JP7230138B2 - Image processing device, method, program and system - Google Patents

Description

The present invention relates to technology for providing a secure authentication method and improving user convenience in network services such as printing and storage.

In recent years, there is FIDO (Fast Identity Online) as a new authentication system including biometric authentication.

Biometric information such as fingerprints and veins used in biometric authentication can be fatally leaked because the information cannot be rewritten unlike passwords in ID/password authentication if the information leaks to the outside. On the other hand, in FIDO, a private key linked to biometric information is registered in the device and a public key is registered in the server by performing registration work in advance with a server that authenticates the user's device. Authentication is performed on the user's device, not on the server via the Internet, and the signature generated using the private key flows over the network as the authentication result. In other words, it can be said that the risk of information leakage is low because the biometric information does not flow on the network.

By the way, conventionally, there is a system in which an MFP (Multi-Functional Peripheral Device) as an image processing device is arranged in a public place such as a convenience store, and data in a print system such as a cloud is downloaded and printed (pull print). is constructed. In such a system, a reservation code is issued from the printing system when the user registers data to be printed in the printing system. By inputting the reservation code into an operation panel of an MFP in a public place, data in the print system can be downloaded and printing can be started. However, this system is not necessarily secure because printing can be done only with a reservation code. In other words, if this reservation code is wiretapped, anyone can print the data.

On the other hand, a system has been proposed in which user authentication is performed by accepting input of a user ID and password of a user registered in a print system through an operation panel of an MFP (see Japanese Patent Application Laid-Open No. 2002-100002). With such a configuration, since the user is authenticated, it is more secure than printing only by entering the reservation code.

In addition, the operation unit of the image processing apparatus accepts the input of a user ID and password, and provides a network storage service (or a storage location with access authority) linked to the authenticated user, and the image processing apparatus There are also systems that store data entered into a storage in a selected storage.

Japanese Patent Application Laid-Open No. 2002-373070

However, when authenticating a service providing system such as a print system, confidential information such as a password is leaked over the network, so there remains a risk of information leakage. In addition, it is not very convenient because it is necessary to input a user ID and a password on the operation unit. Furthermore, when a user ID and password are entered into an operation unit of a device installed in a public place, there is a risk that a third party can steal a glance.

On the other hand, it is assumed that a secure authentication method such as FIDO is applied to perform authentication based on biometric information instead of inputting a user ID and password to an operation unit of a device such as an image processing apparatus. In that case, it may be necessary to register the biometric information and the corresponding private key to the authentication system in the device. For example, it is not necessarily secure to register personal private information such as biometric information and a secret key in an MFP in a public place. In addition, a user who uses multiple convenience stores needs to perform registration work for each device installed at each, which is not very convenient.

SUMMARY OF THE INVENTION The present invention has been made in view of the above conventional example, and it is an object of the present invention to provide a user-friendly and secure authentication method in a system using devices that can be installed in public places. .

The image processing apparatus according to the present invention is an image processing apparatus having a communication function capable of communicating with a mobile terminal , and when the user selects authentication on the mobile terminal, the image processing apparatus is disclosed in association with the user ID of the user. Based on a search using a communication method compatible with the mobile terminal as a transmission destination of verification data issued for use in processing related to authentication in the service providing system in which the key is registered and received by the image processing device a specifying means for specifying an authentication module possessed by the mobile terminal as an authentication module to be authenticated ; and a first transmitting means for transmitting the verification data to the mobile terminal according to the specification of the authentication module. and encrypted data generated using a private key stored in a storage means of the mobile terminal in response to successful biometric authentication of the user by an authentication module of the mobile terminal, and the verification data . is returned from the portable terminal, a second transmission means for transmitting the encrypted data to the service providing system, and for providing the service to the image processing apparatus and the encrypted data is verified in the service providing system with the public key registered in the service providing system.

An object of the present invention is to provide a user-friendly and secure authentication method in the system described above.

Schematic diagram showing an example of the overall system configuration Block diagram showing an example of the internal configuration of each device Block diagram showing an example of the functional configuration of each device Sequence diagram showing print data registration processing Example of screen displayed on client PC Sequence diagram showing authenticator registration processing An example of parameters related to authenticator registration An example of a screen displayed on a mobile device when registering an authenticator 4 is a sequence diagram showing print processing in the system according to the first embodiment; FIG. An example of a screen displayed on the MFP in the first embodiment An example of parameters for authentication Flowchart for explaining the processing of the MFP and mobile terminal in the first embodiment An example of a screen displayed on a mobile terminal during biometric authentication in Embodiment 1 An example of a screen displayed on the MFP in the second embodiment Sequence diagram for explaining an application example of the present invention

EMBODIMENT OF THE INVENTION Hereinafter, the form for implementing this invention is demonstrated using drawing.

(Example 1)
<System configuration>
FIG. 1 is a schematic diagram showing the overall configuration of a system according to an embodiment of the present invention. The system includes an MFP 101 as an example of an image processing apparatus, a mobile terminal 102 owned by a user, a print system 103 as an example of a service providing system, a client PC 104, and the like. As will be described later, the present invention is applicable not only to the print system 103 but also to a network storage service for storing data input by a device such as an MFP and a service providing system for providing SNS providing service.

In addition to the MFP 101, this is an example of a device that can be installed in a public place or the like to which the present invention can be applied. In addition, image processing equipment such as printers, devices equipped with image input devices such as scanners and cameras, digital health equipment (blood pressure measuring devices, treadmills, etc.), ATMs, and 3D printers (which print 3D objects) Also, the present invention can be applied.

The MFP 101 , print system 103 and client PC 104 are connected via a network 105 . The network 105 may be, for example, a LAN such as the Internet, a WAN, a telephone line, a dedicated digital line, an ATM, a frame relay line, a cable television line, a radio line for data broadcasting, or the like. Or a so-called communication network realized by a combination of these.

The MFP 101 is also connected to the mobile terminal 102 via the network 106 . The network 106 includes near field communication such as NFC (Near Field Communication) and BlueTooth (registered trademark), in addition to the above network lines such as LAN.

