JP2021126842A - Image forming apparatus, image processing system, and program - Google Patents

Abstract

To provide a technique which ensures for a user a period set for inputting a one-time password as a period in which use of an image forming apparatus is permitted by inputting the one-time password.SOLUTION: When an MFP 100 is requested to transmit a one-time password by a user 400, it transmits a one-time password to a destination which is associated with the user 400. If an event hindering input of a one-time password into the MFP 100 occurs after transmitting the one-time password, the MFP 100 extends the term of validity of the one-time password as much as the time the event lasts.SELECTED DRAWING: Figure 7

Description

The present disclosure relates to an image forming apparatus having a one-time password function in a user authentication function for restricting access to the image forming apparatus.

Conventionally, many image forming devices such as MFPs (Multi-Functional Peripheral) are equipped with a user authentication function that restricts access to the devices. In an example of the user authentication function, when the user enters the user name and password, the image forming device uses the device for the user when the entered user name and password match those registered. to approve. Regarding the image forming apparatus equipped with such a user authentication function, Japanese Patent Application Laid-Open No. 2015-176591 (Patent Document 1) describes a password that is valid only once for a certain period of time (hereinafter, one-time password or OTP (One Time Password)). It discloses an image forming apparatus equipped with a "one-time password function" (OTP function) that generates (referred to as), sends it to a user, and permits the use by inputting the same password.

Japanese Unexamined Patent Publication No. 2015-176591

In the conventional image forming apparatus, the point of guaranteeing the user who has issued the OTP a length of time called "a certain period" in which the use of the image forming apparatus is permitted by inputting the OTP has been studied. There wasn't.

The present disclosure has been devised in view of such circumstances, and the purpose is to use the image forming apparatus by inputting the one-time password to the user for a period set for inputting the one-time password. Is to provide the technology to guarantee the period allowed.

According to certain aspects of the present disclosure, an image forming apparatus, a memory that stores user-identifying information in association with a destination, an input interface that accepts input of user-identifying information, and an input interface that requests temporary authentication. It is equipped with a controller that sends a one-time password to the destination associated with the information that identifies the user entered in the input interface, and the controller has a fixed period of time regarding the expiration date of the one-time password. After measuring and sending the one-time password, if there is no event that hinders the input of the one-time password to the image forming device, if the measurement is not completed for a certain period of time, the one-time password can be input. Correspondingly, an event occurs in which the user is authenticated for the use of the image forming device for the information input to the input interface to identify the user, and after the one-time password is transmitted, the input of the one-time password to the image forming device is hindered. When it occurs, the user entered in the input interface in response to the input of the one-time password before the measurement of the time obtained by adding the given period detected as the period of the event to a certain time is completed. An image forming apparatus is provided that authenticates a user for use of the image forming apparatus for information that identifies.

Preferably, the given period includes a period during which a user other than the user specified by the information identifying the user uses the image forming apparatus.

Preferably, the given period includes a period during which the input interface is in a state of not accepting the input of the one-time password.

More preferably, a given period includes a period during which the image forming apparatus has stopped operating due to lack of consumables.

More preferably, the given period includes a period during which the operation is stopped due to the occurrence of jam in the image forming apparatus.

More preferably, the given period includes a period during which a warning regarding the processing of the controller is output.

More preferably, a given period includes a period during which the image forming apparatus has been stopped due to an error in an element of the image forming apparatus.

Preferably, the controller notifies that the one-time password can be authenticated until the measurement is completed for a certain period of time after the transmission of the one-time password.

Preferably, the controller notifies that the one-time password cannot be authenticated after the measurement is completed for a certain period of time.

According to another aspect of the present disclosure, the image forming apparatus includes an image forming apparatus and an authentication server that authenticates a user who uses the image forming apparatus, and the image forming apparatus includes an input interface that accepts input of information that identifies the user and an input. When the interface accepts a request for temporary authentication, the authentication server includes a first controller that sends a request for temporary authentication to the authentication server for information that identifies the user entered in the input interface. A memory that stores the information to be identified in association with the destination, and a one-time password for the destination associated with the information that identifies the user entered in the input interface when a temporary authentication request is received from the image forming device. The first controller sends the one-time password entered in the input interface to the authentication server, and the second controller sends the one-time password for a certain period of time regarding the expiration date of the one-time password. Is measured, and before the measurement is completed for a certain period of time, the user is authenticated for the use of the image forming device for the information that identifies the user entered in the input interface according to the input of the one-time password, and one-time. After sending the password, if there is no event that hinders the input of the one-time password to the image forming device, the input interface will respond to the input of the one-time password before the measurement is completed for a certain period of time. If the user is authenticated for the use of the image forming device for the input information that identifies the user, and after the one-time password is transmitted, an event that hinders the input of the one-time password to the image forming device occurs. Before the measurement of the time obtained by adding the given period detected as the period of the event to a certain time is completed, the image of the information that identifies the user entered in the input interface in response to the input of the one-time password. An image processing system is provided that authenticates the user for use of the forming device.

Preferably, the given period includes a period during which a user other than the user specified by the information identifying the user uses the image forming apparatus.

Preferably, the given period includes a period during which the input interface is in a state of not accepting the input of the one-time password.

More preferably, a given period includes a period during which the image forming apparatus has stopped operating due to lack of consumables.

More preferably, the given period includes a period during which the operation is stopped due to the occurrence of jam in the image forming apparatus.

More preferably, a given period includes a period during which a warning regarding the processing of the first controller is output.

More preferably, a given period includes a period during which the image forming apparatus has been stopped due to an error in an element of the image forming apparatus.

Preferably, the first controller notifies that the one-time password can be authenticated until the measurement is completed for a certain period of time after the transmission of the one-time password.

Preferably, the first controller notifies that the one-time password cannot be authenticated after the measurement is completed for a certain period of time.

According to yet another aspect of the present disclosure, by being executed by the computer of the image forming apparatus, the image forming apparatus receives an input of a temporary authentication request at the input interface, and in response to the input of the temporary authentication request. , The step of sending a one-time password to the destination associated with the user-identifying information entered in the input interface, and blocking the entry of the one-time password into the image forming device after sending the one-time password. A step to determine whether an event has occurred, and if no event has occurred, an input interface that responds to the input of the one-time password before the measurement of the expiration date of the one-time password is completed for a certain period of time. A step of authenticating the user for the use of the image forming apparatus for the user-identifying information entered in is added, and when an event occurs, a given period detected as the period of the event occurs at a certain time. Before the measurement of the time is completed, in response to the input of the one-time password, the step of authenticating the user for the use of the image forming apparatus for the information for identifying the user input in the input interface is executed. The program is provided.

After the transmission of the one-time password, the response to the input of the one-time password is adjusted according to the presence or absence of an event that hinders the input of the one-time password. Thereby, the period during which the use of the image forming apparatus is permitted according to the one-time password can be adjusted as necessary.

It is a figure which shows the structure of the 1st Embodiment of an image processing system. It is a figure which shows the hardware configuration of the MFP100. It is a figure which shows the hardware composition of the information processing apparatus 200. It is a figure which shows the hardware configuration of the authentication server 300. It is a figure which shows the data structure of a user information database. It is a figure which shows the data structure of the inhibition event management table. It is a figure which shows the outline of the user authentication in 1st Embodiment. It is a figure which shows an example of a login screen. It is a figure which shows an example of the OTP transmission request screen. It is a figure which shows an example of the screen (OTP transmission notification screen) for notifying the transmission of OTP. It is a figure which shows an example of the top menu screen. It is a figure which shows an example of the screen which displays the information which shows whether or not OTP is valid. It is a figure which shows another example of the screen which displays the information which shows whether or not OTP is valid. It is a flowchart of the process executed in the MFP 100 for the user authentication by OTP. It is a flowchart of the process executed in the MFP 100 for the user authentication by OTP. It is a flowchart of the process executed in the MFP 100 for the user authentication by OTP. It is a figure which shows the outline of the user authentication using OTP in the 2nd Embodiment. It is a flowchart of the process executed for the user authentication by OTP in the 2nd Embodiment. It is a flowchart of the process executed for the user authentication by OTP in the 2nd Embodiment. It is a flowchart of the process executed for the user authentication by OTP in the 2nd Embodiment. It is a flowchart of the process executed for the user authentication by OTP in the 2nd Embodiment. It is a flowchart of the process executed for the user authentication by OTP in the 2nd Embodiment. It is a flowchart of the process executed for the user authentication by OTP in the 2nd Embodiment.

