JP2024016178A - Portable terminal and method for controlling the same, program, and storage medium - Google Patents

Abstract

To provide a log-in method and apparatus that allow a user to log in to an information processing apparatus only by approaching the information processing apparatus using a portable terminal owned by the user without the need to hold an IC card over a card reader.SOLUTION: In a communication system, each of a plurality of portable terminals communicating with a plurality of MFPs (multifunction processors) in interconnection with a LAN or a short-range radio communication function acquires information based on a signal transmitted from an MFP as an information processing apparatus, when the reception signal strength of the signal transmitted from the information processing apparatus satisfies a predetermined condition and another user does not log in to the information processing apparatus, controls to transmit a log-in request to the information processing apparatus, and when the reception signal strength satisfies the predetermined condition and the another user logs in to the information processing apparatus, controls not to transmit the log-in request to the information processing apparatus.SELECTED DRAWING: Figure 6

Description

The present invention relates to a mobile terminal, a control method thereof, a program , and a storage medium .

When logging into a conventional multifunction device, a user logs in after authenticating the user by reading the user's IC card into a card reader connected to the multifunction device (for example, Patent Document 1).

Japanese Patent Application Publication No. 2011-227760

When logging in using an IC card as in the past, it is a hassle to hold the IC card over a card reader. Further, it may take some time for the user's authentication to be completed after holding the IC card over the card reader, and it takes time for the user to log in.

An object of the present invention is to solve the problems of the prior art described above.

A feature of the present invention is to provide a technology that allows a user to log into an information processing apparatus simply by carrying a mobile terminal and approaching the information processing apparatus .

In order to achieve the above object, a mobile terminal according to one aspect of the present invention has the following configuration. That is,
acquisition means for acquiring information based on a signal transmitted from the information processing device;
transmitting a login request to the information processing device when the received signal strength of the signal transmitted from the information processing device satisfies a predetermined condition and no other user is logged in to the information processing device;
control means for controlling not to transmit a login request to the information processing device when the received signal strength satisfies the predetermined condition and another user is logged in to the information processing device; It is characterized by having.

According to the present invention, a user can log into an information processing device simply by approaching the information processing device using a mobile terminal owned by the user.

Other features and advantages of the invention will become apparent from the following description with reference to the accompanying drawings. In addition, in the accompanying drawings, the same or similar structures are given the same reference numerals.

The accompanying drawings are included in and constitute a part of the specification, illustrate embodiments of the invention, and together with the description serve to explain the principles of the invention.
1 is a diagram showing a configuration example of a communication system according to Embodiment 1 of the present invention. FIG. 2 is a block diagram illustrating the hardware configurations of an MFP and a mobile terminal according to the first embodiment. 2 is a block diagram (A) illustrating the software configuration of an MFP according to the first embodiment, and a block diagram (B) illustrating the software configuration of the mobile terminal according to the first embodiment. FIG. FIG. 3 is a diagram illustrating an example of a screen displayed on the operation unit of the MFP according to the first embodiment and screen transitions related to login and logout. FIG. 3 is a diagram illustrating an example of a Bluetooth service included in the MFP according to the first embodiment. 5 is a flowchart showing the basic operation of the mobile terminal according to the first embodiment. 7 is a flowchart showing details of the MFP usage process in S608 of FIG. 6. Diagram showing a UI that presents alternative functions to a user on a mobile terminal 8 is a flowchart illustrating details of the alternative function usage process in S710 of FIG. 7. FIG. 7 is a flowchart showing details of the MFP usage termination process in S611 of FIG. 6; 7 is a flowchart illustrating the operation of local login processing in the MFP according to the first embodiment. 7 is a flowchart showing the operation of logout processing in the MFP according to the first embodiment. 7 is a flowchart showing the operation when the MFP receives a login request from a mobile terminal. FIG. 3 is a diagram illustrating an example of the state of the MFP and the mobile terminal according to the first embodiment of the present invention. FIG. 7 is a diagram illustrating a Bluetooth user authentication service and characteristics provided in the MFP according to Embodiment 2 of the present invention. 7 is a diagram showing a sequence when a mobile terminal issues a login request to an MFP according to a second embodiment; FIG. 10 is a flowchart illustrating manual logout processing by the MFP according to the third embodiment. FIG. 7 is a diagram illustrating characteristics included in the MFP user authentication service according to Embodiment 4 of the present invention. 7 is a flowchart showing details of the process of S608 in FIG. 6 in Embodiment 4. FIG. 12 is a flowchart illustrating the operation of local login processing in the MFP according to the fourth embodiment. FIG. 7 is a block diagram illustrating the hardware configuration of an MFP according to Embodiment 5 of the present invention. 12 is a flowchart illustrating a process in which the MFP according to the fifth embodiment uses a signal from a mobile terminal to log in the user of the mobile terminal and log out the user. 10 is a flowchart illustrating a process in which the mobile terminal 102 logs into the MFP 101 according to the fifth embodiment.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the following embodiments do not limit the present invention according to the claims, and not all combinations of features described in the present embodiments are essential to the solution of the present invention. . In the embodiments described below, a multifunction peripheral (MFP) will be described as an example of an information processing apparatus according to the present invention. However, the information processing device according to the present invention is not limited to such a multifunction device, but can also be applied to, for example, communication devices such as printers, scanners, and facsimiles, and information devices such as PCs.

