JP4543068B2 - COMMUNICATION DEVICE, REMOTE MANAGEMENT SYSTEM, COMMUNICATION DEVICE CONTROL METHOD, PROGRAM, AND RECORDING MEDIUM - Google Patents

Description

The present invention relates to a communication device characterized by a method for permitting operation in a configuration mode, a remote management system for managing such a communication device, a method for controlling such a communication device, and a computer for controlling such a communication device. The present invention relates to a program for realizing functions necessary for the above (functions related to the present invention) and a computer-readable recording medium on which such a program is recorded.
Here, the configuration mode may affect other operations of the device such as IP address setting, firmware installation, usage condition setting for each user, general user password issuance, shared information setting, etc. This is an operation mode in which various settings can be made.

Conventionally, image processing devices such as printers, fax machines, copiers, scanners, digital multifunction devices, network home appliances, vending machines, medical equipment, power supply devices, air conditioning systems, gas / water / electric metering systems, etc. In order to restrict access to management information, confidential information, etc., or to restrict the use of the device in a communication device that has a communication function in the electronic device, authentication is performed using authentication information such as a password, and access authority is granted. Access is permitted only to those who have been recognized as having the above (see Patent Documents 1 and 2). By doing so, it is possible to prevent access by unauthorized persons to important information and use of the device, and to improve security.
Also, such a communication device is often configured to receive an operation request from another external device via a network or directly and execute an operation according to the request. Even in such a case, it is possible to perform authentication by accepting input of authentication information from an external device, and to perform access restriction similar to the above.

When performing such access restrictions, a specific password is prepared separately from that for general users, and users who authenticate with the password are allowed to operate in a mode that allows a wider range of functions than for general users. So that it is done. For example, an administrator password is prepared, and an operation in the administrator mode is permitted for a user who is authenticated by the password.
And if the device has functions such as IP address setting, firmware installation, user-specific usage condition setting, general user password issuance, shared information setting, etc., whoever has permission to use the device However, since it is not preferable that these functions can be used, these functions can be executed only in the administrator mode so that only a limited user who knows the administrator password can use them. This administrator mode is a kind of configuration mode described above.

  By the way, in such a configuration mode, the operator can access a wide range of settings due to its nature, so if other operations are performed at the same time, the settings referred to during the operations are suddenly changed and the operations are performed. It may be a hindrance. For example, the content may be deleted after selecting a speed dial for a facsimile transmission destination. Conversely, if there is an operation during the installation of the firmware, it is possible that the operation in the configuration mode will fail due to other operations, such as failure to install normally.

Therefore, it is preferable not to allow other users to use the device while the configuration mode operation is performed. When an instruction is received from the operation unit, such access restriction is applied to an operation performed from the operation unit after the operation of the configuration mode is accepted after the input of the administrator password is accepted and authenticated. Only such operations can be executed, and operation requests received by other means, such as communication means, can be realized with relatively simple control such that execution is not permitted. It is thought that the administrator who is operating during the operation of the configuration mode prevents the administrator from operating, and when there is a series of operations, they are considered to have been performed by the same person, This is because an administrator who is operating the operation unit cannot usually access it via the communication means.
In addition, since the administrator can be expected to end the configuration mode, it may be ended in accordance with the instruction from the administrator. Conventionally, such control is performed.

By the way, with recent advances in network technology, communication devices have been developed that can accept various operation instructions from a terminal device operated by a user via communication means. Of course, this operation instruction includes an instruction related to the configuration mode.
In such a communication apparatus, processing conventionally performed when an instruction from a user is received by the communication means is as follows. That is, first, the terminal device operated by the user transmits an instruction request to the communication device in response to the user's instruction, and the communication device transmits display data of the instruction acceptance screen to the terminal device in response thereto. To do. Since the terminal device displays an instruction acceptance screen based on the display data, when the user inputs the instruction by viewing the screen and instructs transmission, the terminal device transmits the content as an operation request to the communication device. The communication device that has received this performs an operation according to the operation request.
In this way, even when receiving instructions from the user via communication means, if the administrator password is authenticated and configuration mode operation is started, the configuration mode can be configured by not allowing access with other passwords. During the operation, it is possible to prevent the general user from using the apparatus.

JP-A-6-46190 (especially paragraph 0060 of the specification) JP 7-58866 A

However, when the communication unit is used, a plurality of users (administrators) can access the same device at the same time, unlike the case of receiving input from the operation unit. Accordingly, it is conceivable that another administrator inputs the same password and requests an operation while first authenticating one administrator and waiting for an operation instruction. In the past, if the same password was entered, it was not possible to distinguish between multiple entries from the same person or multiple entries from the same person. Thus, there is a problem that an abnormality occurs in the operation when the operation requests from the two people contradict or conflict.
In the configuration mode, it is often permitted to change settings related to the basic part of the device. The demand for problem solving was great.

In addition, when receiving an instruction from the user by the communication means, the first instruction request and the next operation request require different responses, so that they are processed as independent requests, and authentication information is provided for each. It was accepted and authenticated. Therefore, for example, the communication apparatus side does not know when the next operation request is received after responding to the first instruction request until the next operation request is actually received.
Unlike the case of receiving an instruction from the operation panel, the user is not always near the communication device. Therefore, when a communication trouble occurs, the next instruction, for example, an instruction to end the configuration mode may be received. Sometimes it becomes impossible.

  Therefore, if the configuration mode is terminated in accordance with the administrator's instruction as in the prior art, the configuration mode will remain in the long time in such a case. In addition, if the operation or operation request from another is not accepted during the operation in the configuration mode, the general user cannot use the device during that time, resulting in a serious inconvenience. It was.

  The present invention solves such problems, and in a communication device having a communication means for communicating with an external device and an operation means for receiving an operation from a user, when permitting an operation request via the communication means, It is an object of the present invention to ensure sufficient user convenience while preventing occurrence of problems in the operation of the apparatus.

  In order to achieve the above object, the present invention provides authentication information input from the operation means or the communication means in a communication apparatus having a communication means for communicating with an external device and an operation means for accepting an operation from a user. Authentication information receiving means for receiving authentication information, authentication means for performing authentication processing using the authentication information received by the authentication information receiving means, and authentication information input from the communication means and received by the authentication information receiving means is specific authentication information. When the authentication means authenticates, the time-limited identification information issuing means for issuing the time-limited identification information that determines the time limit to the sender of the authentication information, and the above-mentioned expiration date from the external device An identification means for permitting an operation request related to the configuration mode from the external device when the identification information with a time limit is received. The information issuing means does not newly issue the time-limited identification information corresponding to the authentication information within the expiration date of the time-limited identification information issued to the transmission source of the specific authentication information. .

In such a communication device, the identification means is received within the validity period of the time-limited identification information issued by the time-limited identification information issuing means together with the time-limited identification information from the operation request from the external device. It may be a means for permitting an operation request related to the configuration mode by permitting only the above.
Furthermore, it is preferable not to accept an operation from the operation means within the expiration date of the time-limited identification information issued by the time-limited identification information issuing means.
Furthermore, a display means for displaying a message, and a message indicating that the configuration mode is in operation is displayed on the display means within the expiration date of the time-limited identification information issued by the time-limited identification information issuing means. Means may be provided.

In these communication apparatuses, when receiving the authentication information input from the communication means, the authentication information receiving means is provided with means for receiving designation of an expiration date of the time-limited identification information, and the time-limited identification information. If the issuing means has specified the expiration date, the expiration date will be the time limit for the specification when issuing the above-mentioned time-limited identification information. It is good to do.
In such a communication device, if the expiration date extension request is received within the expiration date of the expiration date identification information and the identification means permits the operation related to the request, the expiration date identification information is valid. A means for extending the time limit according to the extension request may be provided.
Furthermore, it is preferable to provide means for ending the validity period of the time-limited identification information when the invalidation request for the time-limited identification information is received and the identification means permits an operation related to the request.

Further, in the above communication device, the authentication information input from the communication unit and received by the authentication information receiving unit, the operation request received from the external device, and the time-limited identification information are information described in a structured language format. Good.
Furthermore, the above-mentioned time-limited identification information may be described in a header of a document described in a structured language format.

  Further, the remote management system of the present invention is a remote management system in which a plurality of communication devices are remotely managed by a management device via a network. The communication device communicates with the external device to the communication device, and is operated by a user. An operating means for receiving, an authentication information receiving means for receiving authentication information input from the operating means or the communication means, an authentication means for performing an authentication process using the authentication information received by the authentication information receiving means, and the communication means When the authentication means authenticates that the authentication information received from the authentication information acceptance means is the specific authentication information, the time-limited identification information that defines the expiration date is issued to the sender of the authentication information. When the identification information issuing means with a time limit to perform and the above-mentioned time-limited identification information within the expiration date are received from the external device, from the external device An identification means for permitting an operation request related to the configuration mode, and within the expiration date of the time-limited identification information issued by the time-limited identification information issuing means to the transmission source of the specific authentication information. The time-limited identification information corresponding to the authentication information is not newly issued.

In such a remote management system, the identification means of the communication device is identified within the expiration date of the time-limited identification information issued by the time-limited identification information issuing means within the operation request from the external device. It is preferable to allow the operation request related to the configuration mode by permitting only the information received together with the information.
Furthermore, in the communication device, it is preferable that an operation from the operation unit is not accepted within the expiration date of the expiration date identification information issued by the expiration date identification information issuing unit.

In these remote management systems, when receiving authentication information input from the communication means, the authentication information receiving means of the communication device is provided with means for receiving designation of an expiration date of the time-limited identification information together with the authentication information. When the above-mentioned termed identification information issuing means has been designated, when the above-mentioned termed identification information is issued, the term of validity is regarded as the term relating to the designation, and when there is no designation, the term of validity is designated. It is advisable to set a predetermined time after issuance.
Further, when the communication device receives a request for extending the expiration date within the expiration date of the expiration date identification information, and the identification means permits the operation related to the request, the expiration date of the expiration date identification information is valid. It is preferable to provide means for extending the time limit according to the extension request.
Furthermore, means for terminating the validity period of the time-limited identification information when the communication device receives a request for invalidating the time-limited identification information and the identification means permits an operation related to the request. It is good to provide.

The control method for a communication apparatus of the invention is a control method for a communication apparatus having a communication unit for communicating with an external device, and an operation unit for accepting an operation from a user, to the communication device, the operation means or to accept the authentication information inputted from the communication means, when the row Align the authentication process using the authentication information received, the authentication information accepted is input from the communication means have been authenticated as specific authentication information, When the identification information with the expiration date is issued to the sender of the authentication information, and when the identification information with the expiration date is received from the external device, the configuration mode from the external device is set. Instead of allowing the operation request according to the expiration date of the issued dated identification information to the transmission source of the specific authentication information, identification with time limit corresponding to the authentication information It is intended to make so as not to issue new information.

In such a communication device control method, the communication device is allowed to permit only the operation request received from the external device together with the time-limited identification information within the validity period of the issued time-limited identification information. better to cause I line permission operation request according to the configuration mode by Rukoto.
Furthermore, it is preferable that the communication device is not allowed to accept an operation from the operation means within the expiration date of the issued time-limited identification information.

In the control method of the communication apparatus, to the communication device, if the specified expiration date of the dated identification information along with the authentication information when the authentication information inputted from the communication means Ru is accepted it was accepted, when issuing the dated identification information, if there is the designated by a time limit of the expiration date to the specified, in which case specification was not from issuing the expiration date better to so that is a predetermined time after.
Further, when the communication device receives a request for extending the expiration date within the expiration date of the expiration date identification information and permits the operation related to the request, the expiration date of the expiration date identification information is extended. better to so that is extended on demand.
Furthermore, in the communication device, when receiving the invalidation request of the dated identification information, and to allow operation according to the request, it may be so as to the end of the validity period of the dated identification information.

  Further, the program according to the present invention provides a computer that controls a communication device having a communication unit that communicates with an external device and an operation unit that receives an operation from a user, and authentication information input from the operation unit or the communication unit. Authentication information receiving means for receiving authentication information, authentication means for performing authentication processing using authentication information received by the authentication information receiving means, and authentication information input from the communication means and received by the authentication information receiving means is specific authentication information. When the authentication means authenticates, the time-limited identification information issued to the sender of the specific authentication information is issued to the sender of the authentication information. Within the expiration date of the information, the expiration date identification information issuing means that does not newly issue the expiration date identification information corresponding to the authentication information and the expiration date from the external device If the received the maturity identification information, a program to function as an identification means for permitting the operation request according to the configuration mode from the external device.

In such a program, the function of the identification means is received within the expiration date of the time-limited identification information issued by the time-limited identification information issuing means together with the time-limited identification information in the operation request from the external device. It may be a function that permits an operation request related to the configuration mode by permitting only those that have been performed.
Further, the computer may further include a program for realizing a function of not accepting an operation from the operation means within an expiration date of the expiration date identification information issued by the expiration date identification information issuing means. .