Hereinafter, embodiments of the image processing system will be described with reference to the drawings. In the following description, the same parts and components are designated by the same reference numerals. Their names and functions are the same. Therefore, these explanations will not be repeated.

<First Embodiment>
[Image processing system configuration]
FIG. 1 is a diagram showing a configuration of a first embodiment of an image processing system. As described in FIG. 1, the image processing system includes an MFP 100, which is an example of an image forming apparatus, an information processing apparatus 200, and an authentication server 300. The MFP 100 includes a motion sensor 106, an operation panel 120, and a camera 150. The operation panel 120 includes a display 121. Details of the configuration of the MFP 100 including the motion sensor 106 and the operation panel 120 will be described later with reference to FIG.

The MFP 100 is an example of an image forming apparatus, and user authentication is required to use the MFP 100. In an image processing system, the MFP 100 or the authentication server 300 may authenticate the user. The MFP 100 can authenticate the user using a password registered in advance for each user, or can authenticate the user using an OTP issued in response to each user's request. That is, the MFP 100 has a function (OTP function) of permitting the use of the MFP 100 by user authentication using OTP.

[Hardware configuration of MFP100]
FIG. 2 is a diagram showing a hardware configuration of the MFP 100. As shown in FIG. 2, the MFP 100 has, as main components, a control unit 110, a timer circuit 101, a document reading unit 102, a print output unit 103, a paper transport unit 104, a facsimile (FAX) unit 105, and a human sensor. 106, network interface (I / F) 107, Bluetooth® interface (I / F) 108, storage device 109, operation panel 120, and camera 150. The elements shown in FIG. 2 are connected to each other by an internal bus.

The control unit 110 includes a CPU (Central Processing Unit) 111, a RAM (Random Access Memory) 112, and a ROM (Read Only Memory) 113. The CPU 111 controls the operation of the MFP 100 by executing a given program. The RAM 112 functions as a work area when the CPU 111 executes a program. The ROM 113 stores various data including a program executed by the CPU 101.

The FPGA 100 may include a dedicated integrated circuit (for example, a Field-Programmable Gate Array) used for controlling the FPGA 100 in place of the control unit 110 or together with the control unit 110.

The timer circuit 101 is an electric circuit for measuring time. By acquiring the time measurement result by the timer circuit 101, the control unit 110 can determine various events such as whether or not the expiration date of the OTP has expired.

The document reading unit 102 is realized by a so-called scanner, and generates image data of the document by scanning the document set in the MFP 100.

The print output unit 103 forms an image based on the image data on the recording paper. In one embodiment, the print output unit 103 includes a photoconductor drum and a transfer roller. The print output unit 103 forms an image according to, for example, an electrophotographic method, but the image forming method is not limited to this.

The paper transport unit 104 includes a roller for transporting a document and / or recording paper in the MFP 100, and a motor for rotating the roller.

The FAX unit 105 transmits and receives image data by facsimile communication.

The motion sensor 106 is installed in front of the MFP 100 as shown in FIG. 1 and includes, for example, an infrared sensor. Based on the signal output from the motion sensor 106, the control unit 110 detects whether or not the user exists within a range of a given distance from the MFP 100 (presence sensor 106). In this sense, the motion sensor 106 is an example of the first sensor.

The network I / F 107 communicates the MFP 100 with other devices (authentication server 300 and information processing device 200) via the network, and is realized by, for example, a NIC (Network Interface Card).

The Bluetooth_I / F108 wirelessly communicates the MFP 100 with other devices according to the Bluetooth standard. The control unit 110 may determine whether the user is carrying the terminal based on whether the Bluetooth_I / F 108 is communicating with the terminal associated with the user. In this sense, Bluetooth_I / F108 is an example of a second sensor.

The storage device 109 is a non-volatile storage device composed of, for example, a hard disk drive (HDD) or a solid state drive (SSD), and stores programs and / or data. The storage device 109 may store job data. That is, the control unit 110 can execute the job related to the job data by storing the job data received from the personal computer via the network in the storage device 109 and then reading the job data from the storage device 109. ..

The operation panel 120 includes a display 121, a touch sensor 122, and an operation key 123. The display 121 displays various screens such as a login screen described later. The touch sensor 122 covers at least a part of the display 121. A touch panel is composed of a display 121 and a touch sensor 122. The operation key 123 is realized as a hardware key such as a power key. The control unit 110 controls the display on the display 121, and also receives a signal output according to an operation on the touch sensor 122 and the operation key 123. In this sense, the operation panel 120 is an example of an input interface that accepts input from the user.

In one implementation example, the camera 150 is installed on the operation panel 120 as shown in FIG. As a result, the camera 150 can take an image of the area including the face of the user who visually recognizes the operation panel 120. The installation position of the camera 150 is not limited to this. Further, in the image processing system, the camera 150 may be provided as a device different from the MFP 100. That is, the camera 150 does not have to be included in the MFP 100.

[Hardware configuration of information processing device 200]
FIG. 3 is a diagram showing a hardware configuration of the information processing device 200. The information processing device 200 may be a mobile terminal such as a smartphone, or may be a built-in terminal such as a personal computer.

As shown in FIG. 3, the information processing apparatus 200 includes a CPU 201, a RAM 202, a storage 203, a display 204, an input device 205, a NIC 206, and a Bluetooth I / F 207 as main components. The elements shown in FIG. 3 are connected to each other by an internal bus.

The CPU 201 controls the operation of the information processing device 200. The RAM 202 functions as a work area when processing is executed in the CPU 201. The storage 203 is a non-volatile storage device that stores various programs executed by the CPU 201 and data used for executing the programs. The storage 203 is realized by, for example, flash EEPROM (Electrically Erasable Programmable Read-Only Memory), flash ROM, HDD, and / or SSD, but is not limited thereto.

The display 204 is a display device for displaying an image showing the processing result of the program executed by the CPU 201.

The input device 205 is realized by a keyboard, operation keys, and / or a touch sensor in one implementation example. When the input device 205 receives the input of the information, the input device 205 sends the information to the CPU 201.

The NIC 206 is a communication interface that allows the information processing device 200 to communicate with another device (MFP100, etc.) via a network.

The Bluetooth I / F 207 is a communication interface for causing the information processing device 200 to perform short-range communication with another device such as the MFP 100.

[Hardware configuration of authentication server 300]
FIG. 4 is a diagram showing a hardware configuration of the authentication server 300. The authentication server 300 can be realized by a general-purpose computer in one implementation example.

As shown in FIG. 4, the authentication server 300 includes a CPU 301, a RAM 302, a storage device 303, a display 304, an input device 305, a NIC 306, and a timer circuit 307 as main components. The elements shown in FIG. 4 are connected to each other by an internal bus.

The CPU 301 controls the operation of the authentication server 300. The RAM 302 functions as a work area when processing is executed in the CPU 301. The storage device 303 is a non-volatile storage device that stores various programs executed by the CPU 301 and data used for executing the programs. The storage device 303 is realized by, for example, HDD or SSD, but is not limited thereto.

The display 304 is a display device for displaying an image showing the processing result of the program executed by the CPU 301.

The input device 305 is realized by a keyboard, operation keys, and / or a touch sensor in one implementation example. When the input device 305 receives the input of the information, the input device 305 sends the information to the CPU 301.

The NIC 306 is a communication interface that allows the authentication server 300 to communicate with another device (such as the MFP 100) via a network.

The timer circuit 307 is an electric circuit for measuring time. The CPU 301 acquires the time measurement result by the timer circuit 307.

[Data structure of user information database]
FIG. 5 is a diagram showing a data structure of a user information database. The user information database is used for user authentication and may be stored, for example, in the storage device 109 of the MFP 100.

As shown in FIG. 5, the user information database stores "user name", "password", "OTP transmission destination", "OTP", "OTP timekeeping start date and time", "expiration date", and "inhibition time" in association with each other.

The "user name" is information that identifies each user. The "password" is information assigned to each user and used for authentication of each user. The "OTP transmission destination" is information that defines the destination (email address, etc.) to which the OTP is transmitted for each user. "OTP" is information that defines an OTP issued to each user. The "OTP timekeeping start date and time" is information that defines the timing at which the measurement of the expiration date of the OTP is started. The "expiration date" is information that defines the length of the OTP expiration date from the timing specified as the "OTP timekeeping start date and time". The "inhibition time" is information representing the time during which an inhibition event occurred with respect to the input of the OTP to the MFP 100. In addition, "undecided" may be registered as the value of "inhibition time" from the occurrence of the inhibition event to the resolution.