The client PC 104 is not limited to a desktop PC, and may be a notebook PC, mobile terminal (smartphone or tablet), or the like.

Note that the mobile terminal 102 is a notebook PC, a mobile terminal (smartphone or tablet), or a wearable terminal such as a smart watch or smart glasses.

<Internal configuration of information processing device>
FIG. 2A is a diagram showing an example of the internal configuration of the server PC and client PC 104 that make up the print system 103. As shown in FIG. These can be configured with the hardware of a general information processing device.

The CPU 201 executes programs stored in the ROM 203 and programs such as an OS (Operating System) and applications loaded from the external memory 210 to the RAM 202 . That is, the CPU 201 functions as each processing unit that executes the processing of each flowchart described later by executing the program stored in the readable storage medium. A RAM 202 is a main memory of the CPU 201 and functions as a work area or the like. A keyboard controller 204 controls operation inputs from a keyboard 208 and pointing devices (not shown) (mouse, touch pad, touch panel, trackball, etc.). A display controller 205 controls the display of the display 209 . A disk controller 206 controls data access to an external memory 210 such as a hard disk (HD) or flexible disk (FD) that stores various data. A network I/F 207 is connected to a network and executes communication control processing with other devices connected to the network.

<Internal Configuration of Image Processing Apparatus>
FIG. 2B is a diagram showing an example of the internal configuration of the MFP 101. As shown in FIG. MFP 101 is an example of an image forming apparatus.

The CPU 221 has programs stored in the ROM 223 (including programs for realizing each process described later), and comprehensively controls each device via the internal bus 231 . The RAM 222 functions as a memory and work area for the CPU 221 . The network I/F 225 exchanges data unidirectionally or bidirectionally with external network equipment. A proximity communication I/F 226 is a network I/F for proximity communication such as NFC or BlueTooth, and communicates with the mobile terminal 102 or the like to exchange data. Device control 227 controls printing unit 228 . The CPU 221 performs program execution processing together with the RAM 222 and the ROM 223 and performs processing for recording image data in a recording medium such as the storage device 224 . Storage device 224 functions as an external storage device.

An input/output device 230 represents a plurality of components responsible for input/output in the MFP 101 . Specifically, an input (such as a button input) from the user is received, and a signal corresponding to the input is transmitted to each processing unit described above via the input/output I/F 229 . In addition, the input/output device 230 also includes a display device (such as a touch panel) for providing necessary information to the user and accepting user operations. Additionally, a scanning device for reading documents and accepting electronic data as input may also be included in input/output device 230 .

<Internal configuration of mobile terminal>
FIG. 2C is a diagram showing an example of the internal configuration of the mobile terminal 102. As shown in FIG.

The CPU 242 has programs stored in the ROM 244 (including programs for realizing each process described later), and comprehensively controls each device via the internal bus 241 . The RAM 243 functions as a memory and work area for the CPU 242 . The network I/F 247 exchanges data unidirectionally or bidirectionally with an external network device using WiFi or the like. The CPU 242 performs program execution processing together with the RAM 243 and the ROM 244, and performs processing for recording data in a recording medium such as the storage device 245 or the like. The storage device 224 functions as an external storage device and is configured by an SD card or the like.

The Trusted Platform Module (TPM) 246 is storage means with tamper resistance that prevents stored data from being read from the outside for the purpose of processing or storing confidential information. In the present invention, the biometric information itself used for biometric authentication, the feature amount of the biometric information, the secret key corresponding to the biometric information, and the like are stored. Note that in the following description, the feature amount of a signal indicating biometric information acquired by a sensor may also be simply referred to as biometric information. The biometric information sensor 248 is a sensor that reads the user's biometric information, and converts the user's fingerprint, iris, vein, voiceprint, and face image information into read signals, for example. It is realized using a dedicated reader, camera, microphone, and the like.

The touch panel 249 has two functions of display and input, and displays application screens, keyboards, and the like. Information is output as an information signal to the outside. The application uses the output signal information, so that the user can operate the application through the touch panel 206 . The biometric information sensor 248 and the touch panel 249 can be mounted on top of each other, and a configuration in which the user's fingerprint information is read by operating the touch panel 249 is also possible.

The proximity communication I/F 250 is an I/F compatible with a communication method for proximity communication such as NFC or BlueTooth, like that of the MFP 101. In this embodiment, communication with the MFP 101 is performed via this I/F. conduct.

<MFP Functional Configuration>
FIG. 3A is a block diagram showing an example of the functional configuration of the MFP 101. As shown in FIG. An application 300 runs on the MFP 101 . The application 300 is implemented by the CPU 221 reading a program stored in the ROM 223 of the MFP 101 into the RAM 222 and executing the program.

The application 300 is composed of a display unit 301 , an execution unit 302 , a communication unit 303 and an authentication control unit 304 . A display unit 301 is a software module that displays a UI for listing print data and a UI for accepting execution of printing on a display device. The execution unit 302 is a software module for controlling the printing unit 228 of the MFP 101 to print print data. A communication unit 303 is a software module for communicating with an external device such as the print system 103 using the network I/F 225 and proximity communication I/F 226 . The authentication control unit 304 is a software module that requests authentication processing from an authenticator provided inside the MFP 101 or externally via the network 106 and receives an authentication result. In this example, an example of requesting biometric authentication from an external (portable terminal 102) authenticator via the close proximity communication I/F 226 will be described.

Although the authentication control unit 304 is included in the application 300 in this example, it is not limited to this. For example, the application 300 may be configured independently, and the application 300 may call the independent authentication control unit 304 . By making the authentication control unit 304 independent in this way, it is possible to configure the authentication control unit 304 so that not only the application 300 but also other applications can call the authentication control unit 304 .

<Functional configuration of mobile terminal>
FIG. 3B is a block diagram showing an example of the functional configuration of the mobile terminal 102. As shown in FIG. A browser 340 and an authenticator 350 operate on the mobile terminal 102 . The browser 340 and the authenticator 350 are implemented by the CPU 242 reading programs stored in the ROM 244 of the mobile terminal 102 into the RAM 243 and executing them.

