JP2007249417A - Information processing device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To consider auto-logout operation provided in an information processing apparatus used by a large number of users (for example, log-in from a network by a web browser) in consideration of user-specific conditions, difficulty of operation, and confidentiality of information related to logs. To optimize.
When an input operation requesting log processing by a user is received and a login is accepted through user authentication or the like, logout is performed when a request (operation) to be continuously issued by the user is not performed within the time limit. do. The time limit set at this time is set to an appropriate value in consideration of the difficulty of operation and the confidentiality of the operation for the time limit corresponding to each user (S103 to 109). If there is no operation even after the time limit is exceeded, the user is logged out (S113), and if there is an operation, the non-operation time to be measured is reset (S102), and the time limit check operation for the next operation is performed.
[Selection] Figure 5

Description

  The present invention relates to an information processing apparatus used by a large number of users, for example, a PC (Personal Computer) or an MFP (Multi-Function Peripherals) that can be used from a network. The present invention relates to an information processing apparatus having a mechanism for improving user usability in an auto logout function (a function for forcibly logging out a user who has not been processed for a long time).

Today's widely used PCs and MFPs (image information processing devices that combine functions such as copying, faxing, printers, and scanners) can be used from a network and are used by many users. Information processing apparatus.
At the time of use, the user inputs a command for operating the apparatus by an input operation on an operation panel provided in the information processing apparatus itself or an input operation performed via a Web system in the case of an external information processing apparatus connected to a network. . The information processing device logs (operations of the information processing device) related to jobs (operations processed as one unit in the information processing device) that should be processed from login to logout in response to a command input by a user operation. Log) and process the job according to the command.
The user's input operation to the information processing apparatus performed in this way has various functions installed in the apparatus, and in an environment used by a large number of users, a plurality of input requests may occur at the same time. In order to be able to respond to requests, there is a mechanism that allows multiple logins at the same time to execute multiple job processing.
However, since there is a limit to the number of logins that can be accepted at the same time, an allowable number of logins is set, and login requests exceeding the set number cannot be accepted. A problem when such management is performed is that a log is left in an incomplete state after a login request is made. In this case, a new login request is rejected because of the neglected log.

As a conventional technique proposed to solve the above-mentioned problem, there is an auto logout function, and an example thereof can be shown in Patent Document 1 below.
In Patent Document 1, even when the number of client computers logged in to a server computer reaches the maximum number of logins, when there is a client computer that does not need to be logged in, a new client computer can be logged in. It describes a client and a server to solve the problem.
As a means for solving the above problem, the server computer checks an unnecessary login request, logs out the corresponding login request, and accepts a new login request. Here, unnecessary login requests are checked by storing the last access time of each client computer that is logging in to the server computer in the RAM, and if there is a new login request from the client computer, it is stored in the RAM at this point. If there is a logged-in client computer that has not been accessed for a set time since the last access time, this is checked by checking it as a logout target.
JP-A-10-198622

However, as shown in Patent Document 1, unnecessary log-in request checks in the conventional auto-logout function are based on a certain check standard (logout time limit) without considering the conditions specific to the user who makes the log-in request. Applicable.
Therefore, it is inevitable that there may be inconveniences for individual users (administrators). For example, if the time limit for logout is set to the standard value, users who take a long time to log out log out before completing the input of the job request. If the time limit is set too long, there are many unnecessary logins. There is a problem that it is retained and it becomes easy to be in a state where a new login is not possible.
Also, factors that should be considered in order to properly set the criteria for checking unnecessary login requests (time limit for logout) are related to the difficulty of the operation itself and the log in addition to the time required for each user's operation. There is confidentiality of information (I want to make the time limit as short as possible to avoid being exposed to a third party), and depending on the usage environment, it is desirable to change the time limit in consideration of these points. However, in the prior art, since these points are not taken into consideration, appropriate functions are not used.
The present invention has been made in order to solve the above-mentioned problems that occur in the conventional auto logout function provided in an information processing apparatus used by a large number of users. The problem is first caused by the auto logout function. The purpose is to optimize the operation in consideration of the conditions specific to the user (administrator) and to solve the problems caused by the above-described conventional technology. Furthermore, it is possible to optimize the operation by the auto logout function by setting the time limit for logout in consideration of the difficulty of operation and the confidentiality of information related to logs.

  The invention of claim 1 is authenticated by an information input means for inputting information by an operator's operation, a user authentication means for authenticating that an operator operating the information input means is a specific user, and the user authentication means. In addition, the non-operation time measuring means for measuring the time when the user does not perform the operation to be continued on the information input means, and the time measured by the non-operation time measuring means exceeds the time limit for which the setting is variable. A time limit determining means for determining the time limit, a time limit setting means for setting the time limit for each user, and a condition that the time limit has been exceeded by the time limit excess determining means. The above-described problem is solved by an information processing apparatus including operation restriction means for rejecting.

The invention according to claim 2 is the information processing apparatus according to claim 1, wherein the user authentication means performs authentication based on a user identifier. Time limit management means for managing the identifier and time information predetermined in association with the identifier is provided, and the time limit setting means is managed by the time limit management means based on the user identifier authenticated by the user authentication means. The time limit information obtained is referred to as the time limit for the corresponding user, and the above-described problem is solved by doing so.
The invention according to claim 3 is the information processing apparatus according to claim 1 or 2, wherein the user authentication means performs authentication based on a user identifier. A time limit managing means for managing the time as a predetermined time information in association with a group identifier to which the user identifier belongs, wherein the time limit changing means includes the time limit according to the group identifier to which the user identifier is authenticated by the user authentication means; The time information managed by the management means is referred to, and the obtained time limit information is set as the time limit for the corresponding user. By doing so, the above-described problem is solved.

According to a fourth aspect of the present invention, there is provided the information processing apparatus according to any one of the first to third aspects, wherein the information input unit provides a user with a predetermined operation menu corresponding to the input content.
An operation difficulty level setting means for setting a time limit set in advance in the time limit excess determination means in correspondence with the operation menu, the difficulty level of the operation to the information input means by the user,
The time limit set in the time limit excess determination means is adjusted according to the difficulty level of the operation set in the operation difficulty level setting means. In this way, the above-mentioned problems are solved.
According to a fifth aspect of the present invention, in the information processing apparatus according to any one of the first to fourth aspects, the information input means provides the user with a predetermined operation menu corresponding to the input content. Operation secrecy setting means for presetting the confidentiality of the operation corresponding to the operation menu, and the confidentiality of the operation set in the operation confidentiality setting means with a time limit set in the time limit excess determining means The above-described problems are solved by doing so.
According to a sixth aspect of the present invention, in the information processing apparatus according to any one of the first to fifth aspects, the information input unit provides the user with information related to the predetermined operation target. Operation target confidentiality setting means for setting the security for each operation target in advance,
The time limit set in the time limit excess determining means is adjusted by the confidentiality of the information set in the operation target confidentiality setting means, and the above-described problem is solved by doing so.

