JP2015103162A - Image formation device and authentication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a compound machine capable of eliminating a trouble of log-in for a user, and surely preventing log-in by spoofing even if a user ID or a password is leaked.SOLUTION: A compound machine includes: communication means 401 that detects whether or not a portable terminal device is within a predetermined range allowing a short-range radio communication; and first authentication means 402 that, if it detected that the portable terminal device is within the range, obtains authentication information required for user authentication from the portable terminal device via the short-range radio communication, and that performs user authentication of a user who owns the portable terminal device, based on the obtained authentication information and permission information being authentication information of a user allowed to use his/her own device.

Description

  The present invention relates to an image forming apparatus and an authentication method. More specifically, the present invention eliminates the trouble of user login, and can reliably prevent spoofed login even if a user ID or password is leaked. And an authentication method.

  Conventionally, when a user uses an image forming apparatus such as a multifunction peripheral or a copying machine, a user name and a password are input from an operation unit of the image forming apparatus to cause the image forming apparatus to perform user authentication. It was. Thereby, the user who uses the image forming apparatus is managed.

  However, such user authentication has a problem that the user needs to input a user name and a password to the operation unit, which is troublesome. In addition, when a user enters a user name and password, there is a possibility that another user may look into it and know the user name and password. There was a problem that it was possible to login by impersonating by entering.

  In order to solve such a problem, for example, Japanese Patent Laid-Open No. 2006-221546 (Patent Document 1) discloses an information processing apparatus including a magnetic sensor capable of detecting geomagnetism. This information processing apparatus stores in advance a registration means for calculating a direction based on geomagnetism detected by the magnetic sensor that changes in accordance with the orientation of the information processing apparatus, and a password direction consisting of an arbitrary direction. Storage means and collating means for collating the current azimuth calculated by the calculating means and the password azimuth, and when the collating means collates and matches the password azimuth and the current azimuth, It is characterized by performing information processing. This eliminates the need for the user to memorize complicated passwords as in the past, and since the information processing device cannot be accessed without authentication of the password and the current direction, the security function is excellent. An information processing device can be provided.

  Japanese Patent Laid-Open No. 2004-181775 (Patent Document 2) discloses an image forming apparatus having a confidential printing function, which includes a printing unit that prints print data transmitted from a plurality of host devices through a network line, and an operation display unit. Is disclosed. In this image forming apparatus, the operation display unit displays a shortcut icon for switching to an authentication screen for confidential printing on one or more initial screens. By providing a shortcut icon that switches directly to the authentication screen when outputting a confidential document, anyone can easily instruct printing of a confidential job without fear of being mistakenly authenticated. It is possible to obtain an image forming apparatus having a confidential printing function that has little influence on the operation of the above.

  Japanese Patent Application Laid-Open No. 2007-122384 (Patent Document 3) includes display means for displaying first specifying information for specifying a user and receiving means for receiving second specifying information different from the first specifying information. An authentication device is disclosed that authenticates a user using first specific information displayed on the display means and second specific information received by the accepting means. In this authentication apparatus, a table that defines a correspondence relationship between identification information for identifying an external device and the first specific information, detection means for detecting presence or absence of an external device that stores the identification information, and When detecting the presence of an external device, means for acquiring the identification information from the external device, means for reading the first specific information associated with the acquired identification information from the table, and the read first Means for displaying specific information on the display means. As a result, even when the user is authenticated using the first specific information representing the login name and the second specific information representing the password, the user does not need to input both, so the user In addition, even when the first specific information is displayed, the second specific information is configured to be input by the user himself, so that security can be ensured. It is said.

JP 2006-221546 A JP 2004-181775 A JP 2007-122384 A

  However, in the technique described in Patent Document 1, it is necessary to register the orientation at the time of login in advance, which is troublesome and there is a problem that it is not possible to log in if the registered password orientation is forgotten.

  Further, in the technique described in Patent Document 2, when there is a confidential print job, a shortcut for logging in is displayed, but even in this case, the user needs to input a user name and password. There is a problem that it is not possible to reduce user input.

  In the technique described in Patent Document 3, the user name is automatically displayed and the user is only required to input the password. Even in this case, the user needs to input the password. There is a problem that it is troublesome and that it is not possible to reliably prevent password peeping and spoofing login.

