparatus 1004 also has a function of transmitting data to another
image processing apparatus so as to print the data on the another
image processing apparatus to be transmitted (a remote copy
function and a facsimile function) and the like.
[0056] The three "ACT" symbols in FIG. 1 indicate an abbreviation
of Access Control Token. For example, an ACT 1005 is data
containing information on functions which a user can execute on the
image processing apparatus 1004 and function restriction
information about the image processing apparatus 1004, thus the ACT
1005 can play a role of transferring the information from a server
to a device.
[0057] It is assumed that the server PC 1000, the user information
server apparatus 1001, the ticket issuing server apparatus 1002,
and the client PC 1003 described above are connected with each
other via Ethernet (registered trademark). However, it is only an
example of the system. All the connected devices of the server PC
1000, the user information server apparatus 1001, the ticket
issuing server apparatus 1002, and the client PC 1003, except the
image processing apparatus 1004, may be integrated into the same
computer. Furthermore, the server PC 1000, the user information
server apparatus 1001, the ticket issuing server apparatus 1002,
and the client PC 1003 may be implemented into the image processing
apparatus 1004 so that the system is configured only by the image
processing apparatus 1004.
<Hardware Configuration of Image Processing Apparatus>
[0058] FIG. 2 is a block diagram showing the hardware configuration
of the image processing apparatus 1004.
[0059] A controller unit 2000 performs input/output of image
information or device information by being connected to a scanner
2070, which is an image input device, or a printer 2095, which is a
image output device, while being connected to a network 1008 or a
public circuit 1009. A CPU 2001 is a controller which controls the
whole image processing apparatus 1004. A RAM 2002 is a system work
memory used for the CPU 2001 to operate. The RAM 2002 is also an
image memory for temporarily storing image data. A ROM 2003 is a
boot ROM, in which the boot program of the system is stored. An HDD
2004 is a hard disk drive, in which system software, applications,
and image data are stored.
[0060] An operation section I/F 2006 is an interface section
interfacing with an operation section 2012 provided with a touch
panel, and the operation section I/F 2006 outputs image data to be
displayed on the operation section 2012, to the operation section
2012. Furthermore, the operation section I/F 2006 has a role of
communicating information inputted from the operation section 2012
by the user of this system, to the CPU 2001. A network I/F 2010 is
connected to the network 1008 to input/output information. A modem
2050 is connected to the public circuit 1009 to input/output
information.
[0061] An SRAM 2100 is a non-volatile storage medium capable of
operating at a high speed. An RTC 2110 is a real-time clock, and it
performs processing for continuing counting time even when the
controller unit 200 is not powered on. The devices described above
are arranged on a system bus 2007.
[0062] An image bus I/F 2005 is a bus bridge which connects the
system bus 2007 and an image bus 2008, which transfers image data
at a high speed, to convert a data structure of the image data. The
image bus 2008 is configured by a PCI bus or an IEEE1394 bus. The
devices described below are arranged on the image bus 2008.
[0063] An RIP 2060 is a raster image processor which develops a PDL
code into a bitmap image. A device I/F section 2020 connects the
scanner 2070 and the printer 2095, which are image input and output
devices, and the controller unit 2000 to synchronous/asynchronous
conversion of image data. A scanner image processing section 2080
performs correction, processing, and editing of inputted image
data. A printer image processing section 2090 performs correction,
resolution conversion, and the like of a printer for print output
image data. An image rotation section 2030 rotates image data. An
image compression/expansion section 2040 performs
compression/expansion processing.
[0064] <Software Configuration of Image Processing
Apparatus>
[0065] FIG. 3 is a block diagram showing the software configuration
of the image processing apparatus 1004.
[0066] The software is implemented into the controller unit 2000
included in the image processing apparatus. 1004. The software
included in the image processing apparatus 1004 and processed by
the controller unit 2000 is implemented as so-called firmware, and
it is executed by the CPU 2001.
[0067] A real-time OS 3001 is a real-time operating system, and it
provides various resource management services and their frameworks
optimized for control of an embedded system, to software operating
thereon.