In these programs, when the authentication information input from the communication means is received, the authentication information receiving means is provided with a function for receiving designation of the expiration date of the time-limited identification information and issuing the time-limited identification information. If there is a designation, the means shall set the validity period as the deadline for the designation when issuing the above-mentioned time-limited identification information. It is good to provide the function to do.
Further, when the computer receives a request for extending the expiration date within the expiration date of the time-limited identification information and the identification means permits an operation related to the request, the expiration date of the time-limited identification information The program may be further included so as to function as a means for extending the request according to the extension request.
Furthermore, when the computer receives the invalidation request for the time-limited identification information and the identification means permits the operation related to the request, the computer functions as a means for ending the validity period of the time-limited identification information. It is better to further include a program for
The present invention also provides a computer-readable recording medium in which these programs are recorded.

According to the communication device, the remote management system, and the communication device control method of the present invention as described above, it is possible to ensure sufficient convenience for the user while preventing malfunctions in the operation of the device. it can.
Further, according to the program of the present invention, it is possible to cause the computer to control the communication device to realize the characteristics of such a communication device, and to obtain the same effect. Further, according to the recording medium of the present invention, the program can be stored in a computer that does not store the program, and can be caused to function as the communication device by executing the program.

Preferred embodiments of the present invention will be described below with reference to the drawings.
First, a configuration example of a remote management system for a communication device according to the present invention in which the communication device according to the present invention is a managed device will be described. FIG. 1 is a conceptual diagram showing an example of the configuration of the remote management system.

  This remote management system includes image forming devices or image processing devices such as printers, FAX machines, digital copying machines, scanner devices, digital multifunction devices, network home appliances, vending machines, medical equipment, power supply devices, air conditioning systems, gas / This is a remote management system in which a managed device 10 is a communication device in which an electronic device such as a metering system for water and electricity has a communication function. As an external device connected to the managed device 10 (as viewed from the managed device side), an intermediary device 101 that is a remote management mediation device connected to the managed device 10 via a LAN (local area network), and A management device 102 that functions as a server device connected to the mediation device 101 via the Internet 103 (other network such as a public line) may be provided. The managed devices 10 can be centrally managed remotely via the network.

Note that the connection between the mediation device 101 and the managed device 10 is not limited to a LAN, but is performed by serial connection based on the RS-485 standard, parallel connection based on the SCSI (Small Computer System Interface) standard, or the like. Also good. For example, in the case of the RS-485 standard, up to five managed devices 10 can be connected to the intermediary device 101 in series.
Further, the intermediary device 101 and the managed device 10 have various hierarchical structures depending on the usage environment.

  With respect to this point, in the installation environment A shown in FIG. 1, the intermediary device 101a capable of establishing a direct connection with the management device 102 using HTTP (Hyper Text Transfer Protocol) has a simple hierarchical structure with the managed devices 10a and 10b. It has become. However, when the number of managed devices 10 to be installed is large and the load increases only by installing one mediation device 101, a higher-level mediation device that can establish a direct connection with the management device 102 by HTTP is used. It is also possible to form a hierarchical structure in which not only the managed device but also other lower level intermediary devices follow, and this intermediary device further follows other managed devices. In this case, the information issued from the management device 102 to remotely manage the managed devices that can follow the lower level mediation device is passed through the higher level mediation device and the mediation device that is the lower level node thereof. The managed device will be reached.

  In addition, in the installation environment B, in addition to the intermediary device 101b and the managed devices 10c and 10d, a terminal device 105 is provided for the user to perform various operations on the managed devices 10c and 10d. Such a terminal device 105 is realized by causing a personal computer (PC), a personal digital assistant (PDA), or the like to execute a required program, and is not essential in the configuration of the management system. However, by providing such a terminal device 105, the user can operate the managed device not only by the operation unit provided in the managed device 10 but also by the terminal device 105. The possible operations naturally vary depending on the type of the managed device 10, but the operations here include not only visual changes such as image formation and image reading and movements but also acquisition of information and change of settings. Etc., including those that do not change anything in appearance.

Further, as in the installation environment C, managed devices 11a and 11b with an intermediary function in which the managed device 10 is also provided with the function of the intermediary device 101 are connected to the management device 102 via the Internet 103 without using an intermediary device. You may make it do.
Although not shown, the managed device 10 can be further connected to the lower level of the managed device 11 with a mediation function.
Note that a firewall 104 is installed in each installation environment in consideration of security.

  In addition, in the installation environment B, the connection relationship between the nodes is illustrated so as to be significantly different from the installation environments A and C. However, for the installation environments A and C, a connection method other than the LAN is considered. This is because the relationship between the nodes is abstractly shown, but the installation environment B shows a configuration in which each node is connected by a LAN (however, the connection between the managed device 10 and the terminal device 105 is a LAN). Not intended to be limited to). Therefore, if each node in the installation environments A and C is connected by a LAN, the configuration is similar to that shown for the installation environment B, and the managed devices 10c and 10d in the installation environment B also communicate with the management device 102. Is performed via the mediation apparatus 101b as in the case of the installation environment A.

In such a remote management system, the intermediary device 101 has an application program for control management of the managed device 10 connected thereto.
The management apparatus 102 is mounted with an application program for performing control management of each intermediary apparatus 101 and further performing control management of the managed apparatus 10 via the intermediary apparatus 101. Then, each of these nodes in this remote management system including the managed device 10 transmits a “request” which is a request for processing for a method of the application program to be implemented by RPC (remote procedure call). The “response” that is the result of the processed processing can be acquired.

That is, the intermediary device 101 or the managed device 10 connected thereto can generate a request to the management device 102 and deliver it to the management device 102 to obtain a response to the request, while the management device 102 A request to the mediating apparatus 101 side is generated and delivered to the mediating apparatus 101 side, and a response to the request can be acquired. This request includes causing the mediation device 101 to transmit various requests to the managed device 10 and obtaining a response from the managed device 10 via the mediation device 101.
In order to realize RPC, known protocols (communication standards) such as SOAP (Simple Object Access Protocol), HTTP, FTP (File Transfer Protocol), COM (Component Object Model), CORBA (Common Object Request Broker Architecture), etc. , Technology, specifications, etc. can be used.

The transmission / reception data transmission / reception model is shown in the conceptual diagram of FIG. In this figure, the presence of the firewall 104 is not considered.
(A) is a case where a request to the management apparatus 102 has occurred in the managed apparatus 10. In this case, the managed device 10 generates a managed device-side request a, and the management device 102 that receives the request via the mediation device 101 returns a response a to the request. A case where there are a plurality of mediation apparatuses 101 shown in FIG. Note that (A) shows a case in which not only the response a but also a response delay notification a ′ is returned. When the management device 102 receives a request from the managed device via the mediation device 101 and determines that the response to the request cannot be returned immediately, it notifies the response delay notification and temporarily disconnects the connection state. This is because the response to the request is delivered again at the next connection.

  (B) is a case where a request for the managed device 10 has occurred in the management device 102. In this case, the management apparatus 102 generates a management apparatus side request b, and the managed apparatus 10 that has received the request via the mediation apparatus 101 returns a response b to the request. Even in the case of (B), the response delay notification b ′ is returned in the same manner as in the case of (A) when the response cannot be returned immediately.

Next, the physical configuration of the management apparatus 102 shown in FIG. 1 will be described. The management apparatus 102 includes a CPU, a ROM, a RAM, a nonvolatile memory, a network interface card (hereinafter referred to as a NIC), and the like (not shown). .
Further, the physical configuration of the mediation apparatus 101 shown in FIG. 1 will be described. The mediation apparatus 101 includes a CPU, a ROM, a RAM, a nonvolatile memory, a NIC, and the like (not shown).
Further, for the managed device with mediation function 11, these units may be simply added to the managed device 10 in order to realize the function of the mediation device 101, but the CPU, ROM, and RAM provided in the managed device 10 The functions of the intermediary device 101 can also be realized by using a hardware resource such as the CPU and causing the CPU to execute an appropriate application or program module.

Hereinafter, as a more specific example of the management apparatus shown in FIG. 1, an image forming apparatus that is an example of a remote management system according to the present invention, in which an image forming apparatus that is an example of a communication apparatus according to the present invention is used as a managed apparatus. The management system will be described. FIG. 3 is a conceptual diagram showing an example of the configuration of the image forming apparatus remote management system. The managed apparatus 10 is the image forming apparatus 100 and the managed apparatus 11 with the mediation function is the image forming apparatus 110 with the mediation function. Since only the changed points are different from those in FIG. 1, description of the overall configuration of the system is omitted.
The image forming apparatus 100 is a digital multi-function peripheral having functions such as copying, facsimile, and scanner, and a function for communicating with an external device, and is equipped with an application program for providing services related to these functions. It is. The image forming apparatus with a mediation function 110 is obtained by adding the functions of the mediation apparatus 101 to the image forming apparatus 100.

A physical configuration of such an image forming apparatus 100 will be described with reference to FIG.
FIG. 4 is a block diagram illustrating an example of a physical configuration in the image forming apparatus 100. As shown in the figure, the image forming apparatus 100 includes a controller board 200, an HDD (hard disk drive) 201, an NV-RAM (nonvolatile RAM) 202, a PI (personal interface) board 203, a PHY (physical media interface) 204, An operation panel 205, a plotter / scanner engine board 206, a power supply unit 207, a finisher 208, an ADF (automatic document feeder) 209, a paper feed bank 210, and other peripheral devices 211 are provided. Each of these units is a hardware resource in the image forming apparatus 100.

  Here, the controller board 200 corresponds to a control unit, includes a CPU, a ROM, a RAM, and the like, and controls each function via a PCI-BUS (Peripheral Components Interconnect-Bus) 212. The HDD 201 corresponds to a storage unit. The NV-RAM 202 corresponds to a storage unit and is a non-volatile memory, for example, a flash memory. These storage means include various programs used for controlling the image forming apparatus 100, operation logs, image data, a count value of the number of image formations to be described later, transmission destination information of image data by the image data transmission means, Various data including passwords for verification and setting parameters used for authentication processing are stored.

Also, the PI board 203 and the PHY 204 correspond to network communication means for performing communication with the outside, and for example, correspond to a communication board. The PI board 203 has an interface conforming to the RS485 standard, and is connected to a public line via a line adapter. As described above, the image forming apparatus 100 and the mediation apparatus 101 can be connected using the PI board 203. The PHY 204 is an interface for communicating with an external device via a LAN. These PI board 203 and PHY 204 can also function as image data transmission means for transmitting image data to an external device.
The operation panel 205 is constituted by a liquid crystal display in which a large number of keys and a touch panel are stacked, for example, and corresponds to an operation unit and a display unit.
The plotter / scanner engine board 206 corresponds to an image forming unit that forms an image on a sheet based on image data and an image reading unit that reads image data of a document. Furthermore, a counting unit is provided for counting the number of sheets on which the image is formed by the image forming unit.

  Here, ENGRDY in the figure is a signal line for notifying the controller board 200 side that various initial settings on the engine side have been completed and preparation for transmission / reception of commands with the controller board 200 is completed. PWRCTL is a signal line for controlling power supply to the engine from the controller board 200 side. The operation of these signal lines will be described later. Next, a software configuration in the image forming apparatus 100 will be described with reference to FIG.

  FIG. 5 is a block diagram illustrating an example of a software configuration of the image forming apparatus 100. The software configuration of the image forming apparatus 100 includes an uppermost application module (application) layer and lower service module layers. The programs constituting these software are stored in the HDD 201 or the RAM on the controller board 200, read as necessary, and executed by the CPU on the controller board 200. The CPU executes these programs as necessary, thereby realizing each function according to the present invention (function as authentication information receiving means, authentication means, term identification information issuing means, identification means, and other means). can do.

In particular, the software in the application module layer is configured by a program for causing the CPU to function as a plurality of application control means that realizes a predetermined function by operating hardware resources. The software in the service module layer includes the CPU, Service control that intervenes between hardware resources and each application control means, and receives operation requests for hardware resources from a plurality of application control means, arbitrates the operation requests, and controls execution of operations based on the operation requests. It is comprised by the program for functioning as a means.
Of these functions, a method for realizing a function related to communication differs between the image forming apparatus 100 and the image forming apparatus 110 with a mediation function. In other words, since the image forming apparatus with an intermediary function 110 has the function of an intermediary apparatus, a function related to communication can be realized by the CPU executing a corresponding program. In the case of the image forming apparatus 100, functions related to communication can be realized by the CPU executing the corresponding program and using the mediation apparatus 101.