[Embodiment 1]
FIG. 1 is a diagram showing a configuration example of a communication system according to Embodiment 1 of the present invention.

This communication system includes a plurality of MFPs (multi-function processing devices) and a plurality of mobile terminals, and assumes, for example, an office environment where each user has his or her own mobile terminal and always carries it with him or her. Each MFP has copying, facsimile transmission/reception, scanning, box, transmission, printing functions, etc., and is installed according to the office environment. Although the system of FIG. 1 shows an MFP 101, a mobile terminal 102, and a mobile terminal 103, the number of these devices is not limited to this.

Mobile terminal 101 and mobile terminal 102 are owned by different users. The MFP 101 is connected to a network (LAN) 104 and can communicate with other terminals connected to the LAN 104 via the LAN 104 . Similarly, the mobile terminal 102 and the mobile terminal 103 can be connected to the LAN 104 via the wireless router 105, and can perform wireless communication with other terminals connected to the LAN 104. Furthermore, the MFP 101 and the mobile terminals 102 and 103 are equipped with a Bluetooth (registered trademark) communication function as a short-range wireless communication function, and can connect and communicate with each other within the range of Bluetooth radio waves.

FIG. 2 is a block diagram illustrating the hardware configurations of the MFP 101 and the mobile terminal 102 according to the first embodiment. Note that the hardware configuration of the mobile terminal 103 is also the same as that of the mobile terminal 102, so a description thereof will be omitted.

First, the hardware configuration of the MFP 101 will be explained.

CPU 201 controls the overall operation of MFP 101 . The CPU 201 reads a control program stored in the ROM 202 and performs various controls such as reading control, printing control, and transmission control. The RAM 203 is a volatile memory used as a work area etc. when the CPU 201 executes various programs. The HDD 204 stores image data and various programs. The operation unit 205 includes a display unit that operates as a touch panel that can be operated with a user's finger, hard keys, and the like. The printer 206 prints an image on a sheet according to the image data transferred via the internal bus 221. A scanner 207 reads an image on a document and generates image data. The IC card reader 208 reads an IC card owned by the user for user authentication. The Bluetooth I/F 209 is an interface that performs wireless communication according to the Bluetooth standard, and performs wireless communication with other devices having the Bluetooth I/F. In the first embodiment, the MFP 101 can communicate with the mobile terminals 102 and 103 using the Bluetooth standard. Network I/F 210 has a NIC (Network Interface Card) for connection to LAN 104. The timer 223 measures a predetermined period of time according to instructions from the CPU 201, and notifies the CPU 201 by interrupt or the like when the specified period of time has elapsed. The internal bus 221 connects the CPU 201 and each of the above-mentioned units, and transmits data, control signals, and the like. Note that the program executed by the CPU 201 may be installed in the HDD 204 and expanded to the RAM 203 and executed at the time of execution.