[0068] A controller platform 3002 is configured by a file system
3003, a job/device control 3004, a counter 3005, and the like. The
file system 3003 is a mechanism for storing data which is
constructed on a storage device, such as the HDD 2004 and the RAM
2002. The job/device control 3004 controls the hardware of the
image processing apparatus 1004, and it also controls jobs which
use basic functions (printing, scanning, communication, image
conversion, and the like) provided mainly by the hardware of the
image processing apparatus 1004. The counter 3005 manages the
expiration date for each application and counter values of printing
and scanning, which are stored in the SRAM 2100.
[0069] A system service 3006 is a module for monitoring the
operation state of the image processing apparatus 1004 or
downloading software or license from a software distribution server
1006 (see FIG. 2) via the network 1008.
[0070] An application platform 3007 is middleware for causing the
mechanisms of the real-time OS 3001 and the controller platform
3002 to be available from a system application 3008 or applications
3012, 3013 and 3014 which can be added. The system application 3008
is configured by application management 3009, user session
management 3010, and access management 3011.
[0071] The application management 3009 is a management module for
causing the applications 3012, 3013 and 3014 to be installed,
uninstalled, activated, and stopped. The user session management
3010 is a module for managing user information about a user who has
been multiply logged in, for each login independently. That is, it
is a module for managing user profiles and user authorities in
response to login/logout by the user. The access management 3011 is
a security module for permitting or prohibiting access to various
jobs and resources on the basis of the user authorities in the user
session management 3010.
[0072] The application 3012 is application software which realizes
various business models using functions provided by the application
platform 3007.
User Session Management of First Embodiment
[0073] Next, the user session management of the first embodiment
will be described with reference to FIG. 4.
[0074] FIG. 4 is a timing chart showing the user session management
according to the first embodiment of the present invention.
[0075] The user session management of this embodiment is executed
by the CPU 2001 of the image processing apparatus 1004 as the
function of the user session management 3010 and the access
management 3011. Reference numerals 7001 to 7003 in FIG. 4 indicate
the same as indicated by reference numerals 4001 to 4003 in FIG.
16. It is assumed that the settings for the user profiles and user
authorities of users A and B are the same as those shown in FIG.
17.
[0076] When a user logs in as the user A by selecting an OK button
after inputting user information configured by a username, a
password and the like on the login screen (FIG. 5), at time t701, a
menu screen (FIG. 6) is displayed on the operation section 2012. A
login user display area 9005 is arranged at the lower part of a
main menu 9000 in FIG. 6, and it is displayed that a function is
being executed by the user A at this time point. Since the user A
is permitted to execute a color copying function in the setting
information in FIG. 17, he can execute color copying when a color
copying function 9001 in FIG. 6 is selected.
[0077] When the user selects "Return to menu" 9002 in FIG. 6 after
execution of the color copying function ends, the screen returns to
the main menu 9000. After that, when the user selects a network
management function 9003 in FIG. 6 at time t702, the access
management 3011 check the user authority of the user A to
determines whether or not the user A is permitted to execute the
network management function. Since the user A is prohibited to
execute the network management function in the setting information
in FIG. 17, the access management 3011 notifies the user session
management 3010 to that effect. In response to this, the user
session management 3010 displays a login screen 9050 (FIG. 7)
requesting user authentication as a user permitted to execute the
function.
[0078] Here, when the user logs in again as the user B by inputting
the authentication information about the user B on this login
screen 9050 in FIG. 7, the user session management 3010 changes the
user profile 7001 to that of the user B as indicated by reference
numeral 7021 in FIG. 4, and the user authority 7002 to that of the
user B as indicated by reference numeral 7022 in FIG. 4. However,
information related to the user A continues to be held in the login
user information 7003 without being discarded nor changed. At the
same time, it is displayed in the login user display area 9005 that
the network management function is being executed by the user B
between the users A and B who have multiply logged in.
[0079] When the user selects "Return to menu" 9002 in FIG. 6 after
execution of the network management function ends, the screen
returns to the main menu 9000. After that, when the user selects
the color copying function 9001 in FIG. 6 again at time t703, the
access management 3011 checks the user authorities of the users A
and B who have logged in to determine whether or not either one of
the users are permitted to execute the color copying function.