  The service module layer includes an operation control service (OCS) 300, an engine control service (ECS) 301, a memory control service (MCS) 302, a network control service (NCS) 303, a fax control service (FCS) 304, a new remote service ( NRS) 305, system control service (SCS) 306, system resource manager (SRM) 307, image memory handler (IMH) 308, customer support system (CSS) 315, delivery control service (DCS) 316, user control service (UCS) 317 The certificate cut control service (CCS) 319 is implemented. Furthermore, a copy application 309, a fax application 310, a printer application 311, a scanner application 312, a net file application 313, a web application 314, and a web service application 318 are installed in the application module layer.

These will be described in further detail.
The OCS 300 is a module that controls the operation panel 205.
The ECS 301 is a module that controls an engine such as hardware resources.
The MCS 302 is a module that performs memory control. For example, the MCS 302 acquires and releases an image memory, uses the HDD 201, and the like.
The NCS 303 is a module that performs mediation between the network and each application program in the application module layer.
The FCS 304 is a module that performs facsimile transmission / reception, facsimile reading, facsimile reception printing, and the like.
The NRS 305 is a module that converts data when data is transmitted / received via the network, and is a module that summarizes functions related to remote management via the network.

The SCS 306 is a module that performs startup management and termination management of each application program in the application module layer according to the content of the command.
The SRM 307 is a module that controls the system and manages resources.
The IMH 308 is a module that manages a memory for temporarily storing image data.
The CSS 315 is a module that converts data when data is transmitted / received via a public line, and is a module that summarizes functions related to remote management via a public line.
The DCS 316 is a module for transmitting / receiving an image file or the like stored in a memory on the HDD 201 or the controller board 200 using SMTP (Simple Mail Transfer Protocol) or FTP (File Transfer Protocol).
The UCS 317 is a module that manages user information such as destination information and address information registered by the user.
The CCS 319 is a module that performs an authentication process on the authentication information input to the image forming apparatus 100, and is a module according to the feature of the present invention. Details will be described later.

The copy application 309 is an application program for realizing a copy service function.
The fax application 310 is an application program for realizing a fax service function.
The printer application 311 is an application program for realizing a printer service function.
The scanner application 312 is an application program for realizing a scanner service function.
The net file application 313 is an application program for realizing the function of the net file service.
The web application 314 is an application program for performing input / output processing relating to a web page.
The web service application 318 has a function of converting data received from an external device via a network into a data structure suitable for processing in each application, and is an application program for realizing the function of the web service. Details will be described later.

Here, the operation of the above-described ENGRDY signal and PWRCTL signal will be described with reference to FIG.
FIG. 6A shows an example of the operation of the ENGRDY signal and the PWRCTL signal when the device starts up. When the AC power of the AC power is turned on, power supply is started, and at the same time, the ENGRDY signal becomes High. In this state, communication with the engine side is not possible. This is because the initial setting on the engine side has not been completed. Then, the initial setting on the engine side is completed after a lapse of a certain period, and communication with the engine side becomes possible when the ENGRDY signal becomes Low.

  Next, FIG. 5B shows an example of the operation of the ENGRDY signal and the PWRCTL signal when the mode is shifted to the energy saving mode. To shift to the energy saving mode, the controller board 200 turns off the PWRCTL signal. At the same time, the power supply will drop. Along with this, the ENGRDY signal becomes High and shifts to the energy saving mode. Next, the case of returning from the energy saving mode is shown in FIG.

  FIG. 3C shows an example of the operation of the ENGRDY signal and the PWRCTL signal when returning from the energy saving mode. When returning from the energy saving mode (B), the controller board 200 turns on the PWRCTL signal. At the same time, power is supplied. However, as shown in (A) above, the ENGRDY signal is in a high state until the initial setting on the engine side is completed, and when the initial setting is completed, communication with the engine side becomes possible and becomes Low.

Next, the internal configuration of the web service application 318 included in the software configuration of the image forming apparatus 100 described above will be further described with reference to FIG.
FIG. 7 is a functional block diagram illustrating an example of the configuration of the web service application. As shown in the figure, the web service application 318 performs processing between the application module layer and the NCS 303. The web server function unit 500 performs response processing related to a request received from the outside. The request here may be a SOAP request by SOAP (Simple Object Access Protocol) described in XML (Extensible Markup Language) format which is a structured language, for example. The web client function unit 501 performs processing for issuing an external request. The libxml 502 is a library that processes data described in the XML format, and the libsoap 503 is a library that processes SOAP. Also, libwwww 504 is a library that processes HTTP, and libgw_ncs 505 is a library that performs processing with the NCS 303.

The SOAP request is received by the PHY 204, and a SOAP document including a SOAP header and a SOAP body is passed to the web service application 318 via the NCS 303 in the form of an HTTP message. Then, in the web service application 318, the SOAP body is extracted from the SOAP document using the libsoap 503, the SOAP body is interpreted using the libxml 502, and a DOM (Document Object Model) tree is generated. The data structure is converted into a data structure suitable for processing in the application, and then passed to the application corresponding to the command included in the SOAP body.
For example, when the application program is written in C language, the data structure is C language structure data. The data is passed to the application by calling the application program with the structure data as an argument. be able to.

FIG. 8 is a block diagram illustrating a schematic configuration example of the management apparatus 102.
The management device 102 includes a modem 601, a communication terminal 602, a proxy server 603, an operator terminal 604, a database 605, a control device 606, and the like.
The modem 601 manages communication with the mediation apparatus 101 on the device user side (for example, a user destination using the image forming apparatus) via a public line, and modulates and demodulates data to be transmitted and received. The modem 601 and a communication terminal 602, which will be described later, serve as communication means.
The communication terminal 602 transmits / receives data to / from the line adapter and the mediation apparatus 101 via a public line.
The proxy server 603 performs data transmission / reception and security management with the mediation apparatus 101 on the device user side via the Internet 103. The proxy server 603 also functions as a communication unit.

The operator terminal 604 is a terminal operated by an operator of the management center, and accepts input of various data by an operation on an input device such as a keyboard by the operator, or displays information to be notified to the operator on a display unit. . As the input data, for example, customer information such as an IP address and a call destination telephone number used when the mediating apparatus 101 or the image forming apparatus 110 with an intermediary function on each device user side communicates with the management apparatus 102 is used. is there.
The database 605 exists in a storage device such as a hard disk device of a server (not shown), and the IP addresses and telephone numbers of the mediating device 101 and the mediating function-equipped image forming device 110 on each device user side, data received from these devices, In addition, various data such as data input from the operator terminal 604 is stored.
The control device 606 includes a microcomputer including a CPU, ROM, RAM, and the like (not shown), and controls the entire management device 102 in an integrated manner. The CPU executes the above-described program as necessary, and various functions can be realized by using the modem 601, the communication terminal 602, the proxy server 603, the operator terminal 604, or the database 605.

  Based on the configuration described above, an example of a communication sequence for data transmission / reception performed in the image forming apparatus remote management system of FIG. 3 will be described with reference to FIG. Note that the processing by the SCS 306, NRS 305, and web service application 318 shown below is actually executed by the CPU operating in accordance with those programs, but for the sake of explanation, these programs execute processing. . Thereafter, the same applies to the case where the program is described as performing some processing.

FIG. 9 is a diagram illustrating an example of a communication sequence for data transmission / reception performed between the management apparatus, the mediation apparatus, and the image forming apparatus.
In this example, first, the mediation apparatus 101 polls the management apparatus 102 (inquiry whether there is a transmission request) (S601). That is, a polling SOAP document to which an identifier which is its own identification information is added is generated and transmitted to the management apparatus 102 as an HTTP message. As shown in FIG. 3, since the firewall 104 is provided between the mediation apparatus 101 and the management apparatus 102, a communication session is established from the management apparatus 102 to the mediation apparatus 101 (communication is requested and a communication path is established). Thus, even when it is desired to send a request from the management apparatus 102 to the mediation apparatus 101 (or the image forming apparatus 100 via the mediation apparatus 101), it is necessary to wait for polling from the mediation apparatus 101 in this way. There is.

  When the management apparatus 102 receives the HTTP message from the intermediary apparatus 101, the management apparatus 102 generates a SOAP document indicating a charging counter acquisition request, and sends an HTTP message in response to polling to the corresponding intermediary apparatus 101 (source of the received SOAP message). (S602). At this time, the corresponding intermediary device 101 is recognized based on the identifier added to the SOAP document in the received HTTP message. Thus, if it is a response (HTTP response) to communication (HTTP request) from the inside of the firewall 104, data can be transmitted from the outside of the firewall to the inside.

Upon receiving the HTTP message from the management apparatus 102, the mediation apparatus 101 generates a SOAP document indicating a charging counter acquisition request based on the HTTP message, and transmits it to the image forming apparatus 100 connected to itself as an HTTP message. Then, on the image forming apparatus 100 side, the web service application 318 receives this (S603).
Then, the accounting counter acquisition request described in the SOAP document received as an HTTP message from the mediation apparatus 101 by the web service application 318 is passed to the NRS 305, and the NRS 305 notifies the SCS 306 of the request (S604).
Upon receiving the charge counter acquisition request notification from the NRS 305, the SCS 306 reads the charge counter data stored in the NV-RAM 202 (S605). Then, the read accounting counter data (response data) is delivered to the NRS 305 (S606).

When the NRS 305 receives (acquires) billing counter data from the SCS 306, the NRS 305 passes this to the web service application 318. Then, the web service application 318 generates a billing counter SOAP document indicating the content, and transmits it as an HTTP message to the mediation apparatus 101 (S607).
When the mediation device 101 receives the SOAP document for the billing counter from the web service application 318, the mediation device 101 transmits the SOAP document as an HTTP message to the management device 102 (S608).
Thus, data transmission / reception is performed by the communication sequence.

Next, unlike FIG. 9, an example of a communication sequence when data is transmitted from the image forming apparatus 100 to the management apparatus 102 via the mediation apparatus 101 will be described with reference to FIG.
FIG. 10 is a diagram illustrating an example of a communication sequence when data is transmitted from the image forming apparatus to the management apparatus 102.
In this example, first, the OCS 300 notifies the SCS 306 that the user call key has been pressed (S701).
Upon receiving notification from the OCS 300 that the user call key has been pressed, the SCS 306 notifies the NRS 305 of a user call request (S702).

Upon receipt of the user call request notification from the SCS 306, the NRS 305 passes this to the web service application 318. Then, the web service application 318 generates a user call SOAP document, which is user call information notifying the user call, and transmits it as an HTTP message to the mediation apparatus 101 (S703).
When the mediation device 101 receives the SOAP document for user call from the web service application 318, the mediation device 101 adds an identifier, which is its own identification information, to the SOAP document and transmits the SOAP document to the management device 102 as an HTTP message. And make a user call. That is, the user call SOAP document with its own identifier added is notified to the management apparatus 102 (S704). In this case, since the transmission is from the inside to the outside of the firewall 104, the mediation apparatus 101 can transmit data by creating a session toward the management apparatus 102 itself.
Here, the pattern after the process of step S704 will be described separately in the following (A) to (C).

First, in (A), the management apparatus 102 receives a SOAP document for user call as an HTTP message from the mediation apparatus 101 of the user destination, and if the reception ends normally, that fact (user call succeeds). If the call result does not end normally (abnormally ends), a SOAP document indicating the call result indicating that the user call has failed is generated and reported as an HTTP message response It transmits to the original mediation apparatus 101 (S705).
When the mediation apparatus 101 receives the SOAP document indicating the call result from the management apparatus 102, the mediation apparatus 101 transmits the SOAP document to the image forming apparatus 100 in which the user call key is pressed again as an HTTP message. The service application 318 receives this (S706).

When the web service application 318 receives the SOAP document indicating the call result from the mediation apparatus 101, the web service application 318 passes the call result indicated by the SOAP document to the NRS 305. The NRS 305 interprets (determines) the call result and notifies the SCS 306 (S707).
When the SCS 306 receives the call result, it delivers it to the OCS 300.
When the OCS 300 receives the call result from the SCS 306, the OCS 300 displays a message indicating whether the user call is successful or unsuccessful on the character display on the operation panel 205 (S708).

Next, in (B), when the intermediary device 101 determines that there is no response from the management device 102 after a predetermined time (a predetermined time set in advance), a call result indicating that the user call has failed is displayed. A SOAP document to be shown is generated and transmitted to the web service application 318 as an HTTP message (S709).
When the web service application 318 receives the SOAP document indicating the call result indicating the failure, the web service application 318 passes the call result indicating the failure described in the SOAP document to the NRS 305. The NRS 305 interprets the call result and notifies the SCS 306 (S710).
When the SCS 306 receives the call result from the NRS 305, the SCS 306 delivers it to the OCS 300.
When the OCS 300 receives the call result from the SCS 306, the OCS 300 displays the content, that is, a message indicating that the user call has failed on the character display on the operation panel 205 (S711).