A seventh aspect of the present invention is the information processing apparatus according to any one of the first to sixth aspects, further comprising administrator authentication means for authenticating that an operator who operates the information input means is an administrator. The present invention is characterized by comprising setting changing means capable of changing the time limit set in the time excess determining means by at least one of a user and an administrator. By doing so, the above-described problem is solved. .
The invention according to claim 8 is the information processing apparatus according to claim 7, wherein the setting changing unit changes the user setting within a time range set by an administrator as a time limit that can be changed. It is a means for receiving, and the above-described problems are solved by doing so.
The invention according to claim 9 is the information processing apparatus according to claim 7 or 8, further comprising means for setting by the administrator whether the setting change means is permitted or not allowed to change the time limit by the user. In this way, the above-described problems are solved.
A tenth aspect of the present invention is the information processing apparatus according to any one of the first to ninth aspects, further comprising means for fixing a time limit set in the time limit excess determining means. By doing so, the above-described problems are solved.

According to an eleventh aspect of the present invention, there is provided a server for providing user information including user identification information used by the user authentication means and restriction information predetermined for each user managed by the time limit management means. The information processing apparatus described in any one of 10 is provided with an interface with the server, and the above-described problem is solved by doing so.
The invention according to claim 12 is the information processing device according to any one of claims 1 to 11, wherein the operation according to a predetermined security policy is performed. Is provided with means for adding a restriction based on the security policy. By doing so, the above-mentioned problems are solved.

According to the present invention, a logged-in user is authenticated, and the time during which the user does not continue a series of operations necessary for log processing is checked by a time limit that can be set in consideration of unique conditions for each user. As a result, users who take a long time to operate cannot complete the operation within the time limit, or the time limit is too long, so many unnecessary logins are retained and new logins cannot be made. It is possible to eliminate the occurrence of such troubles, optimize the operation, and effectively use the auto logout function.
In addition, since it is possible to refer to the time limit that can be set for each user using the identifier used for user authentication, the present invention can be easily implemented based on an existing system that manages the user identifier. .
In addition, by setting the time limit that can be set for each user by referring to the group identifier to which the user belongs, the setting can be performed in a short time, and it is based on the existing system that manages the group identifier. (Claim 3).
In addition, for input contents that are known to take time in advance, the time limit to be set is adjusted according to the difficulty level of each operation, such as increasing the time limit in advance. Therefore, it is not necessary to extend the time limit at the time point, so that the operation can be optimized including the improvement of security.
In addition, in the operation with high confidentiality in advance, the time limit to be set is adjusted according to the confidentiality of each operation, such as limiting to the operation in a short time. Since it is not necessary to shorten the length, it is possible to optimize the operation including improvement of security.
In addition, in the operation that targets highly confidential information in advance, the time limit to be set is adjusted according to the confidentiality of the information to be operated, such as limiting to a short time operation. Since it is not necessary to shorten the time limit for other operations, it is possible to optimize the operation including improvement of security.
In addition, since the set time limit can be changed by at least one of the user and the administrator, the optimum operation according to the use situation is possible. Here, the user's setting change is accepted within the range of the time set by the administrator (claim 8), and the administrator can set permission or disapproval of the time limit change by the administrator ( Therefore, the auto logout function can be managed in consideration of the benefit of the entire user.
In addition, since the setting of the time limit is prohibited and can be fixed, it becomes possible to cope with the necessity for management of security and the like (claim 10).
In addition, since a server that provides user identification information and user information including a time limit predetermined for each user is provided outside and managed centrally by the server, the complexity of access to user information is reduced. (Claim 11).
In addition, since the restriction by the security policy is added to the setting of the time limit, it is possible to keep the security policy in a consistent state while reducing the complexity of the setting (claim 12).

In the following, as an embodiment of the information processing apparatus of the present invention, an example in which an MFP is used as an implementation apparatus will be shown.
The MFP according to the present embodiment provides a composite function such as a copy / fax / printer / scanner and the like, and image output data (scan read image, data generated by a printer driver, etc.) obtained by operating these functions. The image output processing such as print output or data transfer to an external device (FAX, PC, etc.) is performed based on the above.
The MFP includes an operation panel in the apparatus main body as means for inputting commands, information, and the like necessary for the operation of various functions by an operator's operation. The main control unit of the MFP receives requests for login of a job to be processed, setting of processing conditions for the logged-in job, and execution instruction of the set job by an input operation to an operation panel performed by an operator who requests processing. For example, in the case of output processing performed using the copy function, the processing operation is executed independently by the apparatus in accordance with a job processing request made from this operation panel.
The MFP also includes a communication I / F such as a network I / F (interface), and receives a login request from an external information processing apparatus via the communication I / F. The external information processing apparatus connectable via the communication I / F includes a PC that acts as a host apparatus for the MFP, the same type of MFP, or a management server. The management server provides a function for centrally managing information and device states required by a plurality of information processing apparatuses (PC, MFP, etc.) connected to the network.
When logging in to the MFP from an external information processing apparatus via the communication I / F, the same function as that of the operation panel provided in the MFP body, that is, by inputting commands / information necessary for processing by the operator's operation It is necessary to be able to perform a function for issuing a login request from an external information processing apparatus. As a means for this, the MFP includes a Web system and provides a user I / F of an external information processing apparatus via a network by data created by a Web browser.

The log received through the Web system is managed by the main control unit in the MFP, and is logged out after processing the job requested for the log.
Log management first confirms that a log can be accepted, for example, by checking user usage restrictions, data access restrictions, or the like, or that a requested job is a processable job. Also, regarding the logs that can be accepted, from the login to the logout, grasp the job processing status required for the log, and after the job processing is completed, the necessary information as information related to the job and log is recorded as a history Saving is included, and these are the management contents.
The auto logout function according to the problem to be solved by the present invention is a function of judging an unnecessary login request and forcibly logging out the corresponding login, and can be said to be one of log management functions.
The auto-logout function that has been known for the past is determined to require login without access for a set time from the last access time, and is forcibly logged out. For example, a user who takes a long time for an input operation necessary for log processing may log out during the operation.
Therefore, in the present invention, in consideration of the conditions specific to the user who makes the login request, a mechanism for making it possible to obtain an appropriate auto logout operation by changing the setting of the criterion for determining an unnecessary login for each user Is provided. In addition, the above criteria with variable settings for each user can be used to optimize the operation of the auto logout function by setting a time limit for logout, taking into account the difficulty of operation and the confidentiality of information related to logs. it can.

In the following, examples of different forms of MFPs having an auto logout function according to the present invention are shown as “embodiment 1” to “embodiment 4”.
“Embodiment 1” shows an example in which an operation corresponding to login from an external information processing apparatus can be performed by a Web system provided in the MFP, and “Embodiment 2” is for login from an operation panel of the MFP main body. An example in which the corresponding operation is possible will be shown.
“Embodiment 3” indicates a configuration example in which time limit information corresponding to a user used for the time limit check in “Embodiment 1” and “Embodiment 2” is managed by a server connected to the network. Furthermore, “Embodiment 4” indicates a configuration example that enables an operation according to the security policy in addition to “Embodiment 3”.
“Embodiment 1”
In this embodiment, a MFP is provided with a Web system, and it is possible to cope with login from a PC connected via a network. Therefore, on the PC side, a built-in web browser is used to obtain a GUI (Graphical User Interface) screen necessary for inputting a job log that can be requested from the MFP as a user I / F from the MFP and display it on the monitor screen. Is used.
In this embodiment, an example using a PC is shown. However, as long as the information processing apparatus can use the functions of the MFP from the outside, the host device is not limited to the PC, and may be, for example, an MFP. In the case of MFPs, a copy function that cannot be performed by a PC without a scanner can also be used.