  Therefore, the present invention has been made to solve the above-described problem, and it is possible to eliminate the trouble of user login and to reliably prevent spoofed login even if the user ID or password is leaked. An object of the present invention is to provide an image forming apparatus and an authentication method.

  In order to solve the above-described problems and achieve the object, an image forming apparatus according to the present invention is an image forming apparatus capable of short-range wireless communication with a mobile terminal device owned by a user, and adopts the following configuration. .

  That is, according to the present invention, when it is detected that the mobile terminal device is within a predetermined range in which short-range wireless communication is possible, and communication means that detects whether the mobile terminal device is within the range, Authentication information necessary for user authentication is acquired from the mobile terminal device via short-range wireless communication, and the acquired authentication information and permission information that is authentication information of a user permitted to use the own device are obtained. And a first authentication means for performing user authentication of the user who owns the portable terminal device.

  Further, when the first authentication means permits the use of the user, the user authentication is performed again based on any one of the standby information of the portable terminal device, the orientation information, and the user key input. Second authentication means is further provided.

  In addition, when performing user authentication based on standby information of the mobile terminal device, the second authentication unit elapses the detection duration time of the mobile terminal device from the detection time of the mobile terminal device, and It is determined whether or not the detection duration time exceeds a preset threshold time. If the detection duration time exceeds the threshold time as a result of the determination, use of the user is permitted.

  In addition, an electronic compass is mounted in advance on the portable terminal device, and the portable terminal device or the own device acquires azimuth information indicating the azimuth of the portable terminal device based on the electronic compass. And orientation information indicating which direction the reference position of the mobile terminal device is directed is calculated based on reference position information that is a reference position preset in the mobile terminal device. When the second authentication unit performs user authentication based on the orientation information of the mobile terminal device, the orientation information of the mobile terminal device includes authentication orientation information indicating the orientation of the operation unit of the own device. It is determined whether or not the user is compatible. If the direction information corresponds to the authentication direction information as a result of the determination, use of the user is permitted.

  In addition, when the second authentication means performs user authentication based on a user key input, a login key for user authentication is displayed on the operation unit of the mobile terminal device so that the user authentication can be performed. When the key press is detected, the use of the user is permitted.

  Further, when the second authentication means performs user authentication based on the user's key input, a user authentication screen for accepting input of authentication information from the user is displayed on the operation unit of the own device, and the user authenticates. When the input of information is accepted, the use of the user is permitted based on the authentication information and the permission information.

  The present invention can be provided as an authentication method for an image forming apparatus capable of short-range wireless communication with a mobile terminal device owned by a user.

That is, the present invention provides a step of detecting whether or not the mobile terminal device is within a predetermined range in which short-range wireless communication is possible, and when detecting that the mobile terminal device is within the range, Acquire authentication information necessary for user authentication from the mobile terminal device via distance wireless communication, and based on the acquired authentication information and permission information that is authentication information of a user permitted to use the own device. And performing user authentication of the user who owns the portable terminal device. Even with such a configuration, the same effects as described above can be obtained.

  Further, the present invention can be provided as a program for causing a computer to circulate individually via a telecommunication line or the like. In this case, the central processing unit (CPU) realizes the control operation in cooperation with each circuit other than the CPU according to the program of the present invention. Each means realized by using the program and the CPU can also be configured by using dedicated hardware. The program can also be distributed in a state where it is recorded on a computer-readable recording medium such as a CD-ROM.

  According to the image forming apparatus and the authentication method of the present invention, it is possible to eliminate the trouble of log-in of the user and to reliably prevent spoofed log-in even if the user ID or password is leaked.

1 is a conceptual diagram illustrating an overall configuration inside a multifunction peripheral according to the present invention. It is a conceptual diagram which shows the whole structure of the operation part which concerns on this invention. It is a figure which shows the structure of the control system hardware of the multifunctional device which concerns on this invention. FIG. 2 is a functional block diagram of a multifunction machine according to an embodiment of the present invention. It is a flowchart for showing the execution procedure of the embodiment of the present invention. FIG. 6A shows an example of short-range wireless communication between a portable terminal device and a multifunction device according to the embodiment of the present invention, and the orientation relationship between the portable terminal device and the multifunction device according to the embodiment of the present invention. FIG. 7 illustrates an example (FIG. 6B). FIG. 7A shows an example of a login key displayed on the mobile terminal device according to the embodiment of the present invention (FIG. 7A), and an example of a user authentication screen displayed on the operation unit of the multifunction peripheral according to the embodiment of the present invention. It is a figure shown (FIG. 7 (B)).