The browser 340 is composed of a display unit 341 , a communication unit 342 and an authenticator registration control unit 343 . The display unit 341 is a software module that uses the touch panel 249 to display the HTML document acquired by the communication unit 342 and receives user operations. A communication unit 342 is a software module for communicating with an external device such as the print system 103 via the network I/F 247 . The authenticator registration control unit 343 is a software module that requests the authenticator to create a credential, which will be described later. In this example, an example of requesting the authenticator 350 to create a credential will be described. Although the authenticator registration control unit 343 is included in the browser 340 in this example, the present invention is not limited to this. For example, it may be configured independently of the browser 340 , and the browser 340 may call the independent authenticator registration control unit 343 . By making the authenticator registration control unit 343 independent in this way, it is possible to configure such that not only the browser 340 but also other applications can call the authenticator registration control unit 343 .

The authenticator 350 is an authentication module that supports biometric authentication using the biometric information sensor 248, and is composed of an authenticator registration processing unit 351, a biometric authentication processing unit 352, an authentication information storage unit 353, and a biometric information requesting unit 354. be. The authenticator registration processing unit 351 is a software module that receives a credential creation request from the authenticator registration control unit 343 of the browser 340 or the like, creates a pair of keys (secret key and public key), and creates credentials. be. The biometric authentication processing unit 352 is a software module that receives a biometric authentication request from the authentication control unit 304 of the application 300 or the like and performs biometric authentication using the biometric information sensor 248 . The authentication information storage unit 353 is a software module that stores authentication information, which will be described later using Table A, in the TPM 246 . The biometric information requesting unit 354 is a software module that displays on the touch panel 249 a UI for accepting input of biometric information from the user.

<Print server functional configuration>
FIG. 3C is a block diagram showing an example of the functional configuration of the print system 103. As shown in FIG. A print service 370 operates in the print system 103 . The print service 370 is implemented by the CPU 201 reading a program stored in the ROM 203 of the server PC that constitutes the print service 370 into the RAM 202 and executing the program.

The print service 370 includes a legacy authentication processing section 371 , an authenticator information processing section 372 , a print data processing section 373 and a communication section 374 . The print service 370 further comprises a user information storage section 375 , an authenticator information storage section 376 , a print data storage section 377 and a presentation section 378 .

In this example, in order to distinguish from biometric authentication, authentication that verifies that a user ID and password match is referred to as legacy authentication. The legacy authentication processing unit 371 is a software module that verifies whether the user ID and password included in the legacy authentication request received by the communication unit 374 match the user ID and password stored in the user information storage unit 375 .

The authenticator information processing unit 372 is a software module that uses the credential received by the communication unit 374 to store information about the authenticator in the authenticator information storage unit 376 . Also, the authenticator information processing unit 372 verifies assertion information (Assertion) received by the communication unit 374, which will be described later. The print data processing unit 373 is a software module that registers print data in the print data storage unit 377 or acquires print data in response to a print data registration or acquisition request received by the communication unit 374 . A communication unit 374 is a software module that communicates with the MFP 101, mobile terminal 102, and client PC 104 to receive requests.

The user information storage unit 375 is a software module that stores user information, which will be described later using Table B, in the external memory 210 or an external storage system (not shown). The authenticator information storage unit 376 is a software module that stores authenticator information, which will be described later using Table E, in the external memory 210 or an external storage system (not shown). The print data storage unit 377 is a software module that stores print data, which will be described later using Table C, in the external memory 210 or an external storage system (not shown).

The presentation unit 378 is a software module that creates an HTML document in response to a screen acquisition request such as an authenticator registration screen acquisition request received by the communication unit 374 . A token management unit 379 is a software module for issuing and verifying tokens, which will be described later.

<Functional configuration of client PC>
FIG. 3D is a block diagram showing an example of the functional configuration of the client PC 104. As shown in FIG. A browser 390 operates on the client PC 104 . The browser 390 is implemented by the CPU 201 reading a program stored in the ROM 203 of the client PC 104 into the RAM 202 and executing the program.

The browser 390 is a software module that displays acquired HTML documents and receives user operations. Browser 390 is a software module for communicating with external devices such as print system 103 .

<Table managed by mobile device>
Table A is an example of an authentication information management table managed by the mobile terminal 102 and shows information stored in the TPM 246 by the authentication information storage unit 353 of the authenticator 350 .

In the authentication information management table, one record represents one entry of authentication information. The authentication information ID column is a unique ID for each authentication information. A service ID column is an ID for uniquely identifying a target service such as the print service 370 of the print system 103 . In this example, the service ID column stores the information of the top level domain and the second level domain. For example, if the URL of the print service 103 is http://www. pull-print. com, the service ID column contains pull-print.com. com is stored. The private key column stores private keys. A public key corresponding to the private key stored in the private key column is registered in the service indicated by the service ID column. The biometric information ID column stores IDs corresponding to feature amounts of biometric information. A procedure for storing information corresponding to each column of the authentication information management table and a procedure for storing the public key in the print service 103 will be described later.

<Tables Managed by Print System 103>
Tables B to F are examples of tables managed by the print service 370 of the print system 103 .

Table B is a user information management table managed by the user information storage unit 375 of the print service 370 . In the user information management table, one record indicates one piece of user information. A user ID column is an ID for uniquely identifying a user of the print service 370 . The password column stores passwords for authenticating users. The email address column stores the email address of the user. In addition to the email address, this table may also store user attribute information such as the user's address.

Table C is a print data management table managed by the print data storage unit 377 of the print service 370 . In the print data management table, one record indicates one print data. The data name column represents the name of data printed by the user, and becomes the name displayed on the MFP 101 in the print flow described later. The print data string is binary data of print data to be printed. The user ID column is an ID that uniquely represents the user of the print service 370 who instructed printing. The reservation code string is for uniquely identifying print data. The reservation code is used to specify print data to be printed by being designated by the user on the MFP 101 in the print flow described later.