In one implementation example, a "user name", "password", and "OTP transmission destination" are registered for a user who is permitted to use the MFP 100, and when an OTP is generated for the user, "OTP" is generated. The "OTP timekeeping start date and time" and "expiration date" are registered. When an obstructive event occurs with respect to the input of the OTP, the "inhibition time" is registered as the time when the obstructive event is resolved.

[Data structure of inhibition event management table]
FIG. 6 is a diagram showing a data structure of the inhibition event management table. In the inhibition event management table, information for managing an event that inhibits the input of the OTP to the MFP 100 by the user who issued the OTP (hereinafter, also referred to as "inhibition event") is registered. The inhibition event management table may be stored, for example, in the storage device 109 of the MFP 100.

With reference to FIG. 6, the inhibition event management table stores the “inhibition event”, “inhibition event occurrence date and time”, and “inhibition event resolution date and time” in association with each other. "Inhibition event" defines the content of an event that inhibits the input of OTP. Each of the "inhibition event occurrence date and time" and the "inhibition event resolution date and time" defines the occurrence and resolution date and time of the event.

In the example of FIG. 6, "consumables replacement" is an example of "inhibition event", "2019/10/31 9:24:12" is an example of "inhibition event occurrence date and time", and "inhibition event resolution date and time" is As an example, "2019/10/31 9:39:41" is shown respectively. This means that the MFP100 receives the OTP input from the user from 9:24:12 to 9:39:41 on October 31, 2019 by exchanging consumables (toner cartridge, etc.). It means that it was in a state of not accepting.

[Specific meaning of the value in the user information database]
Here, a specific example of the meaning of the values shown in FIG. 5 will be described.

In the example of FIG. 5, "User0001" is an example of "user name", "Pass0001" is an example of "password", and "u001@company.com" is "OTP" as an example of "OTP transmission destination". "728951" is registered as an example, "2019/10 / 31_9: 21: 05" is registered as an example of "OTP timing start date and time", and "10 minutes" is registered as an example of "expiration date".

The above example means that the password "Pass0001" is registered for the user specified by "User0001". Therefore, the user can be authenticated in the image processing system and use the MFP 100 by inputting "User0001" as the user name and "Pass0001" as the password in the MFP 100.

In addition, the above example means that the character string "728951" was issued as an OTP to the user specified by "User0001", and the OTP was 9:21 on October 31, 2019. It means that it is valid for 10 minutes (expiration date) from 05 seconds (OTP timing start date and time). Therefore, the user can enter "User0001" as the user name and "Pass0001" as the password or "728951" as the OTP by 9:31:05 on October 31, 2019. It is authenticated in the processing system and the MFP 100 can be used.

Further, the above example means that the OTP notification is realized by transmitting the OTP to "u001@company.com" (OTP transmission destination).

The expiration date of the OTP can be extended. In one implementation example, when an event that obstructs the input of the OTP to the MFP 100 occurs in the MFP 100 after the OTP is transmitted to the destination of the user A in the MFP 100, from the occurrence of the event to the elimination of the event. The expiration date of the OTP generated for User A is extended by the length of time.

For example, as shown in FIG. 6, it is assumed that an inhibition event occurred for 5 minutes and 29 seconds from 9:24:12 on October 31, 2019 to 9:39:41 on the same day. The inhibition event shown in FIG. 6 occurs after the transmission of the OTP of “User 0001” shown in FIG. 5 and within the expiration date of the OTP. Therefore, the expiration date of the OTP is extended by 5 minutes and 29 seconds due to the occurrence of the inhibition event shown in FIG.

In the example of FIG. 5, "User0002" is another example of "user name", "Pass0002" is another example of "password", and "u002@company.com" is another example of "OTP transmission destination". However, each is registered. In the example of FIG. 5, the values of "OTP", "OTP timing start date and time", and "expiration date" are not registered for the user specified by "User0002". The values of "OTP", "OTP timing start date and time", and "expiration date" are values registered according to the transmission of the OTP. That is, in the state shown in FIG. 5, the OTP has not yet been transmitted to the user specified by "User0002".

[Overview of user authentication using OTP]
FIG. 7 is a diagram showing an outline of user authentication according to the first embodiment. On the left side of FIG. 7, in addition to the MFP 100 and the information processing device 200, the user to be authenticated is shown as "User 400". On the right side of FIG. 7, a schematic flow of processing executed by each of the MFP 100 and the information processing device 200 in the authentication of the user 400 using the OTP is shown.

First, the MFP 100 displays a login screen as shown in step SA1 and waits for the user to input authentication information.

FIG. 8 is a diagram showing an example of a login screen. In one embodiment, the login screen 500 shown in FIG. 8 is displayed on the display 121 of the MFP 100. The login screen 500 includes input fields 501, 502, keys 503, and link 504. The input field 501 accepts the input of the user name. The input field 502 accepts a password or OTP input. The key 503 accepts a request for authentication (login) using a user name (entered in input field 501) and a password or OTP (entered in input field 502). Link 504 accepts a request to transmit an OTP.

Returning to FIG. 7, as shown as step SB1, the user 400 using the information processing apparatus 200 approaches the MFP 100 in order to use the MFP 100.

As shown in step SB2, the user 400 approaching the MFP 100 enters the username into the MFP 100. The user 400 inputs a request for sending an OTP to the MFP 100 as shown in step SB3 because the password is forgotten or the like. The request for transmission of OTP is an example of a request for temporary authentication.

In one implementation example, the user name is entered in the input field 501 of the login screen 500, and the entry of the OTP transmission request is completed by the operation for the link 504. In another example, the input of the OTP transmission request is completed by the operation on the screen (OTP transmission request screen) displayed by the operation when the link 504 is operated.

FIG. 9 is a diagram showing an example of an OTP transmission request screen. In one implementation example, the OTP transmission request screen 510 shown in FIG. 9 is displayed on the display 121 of the MFP 100. The OTP transmission request screen 510 includes an input field 511 and keys 512 and 513. The input field 511 accepts the input of the user name. The key 512 accepts a request for transmission of an OTP. The key 513 accepts a request to return the display to the login screen 500.

The MFP 100 generates the OTP in response to the request for the transmission of the OTP, and transmits the generated OTP to the destination associated with the user name input in the input field 511. This destination is, for example, an OTP transmission destination associated with a user name in a user information database. The MFP 100 may display the user name input in the input field 501 (FIG. 7) in the input field 511 (FIG. 8). As a result, the user does not have to re-enter the user name entered in the input field 501 in the input field 511.

Returning to FIG. 7, as shown in step SA2, when the MFP 100 receives the request for transmission of the OTP, it generates the OTP of the user 400 specified by the user name input in the input field 501 or the input field 511. , The generated OTP is transmitted to the destination associated with the user 400. The MFP 100 may notify the transmission of the OTP.

FIG. 10 is a diagram showing an example of a screen (OTP transmission notification screen) for notifying the transmission of OTP. In one implementation example, the OTP transmission notification screen 520 shown in FIG. 10 has the title "OTP transmission" and the message "A one-time password has been sent to your registered address. Log in with the sent one-time password. Please. " The OTP transmission notification screen 520 further includes a key 521. The MFP 100 returns the display 121 to the login screen 500 in response to being operated with respect to the key 521.

If the MFP 100 fails to transmit the OTP, the MFP 100 may notify the failure. In this case, the MFP100 has a screen containing, for example, the title "Failed to send OTP" and the message "The one-time password could not be sent to your registered address. Please register another address." The OTP transmission failure screen) may be displayed. The user 400 may transmit another destination as the OTP transmission destination to the user information database in response to the display of the OTP transmission failure screen.

Returning to FIG. 7, as shown in step SC1, the information processing apparatus 200 receives the transmitted OTP using, for example, a mailer. The reception of the OTP by the information processing device 200 may be a pull type based on the user's operation, a push type based on active transmission from an external device such as a network server, or a pseudo by polling. Push type may be used.

On the other hand, as shown in step SB4, the user 400 returns to his / her seat after requesting the transmission of the OTP (step SB3). Then, the user 400 instructs the information processing apparatus 200 at his / her seat to display the OTP, as shown in step SB5. For example, the user 400 instructs the display 204 to display the mail text including the OTP by using the mailer of the information processing device 200. In response to instructions from the user 400, the information processing apparatus 200 displays the OTP on the display 204, as shown in step SC2.