  Hereinafter, an image forming apparatus according to an embodiment of the present invention will be described with reference to the accompanying drawings for understanding of the present invention. In addition, the following embodiment is an example which actualized this invention, Comprising: The thing of the character which limits the technical scope of this invention is not. Moreover, the alphabet S added before the number in a flowchart means a step.

<Image forming apparatus>
The image forming apparatus according to the embodiment of the present invention is, for example, a normal image forming apparatus, and this image forming apparatus will be described below. FIG. 1 is a schematic diagram of an image forming apparatus according to an embodiment of the present invention. However, details of each part not directly related to the present invention are omitted.

  The image forming apparatus of the present invention corresponds to, for example, a printer, a single scanner, or a multi-function machine equipped with a printer, a copy, a scanner, a fax, and the like, and includes a copy function, a scanner function, a facsimile function, a printer function, and the like. Function as an image forming apparatus.

  The operation of the MFP 100 (MFP: Multi Function Peripheral) when using the copy function will be briefly described below.

  First, when a user uses the multifunction device 100, when the user's own mobile terminal device 300 is brought close to the multifunction device 100, the multifunction device 100 performs user authentication based on the communication unit 200 for short-range wireless communication.

  When the user authentication is completed, the user places the document on the document table 101 provided on the upper surface of the housing unit. Subsequently, the user uses the operation unit 102 (operation panel) provided in the vicinity of the document table 101 to input setting conditions (paper size, transmission destination, etc.) relating to image formation to the initial stage of the operation unit 102. Input from the screen (operation screen). When the user selects a copy function corresponding to image formation and presses a start key provided on the operation unit 102, the multi-function device 100 starts image formation (printing processing).

  Here, in the image reading unit 103, the light emitted from the light source 104 is reflected by the document placed on the document table 101. The reflected light is guided to the image sensor 108 by the mirrors 105, 106, and 107. The guided light is photoelectrically converted by the image sensor 108, and image data corresponding to the original is generated.

  Here, a part for forming a toner image based on the image data is an image forming unit 109. The image forming unit 109 is provided with a photosensitive drum 110. The photosensitive drum 110 rotates in a predetermined direction at a constant speed, and around the charger drum 111, the exposure unit 112, the developing unit 113, the transfer unit 114, the cleaning unit 115, and the like in that order from the upstream side in the rotation direction. Is arranged.

  The charger 111 uniformly charges the surface of the photosensitive drum 110. The exposure unit 112 irradiates the charged surface of the photosensitive drum 110 with a laser based on the image data to form an electrostatic latent image. The developer 113 forms a toner image by attaching toner to the formed electrostatic latent image. The formed toner image is transferred to a recording medium (for example, paper, sheet) by the transfer device 114. The cleaning unit 115 removes excess toner left on the surface of the photosensitive drum 110. A series of these processes is executed by rotating the photosensitive drum 110.

  The sheets are conveyed from a plurality of paper feed cassettes 116 provided in the multi function peripheral 100. When the sheet is conveyed, the sheet is pulled out from any one of the sheet feeding cassettes 116 to the conveyance path by the pickup roller 117. Each sheet cassette 116 stores sheets of different paper types, and the sheets are fed based on setting conditions relating to image formation.

  The sheet pulled out to the conveyance path is fed between the photosensitive drum 110 and the transfer device 114 by the conveyance roller 118 and the registration roller 119. When the sheet is fed, the toner image is transferred to the sheet by the transfer unit 114 and conveyed to the fixing device 120.

  When the sheet on which the toner image is transferred passes between a heating roller and a pressure roller provided in the fixing device 120, heat and pressure are applied to the toner image, and the visible image is fixed on the sheet. The The amount of heat of the heating roller is optimally set according to the paper type, and the fixing is performed appropriately. The visible image is fixed on the sheet and the image formation is completed, and the sheet is discharged by a conveyance roller 118 to a cylinder tray 122 provided in the cylinder of the casing unit via a sheet discharge port 121. Is done. The sheets are stacked and stored on the in-body tray 122. Through the above procedure, the multifunction peripheral 100 provides the user with an image copy function.