Table D is an attestation challenge management table managed by the user information storage unit 375 of the print service 370 . In the attestation challenge management table, one record indicates information of one attestation challenge. The attestation challenge is a parameter used as verification data for challenge-response authentication, and is issued for each user. The process of issuing the attestation challenge will be described later. The attestation challenge column stores the attestation challenge. The User ID column represents the user ID that issued the attestation challenge. The expiration column represents the expiration date of the attestation challenge.

Table E is an authenticator information management table managed by the authenticator information storage unit 376 of the print service 370 . In the authenticator information management table, one record indicates one piece of authenticator information. The value of the authentication information ID column in Table A is stored in the authentication information ID column. The public key column stores the public key paired with the private key in table A created by the authenticator. That is, for the private key and public key having the same authentication information ID in Tables A and E, what is encrypted with the private key in Table A can be decrypted with the public key in Table E. The user ID column stores IDs for uniquely identifying users of the print service 370 .

Table F is a token management table managed by the user information storage unit 375 of the print service 370 . The token is issued by the print service 370 as a result of successful authentication processing. The application 300 or the like attaches the issued token to a print data list request or the like and makes a request to the print service 370 . These processes will be described later with reference to FIG. In the token management table, one record indicates information of one token. The token column stores tokens. The user ID column stores IDs for uniquely identifying users of the print service 370 . The Expiration Date column represents the expiration date of the token. The print service 370 accepts the request if the token attached to the request exists in the token column of the token management table and the expiration date in the expiration date column has not passed.

<Print data registration process>
Registration of print data from the client PC 104 will be described with reference to FIGS. 4 and 5. FIG.

FIG. 4 is a sequence diagram showing print data registration processing of the print system 103 and the client PC 104. As shown in FIG. First, the user inputs the URL of the print instruction acceptance screen to the browser 390 of the client PC 104 .

In step S<b>401 , the browser 390 of the client PC 104 accepts the input of the URL of the print instruction acceptance screen and requests the print service 370 for the print instruction acceptance screen. Redirect to the legacy authentication screen because authentication has not been completed in the first access. Then, in S402, the legacy authentication screen is returned to the browser 390. FIG. Browser 390 displays a legacy authentication screen and accepts input of a user ID and password. Upon receiving input of a user ID and password by user operation, in S403, the browser 390 transmits a legacy authentication request to the print service 370 using the received user ID and password as parameters. In S404, the legacy authentication processing unit 371 of the print service 370 performs legacy authentication. Specifically, the legacy authentication processing unit 371 verifies whether the user ID and password included in the legacy authentication request match the user ID and password stored in the user information storage unit 375 . If they do not match, an authentication error is returned to the browser 390 of the client PC 104 . Note that the sequence diagram of FIG. 4 describes a case where the legacy authentication is successful. At S405, the token management unit 379 of the print service 370 issues a token and saves information about the token in the token management table of the user information storage unit 375 described in Table F. In S<b>406 , the communication unit 374 of the print service 370 responds to the browser 390 of the client PC 104 with the print instruction acceptance screen created by the presentation unit 378 . The response of S406 includes the token issued in S405. For example, set the token to a cookie.

In S407, the browser 390 displays a print instruction acceptance screen. Here, the print instruction acceptance screen will be described with reference to FIG. 5(A). A UI 500 represents a print instruction acceptance screen. The browser 390 analyzes and displays the HTML document of the print instruction acceptance screen received in response to S406. A button 501 is a button for selecting a file to be printed. A button 502 is a button for instructing the print service 370 of the print system 103 to print. By pressing the button 502 , registration of the data selected to be printed with the print service 370 is started.

Returning to the description of FIG. When the browser 390 accepts pressing of the button 502, the process proceeds to S408.

In S408, the browser 390 requests the print service 370 of the print system 103 to issue a print instruction. The print instruction request includes print data and a token of the file to be printed. The token included in the print instruction request is validated by the token management unit 379 of the print service 370 . Specifically, the token management unit 379 of the print service 370 confirms whether the token included in the print instruction request exists in the token management table (Table F) described above and has not expired. If invalid, an authentication error is returned to the browser 390 of the client PC 104 . Note that the sequence diagram of FIG. 4 describes the case where the token is valid.

In S409, the print data processing unit 373 of the print service 370 issues a reservation code. In S410, the print data processing unit 373 of the print service 370 stores the reservation code issued in S408 and the print data received in S407 in the aforementioned print data management table (Table C). In S<b>411 , the communication unit 374 of the print service 370 responds to the browser 390 of the client PC 104 with the print instruction reception completion screen created by the presentation unit 378 . In S412, the browser 390 displays a print instruction acceptance completion screen (FIG. 5B).

In FIG. 5B, the UI 550 represents a print instruction acceptance completion screen. The browser 390 analyzes and displays the HTML document of the print instruction acceptance screen received in response to S411. A text area 551 indicates a reservation code of print data for which a print instruction has been received. By inputting this reservation code from the operation unit of the MFP 101 , print data can be specified for the print service 370 . Designation of print data using a reservation code will be described later.

In this example, the browser 390 of the client PC 104 performs the print data registration process, but the browser 340 of the mobile terminal 102 may perform the process when a file stored in the mobile terminal 102 is to be printed. The print service 370 may also notify the reservation code to the e-mail address of the user who succeeded in the legacy authentication in S404.

<Authenticator registration process>
Processing for registering an authenticator in the print service 370 of the print system 103 will be described with reference to FIGS. 6 to 8. FIG. Here, an example of registering information of the authenticator 350 of the mobile terminal 102 will be described.

FIG. 6 is a sequence diagram showing processing of the mobile terminal 102 and the print system 103 regarding authenticator registration. First, the user inputs the URL of the authenticator registration screen to the browser 340 of the mobile terminal 102 .

In step S601, the browser 340 of the mobile terminal 102 accepts the input of the URL of the authenticator registration screen and requests the print service 370 for the authenticator registration screen. Redirect to the legacy authentication screen because authentication has not been completed in the first access. Then, in S602, the legacy authentication screen is returned to the browser 340. FIG. A display unit 341 of the browser 340 displays a legacy authentication screen and accepts input of a user ID and password. Upon receiving the input of the user ID and password by the user operation, in S603, the communication unit 342 of the browser 340 transmits to the print service 370 a legacy authentication request in which the received user ID and password are set as parameters.