As shown as step SB6, the user 400 confirms the OTP displayed on the information processing apparatus 200. At this time, the user 400 may copy the OTP to a memo paper so as not to forget the OTP while returning to the MFP 100.

The user 400 then returns to the MFP 100 as shown in step SB7 and inputs the user name and OTP into the MFP 100 as shown in step SB8. If the user name has already been input to the MFP 100, the input of the user name in step SB8 may be omitted.

In FIG. 7, the time from when the user 400 inputs the request for transmitting the OTP to the MFP 100 until the user 400 confirms the OTP with the information processing device 200 and returns to the MFP 100 is shown as the time TA. The expiration date of the OTP is preferably at least longer than the time TA.

The MFP 100 uses the entered user name and OTP to perform user authentication, as shown in step SA3. When the MFP100 succeeds in user authentication, the MFP100 displays a top menu screen on the display 121 of the MFP100, as shown as step SA4. As a result, the MFP 100 becomes available.

Successful user authentication means that the user name and password (or OTP) combination entered by the user matches the user name and password (or (OTP) combination registered in the user information database. User authentication. If successful, the user can log in to the MFP100 and use the MFP100.

Failure of user authentication means that the user name and password (or OTP) combination entered by the user did not match the user name and password (or (OTP) combination registered in the user information database. In this case, the user cannot log in to the MFP 100 and cannot use the MFP 100.

FIG. 11 is a diagram showing an example of a top menu screen. The top menu screen 530 shown in FIG. 11 includes various setting items (color, paper, magnification, etc.) for instructing the MFP 100 to perform a job such as a copy job.

The top menu screen 530 includes a column 531 indicating the number of copies in the copy job. The initial value of the number of copies in the MFP 100 is "1". When the MFP 100 receives the setting of the number of copies from the user, the MFP 100 stores the set value in the memory of the storage device 109 or the like, and displays the set value in the column 531. For example, when "3" is input as the set value of the number of copies, the MFP 100 stores "3" as the set value of the number of copies in the storage device 109, and sets the number displayed in the column 531 to "1". To "3".

When the no-operation time continues for the "fixed time" set for the auto-reset function or longer, the MFP 100 returns the set value input by the user to the initial value. After the input of "3" as the set value of the number of copies, if the non-operation time continues for the above-mentioned fixed time or more, the MFP 100 returns the set value of the number of copies in the storage device 109 to the initial value "1" and at the same time. The number displayed in column 531 is returned from "3" to "1". The "number of copies" is just an example of the items to be set.

In the image processing system, when an obstruction event occurs within the expiration date of the OTP, the user can input the OTP only for the time during which the obstruction event occurred from the expiration of the expiration date (“inhibition time” in the user information database). It is authenticated and the MFP100 can be used.

The MFP 100 may notify information indicating whether or not OTP is valid at the present time. An example of notification is "display", but it may also be audio output or vibration (eg, depending on a given button operation, it may or may not be valid). The oscillator vibrates in a pattern).

FIG. 12 is a diagram showing an example of a screen displaying information indicating whether or not OTP is valid. The login screen 500A shown in FIG. 12 further includes a display field 505 as compared to the login screen 500 of FIG. The display field 505 includes the message "One-time password (issued on October 31, 2019_9: 21: 05) is valid." This means that the OTP issued (generated or transmitted) at 9:21:05 on October 31, 2019 is still valid. The display of the display field 505 may be continued until the OTP is determined to be valid (until the expiration date has expired, or until the time when the inhibition event has occurred has elapsed since the expiration date).

In the example of FIG. 12, the OTP is specified by the time of issue. As a result, the third party who sees the display cannot recognize to whom the OTP is issued. Therefore, it can be more reliably avoided that a third party attempts to log in by impersonating the user who issued the OTP. However, in the example of FIG. 12, the OTP may be specified by displaying the user name or the like that issued the OTP. Further, the information specifying the OTP may not be notified, and only the information indicating whether or not the OTP issued within a certain period of time is valid may be notified.

FIG. 13 is a diagram showing another example of a screen displaying information indicating whether or not OTP is valid. The login screen 500B shown in FIG. 13 includes a display field 506 instead of the display field 505 in FIG. The display field 506 includes the message "One-time password (issued on October 31, 2019_9: 21: 05) has become invalid." This means that the OTP issued (generated or transmitted) at 9:21:05 on October 31, 2019 has become invalid. In one embodiment, the display field 506 may be displayed for a specific period of time from the time when the OTP is determined to be invalid.

[Processing flow]
14 to 16 are flowcharts of processes executed in the MFP 100 for user authentication by OTP. In the MFP 100, for example, when the power is turned on, the processes shown in FIGS. 14 to 16 are started. The MFP 100 executes the processes shown in FIGS. 14 to 16 by, for example, the CPU 111 executing a given program.

With reference to FIG. 14, when the power is turned on to the MFP 100, the MFP 100 executes the initialization process of the MFP 100 in step S401.

In step S403, the MFP 100 displays a login screen on the display 121.

In step S405, the MFP 100 determines whether or not the logout request has been accepted. In one implementation, logging out means deauthorizing the user. When the MFP100 determines that the logout request has been accepted (YES in step S405), the MFP100 returns the control to step S403. As a result, the display of the display 121 is returned to the login screen. On the other hand, if the MFP 100 determines that the logout request is not accepted (NO in step S405), the MFP 100 proceeds to the control in step S407.

In step S407, the MFP 100 determines whether or not the request for transmission of the OTP has been accepted. If the MFP100 determines that the request for OTP transmission has been accepted (YES in step S407), the control proceeds to step S421, and if not (NO in step S407), the control proceeds to step S409 (FIG. 15). ..

In step S421, the MFP 100 determines whether or not the destination to which the OTP is transmitted can be specified. This judgment is based on, for example, whether or not the user information database stores some value as the "OTP transmission destination" associated with the user name included in the OTP transmission request, or the stored value. It is realized based on whether or not the value follows the given format (for example, the value according to the format of the email address).

If the MFP100 determines that the destination for transmitting the OTP can be specified (YES in step S421), the control proceeds to step S423, and if not (NO in step S421), the control proceeds to step S435.

In step S435, the MFP 100 displays on the display 121 that the OTP cannot be transmitted. The display is realized, for example, by displaying the OTP transmission failure screen. After that, the MFP 100 returns the control to step S405. At this time, the display of the display 121 may be returned to the login screen.

In addition, the MFP 100 may determine in step S421 whether or not all the information necessary for transmitting the OTP is input and registered. Then, the MFP 100 may proceed to step S423 if it determines that all the information has been input or registered, and may proceed to step S435 if it determines that at least a part of the information has not been input or registered. For example, if the user name has not been input to the MFP 100 at the time of the OTP transmission request, the MFP 100 may display a screen on the display 121 notifying that the user name has not been input in step S435.

In step S423, the MFP 100 generates an OTP for the user name entered when requesting the transmission of the OTP.

In step S425, the MFP 100 registers the OTP generated in step S423 in the user information database. At this time, the MFP 100 may further register the "expiration date" associated with the OTP in the user information database.

In one implementation example, the MFP 100 may set a predetermined value (for example, 5 minutes) as the expiration date and set the value as the “expiration date”.

In another embodiment, the MFP 100 acquires information that identifies the type of terminal used by the user to be authenticated, acquires an "expiration date" value associated with the identified type, and is acquired. The value of "expiration date" may be registered as "expiration date" in the user information database. One example of the type of terminal is a "personal PC" and another example is a "mobile terminal". When the type of the terminal is "personal PC", a longer time may be set as the "expiration date" than that of the "mobile terminal". More specifically, in the case of a "mobile terminal", the user may request the MFP 100 to transmit the OTP while carrying the mobile terminal, and confirm the OTP on the mobile terminal as it is. On the other hand, in the case of a "personal PC", the user may move from the MFP 100 to the personal PC and check the OTP after requesting the MFP 100 to transmit the OTP. That is, in the latter case, it is assumed that the time required for the user to confirm the OTP is longer than in the former case. By setting the length of the expiration date according to the type of the terminal, the minimum required time that is expected to be required for confirming the OTP can be set as the expiration date.