Next, in (C), when the NRS 305 determines that there is no response from the mediation apparatus 101 even after the specified time has elapsed, the NRS 305 notifies the SCS 306 of a call result indicating that the user call has failed (S712).
When the SCS 306 receives the call result from the NRS 305, the SCS 306 delivers it to the OCS 300.
When the OCS 300 receives the call result from the SCS 306, the OCS 300 displays the content, that is, a message indicating that the user call has failed on the character display on the operation panel 205 (S713).

  Here, in order to transmit data from the management apparatus 102 to the mediation apparatus 101 (or the image forming apparatus 100 via the mediation apparatus 101) over the firewall 104, the data is transmitted in the form of a response to the HTTP request from the mediation apparatus 101. However, the means for going beyond the firewall 104 is not limited to this example. For example, using the Simple Mail Transfer Protocol (SMTP), the management apparatus 102 sends a mail describing or attaching data to be transmitted. Transmission to the mediation apparatus 101 is also conceivable. However, HTTP is superior in terms of reliability.

Next, an authentication operation in the image forming apparatus, which is an operation related to the feature of the present invention in the image forming apparatus remote management system shown in FIG. . Here, for simplicity of explanation, the terminal apparatus 105 in the installation environment B shown in FIG. 3 is an external apparatus that is a transmission source of a command execution request or the like, and the image forming apparatus 100 that can directly communicate with the terminal apparatus 105 via the LAN. An example of the authentication operation will be described.
However, even when the management apparatus 102 is an external apparatus, the authentication operation in the image forming apparatus with an intermediary function 110 that can directly communicate with the management apparatus 102 via the Internet 103 can be performed in the same manner as described later. Even in the case of the image forming apparatus 100 that communicates in between, the communication apparatus can communicate with the management apparatus 102 and perform an authentication operation by the same processing and configuration except that the direct communication partner is the mediation apparatus 101. .
Here, the user operates the external apparatus to transmit a request to the image forming apparatus 100. However, even when the external apparatus automatically transmits a request, the image forming apparatus 100 side is the same. It can operate to meet that demand.

First, an outline of this authentication operation will be described. FIG. 11 is a diagram for explaining a processing procedure in the case of performing authentication using a password in the image forming apparatus 100 shown in FIG.
As shown in FIG. 11, the image forming apparatus 100 accepts input of a password, which is authentication information, through two interfaces, that is, an input operation from an operation panel 205 as an operation unit or reception by a PHY 204 functioning as a communication unit. Can do. The CPU provided in the controller board 200 of the image forming apparatus 100 (hereinafter simply referred to as “CPU” indicates this CPU) indicates the OCS 300 in the former case, and the NCS 303 in the latter case. By executing it, it functions as an authentication information receiving means.

First, a process for accepting password input from the operation panel 205 will be described.
When each application program (application) receives an instruction to execute an operation requiring authentication from the operation panel 205, it requests the OCS 300 to display a password input screen (arrow A). In response, the OCS 300 controls the display of the operation panel 205 to display the password input screen (arrow B), accepts the password input (arrow C), and passes it to the application (arrow D). The password input screen is, for example, as shown in FIG.
When the application receives this password, it passes it to the CCS 319 to request an authentication process (arrow E), and the CCS 319 performs the authentication process by comparing the passed password with a predetermined password stored in the storage means. The result is returned to the application (arrow F).

Then, if the authentication is successful (if the password is appropriate), the application is instructed to execute the operation module (service layer software such as ECS301, FCS304, NRS305, SCS306, DCS316). Instructions necessary for the execution of are performed (arrow G). In response to this, the execution module causes the hardware resource to execute an operation, and returns the result to the application (arrow H). In response to this, the application requests the OCS 300 to display the result screen (arrow A), and causes the operation panel 205 to display the result screen.
If the authentication has failed (if the password is not appropriate), the application requests the OCS 300 to display an error screen (arrow A) instead of giving an instruction to the execution module, and displays the error screen on the operation panel 205. To display.
In addition, when receiving an instruction to execute an operation that does not require authentication, the application does not require a password input screen display or an authentication process, and the instruction necessary for executing the function instructed to the execution module. In response to the returned result, the OCS 300 is requested to display a result screen, and this is only displayed on the operation panel.

On the other hand, when a command is received via a network, the image forming apparatus 100 performs authentication processing for all commands. Then, a command that requests execution and a password that is authentication information are received as an HTTP message in a form included in one SOAP document, and if the received password is appropriate, a command included in the same SOAP document. Is allowed to run.
The SOAP document can be described in, for example, an XML format using a structured language. The format of the SOAP document can be as shown in FIGS. 13 and 14, for example. In these figures, only the parts related to the features of the present invention are shown.

As can be seen from these figures, the SOAP document requesting the execution of the command includes type information indicating that it is a command execution request (operation request), a password as authentication information, and a call ID indicating the request number. , Including the contents information of the command requesting execution. Since the password is a problem in terms of security if it is sent to the network in plain text, it may be a simple one such as bit shift or bit inversion, so it is preferable to transmit and receive it in an encrypted state. Further, the command content information includes information such as the name and arguments of the command requested to be executed.
The command includes a request for accessing the data such as a setting change or data acquisition in addition to a command requesting the image forming apparatus 100 to perform some visible operation such as printing. For example, the charging counter acquisition request shown in FIG. 9 is a command execution request “accounting counter acquisition”.

  The command execution request as shown in FIG. 13 is in the state of an IP (Internet Protocol) packet when the PHY 204 receives it. This is received by the NCS 303 (arrow I) and connected in the form of an HTTP message (content is a SOAP document) and passed to the web service application 318 (arrow J). The web service application 318 extracts the XML document of the SOAP body part from this HTTP message (arrow K), and further interprets the tag to obtain a password. Then, the acquired password is passed to the CCS 319 to request an authentication process (arrow L). The CCS 319 performs the authentication process by comparing the passed password with a predetermined password stored in the storage means, and the result is sent to the web. Return to service application 318 (arrow M). If the password has multiple ranks, such as general and superior, including the administrator, not only information about whether or not the password is valid, but also information about which rank the password was of Is also returned as an authentication result.

  Then, the web service application 318 obtains command information by interpreting the SOAP body, and determines whether or not to allow the execution of the command based on the authentication result returned from the CCS 319. For example, as shown in FIG. 15, this determination can be performed by storing a password as to which command is allowed to be executed and storing it as a table and referring to the table. In the case of FIG. 15, the copy execution command and the FAX transmission execution command may be permitted when received with both a general password and a superior password, but image data acquisition and user data acquisition are performed with a superior password. It will be allowed only if accepted.

If execution is permitted, the data included in the SOAP body is converted to a data structure format suitable for processing in the application via the DOM tree and passed to the application suitable for command execution in order to execute the command ( Arrow N). In these processes, when the CPU executes the web service application 318, it functions as a structured language interpretation unit.
In response to this, the application instructs the execution module to perform an operation necessary for executing the command (arrow O). In response to this, the execution module causes the hardware resource to execute an operation, and returns the result to the application (arrow P). The application returns this result as a data structure to the web service application 318 (arrow Q).

The subsequent process is a process of sending a response to a command execution request, but basically the process opposite to that at the time of reception. That is, the web service application 318 creates an XML document that becomes a SOAP body from the data structure, then creates a SOAP document by adding a SOAP header, and passes this to the NCS 303 (arrows R and S). The NCS 303 divides this into an IP packet as an HTTP message, and transmits it as a response to the command execution request transmission source via the PHY 204 (arrow T).
If execution cannot be permitted, a response to that effect is transmitted to the transmission source of the command execution request in the same process as described above.

As described above, in this image forming apparatus 100, whether the password input is received from the operation panel 205 or via the network, the password is passed to the common CCS 319 and the authentication process is performed here. ing. Such a CCS 319 includes a program for causing the CPU to function as an authentication unit that performs authentication processing using a password.
In the above description, the application when the password input is received from the operation panel 205 or the web service application 318 when the password input is received via the network passes only the password to the CCS 319 and requests authentication. As explained. However, the password and the operation or command requested to be executed are passed to the CCS 319 so that the CCS 319 refers to the table shown in FIG. May be.

This invention, when performing authentication information by authentication information such as a password as described above, processing when allowing the user to perform an operation according to a specific mode that can affect other operations of the device, In particular, it has a feature in the processing related to such permission when authentication information is received from a network by communication means. Therefore, this point will be described next.
In addition, as said specific mode, the configuration mode which is an operation mode which can perform the setting which affects the other operation | movement of an apparatus, for example can be considered. Examples of settings that affect other operations of the device include IP address settings, firmware installation, usage condition settings for each user, issuance of general user passwords, and shared information settings. Also, setting of the paper type of the paper feed tray, setting of an abbreviated dial for specifying a FAX transmission destination, and the like can be considered.

However, the configuration mode is an operation mode that can be set to affect other operations of the device to the last, and all the operations related to this mode affect other operations of the device. It is not necessarily the case. That is, the operation related to the configuration mode and the operation related to other operation modes may be partially shared.
Furthermore, other than the configuration mode, an operation mode in which it is not preferable for two or more people to use at the same time, an operation mode in which it is not preferable to permit the operation of another operation mode at the same time during operation, An operation mode that requires exclusive control that excludes an operation request may be controlled as the specific mode described above. For example, the administrator mode described in the related art section corresponds to these.
Further, the image forming apparatus 100 stores a specific password as an admin password as authentication information for indicating that the user has the authority to execute an operation related to the configuration mode. This admin password becomes specific authentication information.

Hereinafter, an outline of processing when the image forming apparatus 100 accepts input of the admin password will be described.
First, a case where an admin password is received from the operation panel 205 is similar to the process described above with reference to FIG. In other words, as described above, the password input from the operation panel is accepted when it is determined that the application has received an instruction to execute an operation requiring authentication, and the OCS 300 is requested to display a password input screen. It is. In this case, regardless of the input password, the application receives the password accepted by the OCS 300 and passes it to the CCS 319 to request an authentication process.

The CCS 319 performs an authentication process by comparing the passed password with the password stored in the storage unit. However, if the passed password matches the admin password, the password is simply valid. Not only that, it also returns to the app as an authentication result that this is an admin password. Therefore, on the application side, when the instructed operation is related to the configuration mode, it can be handled as a successful authentication only when the password is an admin password.
At this time, the CCS 319 determines that if the passed password matches the admin password, that is, if the authentication using the admin password is successful, the operation related to the configuration mode is started thereafter, and accordingly. Thereafter, authentication of a password received via the network (password requested for authentication processing from the web service application 318) is rejected, or it is always treated that authentication has failed.

  As for command execution requests received via the network, authentication processing is performed for all commands as described above. By doing so, during the execution of operations related to the configuration mode, The command execution request (operation request) can be rejected. Since it can be expected that the user who continues to instruct from the operation panel 205 is the user who has been authenticated by the admin password, this process eliminates other operation requests during the operation related to the configuration mode. be able to.

Also, as will be described later, once authentication is successful, if you do not require re-authentication until the predetermined condition is met, it is possible that you will be instructed to continue configuration mode operation. The command execution request via the network continues to be rejected even after the operation instructed first is completed.
Then, when there is an instruction to end the configuration mode from the operation panel 205, the application notifies the CCS 319 of this, and if the CCS 319 performs the subsequent authentication process accordingly, the configuration mode ends. Later, another operation or operation request can be received from the operation panel 205 or the network again to operate.

On the other hand, the processing in the case of receiving an admin password input via the network is significantly different from the above-described processing described with reference to FIG. This processing procedure is shown in FIG. In other words, in this case, when the received password is authenticated as an admin password, a time-limited ID is issued as time-limited identification information that defines the time limit for the sender, and the validity of the time-limited ID is valid. When a command execution request is received together with a time-limited ID within the time limit, execution of the command related to the request is permitted.
Specifically, when an operation instruction related to the configuration mode is to be performed via the network, the user first inputs an admin password at the terminal device 105 and requests authentication. Then, the terminal device 105 transmits the password to the image forming apparatus 100. Also in this case, as in the case of FIG. 11, the admin password is transmitted and received as an HTTP message in a form included in the SOAP document.

The format of the SOAP document can be as shown in FIGS. 17 and 18, for example. In these drawings, only the parts related to the features of the present invention are shown.
As can be seen from these figures, the SOAP document requesting authentication by the admin password includes the password that is the authentication information and the call ID information indicating the request number. However, whether this password is a normal password, an admin password, or an inappropriate password cannot be distinguished until an authentication process is performed in the CCS 319. Therefore, there is no particular inconvenience even if an authentication request is made in the normal command execution request format as shown in FIGS. 13 and 14, but as described later, if the password is authenticated as an admin password, As a result, the command sent with the admin password is ignored.

