JP2017084183A - Authentication system, terminal device, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent leakage of an authentication image.SOLUTION: An information processing device obtains authentication information from the result of reading an authentication image indicating the authentication information. A wireless communication device 13 of a terminal device performs wireless communication with the information processing device. A first display control unit 40D performs control to display the authentication image on an operation panel 11. A determination unit 40A determines whether or not to display the displayed authentication image on the basis of a signal which is received from the information processing device by wireless communication. A second display control unit 40E performs control not to display the displayed authentication image when it is determined that the authentication image is not to be displayed.SELECTED DRAWING: Figure 6

Description

  The present invention relates to an authentication system, a terminal device, and a program.

  As an authentication mechanism, a technique is known in which an authentication image such as a QR code (registered trademark) is displayed on a terminal device such as a smartphone and is read by a device.

  For example, conventionally, a technique for performing authentication by reading a QR code (registered trademark) displayed on a portable terminal device with an information processing apparatus such as an image forming apparatus has been disclosed.

  However, the terminal device may continue to display the authentication image after it is read, and the authentication image may leak.

  In order to solve the above-described problem, an authentication system is an authentication system including an information processing apparatus that acquires the authentication information from a result of reading an authentication image indicating authentication information, and a terminal apparatus that communicates with the information processing apparatus. The terminal device receives from the information processing device through the wireless communication, a communication unit that wirelessly communicates with the information processing device, a first display control unit that performs control to display the authentication image on the display unit, and the wireless communication. A determination unit for determining whether to hide the displayed authentication image based on a signal to be displayed, and to hide the displayed authentication image when it is determined to be non-displayed A second display control unit to be controlled.

  According to the present invention, it is possible to prevent leakage of an authentication image.

FIG. 1 is a schematic diagram illustrating an example of a configuration of an authentication system. FIG. 2 is a schematic diagram illustrating an example of a hardware configuration of the terminal device. FIG. 3 is a schematic diagram illustrating an example of a hardware configuration of the information processing apparatus. FIG. 4 is a schematic diagram illustrating an example of a wireless communication range. FIG. 5 is a schematic diagram illustrating an example of a software configuration of the information processing apparatus. FIG. 6 is a block diagram illustrating a functional configuration example of the terminal device. FIG. 7 is a schematic diagram illustrating an example of a screen displayed on the operation panel. FIG. 8 is a schematic diagram illustrating an example of screen transition of the operation panel. FIG. 9 is a schematic diagram illustrating an example of an execution image. FIG. 10 is a block diagram illustrating a functional configuration example of the information processing apparatus. FIG. 11 is a flowchart illustrating an example of a display processing procedure. FIG. 12 is a flowchart illustrating an example of the procedure of the authentication process. FIG. 13 is a block diagram illustrating a functional configuration example of the terminal device. FIG. 14 is a schematic diagram illustrating an example of a wireless communication range. FIG. 15 is a flowchart illustrating an example of a display processing procedure.

  Hereinafter, embodiments of an authentication system, a terminal device, and a program according to the present embodiment will be described in detail with reference to the accompanying drawings. Hereinafter, a case where the information processing apparatus is applied to a multifunction peripheral (MFP: Multifunction Peripheral (hereinafter referred to as MFP)) will be described as an example, but the present invention is not limited to this. Note that a multifunction peripheral is a device having at least two functions among a printing function, a copying function, a scanner function, and a facsimile function.

  Note that in this specification, portions having the same configuration and function are denoted by the same reference numerals, and detailed description thereof may be omitted.

(First embodiment)
FIG. 1 is a schematic diagram illustrating an example of a configuration of an authentication system 1000 according to the present embodiment.

  The authentication system 1000 according to the present embodiment includes a terminal device 1, an information processing device 2, an authentication server 3, a print server 4, and a PC (personal computer) 5.

  The information processing device 2, the authentication server 3, the print server 4, and the PC 5 are connected via a network 7 so as to be able to exchange data.

  Note that the authentication system 1000 may be configured to include at least the terminal device 1 and the information processing device 2.

  The terminal device 1 is a device that can be carried by a user. The terminal device 1 is, for example, a smartphone, a tablet terminal, a mobile phone, or the like. The terminal device 1 may be any device that has a display function and is portable.

  In the present embodiment, the terminal device 1 displays the authentication image 60.

  The authentication image 60 is an image indicating authentication information. The authentication image 60 is, for example, a two-dimensional code such as a QR code (registered trademark) or a one-dimensional code such as a barcode. In the present embodiment, as an example, a case where the authentication image 60 is a QR code (registered trademark) will be described.

  The authentication information is information used when making an authentication request to the information processing apparatus 2. The authentication information includes one or more types of user identification information. The user identification information is information that can identify the user. The user identification information includes, for example, a user name, a password, an answer to a secret question, a department to which the user belongs. The authentication information may include the type of user identification information required at the time of authentication on the information processing apparatus 2 side to be authenticated. For example, it is assumed that the type of user identification information required at the time of authentication on the information processing apparatus 2 side is a user name and a password. In this case, the authentication information may be information including at least a user name and a password.

  The information processing device 2 acquires authentication information from the reading result of the authentication image 60 displayed on the terminal device 1. Then, the information processing apparatus 2 performs user authentication using the authentication information (details will be described later). When the information processing apparatus 2 permits the execution of the function provided in the information processing apparatus 2 as a result of the user authentication, the information processing apparatus 2 permits the user to execute the function provided in the information processing apparatus 2. .

  The functions provided in the information processing apparatus 2 are, for example, a copy function, a scanner function, a fax function, and a printer function.

  Note that the information processing apparatus 2 may be an apparatus having a function for performing user authentication, and is not limited to the MFP. The information processing device 2 may be, for example, a storage server, an image display device (projector, TV, display, electronic blackboard), a video conference device, or the like.

  A reading device 6 is electrically connected to the information processing device 2. The information processing device 2 and the reading device 6 are connected by, for example, a USB (Universal Serial Bus) cable. Note that the information processing device 2 and the reading device 6 are arranged close enough to be regarded as the same position. For this reason, the position of the information processing device 2 and the position of the reading device 6 in the real space will be described as being the same. Note that the information processing device 2 may include the reading device 6.

  The reading device 6 reads the authentication image 60 and outputs authentication image data as a reading result to the information processing device 2. The reading device 6 is, for example, a QR code (registered trademark) reader or a scanner device.

  For example, the user places the authentication image 60 displayed on the terminal device 1 on the image reading surface of the reading device 6. Then, the reading device 6 reads the authentication image 60 displayed on the terminal device 1 and outputs the authentication image data of the read authentication image 60 to the information processing device 2 as a reading result. The information processing device 2 acquires authentication information indicated by the authentication image 60 using the authentication image data acquired from the reading device 6.

  The authentication server 3 receives authentication information from the information processing apparatus 2 and performs authentication processing (details will be described later). Then, the authentication server 3 transmits the authentication result to the information processing device 2. The PC 5 transmits a print job including print data to be printed to the print server 4. The print server 4 stores the print job received from the PC 5.

  When the information processing apparatus 2 permits the execution of the functions of the information processing apparatus 2, for example, the information processing apparatus 2 displays a list of print jobs stored in the print server 4. Then, the information processing apparatus 2 executes the print job selected by the user's operation instruction or the like.

  Note that a configuration in which at least one of the functions of the print server 4 and the authentication server 3 is installed in the information processing apparatus 2 may be employed.

  Next, an example of the hardware configuration of the terminal device 1 will be described. FIG. 2 is a schematic diagram illustrating an example of a hardware configuration of the terminal device 1.

  The terminal device 1 includes an operation panel 11, an external I / F (interface) 12, a wireless communication device 13, a communication I / F 14, a CPU (Central Processing Unit) 15, a ROM (Read Only Memory) 16, A RAM (Random Access Memory) 17, an SSD (Solid State Drive) 18, and a notification device 19 are provided.

  The operation panel 11, the external I / F 12, the wireless communication device 13, the communication I / F 14, the CPU 15, the ROM 16, the RAM 17, the SSD 18, and the notification device 19 are connected to each other via a bus. ing.

  The CPU 15 comprehensively controls the operation of the terminal device 1. The CPU 15 uses the RAM 17 as a work area (working area) and executes a program stored in the ROM 16 or the SSD 18 to control the operation of the entire terminal device 1 and realize various functional units described later.

  The SSD 18 stores programs and data. Note that the terminal device 1 may be configured to include an HDD (Hard Disk Drive) instead of the SSD 18.