Since only the user A is permitted to execute color copying
function in the setting information in FIG. 17, the access
management 3011 notifies the user session management 3010 to that
effect. In response to this, the user session management 3010
changes the user profile 7001 to that of the user A as indicated by
reference numeral 7023 in FIG. 4 and the user authority 7002 to
that of the user A as indicated by reference numeral 7024 in FIG.
4, on the basis of the information related to the user A which has
been held in the login user information 7003. At the same time, it
is displayed in the login user display area 9005 that the color
copying function is being executed by the user A between the users
A and B who have multiply logged in.
[0080] When the user selects "Return to menu" 9002 in FIG. 6 after
execution of the color copying function ends, the screen returns to
the main menu 9000. After that, when the user selects a fax
function 9004 in FIG. 6 at time t704, the access management 3011
checks the user authorities of the users A and B who have logged in
to determine whether or not either one of the users are permitted
to execute the fax function. Since both users are permitted to
execute the fax function in the setting information in FIG. 17, the
access management 3011 notifies the user session management 3010 to
that effect. In responses to this, the user session management 3010
displays an execution user selection screen 9060 in FIG. 8. Suppose
that the user selects, for example, the user B as an execution user
who is an executor to execute the fax function, on the execution
user selection screen 9060. In this case, the user session
management 3010 performs the processing as described below on the
basis of information related to the user B which has been held in
the login user information 7003. That is, the user profile 7001 is
changed to that of the user B as indicated by reference numeral
7025 in FIG. 4, and the user authority 7002 is changed to that of
the user B as indicated by reference numeral 7026 in FIG. 4 again.
At the same time, it is displayed in the login user display area
9005 that the fax function is being executed by the user B, between
the users A and B who have been multiply logged in.
[0081] On the other hand, if the user selects the user A as the fax
function execution user on the execution user selection screen
9060, none of the contents of the user profile 7001, the contents
of the user authority 7002, and the display in the login user
display area 9005 is changed.
Characteristic Processing According to First Embodiment
[0082] Next, characteristic processing according to the first
embodiment will be described with reference to FIG. 9.
[0083] FIG. 9 is a flowchart showing a procedure for the
characteristic processing according to the first embodiment. In
this processing, execution user information is determined
automatically or in accordance with user selection, when a function
is selected, and this processing is executed by the CPU 2001 of the
image processing apparatus 1004 as the function of the user session
management 3010 and the access management 3011.
[0084] When a user selects a function in step S121, the access
management 3011 determines whether or not the number of logged-in
users permitted to execute the selected function is two or more, in
the next step S122. If the number of such users is not two or more,
the user session management 3010 automatically selects the only one
user permitted to execute the selected function as an execution
user, in step S123. Then, the process proceeds to the next step
S126.
[0085] If the number of the logged-in users permitted to execute
the selected function is two or more, the user session management
3010 displays the execution user selection screen 9060 (FIG. 8) in
step S124. Then, in the next step S125, a user to execute the
selected function is determined on the basis of the result of the
selection made by the user on the execution user selection screen
9060. Then, the process proceeds to the next step S126.
[0086] In short, the processing of the flow from step S122 to step
S126 via step S123 is the processing as described below. That is,
when the number of users permitted to execute the selected function
is only one, the user is automatically selected as a user to
execute the selected function, without prompting reselection from a
list of logged-in users, even if the number of the logged-in user
is two or more.
[0087] Next, in step S126, the user session management 3010
determines whether or not the execution user determined by the
above procedure is the same as the current execution user. If the
execution user is the same, the process immediately proceeds to
step S129, where the application 3012 executes the selected
function. If the execution user is not the same, the user session
management 3010 changes the user profile to that of the determined
execution user in step S127, and further changes the user authority
to that of the determined execution user in step S128. Then, in
step S129, the selected function is executed.
Advantages of First Embodiment
[0088] According to this embodiment, it is possible to reduce the
frequency of a user's inputting work for authentication information
to improve the convenience, in an apparatus configured to be
capable of restricting access to jobs and resources depending on a
user who logs in.
[0089] Furthermore, the login user display area 9005 is provided so
that it is displayed which of logged-in users a predetermined
function is executed by. Thereby, it is possible for the user to
easily determine which user's user profile, among those of the
logged-in users, an operation for executing a function is performed
on the basis of.
Second Embodiment
[0090] Next, a second embodiment of the present invention will be
described.