When the PHY 204 receives such an authentication request, as in the case of the arrows I to L in FIG. (A series of processes indicated by an arrow (1) (circled numbers in the figure: the same applies hereinafter)). That is, it is handled in the same manner as in the case of the command execution request so far. In other words, there is no need to distinguish between an authentication request and a command execution request.
When the CCS 319 authenticates that this password is an admin password, the CCS 319 issues a time-limited ID. This issuance is performed by generating a new ID every time. In this process, when the CPU executes CCS 319, it functions as a term-limited identification information issuing means.
Then, the time-limited ID is notified to the web service application 318 together with the expiration date, and the web service application 318 stores this for performing an identification process described later. Then, the web service application 318 generates a SOAP document with the notification of the time-limited ID and the expiration date as a body, and responds to the authentication request as a response to the authentication request in the same manner as the arrows R to T in FIG. Transmit (a series of processes indicated by arrow (2)). In this case, it is preferable that the CCS 319 returns the authentication result to the web service application 318 separately from the notification of the time-limited ID, and FIG. 16 illustrates such a case.

In other words, if the password is an admin password, the web service application 318 notifies the expiration ID and its expiration date instead of processing related to command execution when the password is authenticated with a normal password. . The term-limited ID may be configured by an appropriate character string, but for example, a 16-digit number can be used as shown in FIG.
Note that the time limit of the time-limited ID may be specified by the user on the terminal device 105 side, and the image forming apparatus 100 may receive this together with the admin password and set it as specified. If there is no such designation, a predetermined time after issuance may be set.

When the time-limited ID is issued, as described later, the image forming apparatus 100 permits the user who knows the admin password, including settings that affect other operations of the device, when the time-limited ID is received. It will be in a state that allows all possible operation requests. That is, the operation related to the configuration mode is performed.
When the user gives an operation instruction from the terminal device 105 that has received the notification of the time-limited ID, the terminal device 105 attaches the time-limited ID to the command execution request related to the operation and transmits it to the image forming apparatus 100. In this case as well, these data are transmitted and received as HTTP messages in a form included in the SOAP document.

The format of the SOAP document can be as shown in FIGS. 20 and 21, for example. In these drawings, only the parts related to the features of the present invention are shown.
As can be seen from these figures, the SOAP document that requests the execution of the command related to the operation in the configuration mode includes the time-limited identification information in the SOAP header, which is a command execution request (operation request) in the SOAP body. It includes type information indicating that it is present, a call ID indicating a request number, and content information of a command requesting execution. Here, the time-limited identification information is described in the SOAP header so that the time-limited identification information can be acquired before interpreting the SOAP body, and the identification processing described later can be performed at an early stage of processing. It is to do.

When the PHY 204 receives such a command execution request, it is passed to the web service application 318 in the form of an HTTP message (content is a SOAP document) as in the case of arrows I and J in FIG.
At this time, if the Web service application 318 is within the expiration date of the stored expiration date ID, that is, if there is an expiration date within the expiration date, the Web service application 318 displays the SOAP header before extracting the SOAP body from the SOAP document. By referring to this, a time-limited ID (element of <OneTimeID> tag in FIG. 20) is acquired and compared with the stored time-limited ID. Then, if it matches, this command execution request is permitted, and if it does not match or if the time-limited ID cannot be acquired, it is not permitted. That is, only the command execution request received with the issued time-limited ID is permitted. This process is an identification process. Here, the CPU functions as an identification unit by executing the web service application 318. Since the web service application 318 is notified of the time-limited ID issued from the CCS 319 and stores it, this processing can be performed without using the CCS 319.

When the command execution request is permitted, the SOAP body is extracted from the SOAP document and the operation related to the command included therein is executed, as in the case of the arrows K and N to T in FIG. As a response to the transmission source of the command execution request (a series of processes indicated by arrow (3)). However, since it can be determined whether or not the command can be executed in the above identification process, the CCS 319 is not requested to perform the authentication process again.
On the other hand, if the command execution request is not permitted, the web service application 318 generates a SOAP document with a response (error response) to that effect, and the command execution request is sent in the same manner as the arrows S and T in FIG. Transmit to the transmission source (processing indicated by a broken line in arrow (3)).

Even if an admin password is sent within the validity period of the issued time-limited ID, the web service application 318 returns an error response if the time-limited ID is not included, and the admin password is not transmitted to the CCS 319. . Even when the admin password is sent together with the time-limited ID, the authentication process by the CCS 319 is not performed again, so the admin password is not transmitted to the CCS 319 again. Therefore, the CCS 319 does not issue a new time-limited ID within the validity period of the issued time-limited ID.
By performing such processing, when the user is authenticated by the admin password, the user can be permitted to operate in the configuration mode. On the other hand, within the validity period of the time-limited ID, An operation request by another user who knows the admin password can also be rejected. Therefore, in the configuration mode, the apparatus can be operated without considering the influence on other operations and the influence of other operations.

  Although not shown in FIG. 16, when the CCS 319 issues a time-limited ID, the OCS 300 is notified that the configuration mode operation has been performed, and the display on the operation panel 205 is notified to that effect. The operation reception from the operation panel 205 may be stopped. In this way, no operation is performed in accordance with an operation from the operation panel 205. Therefore, during an operation related to the configuration mode, the operation is performed only in accordance with an operation request from one user (one apparatus). Can be.

  For example, the display on the operation panel 205 may be as shown in FIG. Then, the contents and progress of the operation in the configuration mode are indicated by messages and indicators IN as shown in (b) and (c), or at the end of the configuration mode, as shown in (d). It is good to show that. In addition, the expiration date of the issued time-limited ID may be displayed.

  The expiration date of the issued time-limited ID is managed by the CCS 319, and when the expiration date comes, the Web service application 318 is notified of that fact. Upon receiving this notification, the web service application 318 again performs the process indicated by the arrow (1) in FIG. 11 or FIG. Accordingly, at this time, an operation request can be transmitted from the terminal device 105 so that a command can be executed after being authenticated by a normal password, or a time-limited ID can be issued after being authenticated by an admin password. Become. If a command execution request with a time-limited ID is received after the expiration date has arrived, an error response may be returned without interpreting the SOAP body.

In addition, when the operation reception from the operation panel 205 is stopped, the CCS 319 notifies the OCS 300 that the expiration date of the time-limited ID has arrived, and that an operation request for the administrator mode is being received. The display is terminated and the operation reception from the operation panel 205 is resumed.
As a result of this, even when a communication abnormality between the terminal apparatus 105 and the image forming apparatus 100 occurs, for example, it becomes impossible to accept an instruction to end the configuration mode. It is possible to prevent the operation from being accepted.

The expiration date notified by the web service application 318 may be stored, and the web service application 318 may manage the expiration date and notify the CCS 319 when the expiration date has come.
In addition, even when the expiration date of the time-limited ID has arrived, if the execution of the permitted operation has not been completed, for example, if firmware is being downloaded, the time-limited ID is invalid until the operation is completed. You may make it wait for conversion. On the other hand, if another operation is being executed at the time of issuing the time-limited ID, for example, when waiting for FAX transmission, etc., the issuance of the time-limited ID is canceled, and instead of the admin password You may make it notify that it is operating with respect to a transmission source.

In addition, even before the expiration date of the time-limited ID arrives, the user who operates the terminal device 105 that has received the time-limited ID can end the configuration mode. In this case, when the terminal device 105 is instructed to that effect, the terminal device 105 transmits an end notification with a time-limited ID to the image forming apparatus 100. This end notification can be considered to be a command execution request of “invalidation of ID with time limit”, and is transmitted as a SOAP message similar to the case of other command execution requests.
On the image forming apparatus 100 side, the web service application 318 also confirms whether the time-limited ID is correct for this SOAP message as in the case of other command execution requests, and if it is correct, the command execution is permitted. Get information. When it is determined that this is a “invalidation of ID with time limit” command, the CCS 319 makes a request to invalidate the ID with time limit. Upon receiving this request, the CCS 319 terminates the validity period of the time-limited ID and performs the same processing as when the validity period has come.
Then, the CCS 319 returns a response to the invalidation request to the web service application 318, and the web service application 318 returns a response to the transmission source of the command execution request in the same manner as in the case of a normal command (arrow (4 ) A series of processes indicated by).

By performing such processing, when the user finishes the work in the configuration mode, the monopoly state of the device can be resolved immediately, and other operations are not accepted for a longer time than necessary. Can be prevented.
It should be noted that, similarly to “invalidation of ID with a time limit”, an instruction to change (particularly extend) the expiration date of the ID with a time limit may be accepted. In this way, even when the operation in the configuration mode takes more time than expected, the period during which no other operation is accepted can be extended as necessary, and a flexible response is possible.

  Next, specific processing related to the above-described authentication operation will be described using a flowchart and a sequence diagram. The processing shown in the following flowchart is realized by the CPU executing various programs including the OCS 300, the NCS 303, the web service application 318, and the CCS 319. The following flowchart shows what operation the CPU performs as a whole, and therefore the program for actually performing the process differs depending on the step. In addition, what is indicated in parentheses at the lower right of the determination process is a program for performing the process related to the determination.

First, the flowchart in FIG. 23 shows a process in the case of accepting an input of a password from the operation panel among the processes related to authentication in the image forming apparatus of the present invention.
In this case, when the user selects any one of the functions such as copy, fax, printer, and scanner in the operation unit, and the OCS 300 detects this operation and passes it to the corresponding application, the process starts from step S1. Requests the OCS 300 to display an initial screen.
In the next step S2, the OCS 300 controls the operation panel 205 in response to this request to display the initial screen on the display unit, accepts the user's operation, and passes the accepted operation content to the application.

  Thereafter, in step S3, the application determines whether an operation requiring authentication has been instructed. That is, in this image forming apparatus, permission / non-permission of the operation execution is determined based on the success / failure of the authentication. Therefore, the necessity of the authentication is also determined based on the content of the operation instruction. Here, the switching of the screen is also handled as one of the operations, and if it is determined that the authentication is necessary to execute this operation, the determination in step S3 is YES.

If the determination in step S3 is YES, the process proceeds to step S4, and the application requests the OCS 300 to display a password acceptance screen. In step S5, the OCS 300 displays a password acceptance screen as shown in FIG. 12 on the operation panel 205 in response to this, accepts the input of the password, and passes it to the application.
In the next step S6, the application passes the password to the CCS 319 and requests an authentication process. Then, the CCS 319 performs authentication processing by comparing the received password with the stored password. At this time, the CCS 319 determines whether or not the password received in step S7 matches the admin password.

If they match, the operation in the configuration mode is permitted. Therefore, the process proceeds to step S8, and the authentication process for the authentication information received by the CCS via the network so as not to permit the operation request via the network. Set to reject. In step S9, the result of the authentication process is returned to the application. In the case of passing through step S8, in step S9, a result indicating that the authentication as the admin password has been successful is always returned.
If it is not an admin password in step S7, it will progress to step S9 as it is and will return the result of an authentication process to an application.

  In step S10, it is determined whether or not the application has been authenticated as an appropriate password when allowing the operation. If yes, the process proceeds to step S11, and the operation corresponding to the operation content received in step S2 is executed for the necessary execution module. To execute the operation corresponding to the operation content by controlling the operation of the hardware resource. Then, the execution result of the operation is acquired from the execution module. Thereafter, in step S12, the OCS 300 is requested to display a result screen according to the execution result. Then, the process returns to step S2, and the OCS 300 displays a result screen on the operation panel, receives the next operation from the user, and repeats the process. The processing in this part does not change in particular depending on whether the instructed operation is a configuration mode operation.

If it is determined in step S10 that the password has not been authenticated, the process proceeds to step S13, the OCS 300 is requested to display an error screen, and the process returns to step S2. In this case, the OCS 300 displays an error screen on the operation panel.
If the determination in step S3 is NO, it is determined in step S14 whether the instructed operation is the end of the configuration mode (this operation does not require authentication). Then, if the configuration mode is completed, the command execution request may be accepted as usual, so that the CCS 319 is informed so that the authentication process for the authentication information received via the network is resumed. In response to this, the CCS 319 deletes the setting for rejecting the authentication process. Then, it progresses to step S11 and performs subsequent processing. If the configuration mode is not terminated in step S14, the process proceeds to step S11 as it is and the subsequent processing is performed.

  In the above processing, it is troublesome for the user to be prompted to enter a password every time an operation requiring authentication is instructed. Therefore, after successful authentication, a predetermined period has elapsed or a predetermined operation has been performed. The authentication may not be requested again until a condition such as the above is satisfied. In general, operations from the operation panel of the image forming apparatus are often performed continuously by the same person, and thus there is no significant problem even in this way.