  The operation panel 11 accepts various inputs according to user operations, and displays various information and various images such as a reference screen and an authentication screen described later.

  In the present embodiment, a case will be described in which the operation panel 11 is a touch panel that integrally includes both a reception function for receiving various inputs and a display function for displaying various information. However, the configuration of the operation panel 11 is not limited to such a configuration. For example, the operation panel 11 may be configured separately from an input device that accepts various inputs and a display device that displays various information. The display function of the operation panel 11 corresponds to the display unit of the present invention.

  The external I / F 12 is an interface for communicating with an external memory such as a recording medium.

  The wireless communication device 13 is a communication device for communicating with an external device by wireless communication. In the present embodiment, the wireless communication device 13 is a communication device for performing wireless communication with the information processing device 2. The wireless communication device 13 corresponds to a communication unit of the present invention.

  For example, the wireless communication device 13 communicates according to a communication standard such as Bluetooth (registered trademark). In the present embodiment, as an example, a case will be described in which the maximum distance in which wireless communication by the wireless communication device 13 is possible is 5 m. However, the maximum distance for wireless communication is not limited to 5 m.

  Note that the maximum distance at which the wireless communication device 13 can perform wireless communication may be adjusted as appropriate. For example, the maximum distance at which the wireless communication device 13 can perform wireless communication may be adjusted as appropriate depending on the installation position of the information processing device 2. Specifically, when the information processing device 2 is installed in the vicinity of the passage through which the user passes, the maximum distance that can be wirelessly communicated is adjusted so that not all of the terminal devices 1 possessed by the user are subject to wireless communication ( It is preferable to adjust it so that it becomes shorter. In addition, the desired distance may vary depending on the user. For this reason, the terminal device 1 may be configured to be able to set a maximum distance at which wireless communication is possible.

  The communication I / F 14 is an interface for communicating with an external device via the network 7.

  The notification device 19 is a device for notifying the user of various information. The notification device 19 is, for example, a vibration device, a speaker, or a light.

  Next, an example of the hardware configuration of the information processing apparatus 2 will be described. FIG. 3 is a schematic diagram illustrating an example of a hardware configuration of the information processing apparatus 2.

  The information processing apparatus 2 includes a main body 30 and an operation unit 20. The main body 30 and the operation unit 20 are connected via a dedicated communication path 9 so that they can communicate with each other. As the communication path 9, for example, a USB (Universal Serial Bus) standard is used. The communication path 9 may be wired or wireless. The communication path 9 may be a network such as the Internet or a telephone line. The authentication server 3 and the main body 30 are connected via a network 7 such as the Internet.

  The main body 30 is a device that can realize various functions such as a copy function, a scanner function, a fax function, and a printer function. The main body 30 includes an engine unit 37, a CPU 31, a ROM 32, a RAM 33, an HDD 34, a connection I / F 35, a communication I / F 36, and an engine unit 37. The engine unit 37, the CPU 31, the ROM 32, the RAM 33, the HDD 34, the connection I / F 35, and the communication I / F 36 are connected to each other via a system bus 38.

  The engine unit 37 executes various functions such as a copy function, a scanner function, a fax function, and a printer function. The engine unit 37 is hardware that performs processing other than general-purpose information processing and communication for realizing various functions such as a copy function, a scanner function, a fax function, and a printer function. The engine unit 37 includes, for example, a scanner (image reading unit) that reads an image of a document, a plotter (image forming unit) that performs printing on a sheet material such as paper, and a fax unit that performs fax communication. The engine unit 37 may further include specific options such as a finisher that sorts printed sheet materials and an ADF (automatic document feeder) that automatically feeds documents.

  The CPU 31 comprehensively controls the operation of the main body 30. The CPU 31 controls the overall operation of the main body 30 by executing a program stored in the ROM 32 or the HDD 34 using the RAM 33 as a work area. As a result, the CPU 31 causes the engine unit 37 to execute the above-described copy function, scanner function, fax function, printer function, and the like.

  The connection I / F 35 is an interface for communicating with the operation unit 20 via the communication path 9. The communication I / F 36 is an interface for communicating with the print server 4 and an external device via the network 7.

  Next, the operation unit 20 will be described. The operation unit 20 receives an input corresponding to a user operation. The operation unit 20 has an original OS (Operating System) and a screen transition mechanism. The main body 30 performs an operation according to the input received by the operation unit 20.

  The operation unit 20 includes a CPU 21, a ROM 22, a RAM 23, a flash memory 24, a communication I / F 25, a connection I / F 26, an operation panel 27, a wireless communication device 28, and an external connection I / F 29. These are connected to each other via a bus 8.

  The CPU 21 comprehensively controls the operation of the operation unit 20. The CPU 21 controls the operation of the entire operation unit 20 by executing a program stored in the ROM 22 or the flash memory 24 using the RAM 23 as a work area. By executing this program, the CPU 21 realizes various functions to be described later.

  The connection I / F 26 is an interface for communicating with the main body 30 via the communication path 9.

  The operation panel 27 accepts various inputs in accordance with user operations and displays various information and various images. In the present embodiment, a case will be described in which the operation panel 27 is a touch panel that integrally includes both a reception function for receiving various inputs and a display function for displaying various information. However, the configuration of the operation panel 27 is not limited to such a configuration. For example, the operation panel 27 may be configured separately from an input device that accepts various inputs and a display device that displays various information.

  The wireless communication device 28 is a communication device for communicating with an external device by wireless communication. In the present embodiment, the wireless communication device 28 communicates with the terminal device 1 by wireless communication. For example, the wireless communication device 28 communicates according to a communication standard such as Bluetooth (registered trademark).

  In the present embodiment, the maximum communicable distance by the wireless communication device 28 is the same as that of the wireless communication device 13 provided in the terminal device 1. That is, the maximum communicable distance of the wireless communication device 28 is preferably adjustable as appropriate according to the installation position of the information processing device 2 as with the wireless communication device 13 of the terminal device 1. For example, in an environment in which a plurality of information processing apparatuses 2 are installed, if the information processing apparatus 2 is installed at a relatively close position, the interference can be prevented by shortening the distance. it can. Therefore, it is preferable that the maximum distance in which wireless communication can be performed in the information processing apparatus 2 can be adjusted as appropriate.

  FIG. 4 is a schematic diagram illustrating an example of a wireless communication range. As described above, the information processing device 2 includes the wireless communication device 28, and the terminal device 1 includes the wireless communication device 13. For this reason, the information processing device 2 and the terminal device 1 can perform wireless communication via the wireless communication device 28 and the wireless communication device 13.

  In the real space, the information processing apparatus 2 will be described as being fixedly arranged. On the other hand, the terminal device 1 is carried by the user and moves as the user moves. For this reason, when the terminal device 1 enters the first communication range S1, which is a communication range capable of wireless communication with the information processing device 2, the information processing device 2 and the terminal device located at the center of the first communication range S1. 1 means that wireless communication is possible. On the other hand, when the terminal device 1 moves with the movement of the user and reaches the outside of the first communication range S1, the terminal device 1 and the information processing device 2 are in a state where wireless communication is impossible.

  FIG. 4 shows two terminal devices 1 (terminal device 1a and terminal device 1b) as an example. In the example illustrated in FIG. 4, the terminal device 1a located outside the first communication range S1 cannot wirelessly communicate with the information processing device 2. On the other hand, the terminal device 1b located within the first communication range S1 can wirelessly communicate with the information processing device 2.

  The first communication range S1 is a range in which the information processing device 2 is the center of the circle and the radius is the first distance L1 that is the maximum distance at which the terminal device 1 and the information processing device 2 can perform wireless communication. In the present embodiment, the first distance L1, which is the maximum distance capable of wireless communication, will be described assuming that it is 5 m as described above.

  Next, the software configuration of the information processing apparatus 2 will be described. FIG. 5 is a schematic diagram illustrating an example of a software configuration of the information processing apparatus 2.

  The main body 30 includes an application layer 101, a service layer 102, and an OS layer 103. The entities of the application layer 101, the service layer 102, and the OS layer 103 are various types of software stored in the ROM 32, the HDD 34, or the like. Various functions are provided by the CPU 31 executing these software.

  The software of the application layer 101 is an application program (which may be simply referred to as “application” in the following description) for operating hardware resources and providing a predetermined function. For example, examples of the application include a copy application for providing a copy function, a scanner application for providing a scanner function, a fax application for providing a fax function, a printer application for providing a printer function, and the like.