[0091] The basic configuration of the second embodiment is similar
to that described with reference to FIGS. 1 to 3 in the above first
embodiment. A characteristic part of the second embodiment will be
described below.
User Session Management of Second Embodiment
[0092] FIG. 10 is a timing chart showing user session management
according to the second embodiment of the present invention.
[0093] The user session management of this embodiment is executed
by the CPU 2001 of the image processing apparatus 1004 as the
function of the user session management 3010 and the access
management 3011. Reference numerals 5001 to 5003 in FIG. 10
indicate the same as indicated by reference numerals 4001 to 4003
in FIG. 16.
[0094] FIG. 11 is a tabular form diagram showing settings for the
user profiles and user authorities of users A and B used in FIG.
10.
[0095] In the example shown in FIG. 11, user type information 8001
indicting the type (classification) of user is registered as a user
profile, as is distinct from the example in FIG. 17 used in the
first embodiment. The user types include, for example, an anonymous
user and a real-name user. The anonymous user is a special user
used by an unspecified large number of persons. The anonymous user
does not have user identification elements, such as username
information about the name of the user and a mail address. The
real-name user is a user who has such user identification
elements.
[0096] When a user logs in as an anonymous user by selecting the OK
button without inputting user information on the login screen (FIG.
5) at time t801, a menu screen (FIG. 12) is displayed on the
operation section 2012. A login user display area 9015 is arranged
at the lower part of a main menu 9010, and it is displayed that a
function is being executed by the anonymous user at this time
point. Since the anonymous user is permitted to execute the color
copying function in setting information in FIG. 11, he can execute
a color copying function 9011. It should be noted that login as the
anonymous user may be automatically performed when the image
processing apparatus 1004 is activated.
[0097] When the user selects "Return to menu" 9012 in FIG. 12 after
execution of the color copying function ends, the screen returns to
the main menu 9010. After that, when the user selects a network
management function 9013 in FIG. 12 at time t802, the access
management 3011 checks the user authority of the anonymous user to
determine whether or not the anonymous user is permitted to execute
network management function. Since the anonymous user is prohibited
to execute the network management function in the setting
information in FIG. 11, the access management 3011 notifies the
user session management 3010 to that effect. In response to this,
the user session management 3010 displays a login screen 9070 (FIG.
13) requesting authentication of an authorized user. Here, when the
user logs in again as the user B by inputting the authentication
information about the user B on the login screen 9070, the user
session management 3010 changes the user profile 5001 to that of
the user B as indicated by reference numeral 5021 in FIG. 10, and
changes the user authority 5002 so that all of the items, each of
which has been permitted to either of the anonymous user and the
user B, are changed to be "permitted" as indicated by reference
numeral 5022 in FIG. 10. At the same time, it is displayed in the
login user display area 9015 that the function is being executed by
the user B.
[0098] When the user selects "Return to menu" 9012 in FIG. 12 after
execution of the network management function ends, the screen
returns to the main menu 9010. After that, when the user selects
the color copy function 9011 in FIG. 12 at time t803 again, the
access management 3011 checks the user authorities of the the
currently logged-in users regarding to determine whether or not
either of the users are permitted to execute the color copying
function. Since the currently logged-in user is permitted to
execute color copying in the user authority indicated by reference
numeral 5022 in FIG. 10, he can execute the color copying function
without the need for displaying the login screen 9070 again.
Furthermore, it is displayed in the login user display area 9015
that the function is being executed by the user B, without any
change being made in the login user display area 9015.
[0099] When the user selects "Return to menu" 9012 in FIG. 12 after
re-execution of the color copying function ends, the screen returns
to the main menu 9010. After that, when the user selects the fax
function 9014 at time t803, the access management 3011 checks the
user authorities of the currently logged-in users to determine
whether or not either of the users are permitted to execute the fax
function. Since the currently logged-in user is not permitted to
execute the fax function in the user authority indicated by
reference numeral 5022 in FIG. 10, it is notified to the user
session management 3010. In responses to this, the user session
management 3010 displays an error screen 9080 (FIG. 14) notifying
that it is not possible to change the user. This is because, in the
second embodiment, further authentication is prohibited when login
as the real-name user has been performed. The user profile 5001 and
the user authority 5002 are never changed.