Next, the hardware configuration of the mobile terminal 102 will be explained.

CPU 211 controls the overall operation of mobile terminal 102 . The RAM 212 is a volatile memory used as a work area etc. when the CPU 211 executes various programs. The flash memory 213 is a nonvolatile memory that stores various programs and data. The operation unit 214 includes a display unit that operates as a touch panel that can be operated with a user's finger. The Bluetooth I/F 215 is an interface for communicating with Bluetooth, and communicates with other devices having a Bluetooth interface. In the first embodiment, the mobile terminal 102 communicates with the MFP 101 using Bluetooth. The wireless network interface 216 is a wireless-compatible NIC that can connect to and communicate with the wireless router 105. Speaker 217 converts the electrical signal into sound. Microphone 218 detects sound and converts it into an electrical signal. A camera 219 photographs still images and moving images and converts them into electronic data. GPS 220 is a receiver of the Global Positioning System. The internal bus 222 connects the CPU 211 and each of the above-mentioned units, and transmits data, control signals, and the like.

FIG. 3 is a block diagram (A) illustrating the software configuration of the MFP 101 according to the first embodiment, and a block diagram (B) illustrating the software configuration of the mobile terminal 102 according to the first embodiment. Incidentally, since the software configuration of the mobile terminal 103 is also the same as that of the mobile terminal 102 here, the explanation thereof will be omitted.

FIG. 3A is a block diagram showing the software configuration of the MFP 101 and data areas managed by the software. A document 304, a print job 305, a counter 306, and a user account 313 indicate data areas that are stored and managed by software in the RAM 203 and HDD 204. The platform 301 can be configured to include an operating system such as Linux (registered trademark), a JAVA (registered trademark) virtual machine, an OSGi (registered trademark) framework, and a group of device drivers. JAVA is a registered trademark of Oracle Corporation. The OSGi framework is a JAVA-based service platform defined by the OSGi Alliance (a standards organization). The platform 301 includes a group of device drivers for controlling various hardware, and provides an API for using the hardware to applications running on the platform 301. For example, the Bluetooth control unit 302 is a device driver for controlling the Bluetooth I/F 209, and the network control unit 303 is a device driver for controlling the network I/F 210. Although not shown, a printer module that controls the printer 206 and a scanner module that controls the scanner 207 also exist on the platform 301. The platform 301 also provides applications with APIs for reading and writing data in the document 304, print job 305, and counter 306.

Menu 307, copy 308, print 309, and send 310 are applications that operate on platform 301, and display user interfaces that provide various functions on operation unit 205. For example, the copy 308 controls the scanner 207 and printer 206 via the platform 301 to execute copying. Print 309 provides a function to print document data stored in document 304 and print jobs stored in print job 305. The output of copies and prints is executed via the API of the platform 301, and the platform 301 records the number of printed sheets in the counter 306. Transmission 310 provides a function of transmitting document data acquired from the scanner 207 to the outside. The menu 307 is a module that displays a menu screen for selecting an application (eg, copy, print, send) from the operation unit 205. The remote UI 311 is a module that provides a user interface written in HTML when the MFP 101 is accessed from the web browser of the mobile terminal 102 or 103 using the HTTP protocol. The remote UI 311 provides a user interface for managing the settings of the MFP 101 and a user interface for printing document data stored in the document 304. The login service 312 is a module that provides a login function when a user uses the MFP 101.