  The software of the service layer 102 is software that is interposed between the application layer 101 and the OS layer 103 and provides an interface for using hardware resources included in the main body 30 for the application. More specifically, it is software for providing a function of accepting an operation request for a hardware resource and arbitrating the operation request. As an operation request received by the service layer 102, a request such as reading by a scanner or printing by a plotter can be considered.

  Note that the interface function by the service layer 102 is provided not only to the application layer 101 of the main body 30 but also to the application layer 201 of the operation unit 20. That is, the application layer 201 (application) of the operation unit 20 can also realize a function using hardware resources (for example, the engine unit 37) of the main body 30 via the interface function of the service layer 102.

  The software of the OS layer 103 is basic software (operating system) for providing a basic function for controlling hardware included in the main body 30. The software of the service layer 102 converts a hardware resource use request from various applications into a command interpretable by the OS layer 103 and passes the command to the OS layer 103. Then, when the command is executed by the software of the OS layer 103, the hardware resource performs an operation according to the request of the application.

  Similarly, the operation unit 20 includes an application layer 201, a service layer 202, and an OS layer 203. The application layer 201, the service layer 202, and the OS layer 203 included in the operation unit 20 have the same hierarchical structure as that of the main body 30. However, the functions provided by the applications in the application layer 201 and the types of operation requests that can be accepted by the service layer 202 are different from those on the main body 30 side. The application in the application layer 201 may be software for operating a hardware resource included in the operation unit 20 to provide a predetermined function. The application of the application layer 201 is software for providing a UI (user interface) function for performing operations and displaying mainly on functions (copy function, scanner function, fax function, printer function) included in the main body 30. May be.

  In this embodiment, the software of the OS layer 103 on the main body 30 side and the software of the OS layer 203 on the operation unit 20 side are different from each other in order to maintain the independence of functions. That is, the main body 30 and the operation unit 20 operate independently of each other with different operating systems. For example, Linux (registered trademark) may be used as software for the OS layer 103 on the main body 30 side, and Android (registered trademark) may be used as software on the OS layer 203 on the operation unit 20 side.

  As described above, in the present embodiment, the main body 30 and the operation unit 20 operate with different operating systems. For this reason, communication between the main body 30 and the operation unit 20 is performed as communication between different apparatuses, not communication between processes in a common apparatus. The processing (command communication) for transmitting the input (instruction content from the user) received by the operation unit 20 to the main body 30 and the processing for the main body 30 notifying the operation unit 20 of an event correspond to this. In the present embodiment, the function of the main body 30 can be used when the operation unit 20 performs command communication to the main body 30. The event notified from the main body 30 to the operation unit 20 includes the execution status of the operation in the main body 30 and the contents set on the main body 30 side.

  In the present embodiment, a case where power supply to the operation unit 20 is performed from the main body 30 via the communication path 9 will be described. However, the power control of the operation unit 20 may be performed separately (independently) from the power control of the main body 30.

  Next, the functional configuration of the terminal device 1 will be described. FIG. 6 is a block diagram illustrating a functional configuration example of the terminal device 1. Below, it demonstrates focusing on the function regarding the display process performed with the terminal device 1. FIG.

  The terminal device 1 includes a wireless communication device 13, an operation panel 11, a control unit 40, and a storage unit 42. The wireless communication device 13, the operation panel 11, and the storage unit 42 are connected to the control unit 40 so as to be able to exchange data and signals. The storage unit 42 stores various data. The storage unit 42 is realized by, for example, the SSD 18.

  The control unit 40 controls the entire terminal device 1. The control unit 40 is realized by the CPU 15, the ROM 16, the RAM 17, and the like. The control unit 40 may be realized by a circuit or the like.

  Control unit 40 includes a determination unit 40A, a reception unit 40B, and a display control unit 40C. The display control unit 40C includes a first display control unit 40D and a second display control unit 40E.

  Part or all of the determination unit 40A, the reception unit 40B, the display control unit 40C, the first display control unit 40D, and the second display control unit 40E causes a processing device such as the CPU 15 to execute a program, for example. (That is, software). Further, it may be realized by hardware such as an IC (Integrated Circuit) or may be realized in combination.

  The receiving unit 40B receives instruction information from the user. The user inputs various instructions by operating the operation panel 11. The operation panel 11 outputs instruction information indicating each instruction content indicated by an operation instruction by the user to the reception unit 40B.

  In other words, the operation panel 11 outputs the display content and the instruction information corresponding to the instruction position to the reception unit 40B according to the display content displayed on the operation panel 11 and the instruction position by the user on the operation panel 11. To do. The accepting unit 40B accepts instruction information indicating each instruction content indicated by an operation instruction by the user from the operation panel 11.

  The display control unit 40C performs control related to display of various screens and images on the operation panel 11. In the present embodiment, the display control unit 40C includes a first display control unit 40D and a second display control unit 40E.

  The first display control unit 40D performs control to display various screens and images on the operation panel 11. In the present embodiment, the first display control unit 40D performs control to display various screens and images such as a reference screen and an authentication screen on the operation panel 11.

  The reference screen is a screen that is first displayed on the operation panel 11 after releasing the lock state in which the operation input by the user of the operation panel 11 is not accepted. The reference screen is the most basic screen among a plurality of screens prepared as screens to be displayed on the operation panel 11 of the terminal device 1. On the reference screen, information that is the basis of services that can be provided by the terminal device 1 is displayed. The reference screen may be referred to as a home screen.

  In the present embodiment, the reference screen is a screen that does not include the authentication image 60. On the other hand, the authentication screen is a screen including the authentication image 60. Note that the first display control unit 40D can perform control to display various screens other than the reference screen and the authentication screen on the operation panel 11.

  FIG. 7 is a schematic diagram illustrating an example of a screen displayed on the operation panel 11.

  FIG. 7A is a schematic diagram illustrating an example of the reference screen 54. FIG. 7B is a schematic diagram illustrating an example of the authentication screen 56.

  The reference screen 54 includes one or more symbol images 58. However, the reference screen 54 does not include the authentication image 60. The symbol image 58 is an image showing an application program for executing a predetermined function. The application program is installed in the terminal device 1 in advance.

  The symbol image 58 includes, for example, an icon image for receiving an instruction to start an application program, a thumbnail image obtained by reducing an image stored in the terminal device 1, and various data locations stored in the terminal device 1. And a widget image of a widget program that operates on the operation panel 11. The symbol image 58 does not include the authentication image 60.

  The authentication screen 56 includes an authentication image 60. In the present embodiment, the authentication screen 56 includes an authentication image 60 and one or more symbol images 58. The display size of the authentication image 60 included in the authentication screen 56 is a size that can be read by the reading device 6 that reads the authentication image 60.

  In the present embodiment, when the authentication image 60 is displayed on the operation panel 11, the first display control unit 40 </ b> D will be described assuming that the authentication screen 56 including the authentication image 60 is displayed on the operation panel 11. For example, the first display control unit 40D performs control to read the authentication screen 56 from the storage unit 42 and display it on the operation panel 11. As a result, the authentication screen 56 including the authentication image 60 is displayed on the operation panel 11 (see FIG. 7B).

  Note that the timing at which the first display control unit 40D displays the authentication screen 56 on the operation panel 11 is not limited.

  In the present embodiment, as an example, when the display instruction of the authentication image 60 is issued by the first display control unit 40D according to the operation instruction of the operation panel 11 by the user, the first display control unit 40D A case where control for displaying the screen 56 on the operation panel 11 is performed will be described. That is, in the present embodiment, the first display control unit 40D displays the authentication screen 56 to the operation panel 11 when the display instruction information indicating the display instruction of the authentication image 60 is received from the operation panel 11 as the instruction information. Control the display.

  Returning to FIG. 6, the description will be continued. Here, since the authentication image 60 is an image indicating authentication information, confidentiality is required. For this reason, in this Embodiment, the control part 40 has the judgment part 40A and the 2nd display control part 40E.

  The determination unit 40A determines whether or not to hide the authentication image 60 displayed on the operation panel 11 based on a signal received from the information processing device 2 through wireless communication by the wireless communication device 13.

  The signal received by the wireless communication device 13 from the information processing device 2 may include authentication result information indicating the authentication result. The authentication result is a result of user authentication performed on the information processing apparatus 2 side using authentication information indicated by the authentication image 60 displayed on the operation panel 11. The authentication result information indicates authentication success or failure of the authentication information.

  When the signal received by the wireless communication device 13 from the information processing device 2 includes authentication result information indicating authentication failure, the signal further includes failure number information indicating the number of authentication failures (number of authentication failures). May be. In the present embodiment, when the signal received by the wireless communication device 13 includes authentication result information indicating an authentication failure, the case where the signal also includes failure count information will be described as an example.

