1. Field of the Invention
The present invention relates to an image processing system and its management method, and more particularly, to a management method in an image processing system, where an image processing apparatus and a control apparatus are connected, for management of access control to the image processing apparatus by the control apparatus.
2. Description of the Related Art
Today, a system where image processing apparatuses such as a printer, a scanner, a facsimile machine, a copy machine and a multi-function peripheral device having functions of these machines are connected to a personal computer (PC) via a network or the like is widely used. In such a system, jobs executed within the image processing apparatuses or execution-suspended jobs can be managed by the PC. In addition, the restriction to use of functions of the image processing apparatuses can be performed by the PC.
Further, it may be arranged such that the plural image processing apparatuses are connected to a directory server via a network, and jobs in the image processing apparatuses are managed in an integrated manner by using an access control ticket or the like (for example, see Japanese Patent Application Laid-Open No. 2002-202945).
Further, it may be arranged such that a security attribute database is provided within a server, and a document printing apparatus which has accessed the server via the network controls print execution/nonexecution based on the attributes of a document file registered in the database (for example, see Japanese Patent Application Laid-Open No. 2004-152263).
To perform job management on connected image processing apparatuses using the above-described PC, the directory server, the server with a security attribute database or the like, it is necessary to register in advance the image processing apparatuses as the subjects of management into the server or the like. For example, it is necessary for a system administrator to manually register attribute information, functions and the like of the image processing apparatuses as the subjects of management into the PC, the server or the like.
For example, to restrict availability of the functions of image processing apparatuses using an access control ticket, it is necessary to set initial authority in advance on the directory server by manually generating authorizing information regarding the functions specific to the respective image processing apparatuses. Each of the image processing apparatuses may have different functions, and further, the functions may differ depending on apparatus configuration. Accordingly, it is necessary for the system administrator to manually generate and set the authorizing information on the directory server in accordance with the different functions.
Meanwhile, in order to safely deliver and register security information etc. for security setting of information device to a device management apparatus that manages the information deice, a method for mutual authentication utilizing a public key cryptosystem is known (for example, see Japanese Patent Application Laid-Open No. 2004-135195).
As described above, in the conventional image processing systems, to perform job management and function availability restriction in an integrated manner in addition to user authentication using the directory server, the access control ticket or the like, the following operations are required. That is, it is necessary to generate and set information on the functions of the image processing apparatus as the subjects of management and authority setting information (access control information) for use of the functions, in the directory server or the like for management of image processing apparatuses.
However, regarding such access control information, it is impossible for the directory server to obtain the function information of the image processing apparatuses and values of the function authority settings in advance. Accordingly, it is necessary for the administrator of the image processing apparatuses (system administrator) to set values of such access control information in advance by manually generating and registering the information upon installation of the image processing apparatuses.
Therefore, when the installation of the image processing apparatuses has been completed, the system administrator is required to log in to the directory server, and generate and set access control information with referring to management guidance (administrator manual) or the like. Further, as the respective image processing apparatuses are likely to have different functions and apparatus configurations, the system administrator needs to repeatedly perform generation and setting of access control information for each image processing apparatus. Accordingly, each time a new image processing apparatus is installed, the system administrator has to go through this very complicated procedure.
Further, according to the method disclosed in Japanese Patent Application Laid-Open No. 2004-135195, although device information can be automatically registered in a device management apparatus, access control information of the image processing apparatuses cannot be automatically registered. This is because initial values of authority that is a base of access control information (access authority) cannot be automatically set.
Accordingly, in this prior art, for setting of access authority initial values, the system administrator is required to log in to the device management apparatus and set access control information for each image processing apparatus. That is, the system administrator is compelled to perform this troublesome operation.
The present invention has been made to address the above-described problems individually or at once, and it is a feature to realize the following control in an image processing system for management of access control to functions of the image processing apparatuses by a control apparatus. That is, the present invention has a feature to provide an image processing system and its management method for automatic setting of access control information in the control apparatus upon installation of a new image processing apparatus.