“MFP configuration”
FIG. 1 is a diagram illustrating a main configuration of the MFP according to the present embodiment.
The configuration shown in FIG. 1 represents a form in which an MFP 100 and a PC 70 are connected to a network 50, respectively.
An MFP 100 illustrated in FIG. 1 includes a Web system 105 and an operation panel 103 as user I / Fs.
The Web system 105 exchanges information with the Web browser 73 mounted on the PC 70 connected via the network 50 via the network I / F 103 and responds to the login of the PC 70. When a job is requested from the PC 70, the Web browser 73 obtains a GUI screen necessary for inputting a job log that can be processed by the MFP 100 from the Web system 105 of the MFP 100 and displays the GUI screen on the monitor screen.
The user logs in the job to the MFP 100 by pointing and inputting operations on the GUI screen generated by the Web browser 73 (refer to FIG. 2 to be described later for the operation sequence when requesting a processing request). Since it is assumed that another login request is generated while one login request is received from the network 50, the Web system 105 has a mechanism capable of simultaneously supporting a plurality of logins. .
The log received through the Web system 105 is managed until the job requested for the log is finished and the logout is performed. As one of the log management functions, an auto logout function is provided.

The auto logout function of this embodiment stops accepting the corresponding log if the user logs in through the GUI screen of the web browser 73 and then does not continue the operation on the GUI screen. It is a function to do.
In this embodiment, after logging in through the GUI screen provided by the Web system 105 of the MFP 100, it is checked that the GUI screen is left unattended due to a no-operation time during which no further operation on the GUI screen to be continued is performed.
Specifically, it can be carried out by performing the following procedure. First, when the web system 105 of the MFP 100 receives a request made by operating the GUI screen of the web browser 73 and responds to the request, the measurement of the no-operation time is started and there is no time until the next request comes. Measure as operation time. Next, it is determined whether or not the measured no-operation time is within a preset time limit.
If the result of this determination is within the time limit, it is a normal operation and is treated as a processing target log. On the other hand, if it is not within the time limit, it is in a neglected state, so it stops accepting the corresponding log and logs out.

The auto logout function described above is configured as one of the functions of the authentication unit 107 in the embodiment shown in FIG.
The authentication unit 107 has an original function of authenticating a logged-in user (administrator). In other words, it has a function to collate user information such as a user ID and a password that are input along with the log with previously registered user information, and to establish authentication based on the collation result, or to identify a user. .
The result obtained by the authentication function defines the user authority given to each user. Since the user authority prescribes the device usage conditions (usable range) for each user, the log requested by each user is processed within the range of usage conditions indicated by this authority. To be managed.
As described above, the authentication unit 107 according to the present embodiment has a function of managing logs according to the user authority determined by the authentication result. As one of the management functions, auto logout for logs exceeding a predetermined time limit for each user is possible. It has a function.

The auto logout function is a log management function that eliminates logs that are logged in and are deemed unnecessary by forcibly logging out when the no-operation time exceeds a preset time limit. It is.
However, as mentioned above, if the time limit is fixed, users who take a long time to perform input operations required for log processing may experience a problem that logout occurs during the operation. This problem is avoided by using a time limit appropriately determined in advance for each user.
Since this time limit set for each user falls within the category of user authority, it is managed in association with user information and used for log management performed by the authentication unit 107 according to the user authority. Convenient in configuring.
Therefore, in the configuration shown in FIG. 1, the authentication unit 107 is provided with a time measurement unit 108 that measures the no-operation time. In addition, the data storage unit 109 that stores and manages control time information used as a control condition in each unit of the apparatus manages the time limit associated with user information as one of the control time information, and stores it in the data storage unit 109. The stored time limit information is made accessible from the authentication unit 107.

“Adjust time limit”
As described above, it has been shown that the time appropriately determined in advance for each user is used as the time limit of the auto logout function. However, depending on the usage situation, the merit of setting a time limit for each user is small, and even if users are grouped, there is no problem.
In addition, there are differences in the difficulty of operation itself, the confidentiality of the operation, the confidentiality of information related to the operation target, etc. as factors that upset the operation due to the predetermined time limit. The difference in the elements prevents the optimal auto logout operation. Therefore, by taking into account these points and changing / adjusting the time limit, a more appropriate operation can be realized and usability can be improved.
A method of grouping users and setting a time limit for the group can be implemented by a method that can support groups based on a method set for each user, as shown below.
FIG. 2 shows a correspondence table used for a time limit setting method that can be used together for each user and each group. The table (A) in FIG. 2 correlates the user ID, the time limit in the Web system, the time limit in the operation panel (described in “Embodiment 2” described later), and the group ID. The table (B) in FIG. 2 associates the group ID with the time limit on the Web system and the time limit on the operation panel.
Here, the time limit to be applied is given priority for the table (A) in Fig. 2 (see formula (1) below), so if you set the time limit for the user ID in the table (A), set it for each user. Time limit can be applied. On the other hand, if the time limit is not set for the user ID in the table (A), the time limit of the group to which the user belongs is calculated from the relationship between the user ID and the group ID corresponding to the four columns of the table (A) (B ) Obtain from table correspondence table and apply it.
As described above, according to the method of applying the time limit set for the group, the setting can be performed in a short time, and it can be easily implemented based on the existing system managing the group ID. it can.

In addition, the method of adjusting the difficulty level of the operation itself and the difference in the confidentiality of the operation is such that these properties of the operation corresponding to the operation item are determined in advance as numerical values, and this value is used for each user or group. It is possible to optimize the operation by adjusting the time limit set in (1) and applying the adjusted time limit.
FIG. 3 shows a predetermined operation difficulty level and operation confidentiality as a correspondence table in accordance with operation items.
The difficulty level of the operation is adjusted to increase the time limit as the difficulty level is higher (larger value), but the confidentiality is adjusted to limit the operation to a shorter time. .
In the correspondence table of FIG. 3, in the toner information display, the difficulty level is not high and the confidentiality is low. On the other hand, in the wireless LAN setting, the confidentiality is not so high, but the operation difficulty level is high, such as a large number of setting items.
Further, in the stored document list display shown in the operation item of the correspondence table, the confidentiality changes depending on the contents of the displayed stored document. Therefore, the confidentiality is not set in the correspondence table in advance.
As for the information related to the operation target such as the above-mentioned stored document, since the confidentiality varies depending on the content of the information, it is appropriate to deal with the information by setting it attached to each information. When targeting information such as a document for which confidentiality is set by this method, when the document is selected as an operation target, the confidentiality set for this document is referred to and the obtained confidentiality is set to the time limit. Adopt the method to reflect. The way of reflection is shown in the time limit calculation method exemplified later. In this way, the time limit is adjusted according to the confidentiality of the information to be operated, so it is not necessary to shorten the time limit for other operations, so that more appropriate operations, including improved security, can be performed. It becomes possible.
When changing / adjusting the time limit as described above, necessary information such as a correspondence table is stored and managed together with the related information in the data storage unit 109 that stores and manages the time limit as described above. To do.