  Note that the signal received by the wireless communication device 13 from the information processing device 2 may not include the authentication result information. For example, the signal received by the wireless communication device 13 from the information processing device 2 is information indicating a response to the signal transmitted from the terminal device 1 (for example, an ACK (ACKnowledgement) signal or a NAK (Negative ACKnowledgement) signal). There is also. Such a signal does not include authentication result information.

  In the present embodiment, determination unit 40A determines whether or not authentication result information is included in the signal received by wireless communication device 13 from information processing device 2.

  Then, the determination unit 40A determines that the displayed authentication image 60 is not displayed when the authentication result information included in the signal indicates successful authentication.

  In addition, the determination unit 40A displays the displayed authentication image 60 when the time from when the authentication image 60 is displayed on the operation panel 11 until the reception of the signal including the authentication result information is equal to or longer than a predetermined elapsed time. You may judge that it does not display. This elapsed time may be set in advance and stored in the storage unit 42. Further, this elapsed time may be changed as appropriate according to an operation instruction on the operation panel 11 by the user.

  In addition, when the authentication result information indicating the authentication failure is included in the signal received by the wireless communication device 13 from the information processing device 2, the determination unit 40A determines the number of failures indicated by the failure number information included in the signal. If it is equal to or greater than the threshold, it may be determined that the displayed authentication image 60 is not displayed. This threshold value may be set in advance and stored in the storage unit 42. In addition, this threshold value may be appropriately changed by a user's operation instruction on the operation panel 11 or the like.

  In addition, the determination unit 40A is instructed by the user that the number of failures indicated by the failure number information included in the signal received from the information processing device 2 by the wireless communication device 13 is less than that, and re-authentication is not performed. In this case, it may be determined that the displayed authentication image 60 is not displayed.

  For example, when it is instructed not to perform re-authentication by an operation instruction on the operation panel 11 by the user, the operation panel 11 outputs instruction information indicating that re-authentication is not performed to the reception unit 40B. Then, the determination unit 40A may determine that the displayed authentication image 60 is not displayed when the reception unit 40B receives instruction information indicating that re-authentication is not performed.

  The determination unit 40A, when the authentication result information included in the signal indicates successful authentication, when the time from when the authentication image 60 is displayed until the reception of the signal including the authentication result information is equal to or longer than the elapsed time, When the number of failures indicated by the number-of-failures information included in the signal is greater than or equal to a threshold, and when the number of failures is less than the threshold and the user instructs not to perform re-authentication, the at least one condition is satisfied The authentication image 60 may be determined not to be displayed.

  The second display control unit 40E controls the displayed authentication image 60 to be hidden when the determination unit 40A determines that the authentication image 60 is not displayed. For example, the second display control unit 40E performs control so that the authentication image 60 displayed on the operation panel 11 is not displayed.

  In the present embodiment, the second display control unit 40E replaces the authentication screen 56 (FIG. 7B) displayed on the operation panel 11 with the reference screen 54 (FIG. 7A) as the operation panel. 11 is displayed. For example, the second display control unit 40E performs control to read the reference screen 54 from the storage unit 42 and display it on the operation panel 11.

  As a result, the reference screen 54, which is a screen that does not include the authentication image 60, is displayed on the operation panel 11, and the authentication image 60 is not displayed.

  The authentication image 60 is an image to be read by the reading device 6. For this reason, authentication may fail on the information processing device 2 side due to an error in reading the authentication image 60 by the reading device 6 or the like.

  Therefore, the first display control unit 40D enlarges the authentication image 60 displayed on the operation panel 11 when the authentication result information included in the signal received from the information processing device 2 by the wireless communication device 13 indicates an authentication failure. It is preferable to control the display. “Enlarged display” indicates that the display size of the authentication image 60 included in the authentication screen 56 displayed immediately before by the first display control unit 40D is enlarged from the display size being displayed.

  Further, the first display control unit 40D may superimpose and display the message image on the authentication screen 56 when the authentication result information included in the signal received from the information processing device 2 by the wireless communication device 13 indicates an authentication failure. preferable.

  FIG. 8 is a schematic diagram illustrating an example of screen transition of the operation panel 11. For example, the first display control unit 40D displays the authentication screen 56B on the operation panel 11 as the authentication screen 56 when the authentication result information included in the signal received from the information processing device 2 by the wireless communication device 13 indicates an authentication failure. Control. Similar to the authentication screen 56, the authentication screen 56 </ b> B is a screen including the symbol image 58 and the authentication image 60. The authentication screen 56B includes a message image 76 and a message image 77 as message images in the screen. The message image 76 is an image such as a character indicating authentication failure. The message image 77 is an image such as a character indicating whether to instruct re-authentication of the authentication information indicated by the displayed authentication image 60.

  Then, it is assumed that re-authentication of authentication information is instructed by an operation instruction on the operation panel 11 by the user. For example, when the user operates a button image “Yes” for instructing re-authentication displayed on the authentication screen 56B, the operation panel 11 displays re-authentication instruction information for instructing re-authentication of authentication information. Output to the accepting unit 40B. When accepting the re-authentication instruction information, accepting unit 40B outputs it to first display control unit 40D.

  Then, when receiving the re-authentication instruction information, the first display control unit 40D may perform control so that the authentication image 60 displayed on the operation panel 11 is enlarged and displayed. For example, as shown in FIG. 8B, the first display control unit 40D displays the authentication image 60B as the authentication image 60 included in the authentication screen 56B as an authentication image 60C enlarged from the authentication image 60B. Control is performed to display the authentication screen 56 arranged in the operation panel 11 on the operation panel 11. As a result, the enlarged authentication image 60 is displayed on the operation panel 11.

  Here, when the authentication image 60 is displayed on the operation panel 11, the control unit 40 of the terminal device 1 may execute another application program other than the program related to the display processing of the authentication image 60.

  For example, when the authentication image 60 is displayed on the operation panel 11, an application program that performs mail transmission / reception is executed, whereby the display control unit 40 </ b> C performs processing for displaying a message indicating mail reception on the operation panel 11. There is a case.

  In the present embodiment, the authentication screen 56 includes a symbol image 58 together with the authentication image 60 (see FIG. 7B). For this reason, when the authentication screen 56 is displayed on the operation panel 11, the symbol image 58 may be instructed by a user operation instruction on the operation panel 11. In this case, the control unit 40 of the terminal device 1 executes the application program indicated by the instructed symbol image 58. By executing the application program, the display control unit 40C may perform a process of displaying various messages on the operation panel 11 according to the application program being executed.

  Therefore, in the present embodiment, the first display control unit 40D accepts an instruction to execute an application program other than the program related to the display of the authentication screen 56 when the authentication screen 56 is displayed on the operation panel 11. In such a case, an execution image indicating the execution of the application program is superimposed on the authentication image 60 and displayed. The first display control unit 40D preferably performs control so that the execution image is not displayed when the execution of the application program is terminated.

  The execution instruction is output to the control unit 40 when, for example, the symbol image 58 displayed on the operation panel 11 is instructed by the user, or when the control unit 40 executes a predetermined interrupt process or the like. . The first display control unit 40D may perform the above process when receiving the execution instruction while the authentication image 60 is being displayed.

  FIG. 9 is a schematic diagram illustrating an example of the execution image 70. When the first display control unit 40D receives an execution instruction while displaying the authentication image 60 on the operation panel 11, for example, an authentication screen 56C on which the execution image 70 shown in FIG. It is preferable to display. At this time, the color of the authentication image 60 located on the back side of the execution image 70 may be adjusted and displayed in a lighter color than when the execution image 70 is not superimposed.

  The first display control unit 40D may perform control so that the execution image 70 is not displayed when the execution of the application program is terminated. For example, the first display control unit 40D may hide the execution image 70 by displaying the authentication screen 56 shown in FIG. 7B on the operation panel 11.

  Next, a functional configuration of the information processing apparatus 2 will be described. FIG. 10 is a block diagram illustrating a functional configuration example of the information processing apparatus 2. Below, it demonstrates focusing on the function regarding the authentication of the terminal device 1. FIG.

  The information processing apparatus 2 includes an operation panel 27, a control unit 62, a storage unit 66, a wireless communication device 28, a control unit 64, and an engine unit 37. The operation panel 27 and the storage unit 66 are connected to the control unit 62 so as to exchange data and signals. The control unit 62 and the control unit 64 are connected so as to be able to exchange data and signals. The control unit 64 and the engine unit 37 are connected so as to be able to exchange data and signals. The control unit 62 and the storage unit 66 are provided in the operation unit 20 (see FIG. 3). The control unit 64 and the engine unit 37 are provided in the main body 30 (see FIG. 3).