Next, the user account 313 management function, local login function, remote login function, and login function for Bluetooth service access provided in the login service 312 will be described.
- User account management function Provides users with a user interface for registering and managing user accounts. Information registered via the user interface is recorded and managed in the user account 313. The information to be managed includes, for example, a user name, password, IC card number, role, etc. as shown in Table 1 (user information list).

- Local login function Provides a login/logout function to the user who uses the operation unit 205. A login screen is displayed on the operation unit 205 to prevent users who have not logged in from using the operation unit 205. Here, the number of users who can log in locally at the same time is "1". Therefore, multiple users cannot log in locally at the same time. If the user's login is successful, the screen on the display unit of the operation unit 205 is changed from the login screen to the menu screen, so that the user can use the MFP 101. Provide multiple login methods for local login. For example, we offer the following login methods:
(1) Login using the keyboard The user name and password entered by the user through the operation unit 205 are acquired through the login screen displayed on the operation unit 205, and the login process is performed when the user is authenticated.
(2) Login using an IC card The IC card number is obtained from the user's IC card held over the IC card reader 208 to identify the user, and if the user can be authenticated, login processing is performed.
(3) Mobile Login When a login request is received from a mobile terminal via Bluetooth communication along with user authentication information, the user is authenticated and login processing is performed. Here, levels are provided for login requests from mobiles, and implementation is implemented such that requests of a predetermined level are rejected depending on the state of the MFP 101, for example. The MFP 101 records and manages the StatuID shown in Table 2 below (login permission status list) in the RAM 203. Here, as shown in Table 2, if the StatuID is "1", login is possible, but if the StatuID is "2" or "3", the login request is accepted depending on the login request level and the status of the MFP 101. There may be no. When the StatuID is "3", a login request from the user is not accepted until the user leaves a predetermined distance range (for example, 10 cm to 2 m) from the MFP 101 after the user logs out.

Next, the following multiple methods are provided as methods for logging out after local login.
(1) A logout button (410 in FIG. 4) is displayed on the operation unit 205, and logout processing is performed when pressing of the logout button is detected.
(2) Logout processing is performed when the user does not operate the operation unit 205 for a certain period of time.
(3) When a logout request is received from a mobile terminal, logout processing is performed.

After logout processing, display the login screen.

Next, remote login will be explained.
-Remote login function Provides a login/logout function when using the remote UI 311. For example, when an access to the remote UI 311 from the mobile terminal 102 is detected, a login screen written in HTML is sent to the mobile terminal 102. Then, the user is authenticated by acquiring the user name and password entered on the login screen, and is permitted to log in to the remote UI 311. Configure so that multiple users can log in remotely at the same time.
(2) Login function for accessing Bluetooth services A login/logout function is provided for accessing services published via Bluetooth.

Next, the software configuration of the mobile terminal 102 according to the embodiment will be described with reference to FIG. 3(B). In the following description, the mobile terminal 102 will be used as an example, but it goes without saying that the same process can be performed for the mobile terminal 103 as well.

The document 320 and the authentication information 319 indicate data areas that are stored and managed in the flash memory 213 by the software. The platform 314 can be configured with a platform such as Google's Android (registered trademark) or Apple's iOS (registered trademark). The platform 314 includes a group of device drivers for controlling various hardware, and provides APIs for using the various hardware to applications running on the platform 314. In the first embodiment, the device driver group includes a Bluetooth control section 315 and a wireless network control section 316. The Bluetooth control unit 315 is a device driver for controlling the Bluetooth I/F 215, and the wireless network control unit 316 is a device driver for controlling the wireless network I/F 216. Various applications can be installed on the mobile terminal 102 and run on the platform 314. In the first embodiment, it is assumed that the MFP connection application 317 is installed in advance. The MFP connection application 317 has, for example, the following functions.
(1) Connect to the MFP 101 using Bluetooth and issue a login request or logout request.
(2) User authentication information (user name and password) used when making a login request can be recorded in advance in the authentication information 319 by the user. For example, a combination of user name and password as shown in Table 3 (authentication information) below is recorded.