“Calculation of time limit”
As described above, the time set as the auto logout time limit is information related to the difficulty level of the operation itself, the confidentiality of the operation, and the operation target based on the time that can be determined in advance according to each user. Make adjustments in consideration of confidentiality.
Here, an example of a calculation method for obtaining the time limit that is actually applied based on the time limit, the degree of difficulty, and the confidentiality acquired from the above correspondence table (FIG. 2) or the like is shown.
The following formulas (1) to (3) show an example of a formula for calculating the time limit from the above correspondence table (FIG. 2).
In the following formula (1), the user time limit is obtained from the time limit corresponding to the user ID (table (A) in FIG. 2) or the time limit corresponding to the group ID (table (B) in FIG. 2). As shown in Equation (1), if the time limit corresponding to the user ID is not in the (A) table, the time limit corresponding to the group ID in the (B) table is used, and the priority order is the user ID. Since it is higher than the group ID, it is possible to set a time limit only for a specific user in the group. In this case, if there is no time limit corresponding to the user ID in both the tables (A) and (B) of FIG. 2, the standard time limit prepared in advance by the system is used.
Also, in the following formula (2), confidentiality is classified into confidentiality corresponding to the current operation (in the correspondence table of FIG. As in the case of the operation target, the higher confidentiality is adopted among the confidentiality that changes depending on the operation target. In this way, it is possible to deal with confidentiality that varies depending on the operation target as well as confidentiality that does not change. In addition, as the difficulty level of the operation, the difficulty level shown corresponding to the operation item in the correspondence table of FIG. 3 is used as it is.
Also, in the following formula (3), the time limit is based on the user's time limit obtained by the above formulas (1) and (2), the confidentiality and the operation difficulty obtained by referring to the correspondence table. Indicates that it is calculated. As shown in Equation (3), the user's time limit is multiplied by the operation difficulty level.The higher the operation difficulty level, the longer the time limit is adjusted, and the confidentiality is divided. Make adjustments that are restricted to the operation.
In the above example, the time limit is calculated using the time limit corresponding to the user ID, the time limit corresponding to the group ID, the operation difficulty level, the confidentiality of the operation, and the confidentiality of the operation target. It is not necessary to have all the values of, but only a part of the values may be used.
When calculating the time limit, in addition to the formulas (1) to (3), a time limit predetermined for each user, a standard time limit corresponding to the operation difficulty level, and a standard corresponding to confidentiality. It can also be obtained by a method such as taking the maximum value of the time limit.

“Operation when a log request is handled by the Web system”
The operation when the MFP responds to the log request from the Web browser in the Web system in the configuration shown in FIG. 1 will be described below.
FIG. 4 shows an operation sequence at the time of a log request in which a log request from a Web browser is handled by the Web system and an auto logout function is activated for an accepted log.
The operation example shown here is an example in the case where the Web system has a mechanism capable of simultaneously accepting operations by a plurality of users. In addition, since operations on the Web browser are sent to the Web system as requests, the auto logout check is performed when the request is received. However, in the sequence of FIG. 2, the time until the next request after the second request is measured as the no-operation time, and the time limit is checked.
According to the sequence shown in FIG. 4, first, the user makes a login request from the PC 70 by operating the GUI screen of the web browser 73 and issues a request to the MFP 100 (Sq101). At this time, user information (such as a user ID) is attached to the request.
On the MFP 100 side, the web system 105 receives this request via the network I / F 103. The web system 105 decodes the user information and operation information (items operated by the user) from the received request, and passes them to the authentication unit 107 (Sq102).
The authentication unit 107 performs user authentication based on the passed user information, and performs a log-in process for accepting a log on condition that authentication is established (Sq103).

After the login process, the authentication unit 107 starts measuring the non-operation time necessary for checking the time limit in log management by auto logout performed at the time of receiving the next request (setting the measurement time to 0). Further, in order to acquire the time limit used for the above check, the data storage unit 109 that stores and manages the control time information and the like is accessed (Sq104). At this time, user information and operation information are passed as information used for access.
In response to this access, the data storage unit 109 uses the user information and operation information (operation items) to refer to the user ID correspondence table (FIG. 2), the group ID correspondence table (FIG. 2), and the operation correspondence table (FIG. 3). Then, the corresponding time limit, the operation difficulty corresponding to the operation item, and the confidentiality of the operation are taken out and passed to the authentication unit 107 (Sq 105).
Here, when the authentication unit 107 gives an operation permission to the web system 105 as a sequence after finishing the login process (Sq106), the web system 105 returns a normal response to the web browser 73 (Sq107). ).
The user learns that the login process has been performed with a normal response, and performs the second operation to issue the next request necessary for this log request (Sq108).
At this time, since the web browser 73 is a system that can simultaneously accept operations by a plurality of users, user information is attached to the request.
The web system 105 that receives the second request decrypts the user information and the operation information (operation item) from the received request and passes them to the authentication unit 107 (Sq109), as was done previously.

Thereafter, the authentication unit 107 accesses the data storage unit 109 in order to acquire information used when managing the log by the auto logout function, similarly to the previous sequence Sq104 (Sq110). However, at this time, since the control time information and the like are obtained in advance, the operation information (operation item) newly generated by the current request is sent to the data storage unit 109 as information used for access. Information on the operation difficulty level corresponding to the operation item and confidentiality information for the operation is obtained from the operation correspondence table (FIG. 3) of the data storage unit 109 (Sq111).
Next, the authentication unit 107 calculates a time limit to be applied to this log based on the time limit corresponding to the user acquired so far, the operation difficulty level corresponding to the operation item, and the confidentiality information for the operation (described later). 5), the no-operation time is checked based on the obtained time limit.
As a sequence of this time limit check, when the previous request is received (in the case of the second request, the previous time corresponds to login processing), the time measurement unit 108 in the authentication unit 107 starts measurement (measurement time). It is confirmed whether or not the no-operation time set to 0 is within the range of the time limit calculated as the time applied to this log (Sq112), and the confirmation result is obtained (Sq113). In this case, the time limit check results in a time limit OK. Accordingly, on the condition that the current request is accepted, the time measuring unit 108 is reset to 0 again, and the measurement of the no-operation time is newly started.
When the result of the time limit OK is obtained and the current request is accepted, the authentication unit 107 gives an operation permission to the web system 105 as a subsequent sequence (Sq114).
Upon receiving this operation permission, the web system 105 returns a normal response to the web browser 73 (Sq115).