  The storage unit 66 stores various data. The storage unit 66 is realized by, for example, the flash memory 24 (see FIG. 3).

  The control unit 62 controls the operation unit 20. The control unit 62 is realized by the CPU 21, the ROM 22, the RAM 23, and the like. Note that the control unit 62 may be realized by a circuit or the like.

  The control unit 62 includes an acquisition unit 62A, an authentication unit 62B, and a communication control unit 62C. Part or all of the acquisition unit 62A, the authentication unit 62B, and the communication control unit 62C may be realized by causing a processing device such as the CPU 21 to execute a program (that is, software) or hardware such as an IC. It may be realized by or may be realized in combination.

  The acquisition unit 62A acquires authentication information. For example, the acquisition unit 62A acquires authentication image data from the reading device 6 as a result of reading the authentication image 60. Then, the acquiring unit 62A acquires the authentication information indicated by the authentication image 60 by decrypting the acquired authentication image data using a known method.

  The acquisition unit 62A can also acquire authentication information from the operation panel 27. In this case, the acquiring unit 62A displays a login screen on the operation panel 27. The login screen includes an input field for inputting user identification information included in the authentication information. The user directly inputs user identification information via the login screen. Then, the acquisition unit 62A acquires authentication information from the operation panel 27.

  In the present embodiment, a description will be given of a mode in which the acquisition unit 62A acquires authentication information from the reading device 6.

  The authentication unit 62B authenticates whether or not the user identified by the user identification information included in the authentication information is permitted to execute the function provided in the information processing apparatus 2. This authentication may be referred to as user authentication. By permitting the execution of the function provided in the information processing apparatus 2, the user enters a so-called “login” state with respect to the information processing apparatus 2.

  In the present embodiment, the authentication unit 62B makes an authentication request to the authentication server 3. Specifically, the authentication unit 62B transmits authentication request information including the authentication information received by the acquisition unit 62A to the authentication server 3.

  The authentication server 3 includes, for example, a communication unit 3A, an authentication processing unit 3B, and a storage unit 3C. The storage unit 3C stores user management information in advance. The user management information is information in which authentication information of a user who can use the information processing apparatus 2 is associated with authority information indicating a function of the information processing apparatus 2 that can be used by the user identified by the user identification information. .

  When the communication unit 3A of the authentication server 3 receives the authentication request information from the information processing device 2, the communication unit 3A outputs the authentication request information to the authentication processing unit 3B. The authentication processing unit 3B determines whether authentication information included in the received authentication request information is registered in the user management information. Then, if registered, the authentication processing unit 3B processes the result information including authentication result information indicating successful authentication and authority information corresponding to the authentication information via the communication unit 3A. Transmit to device 2. On the other hand, if the authentication information is not registered in the user management information, the authentication processing unit 3B transmits result information including authentication result information indicating authentication failure to the information processing apparatus 2 via the communication unit 3A.

  The authentication unit 62B of the information processing device 2 receives the result information from the authentication server 3 via the communication I / F 25 (see FIG. 3). Then, when the received result information includes authentication result information indicating successful authentication, the authentication unit 62B outputs authentication result information indicating successful authentication to the communication control unit 62C.

  If the received result information includes authentication result information indicating successful authentication, the authentication unit 62B outputs the result information to the control unit 64. Further, the authentication unit 62B displays an operation screen including a button image for selecting a function of the information processing apparatus 2 indicated by the authority information included in the result information on the operation panel 27.

  Therefore, when the authentication result information indicates successful authentication, an operation including a button image that can instruct the user identified by the user identification information included in the authentication information to execute a function permitted to the user. A screen is displayed on the operation panel 27. For this reason, the information processing apparatus 2 is in a state in which a function corresponding to the button image included in the operation screen can be executed.

  On the other hand, when the received result information includes authentication result information indicating an authentication failure, the authentication unit 62B counts the number of authentication failures using the corresponding authentication information. Then, failure count information indicating the number of authentication failures, which is the number of authentication failures, and authentication result information indicating the authentication failure are output to the communication control unit 62C.

  The communication control unit 62C controls the wireless communication device 28. In the present embodiment, communication control unit 62C controls wireless communication device 28 so as to repeatedly transmit a predetermined signal. For this reason, the terminal device 1 can determine that the terminal device 1 is located in the first communication range S1 by determining whether or not the signal transmitted from the wireless communication device 28 has been received. Become.

  Further, when the communication control unit 62C receives the authentication result information from the authentication unit 62B, the communication control unit 62C controls the wireless communication device 28 to transmit a signal including the received authentication result information.

  Specifically, the communication control unit 62C controls the wireless communication device 28 to transmit a signal including the authentication result information indicating the successful authentication when the authentication result information indicating the successful authentication is received from the communication control unit 62C. . On the other hand, when the communication control unit 62C receives the authentication result information indicating the authentication failure from the communication control unit 62C, the communication control unit 62C transmits a signal including the authentication result information indicating the authentication failure and the failure frequency information received from the communication control unit 62C. Thus, the wireless communication device 28 is controlled.

  Next, the control unit 64 will be described. The control unit 64 controls the main body 30. The control unit 64 is realized by the CPU 31, the ROM 32, the RAM 33, and the like. Note that the control unit 64 may be realized by a circuit or the like.

  The control unit 64 includes a reception unit 64A and an engine control unit 64B. Part or all of the acquisition unit 64A and the engine control unit 64B may be realized by causing a processing device such as the CPU 31 to execute a program (that is, software) or may be realized by hardware such as an IC. It may be realized in combination.

  The receiving unit 64A receives a print job from the print server 4. And it outputs to the engine control part 64B. The engine control unit 64B controls the engine unit 37 so as to execute a function corresponding to the button image instructed by the operation of the operation panel 27 by the user. For example, when the execution of the printing function is instructed by the operation of the operation panel 27 by the user, the engine control unit 64B controls the engine unit 37 so as to execute printing based on the print job received by the receiving unit 64A. .

  At this time, the control unit 62 displays a list of print jobs stored in the print server 4 on the operation panel 27. Then, the engine control unit 64B may execute the print job selected by the user's operation instruction or the like.

  FIG. 11 is a flowchart illustrating an example of a procedure of display processing executed by the terminal device 1 according to the present embodiment.

  First, the determination unit 40A determines whether or not wireless communication with the information processing apparatus 2 is possible (step S300). If a negative determination is made in step S300 (step S300: No), this routine ends. The case where a negative determination is made in step S300 is a case where the terminal device 1 is located outside the first communication range S1.

  If an affirmative determination is made in step S300 (step S300: Yes), the process proceeds to step S302. The case where an affirmative determination is made in step S300 is a case where the terminal device 1 is located within the first communication range S1.

  Next, the receiving unit 40B determines whether an instruction to display the authentication image 60 has been received from the operation panel 11 (step S302). If a negative determination is made in step S302 (step S302: No), the process returns to step S300. If an affirmative determination is made in step S302 (step S302: Yes), the process proceeds to step S304.

  In step S304, the first display control unit 40D performs control to display the authentication screen 56 on the operation panel 11 (step S304). Through the processing in step S304, the authentication image 60 is displayed on the operation panel 11 (see FIG. 7B).

  Next, the determination unit 40A determines whether or not the wireless communication device 13 has received a signal from the information processing device 2 (step S306). If an affirmative determination is made in step S306 (step S306: Yes), the process proceeds to step S308.

  In step S308, the determination unit 40A determines whether or not the authentication result information is included in the signal received in step S306 (step S308). If authentication result information is not included, a negative determination is made in step S308 (step S308: No), and the process proceeds to step S310.

  In step S310, the second display control unit 40E determines whether or not the time t after the authentication screen 56 is displayed on the operation panel 11 in step S304 is equal to or longer than a predetermined elapsed time T (step S310). S310). In other words, in step S310, the second display control unit 40E has a time t from when the authentication image 60 is displayed on the operation panel 11 until a signal including the authentication result information is received is equal to or longer than a predetermined elapsed time T. Determine whether or not.

  If a negative determination is made in step S310 (step S310: No), the process returns to step S306. If an affirmative determination is made in step S310 (step S310: Yes), the process proceeds to step S312.

  In step S312, the determination unit 40A determines that the authentication image 60 is not displayed (step S312). When the determination unit 40A determines that the authentication image 60 is not displayed (step S314: Yes), the process proceeds to step S316.