(3) Connect to the MFP 101 via wireless LAN and issue a request to print the photo data or document data recorded in the document 320.
(4) Start the web browser 318 and connect to the remote UI 311 of the MFP 101.

It is assumed that the MFP connection application 317 holds setting values as shown in Table 4 (connection setting list) below, for example. Table 4 below indicates that a login request is made when the mobile terminal 102 moves within 2 meters from the MFP 101, and indicates that a logout request is made when the portable terminal 102 moves away from the MFP 101 at a distance of 5 meters or more. It also means that the level of the login request is used differently depending on the distance between the mobile terminal 102 and the MFP 101. Note that, as will be described later, the distance at which this request is made may be set to a different value depending on the user. For example, for a user who always works near the MFP 101, the distance at which this request is made is set to be shorter than for other users.

The above distance may be configured to be changeable by the user of the mobile terminal 102, or may be configured to obtain the setting from the MFP 101. To measure the distance from the MFP 101, Bluetooth RSSI (Received Signal Strength Indication) transmitted by the MFP 101 is used. It is desirable that the logout distance is longer than the login distance. This is because RSSI can become weak when an obstacle enters between the mobile terminal 102 and the MFP 101, so this is to prevent logging out due to false detection caused by an obstacle. be. For example, by taking advantage of the property that RSSI attenuates as the distance between MFP 101 and mobile terminal 102 becomes longer, the relationship between RSSI (dBm) and distance from MFP 101 is shown in Table 5 (list of RSSI and estimated distance). It is possible to create data that shows.

If the strength of the Bluetooth transmission radio waves transmitted by the MFP 101 is known in advance, the mobile terminal 102 may be configured to have the above-mentioned relationship data between the RSSI and the distance from the MFP 101 in advance. Further, the distance from the MFP 101 may be calculated by the mobile terminal 102 dynamically acquiring information regarding the strength of the Bluetooth transmission radio waves transmitted by the MFP 101 from the MFP 101 and comparing it with the RSSI.

FIG. 4 is a diagram illustrating an example of a screen displayed on the operation unit 205 of the MFP 101 according to the first embodiment and screen transitions related to login and logout.

For example, in a state before the user logs in, the login screen 401 is displayed on the operation unit 205 and waits for detection of an IC card or reception of a login request from the mobile terminal 102 via Bluetooth. When an IC card is detected or a login request via Bluetooth is received, login processing is executed. If the login is successful, a transition is made to the menu screen 403, and if the login is unsuccessful, the original login screen 401 is displayed. Furthermore, if pressing of a button 404 for switching to keyboard authentication is detected on the login screen 401, the screen transitions to a login screen 402 for entering an account and password using a soft keyboard. Login screen 402 includes a button 405 for returning to login screen 401. When pressing the login button 406 on the login screen 402 is detected, the input account and password are acquired and login processing including user authentication processing is performed. If the login is successful, a transition is made to the menu screen 403, and if the login is unsuccessful, the original login screen 402 is displayed.

The menu screen 403 includes buttons 407 to 409 for calling various applications, and a logout button 410. If pressing of the logout button 410 is detected, logout processing is performed and the login screen 401 is displayed.

Next, the Bluetooth functions and services included in the MFP 101 according to the first embodiment will be described.

In the MFP 101 according to the first embodiment, when the power is turned on, the platform 301 activates Bluetooth via the Bluetooth control unit 302, and sends out Bluetooth advertising packets at predetermined intervals. This advertising packet includes the following data.
・Local Name
This is the name of the device, etc. For example, "(company name) MFP CXXX".
・Manufacturer Specific Data
Stores the identifier of the manufacturer that manufactured the MFP and arbitrary data. It can include RSSI (Received Signal Strength Indication, for example, −59 dbm) when a Bluetooth packet is received at a location 1 meter away from the device.
・TX Power Level
Transmission signal strength. For example, "-38dbm".
・Service UUIDs
A UUID that represents the device's capabilities.