  FIG. 2 is a conceptual diagram showing the overall configuration of the operation unit according to the embodiment of the present invention. The user uses the operation unit 102 to input setting conditions for image formation as described above, and to confirm the input setting conditions. When the setting conditions are input, a touch panel 201 (operation panel), a touch pen 202, and operation keys 203 provided in the operation unit 102 are used.

  The touch panel 201 has both a function for inputting setting conditions and a function for displaying the setting conditions. That is, by pressing a key in the screen displayed on the touch panel 201, a setting condition corresponding to the pressed key is input.

  A display unit (not shown) such as an LCD (Liquid Crystal Display) is provided on the back surface of the touch panel 201, and the display unit displays an operation screen such as the initial screen, for example. A touch pen 202 is provided in the vicinity of the touch panel 201. When the user touches the touch pen 201 with the tip of the touch pen 202, a sensor provided under the touch panel 201 detects the touch destination.

  Further, a predetermined number of operation keys 203 are provided in the vicinity of the touch panel 201, and for example, a ten key 204, a start key 205, a clear key 206, a stop key 207, a reset key 208, and a power key 209 are provided.

  Next, the configuration of the control system hardware of the multifunction peripheral 100 will be described with reference to FIG. FIG. 3 is a diagram showing the configuration of the control system hardware of the multifunction peripheral 100 according to the present invention. However, details of each part not directly related to the present invention are omitted.

  The control circuit of the MFP 100 includes a CPU (Central Processing Unit) 301, a ROM (Read Only Memory) 302, a RAM (Random Access Memory) 303, a HDD (Hard Disk Drive) 304, a driver 305 corresponding to each driving unit, and an operation. The unit 102 and the communication unit 200 are connected by an internal bus 306.

  The CPU 301 uses, for example, the RAM 303 as a work area, executes a program stored in the ROM 302, the HDD 304, and the like, and based on the execution result, outputs from the driver 306, the operation unit 102, and the communication unit 200. Data, instructions, signals corresponding to keys, commands, etc. are exchanged to control the operation of each drive unit shown in FIG.

  The communication unit 200 performs short-range wireless communication such as wireless communication using an IC tag, Bluetooth, infrared communication, and the like. For example, the communication unit 200 includes a mobile terminal device 300 such as a smartphone, a tablet terminal device, and a laptop computer. Short-range wireless communication.

  Also, each means (shown in FIG. 4) described later other than the drive unit is realized by the CPU 301 executing a program. The ROM 302, the HDD 304, and the like store programs and data for realizing each means described below.

<Embodiment of the present invention>
Next, the configuration and execution procedure according to the embodiment of the present invention will be described with reference to FIGS. 4 and 5. FIG. 4 is a functional block diagram of the multifunction machine of the present invention. FIG. 5 is a flowchart for showing the execution procedure of the present invention.

  First, when the user carries his / her portable terminal device 300 and turns on the power of the multifunction device 100, the communication unit 401 of the multifunction device 100 activates the communication unit 200 capable of short-range wireless communication (FIG. 5). : S101), as shown in FIG. 6A, it is detected whether or not there is a portable terminal device 300 capable of short-range wireless communication within a predetermined range 600 centering on the communication unit 200 (FIG. 5: S102).

  Here, the range 600 corresponds to a range in which the communication unit 200 can perform near field communication. Further, when the user carrying the mobile terminal device 300 is outside the range 600, the communication unit 401 does not detect the mobile terminal device 300 (FIG. 5: S102 NO).

  The communication unit 401 continues to detect the mobile terminal device 300 included in the predetermined range 600 until the power of the multifunction peripheral 100 is turned off or the short-range wireless communication is stopped by a user instruction or the like.

  On the other hand, when the user enters the state in which the portable terminal device 300 is capable of short-range wireless communication and enters the predetermined range 600 of the communication unit 200 of the multifunction peripheral 100 as shown in FIG. 401 detects that the mobile terminal device 300 is present (FIG. 5: S102 YES), starts short-range wireless communication with the mobile terminal device 300, and notifies the first authentication unit 402 to that effect. Upon receiving the notification, the first authentication unit 402 receives authentication information necessary for user authentication, such as a user name (user ID, “A”, etc.), password, from the mobile terminal device 300 via short-range wireless communication. ("Aaa") is acquired (FIG. 5: S103).