  In step S316, the second display control unit 40E controls to hide the authentication image 60 displayed on the operation panel 11 (step S316). In the present embodiment, the second display control unit 40E replaces the authentication screen 56 (FIG. 7B) displayed on the operation panel 11 with the reference screen 54 (FIG. 7A) as the operation panel. 11 is displayed. By this control, the second display control unit 40E hides the authentication image 60. Then, this routine ends.

  If the determination unit 40A does not determine that no display is to be performed (step S314: No), the process returns to step S306.

  On the other hand, when the determination unit 40A determines in step S308 that the authentication result information is included in the signal received in step S306 (step S308: Yes), the process proceeds to step S318.

  In step S318, the determination unit 40A determines whether or not the authentication result information included in the signal received in step S306 indicates authentication success (step S318). When the determination unit 40A determines that the authentication is successful (step S318: Yes), the process proceeds to step S312. That is, the determination unit 40A determines that the authentication image 60 is not displayed.

  On the other hand, when the determination unit 40A determines that the authentication has failed in Step S318 (Step S318: No), the process proceeds to Step S320. In step S320, the determination unit 40A determines whether or not the number of failures indicated by the failure number information included in the signal received in step S306 is greater than or equal to the threshold value M (step S320). M is an integer of 1 or more.

  If the number of failures is greater than or equal to the threshold value M (step S320: Yes), the process proceeds to step S312. That is, the determination unit 40A determines that the authentication image 60 is not displayed.

  When the number of failures is less than the threshold value M (step S320: No), the process proceeds to step S322. In step S322, the first display control unit 40D superimposes and displays the message image 77 (see FIG. 8) on the authentication screen 56 (step S322). By the processing in step S322, the authentication screen 56B shown in FIG.

  Next, the first display control unit 40D determines whether or not re-authentication instruction information for instructing re-authentication of authentication information has been received from the operation panel 11 via the reception unit 40B (step 324). If a negative determination is made in step S324 (step S324: No), the process proceeds to step S312. That is, the determination unit 40A determines that the authentication image 60 is not displayed.

  When it is determined that the re-authentication instruction information has been received (step S324: Yes), the process proceeds to step S326. In step S326, the first display control unit 40D cancels the superimposed display of the message image (see FIG. 8) (step S326). Then, the first display control unit 40D performs control so that the authentication image 60 displayed on the operation panel 11 is enlarged and displayed (step 328). By the processing in step S328, the authentication screen 56 including the enlarged authentication image 60C is displayed on the operation panel 11 (see FIG. 8B). Then, the process returns to step S306.

  On the other hand, if the determination unit 40A determines in step S306 that the wireless communication device 13 does not receive a signal from the information processing device 2 (step S306: No), the process proceeds to step S330.

  In step S330, the receiving unit 40B determines whether or not an instruction to execute the application program has been received (step S330). In step S330, the receiving unit 40B determines whether or not an instruction to execute the application program indicated by the symbol image 58 included in the authentication screen 56 displayed on the operation panel 11 is received. For example, it is assumed that the user designates one display area among a plurality of symbol images 58 included in the authentication screen 56. Then, the operation panel 11 may output an instruction to execute the application program indicated by the symbol image 58 displayed in the designated display area to the reception unit 40B.

  If no execution instruction is accepted (step S330: No), the process returns to step S306. On the other hand, when the execution instruction is accepted (step S330: Yes), the process proceeds to step S332.

  In step S332, the first display control unit 40D superimposes and displays the execution image displayed during the execution of the application program indicated by the execution instruction received in step S330 on the authentication screen 56 (step S332). By the process of step S332, for example, the authentication screen 56C on which the execution image 70 is superimposed is displayed on the operation panel 11 (see FIG. 9).

Next, the first display control unit 40D determines whether or not the execution of the application program has been completed (step S334). If a negative determination is made in step S334 (step S334: No), the process returns to step S332. On the other hand, if an affirmative determination is made in step S334 (step S334: Yes), the process proceeds to step S336.

  In step S336, the first display control unit 40D cancels the superimposed display of the execution screen (for example, the execution image 70) (step S336). By the processing in step S336, the operation panel 11 returns to the state in which the authentication screen 56 (see FIG. 7B) is displayed. Then, the process returns to step S306.

  Next, an example of the authentication process executed by the information processing apparatus 2 will be described. FIG. 12 is a flowchart illustrating an example of an authentication processing procedure executed by the information processing apparatus 2.

  First, the acquisition unit 62A determines whether or not the authentication image data of the authentication image 60 has been acquired from the reading device 6 (step S400). If a negative determination is made in step S400 (step S400: No), this routine ends. On the other hand, if a positive determination is made in step S400 (step S400: Yes), the process proceeds to step S402.

  In step S402, the acquisition unit 62A decrypts the authentication image data acquired in step S400 using a known method (step S402). Thereby, the acquiring unit 62A acquires the authentication information indicated by the authentication image 60 (step S404).

  Next, the authentication unit 62B performs authentication using the authentication information acquired in step S404 (step S406).

  Next, when the authentication is successful, the authentication unit 62B controls the wireless communication device 28 so as to transmit a signal including authentication result information indicating the authentication success to the terminal device 1 as the authentication source (step S408). Further, in the case of authentication failure, the authentication unit 62B performs wireless communication so as to transmit a signal including authentication result information indicating authentication failure and failure number information indicating the number of failures to the terminal device 1 that is the authentication source. The device 28 is controlled (step S408).

  If the authentication in step S406 is an authentication failure (step S410: No), the process returns to step S400. On the other hand, if the authentication in step S406 is successful (step S410: Yes), the user identification information included in the authentication information used for authentication is stored in the storage unit 66 (step S412).

  And the authentication part 62B performs a login transfer process (step S414). The login transition process is a button image for selecting the function of the information processing device 2 indicated by the authority information included in the result information received from the authentication server 3 while outputting the authentication information and the authority information to the control unit 64. This is a process for displaying an operation screen including “” on the operation panel 27.

  Therefore, in the case of successful authentication, the operation panel 27 includes a button image that can instruct the user identified by the user identification information included in the authentication information to execute the function permitted to the user. An operation screen is displayed on the operation panel 27. When the authentication is successful, the information processing apparatus 2 is in a state where the engine unit 37 can execute the function that is instructed to be executed by the operation of the operation panel 27 by the user.

  Next, the authentication unit 62B determines whether or not logout is instructed (step S416). For example, the authentication unit 62B determines in step S416 by determining whether or not logout is instructed by an operation instruction on the operation panel 27 by the user.

  The authentication unit 62B repeats the negative determination until an affirmative determination is made in step S416 (step S416: Yes) (step S416: No). If an affirmative determination is made in step S416 (step S416: Yes), the process proceeds to step S418.

  In step S418, the authentication unit 62B executes a logout transition process (step S418). The logout transition process is a process for deleting the user identification information stored in the storage unit 66 in step S412 from the storage unit 66. The logout transition process also includes a process for displaying a login screen including an input field for inputting user identification information of a new user on the operation panel 27.

  For this reason, the information processing apparatus 2 enters a state (logout state) in which execution of the function provided in the information processing apparatus 2 is disabled for the user identified by the user identification information used in the immediately preceding login transition process. Transition. Then, this routine ends.

  As described above, the authentication system 1000 according to the present embodiment includes the terminal device 1 and the information processing device 2. The information processing apparatus 2 acquires the authentication information from the reading result of the authentication image 60 indicating the authentication information. The terminal device 1 includes a wireless communication device 13 (communication unit), a first display control unit 40D, a determination unit 40A, and a second display control unit 40E.

  The wireless communication device 13 performs wireless communication with the information processing device 2. The first display control unit 40D performs control to display the authentication image 60 on the operation panel 11 (display unit). The determination unit 40A determines whether or not to display the displayed authentication image 60 based on a signal received from the information processing device 2 by wireless communication. The second display control unit 40E performs control so that the displayed authentication image 60 is not displayed when it is determined that the display is not displayed.

  As described above, in the authentication system 1000 according to the present embodiment, the terminal device 1 hides the authentication image 60 displayed on the operation panel 11 based on the signal received from the information processing device 2 by wireless communication. Control. For this reason, it is suppressed that the authentication image 60 continues being displayed on the operation panel 11. FIG.

  Therefore, the authentication system 1000 according to the present embodiment can prevent the authentication image 60 from leaking.

  Further, the signal received from the information processing apparatus 2 can include authentication result information indicating the authentication success or failure of the authentication information indicated by the authentication image 60. Then, when the authentication result information included in this signal indicates successful authentication, the determination unit 40A can determine that the displayed authentication image 60 is not displayed.