In S604, the legacy authentication processing unit 371 of the print service 370 performs legacy authentication. If the result of legacy authentication is an error, an authentication error is returned to the browser 340 of the mobile terminal 102 . Note that the sequence diagram of FIG. 6 describes a case where the legacy authentication is successful. In S605, the token management unit 379 of the print service 370 issues a token, and the user information storage unit 375 manages information regarding the token in the token management table described in Table F.

In S606, the authenticator information processing unit 372 creates the registration parameter 700. FIG. Here, the registration parameter 700 will be described with reference to FIG. 7(A).

The registration parameter area 700 includes account information 701 , encryption parameters 702 , an attestation challenge 703 , and an authentication extension area 704 . The account information 701 represents attribute information such as the user ID specified by the legacy authentication in S604 in the print service 370 and the email address associated with the user ID. The encryption parameter 702 indicates attribute information related to authentication information to be registered, such as encryption algorithms supported by the print service 370 . The attestation challenge 703 is a parameter as verification data used for challenge-response authentication. The attestation challenge is created when the registration parameters are created in S606, and is stored in the attestation challenge management table in association with the user ID, expiration date, and the like. The authentication extension area 704 stores extension parameters that can be specified by the print service 370 in order for the print service 370 to control the operation of the authenticator 350 and the like. In S<b>607 , the communication unit 374 of the print service 370 responds to the browser 340 of the mobile terminal 102 with the authenticator registration screen created by the presentation unit 378 . The response of S607 includes the token issued in S605 and the registration parameter 700 created in S606.

In S608, the authenticator registration control unit 343 of the browser 340 requests the authenticator 350 to create a credential. The process of S608 is executed when the display unit 341 of the browser 340 reads the authenticator registration screen. For example, the process of S608 is executed when an onload event occurs. The registration request data 720 is included in the credential creation request of S608. The registration request data 720 will now be described with reference to FIG. 7B.

Registration request data 720 includes registration parameter 700 received from print service 370 , print service ID 721 , and WebOrigin 722 . WebOrigin 722 is the origin of print service 370 . The print service ID 721 stores information on the top level domain and second level domain of the print service. For example, if the URL of the print service 370 is http://www. pull-print. com, the print service ID 721 is pull-print.com. com.

Returning to the description of FIG. In S609, the biometric information requesting unit 354 of the authenticator 350 displays the consent screen 800 shown in FIG.

The consent screen 800 prompts the user of the portable terminal 102 to enter biometric information in order to register the authenticator with the print service. A button 801 is a button for canceling without agreeing. The button 802 is provided with a biometric information sensor 248 for reading biometric information such as a fingerprint. The biometric information includes vein, iris, voiceprint, and face image information. Here, any one of these biometric information or a combination of any of a plurality of biometric information is input as the biometric information required for authentication. It is also possible to construct a mobile terminal 102 .

In S<b>610 , the authentication information storage unit 353 creates a biometric information ID that uniquely identifies the feature amount of the biometric information read and the biometric information, and stores it in the TPM 246 . In S611, the authenticator registration processing unit 351 creates a private key/public key pair and an authentication information ID corresponding to the biometric information ID. Then, the authenticator registration processing unit 351 stores the authentication information ID and secret key created in S611 and the biometric information created in S610 in the authentication information management table (Table A) on the TPM 246 for the authentication information storage unit 353. ID and a print service ID 721 included in the registration request data 720 are stored.

In S612, the authenticator registration processing unit 351 creates a credential 740 shown in FIG. 7(C).

The credential 740 is composed of an authentication information ID 741 , an algorithm 742 , a public key 743 and an attestation 744 . The authentication information ID 741 and public key 743 are the public keys created in the process of S611. Algorithm 753 corresponds to the algorithm used to generate the private key and public key pair in S611. The attestation 744 is obtained by encrypting the attestation challenge 703 using the secret key generated in S611.

In S613, the authenticator registration processing unit 351 responds to the browser 340 with the credential 740 created in S612. In S<b>614 , the communication unit 342 of the browser 340 transmits the credential 740 received in S<b>613 to the print service 370 of the print system 103 .

In S615, the authenticator information processing unit 372 of the print service 370 uses the credential 740 to perform authenticator registration processing. Here, the attestation 744 included in the credential 740 is decrypted with the public key 743 included in the same credential 740 to verify that it is not an unauthorized registration request. Furthermore, the authenticator information processing unit 372 of the print service 370 identifies the value obtained by decrypting the Attestation 744 with the public key 743 and the value of the attestation challenge column in the table shown in Table D. Then, the user ID of the record that has the same value as the identified attestation challenge string is set as the user ID that is associated with the credential 740 . The authenticator information processing unit 372 of the print service 370 registers the authentication information ID 741 included in the credential 740, the public key 743, and the user ID associated with the credential 740 in the authenticator information management table (Table E). Finally, the communication unit 374 of the print server 370 responds to the browser 342 of the mobile terminal 102 that the biometric information has been registered normally.

<Print processing from MFP>
Next, a process in which the MFP 101 acquires print data from the print system 103 and prints it will be described with reference to FIGS. 9 to 12. FIG. An example in which authentication with the print system 103 is performed using the mobile terminal 102 will be described.

FIG. 9 is a sequence diagram showing the processing of the MFP 101, mobile terminal 102, and print system 103 until the MFP 101 acquires print data from the print system 103 and prints it.

In S901, the display unit 301 of the application 300 of the MFP 101 displays an authentication and communication method selection screen 1000 shown in FIG. 10A. The selection screen 1000 is composed of buttons 1001-1005.

A button 1001 is a button for obtaining print data by inputting a reservation code. When the user selects the button 1001 , the MFP 101 transmits to the print system 103 a print data acquisition request including the reservation code entered by the user. The print system 103 responds to the MFP 101 with print data matching the reservation code from the print data management table (Table C). The MFP 101 performs print processing of the print data.