FIG. 24 shows an example of a processing sequence by the processing shown in the flowchart of FIG.
In the example shown in FIG. 24, the application first requests the OCS 300 to display an initial screen (S201). In response to this, the OCS 300 displays an initial screen on the operation panel 205 and accepts the operation (S202), and passes the operation content to the application (S203). When the application determines that this operation is an operation instruction requiring authentication (S204), the application requests the OCS 300 to display a password acceptance screen (S205).

In response to this, the OCS 300 displays it on the operation panel 205 of the password input screen, accepts the input of the password (S206), and passes the password to the application (S207).
Then, the application passes the received password to the CCS 319 and requests authentication (S208). The CCS 319 performs an authentication process using the password (S209). If this is an admin password, the authentication information received via the network is set to be rejected (SX). Otherwise, the authentication result is sent to the application as it is. Return (S210).

The following (a) is processing when authentication is performed as an appropriate password. In this case, the application executes an operation on a necessary execution module to execute an operation related to the operation content received in S203. (S211), the execution module controls the hardware resources in accordance with this to execute the operation (S212), and returns the result to the application (S213).
The application requests the OCS 300 to display a result screen according to the result (S214), and the OCS 300 displays the result screen on the operation panel 205 (S215).

(B) is processing when authentication fails. In this case, the application requests the OCS 300 to display an error screen indicating authentication failure (S216), and the OCS 300 displays the error screen on the operation panel 205. It is displayed (S217).
In the image forming apparatus 100, when an operation requiring authentication is instructed from the operation panel 205 by the processing as shown in FIGS. 23 and 24, authentication processing is performed by the CCS 319 and authentication is performed as an appropriate password. The operation is allowed to be executed only when the

  Also, if the authentication is successful with the admin password, the authentication information received via the network is rejected so as not to accept an operation request from another user until the end of the configuration mode is instructed. All operation requests received via the network are rejected. Therefore, in the configuration mode, the apparatus can be operated without considering the influence on other operations and the influence of other operations.

  Next, in the flowcharts of FIG. 25 and FIG. 26, the process in the case of accepting the input of the password via the network among the processes related to authentication in the image forming apparatus of the present invention is shown. Also in this figure, the program for actually performing the process differs depending on the step. In fact, a part of a series of control operations performed in response to various events by each software shown in FIG. 5 is shown. It is the same as in the case of FIG. Similarly, the program for performing the process related to the determination is shown in parentheses in the lower right of the determination process, and “WS” is an abbreviation of the web service application 318.

  In the image forming apparatus 100, when data is transmitted / received via a network, the PHY 204 functioning as a network communication unit exchanges IP packets with an external apparatus. Then, when the PHY 204 receives an IP packet, the NCS 303 receives it and connects it to generate meaningful data such as a message or a file. If this is a SOAP document transmitted as an HTTP message, it is considered that the command execution request is from an external device such as the terminal device 105. In the image forming apparatus 100, when such a SOAP document is received, the CPU starts the process shown in the flowchart of FIG.

In this process, first, the SOAP document received by the NCS 303 is passed to the web service application 318 in step S21. In step S22, the web service application 318 determines whether or not there is a time-limited ID within the validity period, that is, whether or not it is within the validity period of the issued time-limited ID.
If it is not within the time limit, the process proceeds to step S23 in order to perform authentication processing using a password, and the SOAP body that is an XML document is acquired from the SOAP document (consisting of a SOAP header and a SOAP body) passed to the web service application 318. As shown in FIG. 13 and FIG. 14 or FIG. 17 and FIG. 18, this SOAP body includes password information used for authentication and, in the former case, information of a command requested by an external device to be executed. ing.
In step S24, the tag of the SOAP body is interpreted and this password is acquired as authentication information. That is, since the password is used as an element of the <Password> tag here, the <Password> tag indicating the password in the <Body> tag indicating the SOAP body from the SOAP document as shown in FIG. 13 or FIG. Get the contents. If <Password> tag does not exist, information that there is no password is acquired.

In step S25, the password is passed to the CCS 319 to request an authentication process. Then, the CCS 319 performs authentication processing by comparing the password received in response to the stored password, and determines whether this is an admin password in step S26.
If it is not an admin password, the process proceeds to step S27, and the authentication result is returned to the web service application 318.

  In step S28, the web service application 318 interprets the SOAP body, acquires command information, and determines whether or not to allow the execution of the command based on the authentication result returned from the CCS 319. This determination can be made with reference to the table shown in FIG. 15 as described above. In this table, it is assumed that execution of commands related to the configuration mode is not permitted by password authentication. A command related to the configuration mode should be permitted when the received password is authenticated as an admin password, but in this case, only a time-limited ID is issued without performing processing related to command execution. Therefore, the execution is actually permitted when the execution request is received together with the time-limited ID.

  If it is acceptable in step S28, the process proceeds to step S34 in FIG. 26, and the information on the command requested to be executed is passed to the application that should execute the command. For example, if it is a print command, it is passed to the printer application 311. The information of this command can be obtained by interpreting the tag of the SOAP document. Here, the structure of the information included in the SOAP document is interpreted to generate a DOM tree, which is suitable for processing in the application. It is assumed that a data structure, for example, if the application is created in C language, is converted to a data structure used in C language and then passed to the application. By doing so, the application program can be created without being aware of the data format in the SOAP document, so that the creation effort can be reduced and the cost can be reduced.

  In the next step S35, the application that has received the data structure instructs the necessary execution module to execute the operation related to the command, and controls the operation of the hardware resource to execute the operation related to the command. Let Then, the execution result of the operation is acquired from the execution module, and the execution result is returned to the web service application 318. Thereafter, in step S 36, the web service application 318 converts this response into an XML document of a SOAP body via the DOM tree, adds a SOAP header to generate a SOAP document, and passes it to the NCS 303. In step S37, the NCS transmits this SOAP document as an HTTP message via the PHY 204 as a response to the transmission source of the command execution request, and the process ends.

If the execution cannot be permitted in step S28, a SOAP document having an error response indicating that the web service application 318 has failed authentication in step S29 is generated and passed to the NCS 303, and the process proceeds to step S37 in FIG. Going forward, the NCS sends this message as a response.
On the other hand, if the password is an admin password in step S26 in FIG. 25, the process proceeds to step S40 in FIG. 26, where the CCS 319 issues a time-limited ID, and notifies the web service application 318 of this together with the expiration date. This expiration date may be determined according to the designation from the user who received it with the password, or in the case where there is no such designation, it may be determined a predetermined time after issuance.
In step S41, the CCS 319 requests the OCS 300 to display that it is in the state of performing the configuration mode. In step S42, the OCS causes the operation panel 205 to display the display. Stop accepting input. The contents of the display are as described above with reference to FIG.

In the next step S 43, the web service application 318 generates a SOAP document having a notification for notifying the issued password with the time limit and the admin password sender, and passes it to the NCS 303. In step S37, as in the case where the NCS 303 is the job execution result, this notification is sent as a response to the admin password sender.
Also, if a time-limited ID is issued in step S40, the determination in step S22 in FIG. In this case, the process proceeds from step S22 to step S30, and the web service application 318 acquires the time-limited ID from the SOAP header of the SOAP document passed from the NCS 303. That is, here, the time-limited ID is an element of the <OneTimeID> tag, so from the SOAP document as shown in FIG. 20, the <OneTimeID> tag indicating the time-limited ID in the <Header> tag indicating the SOAP header. Get the contents of. If the <OneTimeID> tag does not exist, information indicating that there is no time-limited ID is acquired.

In step S31, it is determined whether or not this is a correct ID, that is, whether or not it matches the issued time-limited ID. If the ID is not correct, including the case where there is no ID with a time limit, the process proceeds to step S29, and the subsequent processing is performed and an error response is returned as in the case where the authentication is not successful in step S28.
If the ID is correct in step S31, the process proceeds to step S32, and the web service application 318 acquires the SOAP body from the SOAP document and interprets the content. Then, it is determined whether or not the command included in step S33 is the expiration date ID setting.

  If the deadline ID is not set, the process proceeds to step S34 in FIG. 26, and the command is executed and a response is made in the same manner as when it is determined that the execution of the command may be permitted according to the authentication result with the password. Process to return. The fact that it is determined in step S31 that the correct time-limited ID is included is considered to be a command execution request from the user (or device) authenticated by the admin password, which affects other operations of the device. The command to be executed is not particularly limited including the command of such setting, and here, it is assumed that the execution permission / non-permission is not determined.

If the expiration date ID is set in step S33, the process proceeds to step S38 in FIG. 26, and the web service application 318 requests the expiration date setting of the expiration ID from the CCS 319. As described above, the deadline setting may be the expiration and change of the deadline. In the next step S39, the CCS 319 changes the expiration date of the time-limited ID in response to this request, and notifies the web service application 318 of the result. Then, the process proceeds to step S36, and thereafter, in the same manner as in the case where the command is executed by the processing of steps S34 and S35, a SOAP document having the expiration date change result as a body is generated and transmitted as a response to the transmission source of the command execution request. To do.
In the processing described above, the case where the received SOAP document is not a command execution request is not considered. However, when another SOAP document can be received, the SOAP document after step S23 or S32. Whether or not is a command execution request, the subsequent processing is performed only when it is a command execution request, and when it is not, it is preferable to perform other processing according to the content.

When the time-limited ID is issued in step S40 of FIG. 26, the CPU starts the process shown in FIG. 27 for managing the time limit of the time-limited ID in parallel with the processes of FIGS.
In this process, first, in step S51, it is determined whether or not the expiration date of the time-limited ID has been reached. Even when the time limit is terminated in accordance with an instruction from the user, it is treated as having reached the time limit. When the expiration date comes, the process proceeds to step S52, and the CCS 319 notifies the web service application 318 to that effect. In response, the web service application 318 discards the time-limited ID, and the determination in step S22 in FIG.

  In the next step S53, since the operation in the configuration mode is ended, the CCS 319 requests the OCS 300 to end the display indicating that the operation in the configuration mode is being performed. In step S54, the OCS terminates display on the operation panel 205 according to this request, and resumes input from the operation panel 205. Here, at the end of the display, the display as shown in FIG. 22D may be performed.

FIGS. 28 to 30 show examples of processing sequences by the processing shown in the flowcharts of FIGS.
The example shown in FIG. 28 is a processing sequence when a time-limited ID is not issued and authentication is performed using a password other than the admin password. In this example, first, the NCS 303 connects the IP packets received from the PHY 204 to generate a SOAP document (S301), and passes it to the web service application 318 (S302). The web service application acquires the XML document of the SOAP body from the SOAP document (S303), interprets the tag, and acquires password information (S304). Then, the password is passed to the CCS 319 to request authentication (S305). In response to this, the CCS 319 performs authentication processing using a password (S306), and returns an authentication result to the web service application 318 (S307).

  The following (a) is processing when the web service application 318 determines from the authentication result that the execution of the command may be permitted. In this case, the web service application 318 is included in the SOAP body and requested to execute. The command information is converted into a data structure suitable for processing in the application (S308), and the command is passed to the application to be executed (S309). Then, in order to execute the operation related to this command, the application instructs the necessary execution module to execute the operation (S310), and the execution module controls the hardware resource accordingly to execute the operation (S310). The result is returned to the application (S311) (S312). The application passes the received execution result to the web service application 318 in the form of a data structure (S313).

Then, the web service application 318 converts this execution result into an XML document to make a SOAP body as a response, generates a SOAP document including this (S314), and passes this to the NCS 303 (S315). The NCS transmits this SOAP document as a response HTTP message to the transmission source of the command execution request (S316).
If the web service application 318 determines that the command execution is not permitted from the authentication result, the processing from S308 to S313 is not performed, and the XML document indicating the command execution disapproval by the processing from S314 to S316 is used as the SOAP body. The containing SOAP document is sent as a response HTTP message.

The example shown in FIG. 29 is a processing sequence when an admin password is received and a time-limited ID is issued. Also in this example, the processing from S301 to S306 is the same as that in the example shown in FIG. When the CCS 319 determines that the password passed in the authentication process (S306) is an admin password, it issues a time-limited ID (S320) and notifies the web service application 318 of this (S321).
Then, the web service application 318 stores the expiration date ID together with the expiration date (S322), and generates a SOAP document having a notification that notifies the expiration date ID and the expiration date to the sender of the admin password (S323). To NCS 303 (S324). The NCS transmits this SOAP document as a response HTTP message to the transmission source of the command execution request (S325).

On the other hand, the CCS 319 that has issued the time-limited ID requests the OCS 300 to display that it is in the state of performing the configuration mode operation (S326). At the same time, the input from the operation panel 205 is stopped (S328).
With the above processing, the image forming apparatus 100 permits only the command execution request received together with the issued time-limited ID, and does not accept or allow other operation requests.