  The determination unit 40A is displayed when the time from when the authentication image 60 is displayed on the operation panel 11 (display unit) until reception of the signal including the authentication result information is equal to or longer than a predetermined elapsed time. It can be determined that the authentication image 60 is not displayed.

  In addition, the first display control unit 40D may perform control so that the displayed authentication image 60 is enlarged when the authentication result information included in the signal received from the information processing device 2 indicates an authentication failure. it can.

  In addition, the terminal device 1 can include a receiving unit 40B that receives re-authentication instruction information for instructing re-authentication of authentication information. Then, the first display control unit 40D performs control to enlarge the displayed authentication image 60 when the authentication result information included in the signal indicates an authentication failure and the re-authentication instruction information is received. can do.

  The signal may include authentication result information indicating authentication failure and failure number information indicating the number of authentication failures. Then, the determination unit 40A can determine that the displayed authentication image 60 is not displayed when the number of failures indicated by the failure number information included in the signal is equal to or greater than a threshold value.

  Further, the first display control unit 40D displays a reference screen 54 including an authentication image 60 and a symbol image 58 indicating an application program for executing a predetermined function on the operation panel 11 (display unit). be able to. When the first display control unit 40D receives an execution instruction of the application program indicated by the symbol image 58, the first display control unit 40D superimposes and displays an execution image 70 indicating the execution of the application program on the authentication image 60, and When execution of the application program is finished, the execution image 70 can be controlled to be hidden.

(Second Embodiment)
In the present embodiment, a mode will be described in which the determination unit 40A determines whether or not to hide the authentication image 60 using a plurality of conditions from a signal received from the information processing apparatus 2 by wireless communication.

  FIG. 1 is a schematic diagram illustrating an example of the configuration of an authentication system 1000A according to the present embodiment. The authentication system 1000A is the same as the authentication system 1000 of the first embodiment except that the terminal device 1A is provided instead of the terminal device 1. Further, the hardware configuration of the terminal device 1A is the same as the hardware configuration of the terminal device 1 (see FIG. 2).

  FIG. 13 is a block diagram illustrating a functional configuration example of the terminal device 1A.

  The terminal device 1 </ b> A includes a wireless communication device 13, an operation panel 11, a control unit 41, and a storage unit 42. The wireless communication device 13, the operation panel 11, and the storage unit 42 are connected to the control unit 41 so as to exchange data and signals. The storage unit 42 stores various data. The storage unit 42 is realized by, for example, the SSD 18. The terminal device 1A is the same as the terminal device 1 of the first embodiment, except that the control unit 41 is provided instead of the control unit 40.

  The control unit 41 controls the entire terminal device 1A. The control unit 41 is realized by the CPU 15, the ROM 16, the RAM 17, and the like. The control unit 41 may be realized by a circuit or the like.

  The control unit 41 includes a determination unit 41A, a reception unit 40B, and a display control unit 40C. The display control unit 40C includes a first display control unit 40D and a second display control unit 40E. Part or all of the determination unit 41A, the reception unit 40B, the display control unit 40C, the first display control unit 40D, and the second display control unit 40E causes a processing device such as the CPU 15 to execute a program, for example. (I.e., software), hardware such as an IC, or a combination thereof.

  The control unit 41 is the same as the control unit 40 of the first embodiment except that the determination unit 41A is provided instead of the determination unit 40A.

  The determination unit 41A has the same function as the determination unit 40A of the first embodiment. That is, when the authentication result information included in the signal received by wireless communication from the information processing device 2 indicates that authentication is successful, the determination unit 41A displays the authentication image 60 until the signal including the authentication result information is received. If the time is equal to or greater than the elapsed time T, the user may determine that the number of failures indicated by the failure number information included in the signal is greater than or equal to the threshold value M, and that the number of failures is less than the threshold value M When instructed, it is determined that the authentication image 60 is not displayed when at least one of the conditions is satisfied.

  In the present embodiment, determination unit 41A further determines that authentication image 60 is not displayed even when any of the following conditions is satisfied.

  In the present embodiment, the determination unit 41A includes an estimation unit 41F. The estimation unit 41F estimates the distance between the terminal device 1A in which the determination unit 41A is mounted and the information processing device 2 based on the signal received from the information processing device 2 by the wireless communication device 13.

  For example, the estimation unit 41F estimates the distance between the terminal device 1A and the information processing device 2 from the signal strength of the received signal.

  Then, the determination unit 41A determines that the displayed authentication image 60 is not displayed when the distance estimated by the estimation unit 41F is equal to or greater than the second distance. The second distance is a distance less than the first distance, which is the maximum distance at which wireless communication with the information processing apparatus 2 is possible. The first distance is the same as in the first embodiment.

  FIG. 14 is a schematic diagram illustrating an example of a wireless communication range. The information processing device 2 includes a wireless communication device 28, and the terminal device 1 A includes a wireless communication device 13. For this reason, the information processing device 2 and the terminal device 1 </ b> A can perform wireless communication via the wireless communication device 28 and the wireless communication device 13.

  Note that, similarly to the first embodiment, the information processing apparatus 2 is described as being fixedly arranged in the real space. On the other hand, the terminal device 1A is carried by the user and moves as the user moves. For this reason, when the terminal device 1A enters the first communication range S1, which is a communication range capable of wireless communication with the information processing device 2, the information processing device 2 and the terminal located at the center of the first communication range S1. The wireless communication with the device 1A is possible. On the other hand, when the terminal device 1A moves with the movement of the user and reaches the outside of the first communication range S1, the terminal device 1A and the information processing device 2 are in a state incapable of wireless communication.

  In FIG. 14, three terminal devices 1A (terminal device 1c, terminal device 1d, and terminal device 1e) are shown as an example. In the example shown in FIG. 14, the terminal device 1c located outside the first communication range S1 cannot wirelessly communicate with the information processing device 2. On the other hand, the terminal device 1d and the terminal device 1e located in the first communication range S1 can wirelessly communicate with the information processing device 2.

  As described in the first embodiment, the first communication range S1 is the maximum distance in which the information processing device 2 is centered on a circle and the terminal device 1A and the information processing device 2 can perform wireless communication. This is a range having a distance L1 of 1 as a radius. The second communication range S2 is a range in which the information processing apparatus 2 is the center of a circle and the second distance L2 is a radius. The second distance L2 is less than the first distance L1.

  In the present embodiment, the first distance L1, which is the maximum distance at which wireless communication is possible, will be described assuming a case where the distance is 5 m, as in the first embodiment. Further, the case where the second distance L2 is 1 m, for example, will be described. Note that the first distance L1 and the second distance L2 are not limited.

  In the present embodiment, the estimation unit 41F of the terminal device 1A estimates the distance between the terminal device 1A and the information processing device 2 from the signal strength of the signal received from the information processing device 2 by wireless communication. For this reason, according to the estimation of the estimation unit 41F, the terminal device 1A is located outside the first communication range S1, located within the second communication range S2, or located outside the second communication range S2. Or information (distance) that can be estimated as to whether or not each is located within the second communication range S2.

  Returning to FIG. 13, the determination unit 41 </ b> A determines that the displayed authentication image 60 is not displayed when the distance estimated by the estimation unit 41 </ b> F is equal to or greater than the second distance. When it is estimated that the distance is greater than or equal to the second distance, the terminal device 1A is located in the second communication range S2 of the information processing device 2. For this reason, when determining that the terminal device 1A is located outside the second communication range S2 of the information processing device 2 based on the distance estimated by the estimating unit 41F, the determining unit 41A hides the displayed authentication image 60. to decide.

  If the determination unit 41A determines that wireless communication with the information processing device 2 is impossible, the determination unit 41A may determine that the displayed authentication image 60 is not displayed. For example, the determination unit 41A determines that wireless communication is impossible when the wireless communication device 13 does not receive a signal transmitted from the information processing device 2 for a predetermined time or longer.

  Next, display processing executed by the terminal device 1A according to the present embodiment will be described. FIG. 15 is a flowchart illustrating an example of a procedure of display processing executed by the terminal device 1A according to the present embodiment.

  1 A of terminal devices perform the process of step S500-step S506 similarly to step S300-step S306 (refer FIG. 11) in the terminal device 1 of 1st Embodiment.

  That is, first, the determination unit 41A determines whether or not wireless communication with the information processing apparatus 2 is possible (step S500). If a negative determination is made in step S500 (step S500: No), this routine ends.