Thereafter, a request necessary for processing one log is continuously performed (Sq131). The correspondence between the web system 105 and the authentication unit 107 for requests during this time is the same as in the second request described above. That is, the authentication unit 107 receives user information and operation information attached to the request passed from the web system 105, and uses the operation information (operation item) newly generated by the current request as information used for access as the data storage unit 109. The operation difficulty level corresponding to the operation item and the confidentiality information for the operation are obtained from the operation correspondence table (FIG. 3) of the data storage unit 109 (Sq 132 to 134).
Next, the authentication unit 107 recalculates the time limit applied to this log based on the time limit corresponding to the user acquired so far, the operation difficulty level corresponding to the operation item, and the confidentiality information for the operation ( The non-operation time is checked based on the obtained time limit (see Sq135).
The time limit check performed this time is performed by the time measurement unit 108 on the no-operation time newly started to be measured when the request was accepted last time.
Here, as a result of checking the time limit, the request is not accepted within the time limit, so the time limit becomes NG (Sq136).
When the result of the time limit NG is obtained, the authentication unit 107 performs logout processing for the requested log (Sq137). In addition, as a subsequent sequence, the web system 105 is notified of the non-permission of operation (Sq138).
Upon receiving this operation disapproval, the web system 105 returns an error response to the web browser 73 (Sq139).
Note that in the sequence shown here, you are automatically logged out when the time limit is exceeded, but you can continue the operation by asking the user whether you want to enter the password again or continue the operation. It is also possible to perform an operation such as confirming the intention of the user.

Here, the logout process of the authentication unit 107 in the operation at the time of log request corresponding to the Web system shown in the sequence (FIG. 4) will be described in more detail with reference to the flow shown in FIG.
According to the flow shown in FIG. 5, first, the user information and the operation information indicated in the request received by the web system 105 are passed from the web system 105, so that a login process for confirming a log to be accepted by user authentication or the like. Is performed (step S101). For user authentication, user information such as a user ID and password is checked against user information registered in advance, and whether the authentication is established or not is checked based on the comparison result.
Thereafter, measurement of the no-operation time necessary for the time limit check in the auto logout operation performed at the time of receiving the next request is started by the time measurement unit 108 (that is, the measurement time is set to 0) (step S102).
Next, the user time limit used for the time limit check is acquired based on the user ID attached to the request (step S103). The user time limit is obtained by accessing the user ID correspondence table (see FIG. 2A) of the data storage unit 109 that stores and manages control time information and the like, and obtains the time limit corresponding to the user ID therefrom. .
In step S103, when the relationship with the group ID is obtained from the user ID correspondence table and the time limit cannot be obtained directly, the group ID correspondence table of the data storage unit 109 is obtained based on the obtained group ID. (Refer to FIG. 2 (B)), and the time limit corresponding to the group ID is obtained therefrom (step S104).
At the same time, on the basis of the operation information (operation item) attached to the request, the operation correspondence table (see FIG. 3) of the data storage unit 109 that stores and manages the control time information and the like is accessed, and the operation item is converted therefrom. The corresponding operation difficulty level and confidentiality information for the operation are acquired (steps S105 and S106). In step S106, confidential information attached to the operation target document indicated in the request is also acquired as confidentiality information related to the operation.
Further, when the restriction information cannot be obtained in step S104, a standard time limit prepared in advance by the system is obtained (step S107).

Thereafter, the time limit corresponding to the user acquired in steps S103 to S107 above,
Based on the standard time limit, the operation difficulty level corresponding to the operation item, the confidentiality information for the operation, and the confidentiality information attached to the operation target document, the time limit applied to the current request is expressed by the above formula (1) (3) is calculated (step S108).
Next, the calculated time limit is set as a time limit used for logout determination (step S109).
Since the time limit used for logout determination is calculated every time a new request is generated, it is first confirmed after the calculation that a new request has been generated by an operation (step S110).
Here, if a new request is generated by the next operation (step S111-YES), the flow is returned to step S102 starting from the measurement of the no-operation time, and the processing step for obtaining the time limit is executed again.
On the other hand, if there is no next operation and no new request is generated (step S111-NO), it is determined whether or not the measured no-operation time is within the time limit calculated above. (Step S112).
As a result of this determination, if the time limit is exceeded (step S112-NO), it is determined that the operation has not been performed because the request is an unnecessary log, and the acceptance of this log request is stopped. Logout is performed (step S113) and the process is terminated.
If the time limit is not exceeded as a result of the determination (step S112—YES), the process proceeds to step (S110) for confirming that a new request has been generated in order to wait for the operation to continue. Return and check the time limit again. The timing for checking the time limit is repeated at predetermined intervals.

“Time limit setting change by users”
Considering the user's individual conditions, the difficulty of the operation itself, the confidentiality of the operation, the confidentiality of the information related to the operation target, etc. in the above (“Adjustment of the time limit” and “Calculation of the time limit”) It has been stated that by enabling the setting, it is possible to perform an appropriate auto logout operation according to the difference in usage.
However, even if the setting as described above is performed in advance, a proper operation state may not be maintained due to a change in the situation.
Therefore, by providing means for changing the conditions such as the time limit corresponding to the set user according to the situation at the usage site, it is possible to optimally set the time limit to be applied.
In the embodiment shown below, the time limit, the operation difficulty level, the confidentiality of the operation, the confidentiality of information related to the operation target (for example, the stored document) is set by the user or the administrator from the GUI screen of the Web browser. An example of changing the value of is shown.
FIG. 6 shows a GUI screen for auto logout setting (A) and time limit setting corresponding to the user (B).
A screen (A) in FIG. 6 is an initial screen for auto logout setting that is opened when a time limit (indicated as “auto logout time” in the figure) is set. On screen (A), the following (1) to (3), that is,
(1) Setting whether or not the set time limit is fixed (2) Setting whether or not the user can change the limit (3) Setting limit value of the setting range by the administrator Is possible.

The time limit setting can be changed by operating the fixed “No” button with the setting in (1) above. However, if the user does this, the user must be allowed to change the settings in (2) above. As shown in the screen (A) of FIG. 6, when the button status is fixed and “OK” is checked and the OK button is operated, the user from the screen (A) to the screen (B) can be handled. Allows you to move to the “Register Personal Information” screen for setting the time limit to be set. The setting can be changed by performing an input operation of the time limit set for the user himself / herself on the “Register Personal Information” screen after the migration. The time limit for changing the setting is reflected in the auto logout operation by rewriting the user ID correspondence table (FIG. 2).
Note that the user's permission to change is set with the administrator's authority, and even when permission is set, the upper and lower limits of the time limit that can be set by the user and set with the administrator's authority. Make settings within the range of. On the screen (A), the upper limit value and lower limit value of the time limit that can be set by the administrator authority are shown, and on the screen (B), it is shown that the setting is performed by the user within the range of the upper limit value and the lower limit value. ing. By doing so, it is possible to manage the auto logout function in consideration of the benefit of the entire user.
In addition, by confirming the button state of “fixed” in the setting (1) above and operating the OK button, the time limit can be set to a fixed value (for example, returned to the initial value).