In step S427, the MFP 100 transmits the OTP generated in step S423 to the destination (OTP transmission destination) associated with the user name input at the time of requesting the transmission of the OTP.

In step S429, the MFP 100 starts measuring the expiration date of the OTP. More specifically, the MFP 100 registers the current date and time in the user information database as the "OTP timekeeping start date and time" of the OTP generated in step S423. Under the control of step S429, the time when the OTP is transmitted becomes the starting point of the expiration date of the OTP.

In step S431, the MFP 100 registers the image of the user who requested the transmission of the OTP in the storage device 109. An image of a camera that captures the vicinity of the operation panel 120 is used as an example in which the MFP 100 acquires an image of a user who has requested transmission of an OTP. In this case, the image processing system further includes a camera that captures the vicinity of the operation panel 120, and the MFP 100 is connected to the camera. When the MFP 100 determines that the request for OTP transmission has been received in step S407 (YES in step S407), the MFP 100 acquires a captured image from the camera and extracts a person's image from the captured image. Extraction of a person's image can be realized using, for example, a pattern recognition technique. The MFP 100 registers the extracted image of the person as the image of the user who requested the transmission of the OTP.

In step S433, the MFP 100 displays the OTP transmission result on the display 121. The OTP transmission notification screen 520 is an example of the OTP transmission result. After that, the MFP 100 returns the control to step S405. At this time, the MFP 100 may return the display on the display 121 to the login screen.

With reference to FIG. 15, in step S409, the MFP 100 determines whether or not an inhibition event has occurred in the MFP 100.

An example of an obstructive event is that if there is an OTP that has been issued and the expiration date has not expired, a user other than the user who transmitted the OTP is using the MFP100.

The MFP 100 detects that a user other than the user to whom the OTP is transmitted is using the MFP 100, for example, that the image taken by the camera 150 includes a user different from the user registered in step S431. Detect by this or by detecting that another user has been authenticated (logged in) to use the MFP100.

Another example of the inhibition event is a state in which the operation panel 120 does not accept the input of the OTP in the MFP 100.

An example of a state in which OTP input is not accepted is that the MFP 100 has an error due to lack of consumables (ink in the ink cartridge, toner in the toner cartridge, or recording paper in the paper feed cassette in the print output unit 103). It is in a state where the operation is stopped while emitting. Another example is a state in which the MFP 100 is stopped due to a paper jam occurring in the print output unit 103. In yet another example, the MFP 100 has stopped operating due to an error in the processing being executed by the control unit 110 (such as an error indicating that the destination address cannot be specified during the execution of the facsimile transmission job). It is in a state. Yet another example is a state in which the MFP 100 is stopped due to an error in an element constituting the MFP 100 (for example, the operation is stopped by detecting an open state of a door that opens and closes the main body).

In step S409, if the MFP100 determines that an inhibition event has occurred in the MFP100 (YES in step S409), the control proceeds to step S441, otherwise (NO in step S409), the process proceeds to step S411. Advance control.

In step S441, the MFP 100 registers an event determined to have occurred in the inhibition event management table (FIG. 6). More specifically, the MFP100 determines that an event has occurred as an "inhibition event" (use by another user, replacement of consumables (lack of consumables), paper jam, processing error, element error, etc." ) Is registered, and the time when the event occurs (or the time when it is determined in step S409 that the inhibition event has occurred) is registered as the “date and time when the inhibition event occurs”. In step S441, the MFP 100 may further register the value "undecided" in the "inhibition time" column of the user information database. After that, the MFP 100 returns the control to step S405.

In step S411, the MFP 100 determines whether or not the inhibition event has been resolved with respect to the inhibition event registered to occur in the inhibition event management table. For example, when the occurrence of an obstructive event that another user is using is registered, the MFP 100 determines whether or not the use of the other user is terminated in the MFP 100. For example, by detecting that the image captured by the camera 150 no longer includes the other user, or by detecting that the authentication for the other user has been canceled (logged out), the MFP 100 can be used. , Detects the resolution of the obstruction event "use by other users". Further, when the MFP 100 is restarting the operation, the MFP 100 detects the resolution of the obstructive events such as "consumable replacement (lack of consumables)", "paper jam", "processing error", and "element error".

In step S411, if the MFP100 determines that the inhibition event has been resolved (YES in step S411), it proceeds to control to step S445, otherwise (NO in step S411), it controls to step S413. Proceed.

In step S445, the MFP 100 registers in the inhibition event management table (FIG. 6) the time when the event is resolved (or the time when it is determined that the inhibition event is resolved in step S411) as the "inhibition event resolution date and time". do.

In step S447, the MFP 100 calculates the time from the occurrence of the inhibition event to its resolution, and registers the calculated time as the "inhibition time" in the user information database (FIG. 5). After that, the MFP 100 returns the control to step S405.

In step S413, the MFP 100 determines whether or not the login screen is displayed on the display 121 and the update timing of the display on the display 121 has arrived. In one implementation example, the MFP 100 updates the display 121 at predetermined time intervals such as 1 minute. In step S413, it is determined whether or not the login screen is displayed on the display 121 at the timing of the update.

If the MFP100 determines that the update timing has arrived while displaying the login screen (YES in step S413), it proceeds to control to step S451, otherwise (NO in step S413), step S415 (FIG. 16). Advance control to.

In step S451, the MFP 100 determines whether or not a state has occurred in which the user name has been entered in the login screen (input field 501) and the expiration date of the OTP has expired. When the MFP100 determines that the user name has been entered in the login screen and the expiration date of the OTP has passed (YES in step S451), the MFP100 proceeds to control to step S453. On the other hand, the MFP 100 controls to step S455 if at least one of the user name is not entered on the login screen and the OTP expiration date has not passed (NO in step S451). To proceed.

In step S453, the MFP 100 clears the user name displayed on the login screen and proceeds to control to step S455. As a result, the user name displayed on the login screen by being input on the login screen is deleted from the login screen.

In step S455, the MFP 100 determines whether or not the time obtained by adding the inhibition time to the OTP expiration date has elapsed from the OTP timekeeping start date and time. If the MFP100 determines that the time has elapsed (YES in step S455), the control proceeds to step S459, and if not (NO in step S455), the control proceeds to step S457. The MFP 100 may proceed from step S455 to step S457 even when the value "undecided" is registered in the inhibition time column.

In step S457, the MFP 100 displays that the input of the OTP for using the MFP 100 is possible, and then returns the control to step S405. The login screen 500A of FIG. 12 is an example of the screen displayed in step S457. That is, the control in step S457 is an example of notifying that the OTP is still effective.

In step S459, the MFP 100 returns the control to step S405 after displaying that the input of the OTP for using the MFP 100 is not possible. The login screen 500B of FIG. 12 is an example of the screen displayed in step S459. That is, the control in step S459 is an example of notifying that the OTP has become invalid.

With reference to FIG. 16, in step S415, the MFP 100 determines whether or not the login request has been accepted. The MFP 100 accepts a login request, for example, by operating the key 503 (FIG. 8). If the MFP100 determines that the login request has been accepted (YES in step S415), the control proceeds to step S461, and if not (NO in step S415), the control proceeds to step S417.

In step S461, the MFP 100 determines whether or not the combination of the user name and the password or the combination of the user name and the OTP input in the login request matches the combination registered in the user information database. If the MFP100 determines that they match (YES in step S461), the control proceeds to step S463, and if not (NO in step S461), the control proceeds to step S471.

In step S471, the MFP 100 displays the failure of user authentication on the display 121, and then returns control to step S405. The MFP 100 may return the display on the display 121 to the login screen after displaying the user authentication failure.

In step S463, the MFP 100 determines whether or not the information used for authentication in step S461 was an OTP. When the MFP100 determines that the information entered together with the user name in the login request matches the "OTP" instead of the "password" in the user information database, the information used for authentication in step S461 is the OTP. Judge that there was.

If the MFP100 determines that the information used for user authentication is OTP (YES in step S463), the control proceeds to step S465, and if not (NO in step S463), the control proceeds to step S467. ..

In step S465, the MFP 100 determines whether or not the expiration date of the OTP has not expired. If the expiration date of the OTP has not yet expired (YES in step S465), the MFP 100 advances the control to step S467, and if not (NO in step S465), advances the control to step S471. The MFP 100 proceeds to control in step S467 even after the expiration date, if the inhibition time has not elapsed since the expiration date. Further, the MFP 100 may proceed to the control to step S467 even when the value of the “inhibition time” (FIG. 6) is “undecided”.