[0100] It should noted that: in the case of logging in as the user
A, who is a real-name user, when inputting user information on the
login screen (FIG. 5), and attempting to execute the network
management function 9013, the error screen 9080 (FIG. 14) notifying
that it is impossible to change the user is displayed
similarly.
Characteristic Processing According to Second Embodiment
[0101] Next, characteristic processing according to the second
embodiment will be described with reference to FIG. 15.
[0102] FIG. 15 is a flowchart showing a procedure for the
processing according to the second embodiment. This processing is
processing for determining whether or not to cause authentication
to be performed again depending on the user type of a logged-in
user when authority lacks, and it is executed by the CPU 2001 of
the image processing apparatus 1004 as the function of the user
session management 3010 and the access management 3011.
[0103] When a user selects a function in step S131, the access
management 3011 determines whether or not the logged-in user is
permitted to execute the selected function, in step S132. If it is
determined that the user is permitted to execute the selected
function, the process proceeds to step S141, where the application
3012 executes the selected function. On the other hand, if it is
determined that the user is not permitted to execute the selected
function, the user session management 3010 determines whether or
not the logged-in user is an anonymous user, in step S133. If it is
determined that the user is not an anonymous user, the process
proceeds to step S134, where the error screen 9080 (FIG. 14) is
displayed.
[0104] On the other hand, if it is determined that the logged-in
user is an anonymous user, the process proceeds to step S135, where
the login screen 9070 (FIG. 13) is displayed. In step S136, input
of authentication information is received from the user. It is
determined in step S137 whether or not the received authentication
information is correct. If it is not correct, the process returns
to the processing of step S135. On the other hand, if the received
authentication information is correct, the access management 3011
determines whether or not a newly logged-in real-name user is
permitted to execute the selected function on the basis of the
received authentication information in step S138. If the real-name
user is not permitted to execute the selected function, the process
returns to step S135.
[0105] On the other hand, if the real-name user is permitted to
execute the selected function, the user session management 3010
overwrites the user profile with that of the newly logged-in user,
in step S139. Then, the user authority information is merged in
step S140, and the selected function is executed in step S141.
Advantages according to Second Embodiment
[0106] Even when an anonymous user and a real-name user are
synthesized as a logged-in user, advantages equal to those of the
first embodiment can be obtained.
[0107] It is to be understood that the present invention may also
be accomplished by supplying a system or an apparatus with a
storage medium in which a program code of software, which realizes
the functions of either of the above described embodiments is
stored, and causing a computer (or CPU or MPU) of the system or
apparatus to read out and execute the program code stored in the
storage medium.
[0108] In this case, the program code itself read from the storage
medium realizes the functions of either of the above described
embodiments, and therefore the program code and the storage medium
in which the program code is stored constitute the present
invention.
[0109] Examples of the storage medium for supplying the program
code include a floppy (registered trademark) disk, a hard disk, a
magnetic-optical disk, a CD-ROM, a CD-R, a CD-RW, a DVD-ROM, a
DVD-RAM, a DVD-RW, a DVD+RW, a magnetic tape, a nonvolatile memory
card, and a ROM. Alternatively, the program may be downloaded via a
network.
[0110] Further, it is to be understood that the functions of either
of the above described embodiments may be accomplished not only by
executing the program code read out by a computer, but also by
causing an OS (operating system) or the like which operates on the
computer to perform a part or all of the actual operations based on
instructions of the program code.
[0111] Further, it is to be understood that the functions of either
of the above described embodiments may be accomplished by writing a
program code read out from the storage medium into a memory
provided on an expansion board inserted into a computer or a memory
provided in an expansion unit connected to the computer and then
causing a CPU or the like provided in the expansion board or the
expansion unit to perform a part or all of the actual operations
based on instructions of the program code.
[0112] While the present invention has been described with
reference to exemplary embodiments, it is to be understood that the
invention is not limited to the disclosed exemplary embodiments.
The scope of the following claims is to be accorded the broadest
interpretation so as to encompass all such modifications,
equivalent structures and functions.
[0113] This application claims the benefit of Japanese Patent
Application No. 2008-283306 Nov. 4, 2008, which is hereby
incorporated by reference herein in its entirety.
* * * * *