1. Field of the Invention
The present invention relates to an image processing system, an image processing apparatus, a recording medium and a data communication establishing method. The present invention more specifically relates to a technique of establishing data communication between an image processing apparatus and a server device in an image processing system in which the image processing apparatus is allowed to use an application service provided by the server device with performing data communication between the image processing apparatus and the server device.
2. Description of the Background Art
A widely known conventional image processing apparatus identified by a name such as a digital complex device or a MFP (multifunction peripheral) is connected to a network, and is capable of performing data communication with a variety of devices connected to the network. Especially in these days, data communication between the image processing apparatus and a server device through the network allows the image processing apparatus to use an application service provided by the server device as a client.
In this case, each server device provides different application service to the image processing apparatus. By way of example, the server device receives image data from the image processing apparatus, and processes the received image data or forwards the image data to another device. So, the server device is able to provide a service which allows sharing with the server device a part or a whole part of a job which used to be executed in a body of the image processing apparatus. Another, the server device executes a processing such as image processing which is not implemented in the image processing apparatus, thereby providing a particular function to the image processing apparatus.
When performing data communication with a device such as the server device through the network, the image processing apparatus needs to prevent wiretapping and others of information released over the network. Therefore, a method such as SSL (Secure Socket Layer) session which provides high security is recently employed as a method of data communication. The SSL session establishes data communication between the image processing apparatus and the server device with exchange of certificate data hold by each device. Once data communication is established, communication is performed between the image processing apparatus and the server device with data being encrypted. Therefore, wiretapping and others may be prevented.
FIG. 13 shows the sequence of operations of the image processing apparatus and the server device for SSL session. A client certificate is registered in advance with an image processing apparatus 102, and a server certificate is registered in advance with a server device 103. When starting data communication with the server device 103, the image processing apparatus 102 sends a request for connection to the server device 103. As receiving the request for connection, the server device 103 transmits the server certificate to the image processing apparatus 102. At the same time, the server device 103 sends a request for transmission of the client certificate (hereafter, request for client certificate) to the image processing apparatus 102 if necessary. In response to the receipt of the request for client certificate, the image processing apparatus 102 transmits the client certificate that is registered in advance to the server device 103. The image processing apparatus 102 and the server device 103 each then acquires the certificate of the other side of communication. The image processing apparatus 102 and the server device 103 each executes authentication processing of the other side of communication. When authentication results in success, a key for encryption and decryption for data communication becomes identifiable. So, after the key becomes identifiable, data communication thereafter may be performed with encrypted data between the image processing apparatus 102 and the server device 103.
As described above, in order to establish data communication between the image processing apparatus and the server device, a client certificate is required to be registered in advance with the image processing apparatus. A following way of registration of the client certificate is conventionally used such as that disclosed for example in Japanese Patent Application Laid-Open No. JP2007-274403 A (called patent document 1). According to the way, for example, a user makes operation of his or her computer, thereby giving instructions to install the client certificate. Then, user-specific user information and the client certificate are transmitted from the computer to the image processing apparatus. When receiving the information and storing the received information in a hard disk drive, the image processing apparatus associates the user-specific user information and the client certificate with each other, and registers therein.
Moreover, widely known conventional technique to select one client certificate from multiple client certificates when the multiple client certificates are registered with the image processing apparatus is disclosed for example in Japanese Patent Application Laid-Open No. JP2008-226046 A (called patent document 2). The technique disclosed therein stores profile information in which information related to each client certificate is defined. According to the technique disclosed for example in the patent document 2, for selection of the client certificate, whether or not respective information defined in the profile information matches the client certificate to be used is searched. If the profile information matches, one client certificate to be used may be selected.
According to the above-described patent document 1, however, the client certificate is associated with the user-specific user information. So, it is possible to have the multiple client certificates to be associated with the user information of one user. It is assumed that the multiple client certificates are associated with the user information, and registered with the image processing apparatus. The image processing apparatus is then made incapable of determining that the image processing apparatus should send which client certificate of the multiple client certificates when receiving the request for client certificate from the server device. In such case, the conventional technique displays the multiple client certificates in a list form, and makes the user to select one client certificate from the list.
FIG. 14 is an example of a conventional screen for selection of the client certificate. In the example, five client certificates are associated with the user information. When such screen for selection of the client certificate is displayed, the user makes operation to select a client certificate to be used from the displayed list. One client certificate to be used for the image processing apparatus is then designated.
The technique brings a problem that the operation as introduced above to select the client certificate is troublesome for the user. Especially, the list of the multiple client certificates only shows information related to each certificate. So, it is difficult for the user to identify which client certificate of the list is the appropriate client certificate which corresponds to the server device the user would like to connect. Therefore, sometimes, the user selects the wrong client certificate and the authentication in the server device results in failure.
On the other hand, the technique disclosed in the patent document 2 allows one client certificate to be selected from the multiple client certificates by searching profile information. However, in this case, the problem is that the search processing takes long time. Also, when the multiple client certificates are extracted as the result of search processing, the technique of the patent document 2 makes the user to select one client certificate from the extracted multiple client certificates. In this case, despite the search processing takes long execution time, the user further needs to make operation to select. So, efficiency and operability of processing are significantly reduced.