In step S467, the MFP 100 deletes the OTP used for user authentication from the user information database and proceeds to control to step S469. As a result, the OTP once used for authentication is prevented from being used again. In the image processing system, the OTP may be a password used for a plurality of authentications as long as the expiration date is set.

In step S469, the MFP 100 returns the control to step S405 after displaying the top menu screen 530 on the display 121.

If the combination of the user name and password registered in the user information database is input in the login request by the control of steps S461 to S471 (YES in step S461 and NO in step S463), step S467. After the OTP registered associated with the user name is cleared in step S469, the top menu screen 530 is displayed in step S469. As a result, the user is permitted to use the MFP 100.

If the combination of the user name registered in the user information database and the OTP is input in the login request (YES in step S461 and YES in step S463), it means that the expiration date of the OTP has not expired. As a condition (YES in step S465), the top menu screen 530 is displayed in step S469. In this case, in step S467, the OTP used for user authentication is deleted from the user information database. As a result, it is possible to prevent the OTP once used for user authentication from being used thereafter.

When the top menu screen 530 is displayed in step S469, it means that the user authentication is successful. If the authentication failure is displayed in step S471, it means that the user authentication has failed.

In step S417, the MFP 100 determines whether or not a request other than the above-mentioned request (logout in step S405, transmission of OTP in step S407, and login in step S415) has been accepted. An example of the request determined in step S417 (hereinafter, also referred to as “other request”) is a request input to the top menu screen 530 (request for changing the number of copies, etc.), and another example is a key. This is a request to start executing a copy job by operation.

If the MFP100 determines that the other request has been accepted (YES in step S417), the control proceeds to step S481, otherwise (NO in step S417), the control returns to step S405.

In step S481, the MFP 100 returns control to step S405 after executing the process according to the request. An example of processing in response to a request is an update of the top menu screen 530 and an update of copy job settings in response to a change in the number of copies. That is, after the user logs in to the MFP 100, the MFP 100 executes a process according to the request from the user in step S481. Further, the MFP 100 accepts the input of the user name before login in step S481.

In the present embodiment described above, the expiration date of the OTP is extended by the time during which the inhibition event occurred (inhibition time) due to the occurrence of the inhibition event after the transmission of the OTP (step S465). .. As a result, it is possible to avoid a situation in which the expiration date set for inputting the OTP to the user is substantially shortened due to the occurrence of the inhibition event.

<Second Embodiment>
The image processing system of the second embodiment includes an MFP 100, an information processing device 200, and an authentication server 300, as in FIG. 1. In the second embodiment, the authentication server 300 performs at least a portion of user authentication. The control unit 110 of the MFP 100 is an example of the first controller, and the CPU 301 of the authentication server 300 is an example of the second controller. The user information database (FIG. 5) is stored in the storage device 303 of the authentication server 300. The inhibition event management table (FIG. 6) is stored in the storage device 109 of the MFP 100.

[Overview of user authentication using OTP]
FIG. 17 is a diagram showing an outline of user authentication using OTP in the second embodiment. FIG. 17 shows the MFP 100, the information processing device 200, and the user 400, as in FIG. 7. Note that FIG. 17 shows the processing in the authentication server 300 in addition to the processing in each of the MFP 100 and the information processing device 200.

With reference to FIG. 17, the MFP 100 displays a login screen as shown as step SA1 and waits for the user to input authentication information.

The user 400 using the information processing apparatus 200 approaches the MFP 100 in order to utilize the MFP 100, as shown in step SB1.

As shown in step SB2, the user 400 approaching the MFP 100 enters the username into the MFP 100. The user 400 requests the transmission of the OTP, as shown in step SB3, for reasons such as forgetting the password.

The MFP 100 requests the authentication server 300 to transmit the OTP of the user 400 in response to the request for the transmission of the OTP from the user 400, as shown in step SA11. At this time, the MFP 100 notifies the authentication server 300 of the user name of the user 400.

In step SC1, the authentication server 300 generates the OTP of the user 400 in response to the request from the MFP 100, and transmits the generated OTP to the destination associated with the user name of the user 400. This destination is, for example, an OTP transmission destination associated with a user name in a user information database.

In step SA12, the authentication server 300 notifies the MFP 100 of the completion of the transmission of the OTP. In response to this notification, the MFP 100 may display the OTP transmission notification screen (FIG. 10) on the display 121.

The information processing apparatus 200 receives the transmitted OTP using, for example, a mailer, as shown in step SC1.

On the other hand, the user 400 returns to his / her seat after requesting the transmission of the OTP (step SB3) as shown as step SB4. Then, the user 400 instructs the information processing apparatus 200 at his / her seat to display the OTP, as shown in step SB5.

The information processing apparatus 200 displays the OTP on the display 204 in response to the instruction of the user 400, as shown in step SC2.

The user 400 confirms the OTP displayed on the information processing apparatus 200 as shown as step SB6.

The user 400 then returns to the MFP 100 as shown in step SB7 and inputs the user name and OTP into the MFP 100 as shown in step SB8. If the user name has already been input to the MFP 100, the input of the user name in step SB8 may be omitted.

The MFP 100 requests the authentication server 300 for user authentication using the entered user name and OTP, as shown in step SA13.

The authentication server 300 executes user authentication in response to a request from the MFP 100 as shown in step SD2, and notifies the MFP 100 of the result of the user authentication as shown in step SD3.

In the second embodiment of the image processing system, when an inhibition event occurs within the expiration date of the OTP, only the time during which the inhibition event has occurred since the expiration date (“inhibition time” of the user information database) The user is authenticated by the input of the OTP and can use the MFP 100. More specifically, the MFP 100 notifies the authentication server 300 of the occurrence and resolution of the inhibition event. The authentication server 300 can identify the time during which the inhibition event occurred in the MFP 100 (inhibition time) based on the notification from the MFP 100.

[Processing flow]
18 to 23 are flowcharts of processes executed for user authentication by OTP in the second embodiment. In FIGS. 18 to 23, the controls corresponding to the controls described in FIGS. 14 to 16 are designated by the same reference numerals (such as “S401”) as those assigned in FIGS. 14 to 16. In each of FIGS. 18 and 20 to 22, the processing in the MFP 100 is shown on the left side, and the processing in the authentication server 300 is shown on the right side. 19 and 23 show processing in the MFP 100.

With reference to FIG. 18, when the power is turned on to the MFP 100, the MFP 100 executes the initialization process of the MFP 100 in step S401.

In step S403, the MFP 100 displays a login screen (FIG. 8) on the display 121.

In step S405, the MFP 100 determines whether or not the logout request has been accepted. When the MFP100 determines that the logout request has been accepted (YES in step S405), the MFP100 returns the control to step S403. As a result, the display of the display 121 is returned to the login screen. On the other hand, if the MFP 100 determines that the logout request is not accepted (NO in step S405), the MFP 100 proceeds to the control in step S407.

In step S407, the MFP 100 determines whether or not the request for transmission of the OTP has been accepted. If the MFP100 determines that the request for transmission of the OTP has been accepted (YES in step S407), the control proceeds to step S431, and if not (NO in step S407), the control proceeds to step S432.

In step S431, the MFP 100 registers the image of the user who requested the transmission of the OTP in the storage device 109.

In step S407A, the MFP 100 requests the authentication server 300 to transmit the OTP. The request is fulfilled, for example, by sending a message containing the user name entered by the user. After that, the MFP 100 returns the control to step S405.

In step S420, the authentication server 300 determines whether or not the request for OTP transmission (step S407A) has been received from the MFP 100. If the authentication server 300 determines that the OTP transmission request has been received (YES in step S420), it proceeds to control to step S421, and if not (NO in step S420), it controls to step S450 (FIG. 21). To proceed.

In step S421, the authentication server 300 determines whether or not the destination to which the OTP is transmitted can be specified. If the authentication server 300 determines that the destination to which the OTP is transmitted can be specified (YES in step S421), the authentication server 300 proceeds to control to step S423, otherwise (NO in step S421), step S424 (FIG. 20). ) To proceed with control.

In step S423, the authentication server 300 generates an OTP for the user name entered when requesting the transmission of the OTP.

In step S425, the authentication server 300 registers the OTP generated in step S423 in the user information database. At this time, the authentication server 300 may further register the "expiration date" associated with the OTP in the user information database. In one implementation example, the authentication server 300 registers a certain value (for example, 3 minutes) as an "expiration date". In another implementation example, the authentication server 300 sets a value to be registered as an "expiration date" according to the type of the information processing device 200 (for example, the first type or the second type) that the user uses to confirm the OTP. do.