A button 1002 is a button for legacy authentication. When the user selects the button 1002, legacy authentication similar to that described in S602 to S604 in FIG. 6 is performed between the MFP 101 and the print system 103 instead of the method using biometric authentication, which will be described later. When the legacy authentication succeeds, the MFP 101 can obtain from the print system 103 a list of print data corresponding to the user ID of the authenticated user managed in the print data management table (Table C).

A button 1003 is a button for performing biometric authentication with a mobile terminal communicating with the MFP 101 by NFC.

A button 1004 is a button for performing biometric authentication with a mobile terminal communicating with the MFP 101 via Bluetooth. When biometric authentication is successful, a list of print data corresponding to the user ID of the authenticated user can be obtained from the print system 103 .

Note that the sequence diagram of FIG. 9 describes an example in which the button 1003 is pressed. Here, regardless of whether the button 1003 or the button 1004 is selected, the only difference is the communication method between the MFP 101 and the portable terminal, and authentication processing executed and parameters handled by each device are substantially the same. When the display unit 301 of the application 300 accepts pressing of the button 1003, the process proceeds to step S902.

In S<b>902 , the communication unit 303 of the application 300 transmits an authentication start request to the print service 370 of the print system 103 .

In S903, the authenticator information processing unit 372 of the print service 370 creates authentication parameters 1100 shown in FIG. 11A.

The authentication parameter 1100 consists of an assertion challenge 1101 and an assertion extension area 1102 . The assertion challenge 1101 is a parameter as verification data used for challenge-response authentication. Assertion extension area 1102 stores extension parameters that print service 370 can specify in order for print service 370 to control the operation of authenticator 350 . In S904, the authentication parameter 1100 generated in S903 is responded to the application 300 of the MFP101.

In S905, the application 300 of the MFP 101 executes authenticator identification processing shown in FIG. 12A. Details of the authenticator identification process will be described later. The processing shown in FIG. 9 describes an example in which the authenticator 350 of the mobile terminal 102 is found in the authenticator identification processing.

In S906, the authentication control unit 304 of the application 300 issues an authentication request to the authenticator 350 of the mobile terminal 102 found in S905 together with the authentication request data 1110 shown in FIG. 11B.

The authentication request data 1110 includes an authentication parameter 1100 generated by the print service 370 , a print service ID 1112 and a web origin 1113 . WebOrigin 722 is the origin of print service 370 . The print service ID 721 stores information on the top level domain and second level domain of the print service. For example, if the URL of the print service 370 is http://www. pull-print. com, the print service ID is pull-print.com. com.

In S907, the authenticator 350 of the mobile terminal 102 shown in FIG. 12B executes biometric authentication processing. Details of the biometric authentication process will be described later. In the processing shown in FIG. 9, an example in which the biometric authentication of the user of the mobile terminal 102 is successful in the biometric authentication processing is described.

In S908, the biometric authentication processing unit 352 of the authenticator 350 returns the assertion information 1120 including the signature 1122 shown in FIG. 11C to the application 300 of the MFP 101. FIG. The assertion information 1120 is composed of an authentication information ID 1121 and a signature 1122 obtained by encrypting the assertion challenge 1101 with a private key corresponding to the user's biometric authentication information.

In S<b>909 , the communication unit 303 of the application 300 transmits the assertion information 1120 received in S<b>908 to the print service 370 of the print system 103 .

At S<b>910 , the authenticator information processing unit 372 of the print service 370 verifies the assertion information 1120 . More specifically, the data obtained by decrypting the signature 1122 included in the assertion information 1120 with the public key specified by the authentication ID 1121 is compared with the assertion challenge 1101 included in the authentication parameter 1100 generated in S903, and a match is found. verifies the correctness of the assertion information. Identification of the public key is performed using the authenticator information management table (Table E).

At S911, the token management unit 379 of the print service 370 issues a user token corresponding to the assertion information 1120 verified at S910. In S<b>912 , the communication unit 374 of the print service 370 returns the token issued in S<b>911 to the application 300 of the MFP 101 .

In step S<b>913 , the communication unit 303 of the application 300 transmits a print data list acquisition request to the print service 370 of the print system 103 together with the token received in step S<b>912 . In S<b>914 , the communication unit 374 of the print service 370 transmits to the application 300 of the MFP 101 a user print data list associated with the token received in S<b>913 . The print data list includes the values of the data name column and reservation code column of the print data management table in Table C, but does not include the values of the print data column, which is binary data, in consideration of the amount of communication.

In S915, the display unit 301 of the application 300 displays the print data list received in S914. Here, the print data list screen will be described with reference to FIG. 10(C). A print data list screen 1040 includes a list 1041 and a button 1042 . A list 1041 displays information of print data and is selectable. The selected print data is to be printed. A button 1042 is a button for instructing execution of printing. When print data is selected in the list 1041 and the display unit 301 of the application 300 accepts pressing of the button 1042, the process proceeds to step S916. In S<b>916 , the communication unit 303 of the application 300 transmits an acquisition request for the print data selected on the print data list screen 1040 to the print service 370 of the print system 103 .

In S<b>917 , the communication unit 374 of the print service 370 transmits the print data specified in S<b>916 to the application 300 of the MFP 101 . The print data transmitted in S917 includes a print data string that is binary data.

In S918, the execution unit 302 of the application 300 executes print processing using the received print data, and the processing shown in this sequence is completed.

FIG. 12A is a flowchart for explaining the details of authenticator identification processing in the MFP 101. FIG.

In S1201, the display unit 301 of the application 300 displays the communication screen 1020 shown in FIG. 10B on the display device, and transitions to S1202. Here, the communication screen 1020 is a screen prompting the user to communicate with the mobile terminal using the communication method selected on the authentication method and communication method selection screen 1000 . A text display area 1021 displays a message prompting NFC communication. If the button 1004 for selecting the Bluetooth communication method is selected on the authentication method and communication method selection screen 1000, the text display area 1021 displays a message prompting Bluetooth pairing.