FIG. 7 shows a setting operation when the administrator changes the time limit setting corresponding to the user with the administrator authority. FIG. 7 shows the same time limit setting screen as FIG.
The administrator performs the setting operation shown in FIG. 7 when it is desirable to set a value determined by the administrator as the time limit for a specific user (here, user ID: u0001).
That is, since the button operation on the screen (A) in FIG. 7 is in a fixed “not performed” state, the time limit setting can be changed. However, since the change permission by the user is in a “no” state, the setting on the screen (B) of FIG. 7 operated by the administrator cannot be changed by the user.
In addition, there is a set value corresponding to a group as a time limit that allows the setting change with administrator authority.
FIG. 8 shows a setting screen for the administrator to change the setting of the time limit corresponding to the group with the administrator authority.
As an input screen that can be opened with administrator rights, the “Group Information Registration” screen shown in FIG. 8 is prepared. On this screen, the group ID (here, the general user group ID: user is shown) is displayed. The setting can be changed by performing an input operation of the set time limit.
Here, the group ID: user is taken as an example, but by specifying the group ID, the setting of the time limit of each group in the group ID correspondence table shown in FIG. Can be rewritten.

In addition, the operational difficulty, operational confidentiality, and confidentiality of information related to the operation target (for example, stored documents), which are considered for optimizing the time limit setting for auto logout, also depend on the situation at the site of use. It is the target of setting changes to be made. Since the operation difficulty level, the confidentiality of the operation, and the confidentiality of the information related to the operation target are not related to the user, it is appropriate that the operation can be performed by the administrator. However, since a unique relationship may occur depending on the user, the setting may be changed by the user.
FIG. 9 shows setting screens (A) and (B) used for changing the setting of the confidentiality of the operation and the operation difficulty level, respectively.
As the input screen that can be opened with administrator authority, the “confidentiality setting” screen shown in FIG. 9A and the “operability difficulty setting” screen shown in FIG. 9B are prepared and operated in accordance with the operation items. The numerical value that expresses the difference in the properties of confidentiality and difficulty of the system is changed to a value that can be optimized. The operation items shown in FIG. 9 correspond to the operation items in the operation correspondence table shown in FIG. 3 earlier, and the numerical values set in the operation items are the calculation of the time limit actually applied (shown above). Used in equation (3)).
The setting can be changed by performing an input operation of a numerical value expressing the confidentiality and difficulty set corresponding to the operation item on the screens of FIGS. 9A and 9B. Although there is no set value in the stored document list display on the “confidentiality setting” screen in FIG. 9A, the confidentiality varies depending on the document to be operated. FIG. 10).
The setting changed by the operation on each setting screen in FIG. 9 is rewritten with the changed setting value in the operation correspondence table shown in FIG.

FIG. 10 shows a setting screen used for changing the confidentiality setting of the stored document.
For stored documents, as shown in FIG. 10, confidentiality is set for each document.
In the case of a document, depending on the nature of the document, the determination of confidentiality may be left to the creator, so it is appropriate to allow users who can access outside the administrator to change the settings. It is.
As an input screen that can be opened with user authority or administrator authority, the "Stored Document Confidentiality Setting" screen in FIG. 10A is prepared, and a numerical value expressing the confidentiality of the document corresponding to each document Set. For example, as shown in the screen of FIG. 10A, “2.0” is set if the document 3 has an ordinary level of confidentiality. If the document is handled as a confidential document, or if it is necessary to treat it as a confidential document even if “2.0” is set once, it is displayed on the screen of FIG. As described above, “10.0” is set as the confidentiality in the document 3 or the setting is changed to “10.0” to secure a time limit for ensuring the required confidentiality, thereby enabling optimization.
Note that the confidentiality set for the document is used in the calculation of the time limit that is actually applied (Equation (2) and Equation (3) above).

“Embodiment 2”
In this embodiment, in the MFP 100 shown in FIG. 1, as a user I / F, in response to a login from the operation panel 103 provided in the apparatus main body, an auto having the same purpose as described in the above “Embodiment 1”. The logout function is realized.
Therefore, the time limit is set according to the user, the auto logout operation is optimized, and the setting is made in consideration of the operation difficulty level, the confidentiality of the operation, and the confidentiality of the information related to the operation target. Since the basic configuration for optimizing the setting is not different from the above “Embodiment 1”, the description of “Embodiment 1” will be referred to for the corresponding part.
However, the MFP 100 of this embodiment has a mechanism for accepting a requested log according to a series of operation sequences on the GUI screen of the operation panel 103 by one user, and accepts log input operations by a plurality of users at the same time. However, in this respect, it is different from the operation at the time of log request corresponding to the Web system. Therefore, in the following, this difference will be mainly described.

“Operation when requesting log in the operation panel”
Hereinafter, an auto logout operation performed in response to a user operation of a log request from the operation panel 103 in the configuration illustrated in FIG. 1 will be described.
FIG. 11 shows an operation sequence at the time of log request from the operation panel.
In the operation example shown here, if the operation on the GUI screen of the operation panel 103 can be understood by the control unit (not shown) of the MFP, the process immediately shifts to a state in which the next operation is accepted according to a series of operation sequences. Is performed each time an input operation to the GUI screen is performed, including the first login request operation. In other words, when no input operation is accepted, the measurement of the no-operation time starts (login request and then the time is reset every time it is operated). To do.
According to the sequence shown in FIG. 11, a login request is first made by an operation on the GUI screen of the operation panel 103 by the user 200 (Sq201). At this time, the login request is accompanied by operation information and user information (such as a user ID).
On the MFP 100 side, a control unit (not shown) that receives this login request understands the request content and operation information, and passes user information and operation information (items operated by the user) accompanying the received request to the authentication unit 107. (Sq202).
The authentication unit 107 performs user authentication based on the passed user information, and performs a log-in process for accepting a log on condition that the authentication is established (Sq203).

After the login process, the authentication unit 107 accesses the data storage unit 109 that stores and manages the control time information and the like in order to acquire the time limit used for the time limit check (Sq204). At this time, user information and operation information are passed as information used for access.
In response to this access, the data storage unit 109 uses the user information and operation information (operation items) to refer to the user ID correspondence table (FIG. 2), the group ID correspondence table (FIG. 2), and the operation correspondence table (FIG. 3). Then, the corresponding time limit, the operation difficulty corresponding to the operation item, and the confidentiality of the operation are extracted and passed to the authentication unit 107 (Sq205). In this embodiment, in order to simplify the processing, the sequence for accessing the data storage unit 109 every time an input operation is received is not used. Information such as the operation difficulty level corresponding to the operation item may be acquired.
Thereafter, the authentication unit 107 accesses the data storage unit 109 that stores and manages the control time information and the like, and acquires the acquired time limit corresponding to the user, the operation difficulty level corresponding to the operation item, the confidentiality for the operation, and the like. Based on this, the time limit applied to this log is calculated (see Equation (2) and Equation (3) above). Further, the authentication unit 107 passes the calculated time limit to the time measurement unit 108 and instructs the time measurement unit 108 to start measurement of the no-operation time necessary for the auto logout check (measurement time is set to 0) ( Sq206).
Receiving this instruction, the time measuring unit 108 checks the measured value of the started no-operation time based on the passed time limit, and notifies the authentication unit 107 of the time limit NG only when the time limit is exceeded.