In step S427, the authentication server 300 transmits the OTP generated in step S423 to the destination (“OTP transmission destination”) associated with the user name input at the time of requesting the transmission of the OTP. ..

In step S428, the authentication server 300 notifies the MFP 100 of the transmission of the OTP.

In step S432, the MFP 100 determines whether or not the notification of the transmission of the OTP has been received. When the MFP 100 determines that the notification of the OTP transmission has been received (YES in step S432), the MFP 100 displays the OTP transmission notification screen (FIG. 10) on the display 121 in step S433, and then returns the control to step S405. At this time, the display of the display 121 may be returned to the login screen. When the MFP100 determines that the notification of the transmission of the OTP has not been received (NO in step S432), the MFP 100 proceeds to the control in step S409 (FIG. 19).

The authentication server 300 starts measuring the expiration date of the OTP in step S429. By the control of step S429, in the authentication server 300, the time when the OTP is transmitted becomes the starting point of the expiration date of the OTP. After that, the authentication server 300 returns control to step S420.

With reference to FIG. 19, in step S409, the MFP 100 determines whether or not an inhibitory event has occurred in the MFP 100, as described with reference to FIG.

An example of an obstructive event is that if there is an OTP that has been issued and the expiration date has not expired, a user other than the user who transmitted the OTP is using the MFP100.

Another example of the inhibition event is a state in which the operation panel 120 does not accept the input of the OTP in the MFP 100. The state in which the input of the OTP is not accepted is, for example, the state in which the MFP 100 is stopped due to lack of consumables, the state in which the operation is stopped due to the occurrence of paper jam in the print output unit 103, and the state in which the control unit 110 is not accepted. Is stopped due to an error in the processing being executed, or is stopped due to an error in the elements constituting the MFP 100.

In step S409, if the MFP100 determines that an inhibition event has occurred in the MFP100 (YES in step S409), the control proceeds to step S441, otherwise (NO in step S409), the process proceeds to step S411. Advance control.

In step S441, the MFP 100 registers an event determined to have occurred in the inhibition event management table (FIG. 6) as described with reference to FIG. After that, the MFP 100 returns the control to step S405.

In step S441, the MFP 100 may notify the authentication server 300 that an obstruction event has occurred in the MFP 100, and in response to the notification, the authentication server 300 sets the "inhibition time" of the user information database. The value "undecided" may be registered in the field.

In step S411, as described with reference to FIG. 15, the MFP 100 determines whether or not the inhibition event has been resolved with respect to the inhibition event registered to occur in the inhibition event management table. to decide. If the MFP100 determines that the inhibition event has been resolved (YES in step S411), the control proceeds to step S445, and if not (NO in step S411), the control proceeds to step S413.

In step S445, the MFP 100 registers in the inhibition event management table (FIG. 6) the time when the event is resolved (or the time when it is determined that the inhibition event is resolved in step S411) as the "inhibition event resolution date and time". do.

In step S447A, the MFP 100 calculates the time from the occurrence of the inhibition event to its resolution, and notifies the authentication server 300 of the calculated time (inhibition time). After that, the MFP 100 returns the control to step S405. On the other hand, the authentication server 300 registers as "inhibition time" in the user information database (FIG. 5) in response to the notification in step S447A.

In step S413, the MFP 100 determines whether or not the login screen is displayed on the display 121 and the update timing of the display on the display 121 has arrived. In one implementation example, the MFP 100 updates the display 121 at predetermined time intervals such as 1 minute. In step S413, it is determined whether or not the login screen is displayed on the display 121 at the timing of the update.

If the MFP100 determines that the update timing has arrived while displaying the login screen (YES in step S413), it proceeds to control to step S451, otherwise (NO in step S413), step S434 (FIG. 20). Advance control to.

In step S451, the MFP 100 determines whether or not a state has occurred in which the user name has been entered in the login screen (input field 501) and the expiration date of the OTP has expired. When the MFP100 determines that the user name has been entered in the login screen and the expiration date of the OTP has passed (YES in step S451), the MFP100 proceeds to control to step S453. On the other hand, the MFP 100 controls to step S455 if at least one of the user name is not entered on the login screen and the OTP expiration date has not passed (NO in step S451). To proceed. The MFP 100 can inquire the authentication server 300 whether or not the expiration date has passed for the transmitted OTP, and can make a determination in step S451 based on the response from the authentication server 300 to the inquiry. ..

In step S453, the MFP 100 clears the user name displayed on the login screen and proceeds to control to step S455. As a result, the user name displayed on the login screen by being input on the login screen is deleted from the login screen.

In step S455, the MFP 100 determines whether or not the time obtained by adding the inhibition time to the OTP expiration date has elapsed from the OTP timekeeping start date and time. The MFP 100 may inquire of the authentication server 300 whether or not the time obtained by adding the inhibition time to the OTP expiration date has elapsed from the OTP timekeeping start date and time for the transmitted OTP, and the authentication server for the inquiry. The determination in step S455 can be carried out based on the response from 300.

If the MFP100 determines that the above time has elapsed (YES in step S455), the control proceeds to step S459, and if not (NO in step S455), the control proceeds to step S457. The MFP 100 may proceed from step S455 to step S457 even when the value "undecided" is registered in the inhibition time column.

In step S457, the MFP 100 displays that the input of the OTP for using the MFP 100 is possible, and then returns the control to step S405. The login screen 500A of FIG. 12 is an example of the screen displayed in step S457. That is, the control in step S457 is an example of notifying that the OTP is still effective.

In step S459, the MFP 100 returns the control to step S405 after displaying that the input of the OTP for using the MFP 100 is not possible. The login screen 500B of FIG. 12 is an example of the screen displayed in step S459. That is, the control in step S459 is an example of notifying that the OTP has become invalid.

With reference to FIG. 20, the authentication server 300 notifies the MFP 100 in step S424 that the destination to which the OTP is transmitted cannot be specified.

The MFP100 determines in step S434 whether or not it has received a notification indicating that the destination to which the OTP is transmitted cannot be specified, and if it determines that the notification has been received (YES in step S434), step S435. If not (NO in step S434), the control proceeds to step S415 (FIG. 21).

In step S435, the MFP 100 displays on the display 121 that the OTP cannot be transmitted. The display is realized, for example, by displaying the OTP transmission failure screen. After that, the MFP 100 returns the control to step S405. At this time, the display of the display 121 may be returned to the login screen.

With reference to FIG. 21, in step S415, the MFP 100 determines whether or not the login request has been accepted. If the MFP100 determines that the login request has been accepted (YES in step S415), the control proceeds to step S415A, and if not (NO in step S415), the control proceeds to step S458 (FIG. 22).

In step S415A, the MFP 100 sends a login request to the authentication server 300. The request includes the user and the password or OTP entered by the user. After that, the MFP 100 returns the control to step S405 (FIG. 18).

In step S450, the authentication server 300 determines whether or not the login request has been received. If the authentication server 300 determines that the login request has been received (YES in step S450), it proceeds to control to step S461 (FIG. 22), otherwise (NO in step S450), step S420 (FIG. 18). ) Return control.

With reference to FIG. 22, in step S461, the combination of the user name and the password or the combination of the user name and the OTP received as the login request matches the combination registered in the user information database. Decide whether to do it or not. If the authentication server 300 determines that they match (YES in step S461), the control proceeds to step S463, and if not (NO in step S461), the control proceeds to step S462.

In step S462, the authentication server 300 notifies the MFP 100 of the failure of user authentication, and then returns control to step S420 (FIG. 18).

In step S463, the authentication server 300 determines whether or not the information used for authentication in step S461 was an OTP. If the authentication server 300 determines that the information used for user authentication is OTP (YES in step S463), it proceeds to control to step S465, otherwise (NO in step S463), it controls to step S466A. To proceed.

In step S465, the authentication server 300 determines whether or not the expiration date of the OTP has not expired. If the OTP expiration date has not yet expired (YES in step S465), the authentication server 300 proceeds to control to step S466A, and if not (NO in step S465), it proceeds to control to step S466B. The authentication server 300 proceeds to control to step S467 even after the expiration date, if the inhibition time has not elapsed since the expiration date. Further, the MFP 100 may proceed to the control to step S467 even when the value of the “inhibition time” (FIG. 6) is “undecided”.