In S1202, the authentication control unit 304 of the application 300 searches for an authenticator using the communication method selected on the authentication method and communication method selection screen 1000. FIG. At S1203, the authentication control unit 304 of the application 300 determines whether an authenticator is found. If the authenticator is not found, continue searching. If the authenticator is found, the process transitions to S906.

In this way, the MFP 101 searches for an authenticator in the communication method selected on the authentication method and communication method selection screen 1000, thereby identifying the authenticator 350 of the portable terminal 102 owned by the user. processing becomes possible.

FIG. 12B is a flowchart for explaining details of biometric authentication processing in the mobile terminal 102 .

In S1251, the biometric information requesting unit 354 of the authenticator 350 displays the biometric information input request screen 1300 shown in FIG. The input request screen 100 prompts the user of the mobile terminal 102 communicating with the MFP 101 via NFC or Bluetooth to input biometric information as described above. A button 1301 is a button for canceling the input of biometric information. When the button 1301 is pressed, the processing of the flowchart shown in FIG. 12B is terminated, and the processing of the sequence shown in FIG. finish. The button 802 is provided with a biometric information sensor 248 to read biometric information.

At S1252, the biometric information requesting unit 354 of the authenticator 350 monitors whether biometric information has been input by the user. When biometric information is input, the process transitions to S1253. If biometric information has not been entered, monitoring continues.

In S1253, the biometric authentication processing unit 352 of the authenticator 350 acquires the feature amount of the input biometric information of the user, and the authentication information storage unit 353 executes biometric authentication by comparing it with the information already stored in the TPM 246. do. This feature amount is obtained by converting a fingerprint pattern, an iris pattern, a vein shape, or something unique to an individual into a value that does not impair the uniqueness. Biometric authentication is to identify an individual by using a feature amount unique to the individual.

In S1254, the biometric authentication processing unit 352 of the authenticator 350 determines whether the biometric authentication was successful. If successful, the process proceeds to S1255, and if unsuccessful, the process proceeds to S1257.

In S1255, the biometric authentication processing unit 352 of the authenticator 350 identifies the corresponding secret key from the authentication information management table (Table A) based on the print service ID 1112 and the biometric information for which authentication was successful in S1253. In S1256, the biometric authentication processing unit 352 of the authenticator 350 creates a signature 1122 from the assertion challenge 1101 using the identified private key.

In S1257, the biometric information requesting unit 354 of the authenticator 350 displays a message indicating that the biometric authentication was an error, and transitions to S1251 to prompt biometric authentication again. Although not described in this example, the biometric authentication process in S907 may be regarded as an error and the process of the sequence shown in FIG. 9 may be terminated when the biometric authentication process fails a plurality of times.

In the first embodiment, when using a network service such as a print service from the image processing apparatus, authentication for the service can be selected according to the authentication result of biometric authentication on the mobile terminal owned by the user. there is Therefore, in systems that use devices (image processing devices) that can be installed in public places, it is possible to provide a more secure authentication method and more convenient for users than when only legacy authentication is adopted. can provide

(Example 2)
In the first embodiment, biometric authentication is performed when the button 1003 or the button 1004 is pressed on the authentication method and communication method selection screen 1000 . Then, when the biometric authentication is successful, the print data list is acquired from the print system 103 . In the second embodiment, only different parts will be described with reference to FIGS. 9 and 14 regarding an example in which the input of the reservation code is further requested when the button 1003 or the button 1004 is pressed.

FIG. 14A shows a reservation code input screen displayed after the buttons 1003 and 1004 are pressed on the authentication method and communication method selection screen 1000 . A reservation code input screen 1400 is a screen displayed by the display unit 301 of the application 300 . A reservation code input text box 1401 is a text box for receiving input of a reservation code. An authentication button 1402 is a button for starting biometric authentication. When the authentication button 1402 is pressed, the processes after S902 described in FIG. 9 of the first embodiment are executed. S902 to S912 are the same as in the first embodiment.

In the second embodiment, in step S<b>913 , the communication unit 303 of the application 300 adds the reservation code input on the reservation code input screen 1400 and transmits a print data acquisition request to the print service 370 of the print system 103 . . In S<b>914 , the communication unit 374 of the print service 370 identifies print data whose reservation code matches the user associated with the token received in S<b>913 , and transmits the identified print data to the application 300 of the MFP 101 .

In S915, a list of print data is displayed, but since narrowing down is performed by the reservation code in S914, only those corresponding to that code are narrowed down. Note that the reservation code may be associated with a plurality of print data registered at the same time.

FIG. 14B is an example of a print data list screen displayed in the process of S915 in the second embodiment. A print data list screen 1420 is composed of a text area 1421 and a print start button 1422 . The data name of the print data is displayed in the text area 1421, and only one item corresponding to the reservation code is displayed. A print start button 1422 is a button for starting printing. When the display unit 301 of the application 300 detects that the print start button 1422 has been pressed, the processes from S916 onward are executed.

In this example, a print data list screen 1420 is displayed so that the user can confirm the contents of the print data. However, since the print data is limited to one item, the MFP 101 may be configured to automatically acquire the target print data without displaying the print data list screen 1420 and execute the print processing. .

(Application example)
In Embodiments 1 and 2, a print service has been described as an example of a service provided on a network. The present invention can also be applied to other services.

FIG. 15 shows an example of applying the present invention to a service other than a print service. Since the processing from S901 to S912 in FIG. 15 is almost the same as the description in FIG. 9, the description is omitted.

In S1501, the image processing apparatus requests a service list from a service providing system that provides network services (not shown). In S1501, the service providing system returns a list of services available to the authenticated user.

For example, in the case of a service providing system that provides a storage service, a list of storage destinations that can be used by authenticated users is returned to the application 300 of the image processing apparatus. In the case of a business workflow service, a list of work processes that can be used by the authenticated user is returned to the application 300 of the image processing apparatus.