FIG. 5 is a diagram illustrating an example of a Bluetooth service included in the MFP 101 according to the first embodiment.

This MFP 101 exposes a user authentication service 501, an MFP information service 502, a print service 503, and a maintenance service 504 defined in a GATT (Generic Attribute) profile to the mobile terminal 102 connected via Bluetooth. The user authentication service 501 has the following characteristics defined in the GATT profile. The login service 312 reads and writes the value of each characteristic via the API provided by the platform 301 and the Bluetooth control unit 302.
・Status ID505
This is a characteristic indicating the status of the MFP 101 regarding whether or not login is possible. The mobile terminal 102 reads the information and uses it to obtain the status of the MFP 101 regarding whether or not login is possible. As this value, the values shown in Table 6 (Status ID list) below are stored, similar to the login permission status list.

The login service 312 changes the value (StatusID) according to the change in status. When changing the value, the Bluetooth control unit 302 notifies the connected mobile terminal 102 of the value change using Notification in Attribute Protocol (ATT).
・UserName506
This is a characteristic for writing the user name when the mobile terminal 102 requests login.
・Password507
This is a characteristic for writing a password when the mobile terminal 102 requests login. It may be configured as a characteristic that requires the password to be written to be encrypted.
・Request ID508
This is a characteristic for the mobile terminal 102 to write a request to the authentication service. For example, a Request ID 508 as shown in Table 7 (Request ID list) below is written. Note that the login request levels shown in Table 7 correspond to the login request levels shown in Table 4 above.

・Result ID509
This is a characteristic that stores the authentication result (success or failure of user authentication) when the MFP 101 receives a login request from the mobile terminal 102 and performs user authentication. For example, values as shown in Table 8 (Result ID list) below are stored.

When storing the authentication result, the Bluetooth control unit 302 notifies the connected mobile terminal 102 of the authentication result using Notification in Attribute Protocol (ATT).

The MFP information service 502 characteristically includes a URL 510 that stores the URL of the remote UI 311. The value of the URL 510 is set by the platform 301 when the MFP 101 is started.

The print service 503 is configured as a service that can be searched from the mobile terminal 102 after successful login for Bluetooth service access. The print service 503 has the following characteristics. The print 309 reads and writes the value of each characteristic via the API provided by the platform 301 and the Bluetooth control unit 302.
・MyJobList511
The print job 305 stores the identifier of the print job associated with the user who has logged in to access the Bluetooth service from among the temporarily stored print jobs. If there are multiple print jobs associated with the user, identifiers of the multiple print jobs are stored.
・Request ID512
This characteristic is used by the mobile terminal 102 to request an operation for the print job 305. For example, the IDs shown in Table 9 below (print service Request ID list) can be written. The value written by the mobile terminal 102 is notified to the print 309, and the print 309 operates the print job according to the request. Here you can print and delete print jobs.

・RequestParameter513
This is a characteristic that stores the identifier of the print job 305 that is the target of an operation when the mobile terminal 102 requests an operation for the print job 305. The mobile terminal 102 writes the print job identifier obtained from the MyJobList 511.

The maintenance service 504 is configured as a service that can be searched from the mobile terminal 102 if the login for Bluetooth service access is successful and the role of the logged-in user is administrator. The maintenance service 504 includes a Count 514 that characteristically stores the count of the counter 306. The platform 301 detects a change in the value of the counter 306 and sets the same value to the Count 514.

Although not shown, each service and characteristic includes information such as a handle, UUID, data type information, and text information.

Next, the basic operation of the mobile terminal 102 according to the first embodiment will be explained.

FIG. 6 is a flowchart showing the basic operation of the mobile terminal 102 according to the first embodiment. Hereinafter, with reference to FIG. 6, a basic operation when a user who has the mobile terminal 102 approaches the MFP 101 and starts using the MFP 101 will be described. Unless otherwise mentioned, the main body of operation of the mobile terminal 102 is the CPU 211. Unless otherwise specified, the main body of the software is the MFP connection application 317, or the MFP connection application 317 calls an API provided by the platform 314, and the platform 314 performs the processing on its behalf. Here, the main body of the operation will be explained as the CPU 211.