In step S466A, the authentication server 300 notifies the MFP 100 of the success of user authentication, and then proceeds to control to step S467. On the other hand, in step S466B, the authentication server 300 notifies the MFP 100 of the failure of user authentication, and then returns control to step S420 (FIG. 18).

In step S467, the authentication server 300 deletes the OTP used for user authentication from the user information database and returns control to step S420 (FIG. 18).

On the other hand, the MFP 100 determines in step S458 whether or not the notification of the success of the user authentication has been received. If the MFP100 determines that the notification of success has been received (YES in step S458), the control proceeds to step S469, otherwise (NO in step S458), the control proceeds to step S460.

In step S469, the MFP 100 returns the control to step S405 after displaying the top menu screen 530 on the display 121. As a result, the user is permitted to use the MFP 100. After that, the MFP 100 returns the control to step S405 (FIG. 18).

In step S460, the MFP 100 determines whether or not the user authentication failure notification has been received. If the MFP100 determines that the failure notification has been received (YES in step S460), the control proceeds to step S471, otherwise (NO in step S460), the control proceeds to step S417 (FIG. 23).

In step S471, the MFP 100 displays on the display 121 that the user authentication has failed, and then returns control to step S405 (FIG. 18). The MFP 100 may return the display on the display 121 to the login screen after displaying the user authentication failure.

With reference to FIG. 23, in step S417, the MFP 100 is referred to as a request other than the above-mentioned request (logout in step S405, transmission of OTP in step S407, and login in step S415) (hereinafter, referred to as “other request”). ) Is accepted or not. If the MFP100 determines that the other request has been accepted (YES in step S417), the control proceeds to step S481, otherwise (NO in step S417), the control returns to step S405.

In step S481, the MFP 100 returns control to step S405 after executing the process according to the request. An example of processing in response to a request is an update of the top menu screen 530 and an update of copy job settings in response to a change in the number of copies. That is, after the user logs in to the MFP 100, the MFP 100 executes a process according to the request from the user in step S481. Further, the MFP 100 accepts the input of the user name before login in step S481.

In the second embodiment described above, the expiration date of the OTP is extended by the time during which the inhibition event occurred (inhibition time) due to the occurrence of the inhibition event after the transmission of the OTP (step). S465). As a result, it is possible to avoid a situation in which the expiration date set for inputting the OTP to the user is substantially shortened due to the occurrence of the inhibition event.

It should be considered that each embodiment disclosed this time is exemplary in all respects and is not restrictive. The scope of the present invention is shown by the scope of claims rather than the above description, and it is intended to include all modifications within the meaning and scope equivalent to the scope of claims. In addition, the inventions described in the embodiments and the modifications are intended to be implemented, either alone or in combination, wherever possible.

100 MFP, 106 motion sensor, 120 operation panel, 200 information processing device, 300 authentication server, 400 users, 500, 500A, 500B login screen, 510 transmission request screen, 520 transmission notification screen, 530 top menu screen.

Claims (19)

It is an image forming device
A memory that stores user-identifying information in association with the destination,
An input interface that accepts input of information that identifies the user,
A controller that sends a one-time password to a destination associated with information that identifies a user entered in the input interface when the input interface accepts a request for temporary authentication.
The controller
Measure a certain period of time regarding the expiration date of the one-time password, and
If the event that hinders the input of the one-time password to the image forming apparatus does not occur after the transmission of the one-time password, the input of the one-time password is performed before the measurement is completed for a certain period of time. The user is authenticated for the use of the image forming apparatus for the information that identifies the user input to the input interface according to the above.
When an event that hinders the input of the one-time password to the image forming apparatus occurs after the transmission of the one-time password, a given period detected as the period of the event is added to the fixed time. An image forming apparatus that authenticates a user for use of the image forming apparatus with respect to information for identifying a user input to the input interface in response to the input of the one-time password before the measurement of the time is completed. .. The image forming apparatus according to claim 1, wherein the given period includes a period in which a user other than the user specified by the information identifying the user uses the image forming apparatus. The image forming apparatus according to claim 1 or 2, wherein the given period includes a period in which the input interface is in a state of not accepting input of a one-time password. The image forming apparatus according to claim 3, wherein the given period includes a period during which the image forming apparatus has stopped operating due to a lack of consumables. The image forming apparatus according to claim 3 or 4, wherein the given period includes a period during which the operation is stopped due to the occurrence of a jam in the image forming apparatus. The image forming apparatus according to any one of claims 3 to 5, wherein the given period includes a period during which a warning regarding the processing of the controller is output. The image forming apparatus according to any one of claims 3 to 6, wherein the given period includes a period during which the image forming apparatus has stopped operating due to an error in an element of the image forming apparatus. The image according to any one of claims 1 to 7, wherein the controller notifies that authentication by the one-time password is possible after the transmission of the one-time password until the measurement is completed for a certain period of time. Forming device. The image forming apparatus according to any one of claims 1 to 8, wherein the controller notifies that authentication by a one-time password is impossible after the measurement is completed for a certain period of time. An image forming apparatus and an authentication server for authenticating a user who uses the image forming apparatus are provided.
The image forming apparatus
An input interface that accepts input of information that identifies the user,
When the input interface accepts a request for temporary authentication, the authentication server includes a first controller that sends a request for temporary authentication for information that identifies a user entered in the input interface.
The authentication server
A memory that stores user-identifying information in association with the destination,
When the request for temporary authentication is received from the image forming apparatus, a second controller that transmits a one-time password to a destination associated with the information that identifies the user input to the input interface. Including
The first controller is
The one-time password entered in the input interface is sent to the authentication server,
The second controller is
Measure a certain amount of time related to the expiration date of the one-time password,
Before the measurement is completed for a certain period of time, in response to the input of the one-time password, the user is authenticated for the use of the image forming apparatus with respect to the information for identifying the user input to the input interface.
If the event that hinders the input of the one-time password to the image forming apparatus does not occur after the transmission of the one-time password, the input of the one-time password is performed before the measurement is completed for a certain period of time. The user is authenticated for the use of the image forming apparatus for the information that identifies the user input to the input interface according to the above.
When an event that obstructs the input of the one-time password to the image forming apparatus occurs after the transmission of the one-time password, a given period detected as the period of the event is added to the fixed time. An image processing system that authenticates a user for use of the image forming apparatus with respect to the information for identifying the user input to the input interface in response to the input of the one-time password before the measurement of the time is completed. .. The image processing system according to claim 10, wherein the given period includes a period in which a user other than the user specified by the information identifying the user uses the image forming apparatus. The image processing system according to claim 10, wherein the given period includes a period in which the input interface is in a state of not accepting the input of the one-time password. The image processing system according to claim 12, wherein the given period includes a period during which the image forming apparatus has stopped operating due to lack of consumables. The image processing system according to claim 12, wherein the given period includes a period during which the operation is stopped due to the occurrence of a jam in the image forming apparatus. The image processing system according to any one of claims 12 to 14, wherein the given period includes a period during which a warning regarding the processing of the first controller is output. The image processing system according to any one of claims 12 to 15, wherein the given period includes a period during which the image forming apparatus has stopped operating due to an error in an element of the image forming apparatus. According to any one of claims 10 to 16, the first controller notifies that authentication by the one-time password is possible after the transmission of the one-time password until the measurement is completed for a certain period of time. The image processing system described. The image processing system according to any one of claims 10 to 17, wherein the first controller notifies that authentication by a one-time password is impossible after the measurement is completed for a certain period of time. By being executed by the computer of the image forming apparatus, the image forming apparatus can be subjected to.
The step of accepting the input of the temporary authentication request in the input interface,
In response to the input of the request for temporary authentication, a step of sending a one-time password to a destination associated with the user-identifying information entered in the input interface, and
After the transmission of the one-time password, a step of determining whether or not an event that hinders the input of the one-time password to the image forming apparatus has occurred, and
When the event does not occur and before the measurement of the expiration date of the one-time password is completed for a certain period of time, the user input to the input interface is specified in response to the input of the one-time password. For information, the step of authenticating the user for the use of the image forming apparatus, and
When the event occurs, if the measurement of the time obtained by adding the given period detected as the period of the event to the fixed time is not completed, the input is made in response to the input of the one-time password. A program that executes a step of authenticating a user for use of the image forming apparatus for information input to the interface that identifies the user.

Images