In S1504, the image processing apparatus displays the returned list. It then accepts a selection from the displayed list. In S1504, the image processing apparatus requests the selected service from the service providing system. If the service providing system is a storage service, and if the image processing apparatus is the MFP 101, information indicating the selected storage destination and scanned data as data to be registered are sent to the service providing system. Make a request by sending a If the image processing device is a camera or the like, the request is made by transmitting information indicating the selected storage location and photographed data as data to be registered to the service providing system.

In S1505, the service providing system returns the processing result to the image processing apparatus.

Note that the sequence shown in FIG. 15 conceptually includes the download print mechanism described in the first and second embodiments. In other words, in S1502, the image processing apparatus returns a list of print jobs of the authenticated user. After that, in S1502, the job list is displayed on the image processing apparatus, and a job is selected. In S1504 and S1505, as a selection service, an acquisition request for the selected job is made, and then print processing is performed.

In S1503, it is also possible to select and request a plurality of services at the same time.

(Other examples)
The present invention also includes an apparatus or system configured by appropriately combining the above-described embodiments, and a method therefor.

Here, the present invention is a main device or system that executes one or more software (programs) that realize the functions of the above-described embodiments. A method for implementing the above-described embodiments executed by the device or system is also one aspect of the present invention. Also, the program is supplied to a system or device via a network or various storage media, and read and executed by one or more computers (CPU, MPU, etc.) of the system or device. In other words, one aspect of the present invention includes the program itself or various computer-readable storage media storing the program. The present invention can also be implemented by a circuit (for example, ASIC) that implements the functions of the above-described embodiments.

101 MFPs
102 mobile terminal 103 print system

Claims (12)

An image processing device having a communication function capable of communicating with a mobile terminal,
Issued for use in authentication processing in a service providing system in which a public key is registered in association with a user ID of the user according to the user's selection of authentication using a mobile terminal, and is issued by the image processing apparatus identifying means for identifying an authentication module possessed by the mobile terminal as an authentication module to perform authentication processing based on a search using a communication method compatible with the mobile terminal as a transmission destination of the received verification data; a first transmission means for transmitting the verification data to the mobile terminal in accordance with the identification of the module ;
Encrypted data generated using a private key stored in a storage means of the mobile terminal in response to successful biometric authentication of the user by an authentication module of the mobile terminal and the verification data , a second transmission means for transmitting the encrypted data to the service providing system when returned from the mobile terminal;
An image processing apparatus, wherein the encrypted data is verified by the service providing system with the public key registered in the service providing system in order to provide a service to the image processing apparatus. the image processing apparatus, in addition to performing authentication on the mobile terminal, displaying a first screen for selecting at least one of an authentication method and a communication method;
request means for transmitting a request to the service providing system according to a selection made through the first screen;
2. The identifying means, when receiving the verification data in response to the request, identifies the authentication module according to the communication method selected in response to the selection on the first screen. The image processing device according to . 3. The image processing apparatus according to claim 2 , wherein said display means further displays a second screen showing guidance for searching for an authentication module according to a selection made through said first screen. 4. The portable terminal stores the biometric information for biometric authentication and the secret key in association with each other in the tamper-resistant storage means. The image processing device according to . In the mobile terminal, the secret key and the public key are created when the biometric information of the user is registered in the authentication module,
5. The service providing system according to any one of claims 1 to 4, wherein the public key is transmitted from the portable terminal to the service providing system so as to be registered in association with the user ID of the user in the service providing system. 10. The image processing device according to claim 1. The service providing system is characterized in that, as the service, data registered in the service providing system by the user is provided to the image processing device, and the image processing device prints the provided data. 6. The image processing apparatus according to any one of claims 1 to 5. The image processing device has input means for inputting a code issued when the user registers the data in the service providing system,
7. The image processing apparatus according to claim 6, wherein said service providing system provides said data corresponding to said input code to said image processing apparatus. The service providing system provides, as the service, information indicating a storage location available to the user to the image processing device, and the image processing device responds to the provided information indicating the storage location. 6. The image processing apparatus according to any one of claims 1 to 5, wherein the image processing apparatus transmits data. 9. The image processing apparatus according to claim 8, further comprising an image input device for inputting data to be transmitted with respect to the information indicating the storage location. 10. The biometric information according to any one of claims 1 to 9, wherein the biometric information for biometric authentication is information related to at least one of a fingerprint, vein, iris, voiceprint, and face image of the user. image processing device. A method in an image processing device having a communication function capable of communicating with a mobile terminal,
Issued for use in authentication processing in a service providing system in which a public key is registered in association with a user ID of the user according to the user's selection of authentication using a mobile terminal, and is issued by the image processing apparatus a specifying step of specifying an authentication module possessed by the mobile terminal as an authentication module to perform authentication processing based on a search using a communication method corresponding to the mobile terminal as a transmission destination of the received verification data; a first transmission step of transmitting the verification data to the mobile terminal in accordance with the identification of the module ;
Encrypted data generated using a private key stored in a storage means of the mobile terminal in response to successful biometric authentication of the user by an authentication module of the mobile terminal and the verification data , a second transmission step of transmitting the encrypted data to the service providing system when returned from the mobile terminal;
A method, wherein the encrypted data is verified in the service providing system with the public key registered in the service providing system in order to provide the service to the image processing apparatus. A computer as an image processing device equipped with a communication function that can communicate with a mobile terminal,
Issued for use in authentication processing in a service providing system in which a public key is registered in association with a user ID of the user according to the user's selection of authentication using a mobile terminal, and is issued by the image processing apparatus a specifying step of specifying an authentication module of the mobile terminal as a destination of the received verification data, based on a search using a communication method corresponding to the mobile terminal, as an authentication module to perform an authentication process;
a first transmission step of transmitting the verification data to the mobile terminal in accordance with the identification of the authentication module;
Encrypted data generated using a private key stored in a storage means of the mobile terminal in response to successful biometric authentication of the user by an authentication module of the mobile terminal and the verification data, A program for executing a second transmission step of transmitting the encrypted data to the service providing system when returned from the mobile terminal,
A program, wherein the encrypted data is verified by the service providing system with the public key registered in the service providing system in order to provide the service to the image processing apparatus.

Images