  Then, the first authentication means 402 is based on the acquired authentication information and permission information that is registered in advance in the multifunction device 100 and that is authentication information of a user permitted to use the multifunction device 100. A (first) user authentication of the user who owns the terminal device 300 is performed (FIG. 5: S104).

  The first authentication unit 402 may perform any method for user authentication. For example, the permission information includes a user name of a user who is permitted to use the multifunction device 100 and a password for the user name. And the first authentication unit 402 collates the user name of the acquired authentication information with the user name of the permission information, the password of the user name of the authentication information, and the permission The password of the user name in the information is checked to determine whether or not they match.

  As a result of the determination, when the user name of the authentication information does not match the user name of the permission information, or the password of the user name of the authentication information does not match the password of the user name of the permission information (FIG. 5: S104 NO) The first authentication unit 402 determines that the authentication information does not match the permission information, and disallows the user's use (FIG. 5: S105).

  The first authentication unit 402 may use any method that does not permit the use of the user. For example, a screen on the touch panel 201 indicating that the user of the mobile terminal device 300 is not permitted. Is displayed. As a result, the user can know that the multifunction peripheral 100 cannot be used.

  In addition, after the first authentication unit 402 does not permit the use of the user (FIG. 5: S105), it is assumed that the portable terminal device 300 is within the predetermined range 600 of the communication unit 200 of the multifunction peripheral 100. In addition, user authentication is not performed on the mobile terminal device 300. When the mobile terminal device 300 is out of the predetermined range 600 of the communication unit 200 of the multifunction peripheral 100, the first authentication unit 402 deletes (resets) the authentication information acquired from the mobile terminal device 300. When the mobile terminal device 300 again enters the predetermined range 600 of the communication unit 200 of the multifunction device 100, the process returns to S102 and is repeated.

  On the other hand, in S104, as a result of the determination, the user name of the authentication information matches the user name of the permission information, and the password of the user name of the authentication information matches the password of the user name of the permission information (FIG. 5: S104 YES), the first authentication unit 402 determines that the authentication information matches the permission information, and permits the use of the user.

  As described above, when a user having the portable terminal device 300 capable of short-range wireless communication approaches the multifunction device 100, the multifunction device 100 automatically acquires the authentication information of the portable terminal device 300 and executes user authentication. Therefore, the user does not need to input his / her user name or password for user authentication (login). That is, the user's login work is simplified. Therefore, it is possible to eliminate the trouble of user login. Also, since user authentication is automatically performed by the multi-function device 100 and the mobile terminal device 300 through short-range wireless communication, a third party cannot steal the user name and password. In other words, only the user who owns the mobile terminal device 300 can use the multifunction device 100. Therefore, it is possible to reliably prevent impersonation login of a third party who does not have the mobile terminal device 300.

  Further, in the past, if a user name or password was leaked, it was possible for a third party to log in with impersonation. Since authentication is performed, it becomes impossible to log in as a third party. That is, in the present invention, even if the user name or password is leaked, user authentication cannot be performed without the mobile terminal device 300, so that security can be enhanced.

  By the way, the processing after the first authentication unit 402 executes user authentication by short-range wireless communication may directly permit the use of the user or may perform the second user authentication as will be described later. Absent. For example, the embodiment of the present invention is configured as follows.

  For example, in S <b> 104, the first authentication unit 402 permitted to use the user notifies the second authentication unit 403 to that effect. Receiving the notification, the second authentication unit 403 performs (second) user authentication again based on any of the standby information, orientation information, and user key input of the mobile terminal device 300 (FIG. 5: S106).

  Here, when the second authentication unit 403 performs user authentication based on the standby information of the mobile terminal device 300, for example, the following is performed.

  For example, when the first authentication unit 402 authenticates the user, the second authentication unit 403 passes the detection duration time of the mobile terminal device 300 from the detection time of the mobile terminal device 300 in S106, It is determined whether or not the detection duration has exceeded a preset threshold time (for example, several minutes).

  Here, the detection duration means a time during which the mobile terminal device 300 is within the predetermined range 600, that is, a standby time. For example, the mobile terminal device 300 enters the predetermined range 600, and When the mobile terminal device 300 comes out of the range 600, the detection duration time is stopped when the mobile terminal device 300 comes out.