Here, the authentication unit 107 gives an operation permission to the operation panel 103 as a sequence after the login process is finished (Sq207). In response to this, the operation panel 103 changes the GUI screen to display a screen necessary for the next input operation according to a series of operation sequences (Sq 208).
Next, the next operation information is input by the operation of the user 200 on the transitioned GUI screen (Sq209), and the operation panel 103 passes this operation information to the authentication unit 107 (Sq210).
The authentication unit 107 that receives the operation information knows that there is a new operation, so instructs the time measurement unit 108 to reset the measurement of the no-operation time (Sq211), and again measures the start of the measurement of the no-operation time. The unit 108 is instructed (Sq212). In the case of the present embodiment, since the time limit has not been exceeded from the start of the measurement of the no-operation time last time until the next reset, no information is sent from the time measurement unit 108 to the authentication unit 107. Also does not emit.
After that, if the operation by the user 200 is interrupted, the authentication unit 107 does not reset the non-operation time to the time measurement unit 108 within the time limit, so the set time limit is exceeded and the time limit is exceeded. It becomes NG, and this is notified to the authentication part 107 (Sq231).
Upon receiving the notification of the time limit NG, the authentication unit 107 performs logout processing for the requested log (Sq232). Further, as a sequence after this, the operation panel 103 is notified of the non-permission of the operation (Sq233).

“Embodiment 3”
This embodiment shows a configuration example in which a time limit predetermined for each user is managed by a server connected to the network.
In the configuration of the MFP shown in the above embodiment, as shown in FIG. 1, the time limit corresponding to each user is stored and managed in the data storage unit 109 such as control time information built in the MFP. For this reason, when configuring an information processing system in which a plurality of MFPs (information processing apparatuses) on a network can be used from a user's PC, when the user's time limit is changed, the user A complicated operation of accessing the MFP and rewriting data in the built-in data storage unit 109 or the like must be performed (see FIG. 6 showing the setting of the time limit by the user).
Therefore, a server that provides user time limit information is provided on the network, and this information is centrally managed by this server, so that efficient management can be performed without requiring the complicated operations described above for each MFP. To be able to.
In addition, when managing user time limit information on a server on the network, this information can be handled as one piece of user information, so an authentication server that has registered and managed user information such as user IDs so far It is an effective implementation method for efficient operation of the system and easy construction of the system.

FIG. 12 is a diagram illustrating a main configuration of the MFP according to the present embodiment.
The configuration shown in FIG. 12 is obtained by connecting an external authentication server 80 to the network 50 based on the configuration of FIG. 1 shown in the above embodiment. Although the configuration to which the external authentication server 80 is connected is different, the configuration is the same as that shown with reference to FIG. 1 for the configuration, so refer to the description regarding FIG. 1 for the common configuration. The description is omitted here.
An MFP 100 illustrated in FIG. 1 includes a Web system 105 and an operation panel 103 as user I / Fs.
The external authentication server 80 can adopt and implement a general authentication server such as LDAP (Lightweight Directory Access Protocol). In this embodiment, information related to the time limit for each user is added to a part of the user information 83 managed by the external authentication server 80. The information related to the time limit for each user added here may be, for example, the form of the user ID correspondence table and the group ID correspondence table shown in the above embodiment.
Since the MFP 100 can exchange information with the external authentication server 80 via the network I / F 103, when obtaining the user time limit, the MFP 100 sends an acquisition request with a user identifier such as a user ID to the external authentication server. This information can be obtained by publishing to 80.
If the user's time limit managed by the external authentication server 80 is to be changed, the request can be made from the MFP 100 or the PC 70. When a request for changing the user time limit is made to the external authentication server 80, it is performed by a method similar to the method by the operation on the GUI screen generated by the Web browser shown with reference to FIGS. It is possible.

FIG. 13 shows an operation sequence at the time of a log request according to this embodiment.
The operation sequence shown in the figure exemplifies a case where the Web system supports it.
The configuration is the same as that of the embodiment described above with reference to FIG. 1 except that the configuration to which the external authentication server 80 is connected is different, and the operation sequence at the time of log request is also illustrated in FIG. In the operation of the above-described embodiment shown with reference, the operation is the same except for the operation of acquiring the time limit corresponding to the user ID. Therefore, for the operations after the second request (Sq 310 to 339), which is a common operation sequence, the description related to FIG. 4 is referred to, and the description is omitted here.
According to the sequence shown in FIG. 13, first, the user makes a login request from the PC 70 by operating the GUI screen of the web browser 73, and issues a request to the MFP 100 (Sq301). At this time, user information (such as a user ID) is attached to the request.
On the MFP 100 side, the web system 105 receives this request via the network I / F 103. The web system 105 decodes the user information and operation information (items operated by the user) from the received request and passes them to the authentication unit 107 (Sq302).
The authentication unit 107 performs user authentication based on the passed user information, and performs a log-in process for accepting a log on condition that authentication is established (Sq103). Although not shown in this sequence, user information necessary for user authentication is separately acquired from the external authentication server 80 or requested to be authenticated to obtain an authentication result.

After the login process, the authentication unit 107 starts measuring the non-operation time necessary for checking the time limit in log management by auto logout performed at the time of receiving the next request (setting the measurement time to 0). Further, in order to acquire the time limit used for the above check, the data storage unit 109 and the external authentication server 80 are accessed via the data storage unit 109 (Sq 304, 305). At this time, user information and operation information are passed as information used for access.
In response to the access, the data storage unit 109 uses the operation information (operation item), refers to the operation correspondence table (FIG. 3), extracts the operation difficulty level corresponding to the corresponding operation item, and the confidentiality of the operation, It passes to the authentication unit 107 (Sq307).
Further, the external authentication server 80 uses the user information according to the access made through the data storage unit 109, and refers to the user ID correspondence table (FIG. 2) and the group ID correspondence table (FIG. 2). The time limit is taken out and passed to the authentication unit 107 via the data storage unit 109 (Sq 306, 307). In this embodiment, the external authentication server 80 is accessed via the data storage unit 109. However, a method in which the authentication unit 107 directly accesses the external authentication server 80 may be used.
Here, when the authentication unit 107 gives an operation permission to the web system 105 as a sequence after the login processing is completed (Sq308), the web system 105 receives this and returns a normal response to the web browser 73 (Sq309). ).

“Embodiment 4”
This embodiment shows a configuration example that enables an auto logout operation according to a security policy.
When an MFP (information processing apparatus) is connected to a network and a processing system is configured that can be used from a large number of external information processing apparatuses, as shown in the first embodiment, the logout time limit is set to the user or administrator. If the setting can be changed by the setting, the security to be maintained as the entire system cannot be maintained depending on the setting.
Therefore, a security policy server is provided on the network in order to maintain security in the processing system, and the MFP (information processing apparatus) can be operated with setting conditions according to the policy provided from this server, or Keep security by delegating to security policy server management.
The management by the security policy server limits the setting conditions related to confidentiality to the range determined by the security policy, and the logout time limit (logout time) is the target for the auto logout operation. The higher the security level, the shorter the time limit for logout.
Further, as shown in the first embodiment, the time limit can be limited with the authority of the administrator (see FIGS. 7 and 8). In this case, since the security policy server is an upper management function, the authority of the administrator is also under the management of the security policy (see FIG. 15, described later).

