Field of the Invention
The present invention relates to an image forming apparatus, a method of controlling the same, and a storage medium storing a program.
Description of the Related Art
It is advantageous that a personal computer (PC), a server device (a file server, an authentication server), or the like, which is connected to a network in an office, or the like, be operated in accordance with an information security policy determined for the office. An information security policy is a basic strategy regarding information security for a business on the whole, and it is something that summarizes strategy for prevention of information usage and intrusion from an external unit, as well as information leakage.
In addition to PCs and server devices, peripheral devices such as multi-function peripherals and printers are devices that are connected to a network of an office. With multi-function peripherals in recent years, it has become possible to not only simply print and transmit images, but also to store image data, to provide a file service function to a PC, and to fulfill a role similar to that of other server devices that exist on the network. Accordingly, in order to maintain a safe and secure office environment, there is a need for an information security policy to be complied with in multi-function peripherals just as there is in PCs, server devices, or the like. Here, complying with an information security policy means arranging restrictions to operations from a security perspective in order to prevent improper usage of the multi-function peripheral in the office, information leakage, or the like, by making a user authentication necessary when the multi-function peripheral is operated, making the encryption of a communication path necessary, or the like.
An approach to distributing setting values dependent upon an OS in a PC or a server device in order to allow devices to comply with an information security policy has been taken. As a setting value that is dependent upon an OS relating to encryption of a communication path there is “SSL connection required”, or the like, and management is performed such that the information security policy is complied with in a unified manner regardless of which vendor produced the PC. There are systems that are configured so that a user cannot change a setting value that is set by an administrator in order to maintain a state in which an information security policy is complied with (“step-by-step guide: Windows Server 2003 group policy function”, Microsoft, 2005, http://technet.microsoft.com/ja-jp/library/cc973079.aspx).
Meanwhile, for multi-function peripherals, an approach to allowing devices to comply with an information security policy in a unified manner by distributing setting values as with PCs, server devices, or the like, cannot be taken because the items that are settable differ from vendor to vendor. For this reason, a large workload is put on administrators because it is necessary for administrators to set up a state in each device in which the information security policy is complied with having thoroughly understood the many operation settings (hereinafter referred to as “user mode”) of each multi-function peripheral. For example, assume that a setting value for a user mode for performing encryption of a communication path is “use SSL” on a multi-function peripheral of company A, and is “encrypt HTTP communication” on a multi-function peripheral of company B. Here, an administrator performs work to set each and every device to a state in which the information security policy is complied with by comparing the each company's multi-function peripheral user mode setting and the information security policy. Furthermore, if the settings are not performed correctly, an operation that does not comply with the information security policy may be in fact permitted, and there will be the possibility that the security of the office will be threatened.
A system that generates and distributes user modes of a plurality of multi-function peripherals by an administrator inputting in compliance with an information security policy has been proposed (Japanese Patent Laid-Open No. 2008-219419). According to this, an administrator makes a response in compliance with the information security policy to a question displayed on a setting screen on a PC. The system, having received this response, generates settings (hereinafter referred to as “security policy data”) which do not depend on the multi-function peripheral based on the response, and converts from the generated security policy data into user modes depending on the multi-function peripherals which are the destinations of the distribution. By distributing these user modes, it is possible to configure to a state that is in compliance with the information security policy without having knowledge of the multi-function peripheral, even if the multi-function peripherals are different.
As an approach to maintaining a state in which the settings of a multi-function peripheral are in compliance with an information security policy, an approach in which access control with respect to a user mode changed by security policy data is performed can be considered.
More specifically, for each user mode, access control information is held, and the access control information is set to be ON at a timing at which the user mode is set by the security policy data. In this system, configuration is such that a user mode for which the access control information is turned ON cannot be changed by any means other than the security policy.
Explanation is given using a concrete example for the above described system.
FIG. 8A is a conceptual diagram of a setting change for user modes “use ftp print” 802 and “use SSL on Webdav server” 803 that is performed when security policy data 801 for turning ON “prohibit plain text authentication in server function” is distributed. By “prohibit plain text authentication in server function” being turned “ON”, it is indicated that the “setting value” of “use ftp print” is changed from “ON” to “OFF”. Also, it is indicated that “access control information” of “use ftp print” is changed from “OFF” to “ON”. The same is true for reference numeral 803. Also, the arrow symbols in the figure indicate that the setting value of the access control information is turned ON by the setting values becoming a specific value due to the setting values of the security policies being turned ON. Also, each arrow symbol indicates that the setting values of the access control information that are OFF being turned ON by the setting values of the security policies being turned OFF.
FIG. 8B is a conceptual diagram of a setting change for user modes “use ftp print” 805 and “use SSL on Webdav server” 806 that is performed when security policy data 804 for turning OFF “prohibit plain text authentication in server function” is distributed. By “prohibit plain text authentication in server function” being turned “OFF”, “access control information” of “use ftp print” is changed from “ON” to “OFF”. The same is true for reference numeral 806. Because the access control information is turned OFF if the setting of the security policy is turned OFF in this way, it is possible for a user to freely make a setting change.
In such a system, there is a problem in that a contradiction arises in the access control information in a case where there are user modes that are influenced by a plurality of security policies when a portion of the security policies are changed to OFF from a state in which the plurality of security policies are ON.
FIG. 8C is a conceptual diagram for processing for a case in which setting values are not consistent.
Reference numeral 807 denotes “prohibit plain text authentication in server function” being changed from “ON” to “OFF”. Reference numeral 808 denotes there being no setting change for “always verify signature in SMB or Webdav server function”, leaving it “ON”. Reference numeral 809 denotes the access control information being changed from “ON” to “OFF” by “prohibit plain text authentication in server function” being changed to “OFF”. Reference numeral 811 denotes there being no change to the access control information, which is left ON, because “require an SMB signature for an SMB connection” remains ON. Furthermore, reference numeral 810 indicates the access control information being changed from ON to OFF due to “prohibit plain text authentication in server function” being changed to “OFF”.
Meanwhile, because at reference numeral 808, for the access control information “always verify signature in SMB or Webdav server function” is left “ON”, the access control information of reference numeral 810 should be left “ON” similarly to reference numeral 811. However, as in the drawing, when the access control information of reference numeral 810 is turned OFF, the setting of “use SSL on Webdav server” becomes changeable by a user, and there is a problem in that the security policy is not maintained.