  For example, when the user only passes through the vicinity of the multifunction device 100, the detection duration time is very short. As a result of the determination, when the detection duration time does not exceed the threshold time (FIG. 5: S106 NO), the second authentication unit 403 determines that the user is simply passing and does not permit the user to use (FIG. 5). : S105). On the other hand, if the user stays in the multifunction peripheral 100 for a long time, the detection duration time is very long. As a result of the determination, when the detection duration time exceeds the threshold time (FIG. 5: S106 YES), the second authentication unit 403 determines that the user wants to log in to the multifunction peripheral 100 and permits the user to use it. . This makes it possible to prevent user authentication of passing users.

  When the second authentication unit 403 performs user authentication based on the orientation information of the mobile terminal device 300, for example, the following is performed.

  First, an electronic compass (magnetic azimuth meter) is mounted in advance on the mobile terminal device 300, and the mobile terminal device 300 can acquire azimuth information indicating its own orientation based on the electronic compass. Next, the mobile terminal device 300 includes azimuth information of the mobile terminal device 300 and reference position information of the mobile terminal device 300 (reference position information serving as a reference position preset in the mobile terminal device, for example, top position information, Direction information indicating which direction the reference position of the mobile terminal device 300 is oriented is calculated based on the head position information).

  This orientation information is calculated by, for example, how far the leading position of the portable terminal device 300 is from the azimuth information of the electronic compass of the portable terminal device 300 with reference to the leading position of the portable terminal device 300. . Specifically, if the direction of the electronic compass is north and the top position of the mobile terminal device 300 is directed to the north direction with respect to the north direction information, the top position is closest to the north direction information. Therefore, the head of the mobile terminal device 300 is calculated as facing north. On the contrary, if the direction of the electronic compass is north and the top position of the portable terminal device 300 is directed to the south direction with respect to the north direction information, the top position is far from the north direction information. The head of the mobile terminal device 300 is calculated as facing south. Note that the east direction is calculated based on a position of 45 degrees with respect to the north direction information, and the west direction is calculated based on a position of 275 degrees with respect to the north direction information.

  As shown in FIG. 6B, for example, the orientation of the operation unit 102 of the multifunction peripheral 100 is set in advance in a predetermined direction (for example, north), and the orientation of the operation unit 102 is authenticated. The information is stored in advance in the multifunction device 100 as orientation information.

  In step S106, the second authentication unit 403 acquires the head direction information of the mobile terminal device 300 from the mobile terminal device 300 by short-range wireless communication, and the acquired direction information is the operation unit 102. It is determined whether or not it corresponds to the authentication direction information indicating the direction of (FIG. 5: S106).

  Whether the acquired orientation information corresponds to the authentication orientation information indicating the orientation of the operation unit 102 is, for example, the orientation information is opposite to the authentication orientation information or included in a predetermined range in the opposite direction. Depending on whether or not

  For example, as shown in FIG. 6B, if the user faces the operation unit 102 of the multifunction device 100 and holds the top of the mobile terminal device 300 over the operation unit 102, the acquired orientation information is This corresponds to authentication direction information indicating the direction of the operation unit 102. Therefore, when the user holds the head of the portable terminal device 300 over the operation unit 102 of the multifunction device 100, the second authentication unit 403 includes the acquired orientation information and authentication direction information indicating the direction of the operation unit 102. It determines with corresponding (FIG. 5: S106 YES), and a user's use is permitted.

  On the other hand, as illustrated in FIG. 6B, when the user is approaching the multifunction peripheral 100 but the top of the mobile terminal device 300 is in the opposite direction to the operation unit 102, the acquired orientation information indicates that the operation This does not correspond to the authentication direction information indicating the direction of the unit 102. Therefore, the second authentication unit 403 determines that the acquired orientation information does not correspond to the authentication orientation information indicating the orientation of the operation unit 102 (FIG. 5: S106 NO), and does not permit the use of the user (FIG. 5). 5: S105). Accordingly, when the user makes an intention to use the multifunction device 100 by operating the mobile terminal device 300, the multifunction device 100 performs user authentication. Therefore, even if there are a plurality of users having portable terminal devices capable of short-range wireless communication in the vicinity of the multi-function device 100, only the user who really wants to authenticate the user can be authenticated.

  When the second authentication unit 403 performs user authentication based on, for example, user key input, the following is performed.