In this state, the CCS 319 performs processing for managing the time limit of the time-limited ID, and when the time limit of the time-limited ID comes (S329), notifies the web service application 318 to that effect (S330), and the web service application 318. Upon receiving this notification, the stored time-limited ID is discarded (S331).
On the other hand, the CCS 319 requests the OCS 300 to end the display indicating that the operation in the configuration mode is performed when the time limit of the ID with time limit comes (S332), and the OCS 300 responds to the request on the operation panel 205 accordingly. The display of the effect is terminated (S333) and the input acceptance from the operation panel 205 is resumed (S334).
With the above processing, the image forming apparatus 100 is in a state where it can perform an operation again in accordance with authentication by a password or an operation from the operation panel 205.

  The example shown in FIG. 30 is a processing sequence when the issued time-limited ID is within the expiration date. In this example, the NCS 303 first joins the IP packets received from the PHY 204 to generate a SOAP document (S341), and passes it to the web service application 318 (S342). Then, the web service application 318 acquires a time-limited ID from the SOAP header of the SOAP document passed (S343), and determines whether the time-limited ID is correct (S344).

  (A) is a process when the time-limited ID is correct. In this case, the web service application 318 acquires the XML document of the SOAP body from the SOAP document passed in S342 (S345), and the SOAP body Is converted into a data structure suitable for processing in the application (S346), and the command is passed to the application to be executed (S347). The processing relating to command execution up to S351 is the same as that in S308 to S313 in FIG. Thereafter, the processing from S353 to S355 is not performed, and the processing proceeds to the processing from S356 onward, and a response is transmitted to the transmission source of the command execution request in the same manner as in S314 in FIG.

  (B) is a process in the case where the command is related to the time limit setting of the time-limited ID. If such a command is included as a result of interpreting the XML document acquired in S345, the processes in S346 to S351 are performed. Instead, the web service application 318 requests the CCS 319 to set a time limit for the time-limited ID according to the contents of the command (S353). As this setting, the expiration and change of the deadline can be considered. In accordance with this request, the CCS 319 sets the time limit of the time-limited ID (S354), and notifies the web service application 318 of the setting content (S355).

Then, the web service application 318 generates a SOAP document with the setting content as a response to the command (S356), and passes it to the NCS 303 (S357). The NCS transmits this SOAP document as a response HTTP message to the transmission source of the command execution request (S358).
In the image forming apparatus 100, by the processing as shown in FIGS. 25 to 30, even when a command execution request is received together with a password via the network, authentication processing is performed by the CCS 319, and command execution is performed from the authentication result. The process related to the command is executed only when it is determined that the password can be permitted, the time-limited ID is issued when the admin password is received via the network, and the operation request related to the configuration mode when the time-limited ID is received. To allow.

By doing in this way, it is possible to permit an operation request related to the configuration mode only for a certain period after the user (or device) authenticated by the admin password is authenticated.
Furthermore, since a new ID is not issued within the expiration date of the time-limited ID, even when there are a plurality of users who know the admin password, an operation request related to the configuration mode is simultaneously issued to a plurality of users. It will not be allowed.

  Therefore, even when a setting instruction that affects other operations of the device is received via the network, it is possible to avoid a situation in which a plurality of instructions compete to cause a malfunction in the operation of the apparatus. In addition, after a certain period of time elapses, even if a configuration mode termination instruction is not accepted due to a communication failure or the like after entering a state where an operation request related to the configuration mode is permitted to any user. In addition, since the operation returns to the state in which the operation request can be permitted to other users, the convenience of other users can be sufficiently ensured.

  Within the validity period of the issued time-limited ID, if only the operation request received from the external device with the time-limited ID is permitted, any user can be permitted to operate according to the configuration mode. While in this state, all operation requests from other users via the network, including those related to operations other than the configuration mode, can be excluded. It is possible to avoid a situation in which an adverse effect is exerted or, conversely, another operation adversely affects an operation related to the configuration mode. That is, it is possible to avoid a conflict between an operation related to the configuration mode and another operation.

Further, if the operation from the operation panel 205 is not accepted within the expiration date of the issued time-limited ID, the operation according to the instruction from the operation unit can be eliminated, so that a much greater effect can be obtained for avoiding the conflict. become.
Furthermore, within the expiration date of the issued time-limited ID, if the display unit displays that the operation request for the configuration mode is being received, the state of the apparatus is accurately transmitted to the user, as described above. Even when the operation is not accepted, it is possible to prevent the user from misinterpreting it as a failure or the like. By displaying the progress of the operation in the configuration mode and the time limit of the time-limited ID, it is possible to give the user an indication of the period required until the end of the configuration mode.

In addition, if the specification of the time limit of the time-limited ID is received together with the admin password and the time limit of the time-limited ID issued when the specification is specified is set as the time limit of the specification, the user who requests the operation related to the configuration mode Therefore, it is possible to eliminate other users' requests only for the time required by the user, and to reduce the convenience of other users. On the other hand, it is possible to prevent a situation in which the time limit of the time-limited ID is reached during work in the configuration mode.
Furthermore, if a request for extending the expiration date of a time-limited ID is accepted and the expiration date can be extended accordingly, even if the work is longer than expected, the time limit of the time-limited ID is increased during the work. It can prevent the situation that will arrive.

By accepting a request for invalidation of the expiration date of a term ID and enabling the expiration of the expiration date accordingly, the occupation (specification) of the image forming apparatus is immediately performed when the operation in the configuration mode is completed. It is possible to eliminate a state in which an operation request from a user other than the user is excluded.
If the password, operation request, and time-limited ID are described in a structured language format, the versatility of the data can be improved, and the data format can be easily designed and modified.
In this case, if the time-limited ID is described in the header of the document described in the structured language format, it is possible to identify the time-limited ID at an early stage of processing before interpreting the body. The amount of communication between processes can be reduced, and the amount of processing when the operation related to the operation request is not permitted can be reduced.

[Modification]
Here, in the embodiment described above, an example has been described in which execution of all commands is permitted on the condition that a user (or device) authenticated with an admin password is subsequently accepted together with a time-limited ID. However, this is not essential, and the allowed commands can be restricted.
In this case, for example, a command allowed for a user authenticated with an admin password can be stored in a table as shown in FIG. Even when the ID is received together with the time-limited ID, when the web service application 318 interprets the XML document of the SOAP body and grasps the content of the requested command, the table is referred to determine whether the command can be executed. You just have to do it.
Alternatively, as shown in FIG. 31 and FIG. 32, the time-limited ID is described in the SOAP body, and after the web service application 318 interprets the XML document of the SOAP body, whether the time-limited ID is appropriate and the time-limited ID are Whether or not the command can be executed when it is correct may be determined at the same time.

Moreover, in embodiment described above, the example which memorize | stores only one type of admin password as a specific password was demonstrated. However, as described above, when restricting a command that is permitted to be executed by a user authenticated with an admin password, a plurality of types of specific passwords are stored, and the range of commands that are permitted to be executed by the accepted password is set. It may be changed.
For example, three types of admin passwords A, B, and C are stored as specific passwords, and the correspondence with commands that are permitted to be executed is determined as shown in FIG.

In this case, for example, when the password received at the time of the authentication request from the terminal device 105 is the admin password A, a time-limited IDA corresponding thereto is issued, and when the accepted password is the admin password B The IDB with a time limit corresponding thereto is issued. Even in this case, generating and issuing a new ID each time is the same as in the case described above, and information indicating which password corresponds to the ID may be included in the ID.
When the command execution request including the time-limited IDA is received within the expiration date of the time-limited IDA, the execution is performed with reference to the column of the admin password A in the table shown in FIG. 33 after identifying the time-limited ID. What is necessary is just to determine whether or not execution is possible, and when a command execution request including a time-limited IDB is received within the expiration date of the time-limited IDB, it is also possible to determine whether or not execution is possible by referring to the column of the admin password B.
In this way, command execution authority can be given more flexibly while avoiding a conflict between the configuration mode operation and other operations.

In addition, as described above, when restricting the commands that are allowed to be executed according to the type of admin password, some commands may be configured even if execution is permitted to users other than those authenticated by the admin password. There may be cases where there is no conflict with mode operation. For such a command, an operation request from another user may be permitted even during the operation in the configuration mode.
In such a case, as shown in FIG. 34, for a time-limited ID corresponding to each admin password, a command that is permitted when an execution request is received together with a time-limited ID within the time limit of the time-limited ID, Even when received without an ID, it is preferable to store commands that can be permitted after being authenticated with a password. And even if the command execution request is determined by the web service application 318 that a term ID within the valid period is not attached, if the command is related to the latter, it is the same as when no term ID is issued. Then, the password may be acquired, the CCS 319 may be requested for authentication, and the command execution permission may be determined according to the result.

  Furthermore, as in the case of the admin password B and the admin password C shown in FIG. 33, when there are no overlapping commands that allow execution, there is a case where no conflict occurs even if the execution of these commands is allowed at the same time. is there. In such a case, there is no particular problem even if the time-limited IDB corresponding to the admin password B and the time-limited IDC corresponding to the admin password C are issued simultaneously.

Therefore, as shown in FIG. 34, for each time-limited ID, it is preferable to set a password that may issue a time-limited ID redundantly within the expiration date. And even if it is within the expiration date of the already issued time-limited ID, when the authentication request is accepted, the password included therein is passed to the CCS 319 so that the CCS 319 may issue the time-limited ID at the same time. If it is authenticated, it is preferable to issue a new time-limited ID.
In this way, when configuration mode operation is permitted, only operations in a range where conflicts with this can occur can be prohibited, and other operations can be permitted. It is possible to minimize the decrease in convenience while preventing this.

  Furthermore, in the above-described embodiment, the example in which the time-limited ID is issued when the authentication unit authenticates that the authentication information received by the communication unit is specific authentication information has been described. However, when a specific operation request (command execution request for a specific command) is received by the communication means and the operation request is permitted, a time-limited ID may be issued to the source of the operation request. Good.

In this case, for example, when the web service application 318 actually permits the execution request (operation request) of the specific command from the authentication result in the CCS 319 and the content of the command (determination in step S28 in FIG. 25). If YES, the web service application 318 may request the CCS 319 to issue a time-limited ID. Then, within the expiration date of the time-limited ID, when the time-limited ID is received from the external device, an operation request related to the configuration mode from the external device may be permitted. In addition, regarding the handling of the ID with a time limit, the method of the above-described embodiment or modification can be applied. In addition, the specific operation request in this case may be a setting request that affects other operations of the device or a setting screen display request for instructing the setting.
If such control is performed, even if an admin password is accepted, operation requests from other users will not be excluded until an operation request for configuration mode is made, resulting in problems with the operation of the device. The deterioration of convenience can be suppressed while preventing the above.

  In the above embodiments, the image forming apparatus having a communication function has been mainly described as an example of the communication apparatus. However, the present invention is not limited to this, and network home appliances having a communication function, vending It can be applied to various electronic devices having communication functions, including machines, medical equipment, power supply devices, air conditioning systems, gas / water / electricity measuring systems, and computers that can be connected to a network. Also, the authentication processing method is not limited to the one using a password. The content of the time-limited identification information is not limited to the same as the above-mentioned time-limited ID. Further, with regard to the remote management system of the communication device, the configuration of the communication device, the remote management mediating device, the management device, and the connection form thereof are not limited to the above embodiments. In particular, the terminal device may be configured using a dedicated device instead of a general-purpose computer, and if there is no firewall in the installation environment of the communication device, the terminal device may communicate with the communication device via the Internet. . Communication between the communication device and the management device or the terminal device can be performed using various communication lines (communication paths) capable of constructing a network regardless of wired or wireless.

  In addition, the program according to the present invention allows each function (authentication information reception unit, authentication unit) according to the present invention to be stored in a computer that controls a communication device having a communication unit that communicates with an external device and an operation unit that receives an operation from a user. , Identification function issuing means, identification means, and functions as other means). By causing a computer to execute such a program, the above-described effects can be obtained.

Such a program may be stored in a storage means such as a ROM or HDD provided in the computer from the beginning, but a non-volatile recording such as a CD-ROM or flexible disk, SRAM, EEPROM, memory card or the like as a recording medium. It can also be recorded on a medium (memory) and provided. Each procedure described above can be executed by installing a program recorded in the memory in a computer and causing the CPU to execute the program, or causing the CPU to read and execute the program from the memory.
Furthermore, it is also possible to download and execute an external device that is connected to a network and includes a recording medium that records the program, or an external device that stores the program in the storage unit.

As described above, according to the communication device, the remote management system, and the communication device control method of the present invention, it is possible to sufficiently ensure the convenience of the user while preventing the operation of the device from occurring. can do.
Further, according to the program of the present invention, it is possible to cause the computer to control the communication device to realize the characteristics of such a communication device, and to obtain the same effect. Further, according to the recording medium of the present invention, the program can be stored in a computer that does not store the program, and can be caused to function as the communication device by executing the program.