  If an affirmative determination is made in step S500 (step S500: Yes), the process proceeds to step S502. Next, the receiving unit 40B determines whether an instruction to display the authentication image 60 has been received from the operation panel 11 (step S502). If a negative determination is made in step S502 (step S502: No), the process returns to step S500. If an affirmative determination is made in step S502 (step S502: Yes), the process proceeds to step S504.

  In step S504, the first display control unit 40D performs control to display the authentication screen 56 on the operation panel 11 (step S504). Next, the determination unit 41A determines whether or not the wireless communication device 13 has received a signal from the information processing device 2 (step S506). If an affirmative determination is made in step S506 (step S506: Yes), the process proceeds to step S507.

  In the present embodiment, in step S507, the determination unit 41A determines whether or not the terminal device 1A is located outside the second communication range S2 (step S507). In step S507, the estimation unit 41F estimates the distance to the information processing device 2 from the signal strength of the signal received in step S506. Then, the determination unit 41A determines that the distance estimated by the estimation unit 41F is located outside the second communication range S2 when the distance is greater than or equal to the second distance.

  If an affirmative determination is made in step S507 (step S507: Yes), the process proceeds to step S512. In step S512, the determination unit 41A determines that the authentication image 60 is not displayed in the same manner as in step S312 (see FIG. 11) (step S512). When the determination unit 41A determines that the authentication image 60 is not displayed (step S514: Yes), the process proceeds to step S516.

  In step S516, the second display control unit 40E controls to hide the authentication image 60 displayed on the operation panel 11 (step S516). The processing in step S516 is the same as that in step S314 (see FIG. 11). By this control, the second display control unit 40E hides the authentication image 60. Then, this routine ends.

  If the determination unit 41A does not determine that the display is not to be performed (step S514: No), the process returns to step S506.

  On the other hand, when a negative determination is made in step 507 (step S507: No), the process proceeds to step S508. The case where a negative determination is made in step S507 is a case where the terminal device 1A is located in the first communication range S1 and in the second communication range S2.

  In the terminal device 1A, the control unit 41 performs steps S508, S510, S518 to S528 in the same manner as steps S308, S310, and S318 to S328 (see FIG. 11) of the first embodiment. Execute the process.

  On the other hand, if a negative determination is made in step S506 (step S506: No), the process proceeds to step S529 in the present embodiment. In step S529, the determination unit 41A determines whether or not wireless communication with the information processing apparatus 2 is impossible (step S529).

  If an affirmative determination is made in step S529 (step S529: Yes), the process proceeds to step S512. On the other hand, if a negative determination is made in step S529 (step S529: No), the process proceeds to step S530.

  Then, in the terminal device 1A, the processes in steps S530 to S536 are executed in the same manner as in steps S330 to S336 (see FIG. 11) of the first embodiment.

  As described above, the authentication system 1000A according to the present embodiment can include the terminal device 1A instead of the terminal device 1 in the authentication system 1000 according to the first embodiment. 1 A of terminal devices are provided with the control part 41 instead of the control part 40 of 1st Embodiment. The control unit 41 is the same as the control unit 40 except that a determination unit 41A is provided instead of the determination unit 40A.

  Determination unit 41A includes an estimation unit 41F. The estimation unit 41F estimates the distance between the terminal device 1A and the information processing device 2 based on the signal received by the wireless communication device 13 from the information processing device 2. When the estimated distance is equal to or greater than the second distance L2 that is less than the first distance L1, which is the maximum distance that enables wireless communication with the information processing apparatus 2, the determination unit 41A displays the displayed authentication image 60. Judged to be hidden.

  For this reason, the authentication system 1000A of the present embodiment can prevent leakage of the authentication image 60, as in the first embodiment.

  If the determination unit 41A determines that wireless communication with the information processing device 2 is impossible, the determination unit 41A may determine that the displayed authentication image 60 is not displayed.

  Various information stored in advance in the information processing apparatus 2 of the above embodiment is stored in an authentication server 3 connected to the network 7, a print server 4, a storage medium such as an external hard disk, or an external apparatus (not shown). Or the like.

  In addition, the system configuration in which the main body 30 and the operation unit 20 in the information processing apparatus 2 described in the above embodiment are connected is an example, and there are various system configuration examples depending on applications and purposes. Needless to say.

  In the above-described embodiment, the program for executing the display process, the authentication process, and the like executed in each of the terminal device 1, the terminal device 1A, and the information processing device 2 can be installed in a form that can be installed or can be executed. A format file is recorded and provided on a computer-readable recording medium such as a CD-ROM, flexible disk (FD), CD-R, DVD (Digital Versatile Disk), USB (Universal Serial Bus) memory, etc. Alternatively, it may be provided or distributed via a network such as the Internet. Various programs may be provided by being incorporated in advance in a ROM or the like.

  Although several embodiments have been described above, these embodiments are presented as examples and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention. These embodiments are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.

1000, 1000A Authentication system 1, 1A, 1a, 1b, 1c, 1d, 1e Terminal device 2 Information processing device 11 Operation panel 13 Wireless communication device 40A, 41A Determination unit 40B Reception unit 40D First display control unit 40E Second Display control unit 41F estimation unit

JP 2014-222460 A JP 2014-128928 A

Claims (11)

An authentication system including an information processing apparatus that acquires the authentication information from a result of reading an authentication image indicating authentication information, and a terminal apparatus that communicates with the information processing apparatus,
The terminal device
A communication unit that wirelessly communicates with the information processing apparatus;
A first display control unit that performs control to display the authentication image on a display unit;
A determination unit that determines whether or not to hide the displayed authentication image, based on a signal received from the information processing apparatus by the wireless communication;
A second display control unit that controls to hide the displayed authentication image when it is determined to be non-displayed;
An authentication system comprising: The signal includes authentication result information indicating authentication success or authentication failure of the authentication information indicated by the authentication image;
The decision part
When the authentication result information included in the signal indicates successful authentication, it is determined that the displayed authentication image is not displayed.
The authentication system according to claim 1. The determination unit
When the time from when the authentication image is displayed on the display unit until the signal including the authentication result information is received is equal to or longer than a predetermined elapsed time, it is determined that the displayed authentication image is not displayed. To
The authentication system according to claim 1 or 2. The first display control unit includes:
When the authentication result information included in the signal indicates authentication failure, control is performed to enlarge the displayed authentication image.
The authentication system according to any one of claims 1 to 3. A reception unit that receives re-authentication instruction information for instructing re-authentication of the authentication information;
The first display control unit includes:
When the authentication result information included in the signal indicates an authentication failure and the re-authentication instruction information is received, control is performed to enlarge the displayed authentication image.
The authentication system according to claim 4. The signal includes the authentication result information indicating authentication failure, and the failure count information indicating the number of authentication failures,
The determination unit
If the number of failures indicated by the failure number information included in the signal is equal to or greater than a threshold, it is determined that the displayed authentication image is not displayed.
The authentication system according to any one of claims 1 to 5. The determination unit
Including an estimation unit that estimates a distance between the terminal device and the information processing device based on the signal;
The determined authentication image is determined not to be displayed when the estimated distance is equal to or greater than a second distance that is less than a first distance that is a maximum distance capable of wireless communication with the information processing apparatus. The authentication system according to any one of claims 1 to 6. The determination unit
The authentication system according to claim 1, wherein when it is determined that wireless communication with the information processing apparatus is impossible, it is determined that the displayed authentication image is not displayed. The first display control unit includes:
A reference screen including the authentication image and a symbol image indicating an application program for executing a predetermined function is displayed on the display unit,
When the execution instruction of the application program indicated by the symbol image is received, an execution image indicating the execution of the application program is displayed superimposed on the authentication image, and when the execution of the application program is terminated, Control to hide the execution image,
The authentication system according to any one of claims 1 to 8. A terminal device that communicates with an information processing device that acquires the authentication information from a result of reading an authentication image indicating authentication information,
A communication unit that wirelessly communicates with the information processing apparatus;
A first display control unit that performs control to display the authentication image on a display unit;
A determination unit that determines whether or not to hide the displayed authentication image, based on a signal received from the information processing apparatus by the wireless communication;
A second display control unit that controls to hide the displayed authentication image when it is determined to be non-displayed;
A terminal device comprising: A program that is executed by a computer including a communication unit that wirelessly communicates with an information processing apparatus that acquires the authentication information from a result of reading an authentication image indicating authentication information,
Performing control to display the authentication image on a display unit;
Determining whether or not to hide the displayed authentication image based on a signal received from the information processing apparatus by the wireless communication;
Controlling the displayed authentication image to be hidden when it is determined to be hidden;
Including programs.