  For example, when the first authentication unit 402 authenticates the user, the second authentication unit 403 uses the operation unit (touch panel) of the mobile terminal device 300 for user authentication as shown in FIG. The login key 700 and the cancel key 701 for making user authentication unnecessary are displayed so as to be pressed (FIG. 5: S106).

  When the user confirms the login key 700 and the cancel key 701 and presses the login key 700, for example, the second authentication unit 403 detects the pressing of the login key 700 via short-range wireless communication. By doing so (FIG. 5: S106 YES), the use of the user is permitted. On the other hand, when the user presses the cancel key 701, the second authentication unit 403 detects the press of the cancel key 701 (FIG. 5: S106 NO), thereby disallowing the user's use (FIG. 5). : S105). As a result, as described above, the MFP 100 performs user authentication based on the user's intention display, and thus can prevent user authentication that does not match the user's intention.

  Further, in order to enhance security, for example, when the first authentication unit 402 performs user authentication, the second authentication unit 403 displays a user authentication screen 702 on the touch panel 201 as shown in FIG. Display above.

  In the user authentication screen 702, a predetermined message “Please enter a user ID and password” 703, a user ID and password input field 704, and a keyboard key 705 for inputting the user ID and password, An OK key 706 and a cancel key 707 are displayed.

  Here, for example, if the user inputs his / her user ID and password into the input field 704 using the keyboard key 705 and presses the OK key 706, the second authentication unit 403 determines that the input user The ID and the registered user ID registered in advance are collated, and the password of the user ID and the registered password of the registered user ID are collated to determine whether or not they match (FIG. 5: S106). .

  Here, the user ID and the password may correspond to the authentication information and permission information used by the first authentication unit 402, or may be set as different authentication information.

  As a result of the determination, if the user ID does not match the registered user ID, or the password of the user ID does not match the password of the registered user ID (FIG. 5: S106 NO), the second authentication unit 403 Is not permitted (FIG. 5: S105).

  On the other hand, as a result of the determination, when the user ID matches the registered user ID and the password of the user ID matches the password of the registered user ID (FIG. 5: S106 YES), the second authentication unit 403 Allows the use of the user.

  As described above, after the first user authentication is completed, the MFP 100 displays the user authentication screen 702 and accepts the user ID and password again to clearly indicate the user's intention to authenticate. If the third party owns the mobile terminal device 300 and does not know the user ID and password, the third party cannot log in. Therefore, unintended user authentication by short-range wireless communication can be prevented, and security can be further improved.

  When the second authentication unit 403 permits the use of the user, the second reception unit 404 notifies the display reception unit 404 to that effect, and the display reception unit 404 that has received the notification displays a predetermined operation screen on the touch panel 201. (FIG. 5: S107).

  While viewing the operation screen, the user operates a function item key for inputting setting conditions such as a copy function, inputs desired setting conditions, places the document on the document table 101, and starts a key. When 205 is pressed, the display receiving unit 404 receives the setting condition and the pressing of the start key 205 and notifies the image forming unit 405 to that effect. Receiving the notification, the image forming unit 405 reads the image data of the original, and executes image formation on a predetermined sheet based on the image data (FIG. 5: S108). Thereby, for example, a print job is executed. The same applies to other jobs.

  Here, the communication unit 401 detects whether or not the mobile terminal device 300 is within the predetermined range 600 even after the user's use is permitted (FIG. 5: S109), and continues to perform the mobile When it is detected that there is the terminal device 300 (FIG. 5: S109 YES), the process returns to S107, and the screen display of the display receiving unit 404 and the job execution of the image forming unit 405 are continued.

  On the other hand, when the user goes out of the range 600 for some reason, the communication unit 401 detects that the portable terminal device 300 is not present (FIG. 5: S109 NO), and the first authentication unit 402 notifies that fact. Notify Upon receiving the notification, the first authentication unit 402 denies use of the currently logged-in user and logs out (FIG. 5: S110). Accordingly, since the user is automatically logged out when the user leaves the multi-function device 100, the user's logout operation can be simplified.

  Thus, according to the present invention, it is detected that the mobile terminal device is within the predetermined range and the communication unit 401 that detects whether the mobile terminal device is within the predetermined range. Then, the authentication information necessary for user authentication is acquired from the mobile terminal device via short-range wireless communication, and the acquired authentication information and the authentication information of the user permitted to use the own device are permitted. And a first authentication unit 402 for performing user authentication of the user who owns the portable terminal device based on the information. As a result, it is possible to eliminate the trouble of the user logging in, and to reliably prevent spoofed login even if the user ID or password is leaked.