It is a conceptual diagram which shows the structural example of the remote management system by this invention. It is a conceptual diagram which shows the data transmission / reception model in the remote management system. 1 is a conceptual diagram illustrating a configuration example of an image forming apparatus remote management system that is an example of a remote management system according to the present invention, in which an image forming apparatus that is an example of a communication apparatus according to the present invention is a managed apparatus; FIG. FIG. 3 is a block diagram illustrating a hardware configuration example of an image forming apparatus that is a communication apparatus configuring the image forming apparatus remote management system. FIG. 3 is a block diagram illustrating a software configuration example of the image forming apparatus.

6 is a diagram for explaining an ENGRDY signal and a PWRCTL signal in the image forming apparatus. FIG. 3 is a functional block diagram illustrating a configuration example of a web service application in the image forming apparatus. FIG. FIG. 4 is a block diagram illustrating a schematic configuration example of a management apparatus 102 illustrated in FIG. 3. FIG. 4 is a diagram showing an example of a communication sequence for data transmission / reception performed in the image forming apparatus remote management system shown in FIG. 3. FIG. 4 is a diagram illustrating an example of a communication sequence when data is transmitted from the image forming apparatus illustrated in FIG. 3 to a management apparatus.

FIG. 4 is a diagram for explaining an outline of a processing procedure when password authentication is performed in the image forming apparatus illustrated in FIG. 3. It is a figure which shows the example of a display of the password input screen displayed on an operation panel. It is a figure which shows the example of a format of the SOAP document for command execution requests. It is a figure for demonstrating the main information contained there. It is a figure which shows the example of the table referred when determining whether command execution is possible.

FIG. 4 is a diagram for explaining an outline of processing when an input of an admin password is received via a network in the image forming apparatus illustrated in FIG. 3. It is a figure which shows the example of a format of the SOAP document for the authentication request | requirement by an admin password. It is a figure for demonstrating the main information contained there. It is a figure which shows the example of ID with a time limit issued in the process shown in FIG. It is a figure which shows the example of a format of the SOAP document for command execution requests which attached ID with a time limit.

It is a figure for demonstrating the main information contained there. It is a figure which shows the example of a display in an operation panel when it will be in the state which receives the operation request which concerns on configuration mode via a network. FIG. 4 is a flowchart illustrating a process in a case where an input of a password is accepted from an operation panel among processes related to authentication in the image forming apparatus illustrated in FIG. It is a figure which shows an example of the process sequence by the process shown to the flowchart of FIG. FIG. 4 is a flowchart illustrating a process in a case where an input of a password is accepted via a network among processes related to authentication in the image forming apparatus illustrated in FIG. 3.

It is a flowchart which shows the process of the continuation of FIG. FIG. 27 is a flowchart illustrating processing for time limit management of a time-limited ID that is executed in parallel with the processing illustrated in FIGS. 25 and 26. FIG. It is a figure which shows an example of the process sequence by the process shown to the flowchart of FIG. It is a figure which shows the other example. It is a figure which shows another example.

FIG. 21 is a diagram showing an example different from FIG. 20 of the format of a SOAP document for command execution request with a time-limited ID. It is a figure for demonstrating the main information contained there. It is a figure which shows the example of a setting of the correspondence of a specific password and the command which permits execution. It is a figure for demonstrating control when issuing ID with a time limit corresponding to each of a plurality of specific passwords.

Explanation of symbols

10: Managed device 11: Managed device with mediation function 100: Image forming device 101: Mediation device 102: Management device 103: Internet 104: Firewall 105: Terminal device 110: Image forming device with mediation function 120: PC 121: Web Browser 130: DHCP server 140: LAN
200: Controller board 201: HDD
202: NV-RAM 203: PI board 204: PHY 205: Operation panel 206: Plotter / scanner engine board 207: Power supply unit 212: PCI-BUS
300: OCS 301: ECS
302: MCS 303: NCS
304: FCS 305: NRS
306: SCS 307: SRM
308: IMH 309: Copy application 310: Fax application 311: Printer application 312: Scanner application 313: Net file application 314: Web application 315: CSS 316: DCS
317: UCS 318: Web service application 319: CCS
601: Modem 602: Communication terminal 603: Proxy server 604: Operator terminal 605: Database 606: Control device

Claims (28)

A communication means for communicating with an external device;
A communication device having an operation means for receiving an operation from a user,
Authentication information receiving means for receiving authentication information input from the operation means or the communication means;
Authentication means for performing authentication processing using the authentication information received by the authentication information receiving means;
When the authentication unit authenticates that the authentication information input from the communication unit and received by the authentication information receiving unit is specific authentication information, a time-limited identification that defines an expiration date for the transmission source of the authentication information A time-limited identification information issuing means for issuing information;
An identification means for permitting an operation request related to a configuration mode from the external device when receiving the time-limited identification information within the expiration date from the external device;
The time-limited identification information issuing means does not newly issue time-limited identification information corresponding to the authentication information within the expiration date of the time-limited identification information issued to the transmission source of the specific authentication information. A communication device. The communication device according to claim 1,
The identification unit permits only the operation request received from the external device together with the time-limited identification information within the validity period of the time-limited identification information issued by the time-limited identification information issuing unit. A communication apparatus, characterized in that it is means for permitting an operation request related to a configuration mode. The communication device according to claim 1 or 2,
A communication apparatus, wherein an operation from the operation means is not accepted within an expiration date of the time-limited identification information issued by the time-limited identification information issuing means. The communication device according to any one of claims 1 to 3,
Display means for displaying a message;
Communication means comprising: a means for displaying on the display means that the configuration mode is operating within the validity period of the time-limited identification information issued by the time-limited identification information issuing means. apparatus. The communication device according to any one of claims 1 to 4, wherein
The authentication information accepting means has means for accepting designation of an expiration date of the time-limited identification information together with the authentication information inputted from the communication means,
When the specified identification information is issued, the expiration date is used as the expiration date when the identification information is issued, and when the specified date is not specified, the expiration date is set. A communication apparatus characterized by being a predetermined time after issuance. The communication device according to claim 5,
If the expiration date extension request is received within the expiration date of the expiration date identification information, and the identification means permits the operation related to the request, the expiration date of the expiration date identification information is responded to the extension request. And a means for extending the communication. The communication device according to claim 5 or 6,
Communication having a means for ending the validity period of the time-limited identification information when the request for invalidating the time-limited identification information is received and the identification means permits an operation related to the request apparatus. The communication device according to any one of claims 1 to 7,
The authentication information input from the communication unit and received by the authentication information receiving unit, the operation request received from the external device, and the time-limited identification information are information described in a structured language format. The communication device according to claim 8,
The communication apparatus according to claim 1, wherein the time-limited identification information is described in a header of a document described in a structured language format. A remote management system for remotely managing a plurality of communication devices via a network by a management device,
In the communication device,
A communication means for communicating with an external device;
An operation means for receiving an operation from a user;
Authentication information receiving means for receiving authentication information input from the operation means or the communication means;
Authentication means for performing authentication processing using the authentication information received by the authentication information receiving means;
When the authentication unit authenticates that the authentication information input from the communication unit and received by the authentication information receiving unit is specific authentication information, a time-limited identification that defines an expiration date for the transmission source of the authentication information A time-limited identification information issuing means for issuing information;
An identification means for permitting an operation request related to a configuration mode from the external device when receiving the time-limited identification information within the expiration date from the external device;
The time-limited identification information issuing means does not newly issue time-limited identification information corresponding to the authentication information within the expiration date of the time-limited identification information issued to the transmission source of the specific authentication information. Features remote management system. The remote management system according to claim 10, wherein
The identification unit of the communication device permits only an operation request received from the external device together with the time-limited identification information within an expiration date of the time-limited identification information issued by the time-limited identification information issuing unit. By doing so, the remote management system is a means for permitting an operation request related to the configuration mode. The remote management system according to claim 10 or 11,
In the communication apparatus, a remote management system is configured such that an operation from the operation unit is not accepted within an expiration date of the expiration date identification information issued by the expiration date identification information issuing unit. The remote management system according to any one of claims 10 to 12,
In the communication device,
The authentication information accepting means has means for accepting designation of an expiration date of the time-limited identification information together with the authentication information inputted from the communication means,
When the specified identification information is issued, the expiration date is used as the expiration date when the identification information is issued, and when the specified date is not specified, the expiration date is set. A remote management system characterized by a predetermined time after issuance. The remote management system according to claim 13, wherein
If the communication device receives a request for extending the expiration date within the expiration date of the time-limited identification information, and the identification means permits the operation related to the request, the expiration date of the time-limited identification information is set. A remote management system comprising means for extending in response to the extension request. The remote management system according to claim 13 or 14,
The communication device is provided with means for ending the validity period of the time-limited identification information when the request for invalidating the time-limited identification information is received and the identification means permits an operation related to the request. Remote management system characterized by A communication device control method comprising: a communication unit that communicates with an external device; and an operation unit that receives an operation from a user.
To the communication device, to accept the authentication information input from the operating means or the communication means,
Line Align the authentication process using the authentication information received,
When the authentication information input and received from the communication means is authenticated as specific authentication information, the time-limited identification information that determines the expiration date is issued to the transmission source of the authentication information,
Wherein when receiving the maturity identification information unexpired from an external device, to allow the operation request according to the configuration mode from the external device,
Wherein the expiration date of the issued dated identification information for a specific transmission source of the authentication information, the communication device characterized by causing to not issue a new dated identification information corresponding to the authentication information Control method. A communication device control method according to claim 16, comprising:
To the communication device, the expiration date of the issued dated identification information, the operation according to the configuration mode by Rukoto to allow only those received with the dated identification information in the operation request from the external device the communication control method, characterized in that to I line authorization request. A communication device control method according to claim 16 or 17,
To the communication device, the expiration date of the issued dated identification method of controlling a communication apparatus characterized by causing to not accept an operation from the operation means. The control method according to any one of claims 16 to 18, comprising:
To the communication device, wherein when the authentication information inputted from the communication unit Ru is accepted, if specified expiration of the time limit with the identification information along with authentication information to accept it, the dated identification information when issued, if there is the designated by a time limit of the expiration date to the specified, and wherein Rukoto is from issuing its expiration date and after the predetermined time when the designated was not Method for controlling a communication device. A communication device control method according to claim 19, comprising:
To the communication device receives the extension request of the expiration date in the expiration date of the dated identification information, and if you allow operation according to the request, the extension request expiry of the dated identification information the communication control method according to claim Rukoto is extended in accordance with the. A communication device control method according to claim 19 or 20,
To the communication device, receiving the invalidation request of the dated identification information, and if you allow operation according to the request, the communication device, characterized in that to the end of the validity period of the dated identification information Control method. A computer that controls a communication device having a communication unit that communicates with an external device and an operation unit that receives an operation from a user.
Authentication information receiving means for receiving an input of authentication information input from the operation means or the communication means;
Authentication means for performing authentication processing using the authentication information received by the authentication information receiving means;
When the authentication unit authenticates that the authentication information input from the communication unit and received by the authentication information receiving unit is specific authentication information, a time-limited identification that sets an expiration date for the transmission source of the authentication information Time-limited identification information issuing means that issues information and does not newly issue time-limited identification information corresponding to the authentication information within the expiration date of the time-limited identification information issued to the transmission source of the specific authentication information When,
A program for functioning as an identification unit that permits an operation request related to a configuration mode from an external device when the expiration date-identified identification information is received from the external device. The program according to claim 22, wherein
The function of the identification means permits only the operation request received from the external device together with the time-limited identification information within the expiration date of the time-limited identification information issued by the time-limited identification information issuing means. Thus, a program for permitting an operation request related to the configuration mode. The program according to claim 22 or 23,
The computer program further includes a program for realizing a function of not accepting an operation from the operation unit within an expiration date of the expiration date identification information issued by the expiration date identification information issuing unit. Program to do. A program according to any one of claims 22 to 24,
The authentication information accepting unit has a function of accepting designation of an expiration date of the identification information with time limit when accepting authentication information input from the communication unit,
When the specified identification information is issued, the expiration date is used as the expiration date when the identification information is issued, and when there is no specification, the expiration date is issued. A program characterized by having a function after a predetermined time. A program according to claim 25, wherein
When the computer receives a request for extending the expiration date within the expiration date of the identification information with time limit, and the identification means permits an operation related to the request, the expiration date of the identification information with time limit is A program further comprising a program for functioning as means for extending in response to an extension request. The program according to claim 25 or 26, wherein:
For causing the computer to function as a means for ending the validity period of the time-limited identification information when the request for invalidating the time-limited identification information is received and the identification means permits an operation related to the request. A program further comprising a program.   A computer-readable recording medium on which the program according to any one of claims 22 to 27 is recorded.

Images