FIG. 14 is a diagram illustrating a main configuration of the MFP according to the present embodiment.
The configuration shown in FIG. 14 is obtained by connecting a security policy server 90 to the network 50 based on the configuration of FIG. 12 shown in the third embodiment. Although the configuration in which the external authentication server 90 is connected is different, the configuration is the same as that shown in the third embodiment, and therefore the common configuration is described with reference to FIG. 12 is based on FIG. 1), and the description is omitted here.
Security policy server 90 stores data defining a security policy therein, and manages MFP 100 connected via the network in accordance with this policy.
FIG. 15 shows an example of setting a policy that defines a security policy.
FIG. 15 shows a setting example when the security level is high (A) and a setting example when the security level is not high (B).
In this setting example, the logout time limit (logout time) related to auto logout is “10 minutes” when the security level is high. If it is not high, “30 minutes” is set. In addition, “not allowed” is set when the security level is high, and “permitted” is set when the security level is not high as “permission of auto logout exception in the web system”.
Therefore, when the security level is high, even the administrator cannot set a long time exceeding the time limit of “10 minutes”. If the security level is not high, the administrator can set more than “30 minutes”.
Since the MFP 100 can exchange information with the security policy server 90 via the network I / F 103, when setting the user time limit, the request necessary for checking the setting items of the security policy related to auto logout Is issued to the security policy server 90 so that the intended check is performed, so that security according to the policy of the system can be maintained.

1 is a diagram illustrating a main configuration of an MFP according to Embodiments 1 and 2 of an information processing apparatus of the present invention. The correspondence table of the time limit used for a user and group combined use system is shown. A correspondence table of operation items, difficulty of operation, and confidentiality of operation is shown. The operation | movement sequence at the time of the log request | requirement corresponding to a Web system (embodiment 1) is shown. A flow diagram of logout processing performed in the authentication unit is shown. The GUI screen of the auto logout setting (A) and the time limit setting (B) corresponding to the user is shown. FIG. 7 is a diagram illustrating a setting operation when changing the setting of a user time limit with administrator authority on the same setting screen as in FIG. 6. FIG. 2 is a diagram illustrating a software configuration of main parts of an MFP according to an embodiment of the image processing apparatus of the present invention. The setting screens used to change the operation confidentiality and operation difficulty settings are shown in (A) and (B), respectively. The setting screen used in order to change the confidentiality setting of an accumulation | storage document is shown. An operation sequence (second embodiment) at the time of log request from the operation panel is shown. It is a figure which shows the principal part structure of MFP concerning Embodiment 3 of the information processing apparatus of this invention. The operation | movement sequence at the time of the log request | requirement corresponding to a Web system (3rd Embodiment) is shown. It is a figure which shows the principal part structure of MFP concerning Embodiment 4 of the information processing apparatus of this invention. In a security policy setting example, (A) shows an example where the level is high, and (B) shows an example where the level is not high.

Explanation of symbols

50..Network, 70..PC, 73..Web browser, 80..External authentication server, 80..Security policy server, 100..MFP (Multi-Function Peripherals), 103..Operation panel, 105 .. web system 107 .. authentication unit 108 .. time measurement unit 109 .. time limit information.

Claims (12)

Information input means for inputting information by an operator's operation;
User authentication means for authenticating that the operator operating the information input means is a specific user;
A no-operation time measuring means for measuring a time during which one user authenticated by the user authentication means does not perform an operation to be continued on the information input means;
A time limit determining means for determining that the time measured by the non-operation time measuring means exceeds a time limit with a variable setting;
Time limit setting means for setting the time limit for each user;
An information processing apparatus comprising: an operation restriction unit that rejects a corresponding operation on condition that the time limit has been exceeded by the time limit determination unit. The information processing apparatus according to claim 1, wherein the user authentication unit is a unit that performs authentication based on a user identifier.
A time limit management means for managing the time limit set in the time limit excess determination means as time information predetermined in association with a user identifier and the identifier;
The time limit setting means refers to time information managed by the time limit management means based on an identifier of the user authenticated by the user authentication means, and sets the obtained time limit information as a time limit for the corresponding user. Information processing apparatus. The information processing apparatus according to claim 1 or 2, wherein the user authentication means is means for performing authentication based on a user identifier.
A time limit management means for managing the time limit set in the time limit excess determination means as time information set in advance in association with the group identifier to which the user identifier belongs,
The time limit changing means refers to time information managed by the time limit management means based on a group identifier to which the user identifier authenticated by the user authentication means belongs, and sets the obtained time limit information as a time limit for the corresponding user. An information processing apparatus characterized by: The information processing apparatus according to any one of claims 1 to 3, wherein the information input unit provides a user with a predetermined operation menu according to input contents.
An operation difficulty level setting means for setting a time limit set in advance in the time limit excess determination means in correspondence with the operation menu, the difficulty level of the operation to the information input means by the user,
An information processing apparatus, wherein a time limit set in the time limit excess determining means is adjusted according to an operation difficulty level set in the operation difficulty level setting means. The information processing apparatus according to any one of claims 1 to 4, wherein the information input unit provides a user with a predetermined operation menu according to input contents.
Operation confidentiality setting means for presetting the confidentiality of the operation to the information input means by the user corresponding to the operation menu,
An information processing apparatus, wherein a time limit set in the time limit excess determining means is adjusted according to the confidentiality of an operation set in the operation confidentiality setting means. The information processing apparatus according to any one of claims 1 to 5, wherein the information input unit provides information related to a predetermined operation target to a user.
An operation target confidentiality setting unit that presets the confidentiality of information related to a predetermined operation target for each operation target,
An information processing apparatus, wherein a time limit set in the time limit excess determining means is adjusted according to confidentiality of information set in the operation target confidentiality setting means. The information processing apparatus according to claim 1, further comprising an administrator authentication unit that authenticates that an operator who operates the information input unit is an administrator.
An information processing apparatus comprising: a setting changing unit capable of changing a time limit set in the time limit excess determining unit by at least one of a user and an administrator. The information processing apparatus according to claim 7,
The information processing apparatus according to claim 1, wherein the setting changing unit is a unit that accepts a user setting change within a time range set by an administrator as a time limit that can be changed. In the information processing apparatus according to claim 7 or 8,
An information processing apparatus comprising: means for setting, by an administrator, permission or non-permission of a change in time limit by a user in the setting change means. The information processing apparatus according to any one of claims 1 to 9,
An information processing apparatus comprising: means for fixing a time limit set in the time limit excess determining means. The server for providing user information including user identification information used by the user authentication means and restriction information predetermined for each user managed by the time limit management means is provided outside. In the information processing apparatus
An information processing apparatus comprising an interface with the server. In the information processing apparatus according to any one of claims 1 to 11, wherein the operation is performed in accordance with a predetermined security policy.
An information processing apparatus comprising: means for adding a restriction according to the security policy to a time limit set in the time limit excess determination means.

Images