  In the embodiment of the present invention, the mobile terminal device 300 is configured to acquire the orientation information based on its own electronic compass and calculate the orientation information of the mobile terminal device, but other configurations may be used. . For example, the multifunction peripheral 100 (second authentication unit 403) acquires the orientation information of the mobile terminal device from the mobile terminal device 300, and the orientation information and a reference position preset in the mobile terminal device Orientation information indicating which direction the reference position of the mobile terminal device is directed may be calculated based on the reference position information.

  In the embodiment of the present invention, the MFP 100 is configured to include each unit. However, a program that realizes each unit may be stored in a storage medium, and the storage medium may be provided. In this configuration, the multifunction device 100 reads the program, and the multifunction device 100 implements the respective units. In that case, the program itself read from the recording medium exhibits the effects of the present invention. Furthermore, it is possible to provide a method for storing the steps executed by each means in a hard disk.

  As described above, the image forming apparatus and the authentication method according to the present invention are useful not only for multifunction peripherals but also for copiers, printers, communication apparatuses, and the like. Even if it is leaked, it is effective as an image forming apparatus and authentication method capable of reliably preventing spoofed login.

DESCRIPTION OF SYMBOLS 100 MFP 102 Operation part 401 Communication means 402 1st authentication means 403 2nd authentication means 404 Display reception means 405 Image formation means

Claims (7)

An image forming apparatus capable of short-range wireless communication with a mobile terminal device owned by a user,
Communication means for detecting whether or not the mobile terminal device is within a predetermined range capable of short-range wireless communication;
When it is detected that the mobile terminal device is within the range, authentication information necessary for user authentication is acquired from the mobile terminal device via short-range wireless communication, and the acquired authentication information An image forming apparatus comprising: first authentication means for performing user authentication of a user who owns the mobile terminal device based on permission information that is authentication information of a user permitted to use the mobile terminal device. When the first authentication means permits the use of the user, the second authentication is performed again based on any one of the standby information of the mobile terminal device, the orientation information, and the user's key input. The image forming apparatus according to claim 1, further comprising: an authentication unit. When the second authentication means performs user authentication based on standby information of the mobile terminal device, the detection continuation time of the mobile terminal device elapses from the detection time of the mobile terminal device, and the detection continues The determination as to whether or not a time exceeds a preset threshold time, and the use of the user is permitted when the detection duration exceeds the threshold time as a result of the determination. Image forming apparatus. An electronic compass is mounted in advance on the mobile terminal device, and the mobile terminal device or the own device acquires orientation information indicating the orientation of the mobile terminal device based on the electronic compass, and the orientation information, Based on the reference position information that is a reference position preset in the mobile terminal device, direction information indicating which direction the reference position of the mobile terminal device is facing is calculated,
When the second authentication unit performs user authentication based on the orientation information of the mobile terminal device, the orientation information of the mobile terminal device corresponds to authentication orientation information indicating the orientation of the operation unit of the own device. The image forming apparatus according to claim 2, wherein the use of the user is permitted when the orientation information corresponds to the authentication orientation information as a result of the determination. When the second authentication means performs user authentication based on the user's key input, the operation unit of the mobile terminal device displays a login key for user authentication so that the user can press the login key. The image forming apparatus according to claim 2, wherein the use of the user is permitted when pressing is detected. When the second authentication means performs user authentication based on the user's key input, a user authentication screen for accepting input of authentication information from the user is displayed on the operation unit of the own device, and the authentication information from the user is displayed. The image forming apparatus according to claim 2, wherein when the input is received, the use of the user is permitted based on the authentication information and the permission information. An authentication method for an image forming apparatus capable of short-range wireless communication with a mobile terminal device owned by a user,
Detecting whether the portable terminal device is within a predetermined range capable of short-range wireless communication;
When it is detected that the mobile terminal device is within the range, authentication information necessary for user authentication is acquired from the mobile terminal device via short-range wireless communication, and the acquired authentication information An authentication method comprising: performing user authentication of a user who owns the mobile terminal device based on permission information that is authentication information of a user permitted to use the device.