When the processing of the mobile terminal 102 is started, the CPU 211 starts scanning Bluetooth advertising packets transmitted from the MFP 101 in S601. When the CPU 211 receives the advertising packet in S602, the process proceeds to S603, where the CPU 211 determines whether the transmission source of the advertising packet is a predetermined MFP. Here, it is assumed that in the mobile terminal 102, an MFP that the user of the mobile terminal 102 usually uses is registered in advance. Therefore, in S603, the CPU 211 determines whether the source of the received advertising packet is the registered MFP. Specifically, the CPU 211 analyzes the received advertising packet, refers to the values of Local Name, Manufacturer Specific Data, and Service UUIDs, and determines that the MFP is a predetermined MFP if known values are stored. If it is determined in S603 that the MFP is not the predetermined MFP, the advertising packet is ignored and the process advances to S602. Note that the reason for performing the determination in S603 is to prevent the user from logging into an MFP that he or she does not intend to use simply by approaching or passing by the MFP.

If it is determined in S603 that the packet is an advertising packet from a predetermined MFP 101, the process advances to S604, and the CPU 211 calculates the distance between the MFP 101 and the mobile terminal 102 from the RSSI. Here, for example, the distance is calculated from the difference between the RSSI and information regarding the transmission radio wave intensity transmitted by the MFP 101 included in the TX Power Level and Manufacturer Specific Data of the advertising packet. Note that since there is an error in RSSI, the distance may be calculated by sampling a plurality of advertising packets.

Next, the process advances to step S605, and the CPU 211 refers to the distance calculated in step S604 and the settings shown in the table of connection settings (Table 4), and determines whether the distance is within a predetermined distance at which to start using the MFP 101. Within the predetermined distance in the first embodiment is, for example, a distance of 2 m or less. Note that at this time, different distances may be set depending on the user. This is because, for example, if user A works mostly near the MFP 101, if the distance at which user A can log in is set to within 2 meters, user A will always log in. For example, set the distance to 30 cm. If the CPU 211 determines in S605 that the distance is within the predetermined distance, the process advances to S606 and determines whether the MFP 101 is in use. As a method for this determination, for example, an MFP usage status flag indicating whether or not the MFP is in use as shown in Table 10 below (MFP usage status flag) is recorded in the RAM 212 and utilized. When the MFP 101 is in use, the in-use flag is set to TRUE, and when the use ends, the flag is set to FALSE, and the mobile terminal 102 manages the usage state of the MFP 101.

The reason why the usage status of the MFP 101 is managed here is to avoid submitting a job while the MFP 101 is executing another job. If the MFP usage status flag indicates that the MFP 101 is not in use, the process advances to step S607, where the CPU 211 changes the flag to on indicating that it is in use, and the process advances to step S608, where the process using the MFP 101 is executed. On the other hand, if the MFP usage status flag indicates that the MFP is in use in S606, the process ends immediately.

On the other hand, if the CPU 211 determines in step S605 that the distance to the MFP 101 is not within the predetermined distance, the process proceeds to step S609, and refers to the settings shown in Table 4 of the connection settings list to terminate the use of the MFP 101. It is determined whether or not the distance to is greater than or equal to a predetermined distance. In the first embodiment, the predetermined distance or more is, for example, 5 m or more. If the CPU 211 determines in S609 that the distance is greater than or equal to the predetermined distance, the process proceeds to S610, and the CPU 211 refers to the aforementioned flag and determines whether the MFP 101 is in use. If it is determined that the MFP 101 is in use, the process advances to step S611, and the CPU 211 performs processing to end the use of the MFP 101. Then, proceeding to S612, the CPU 211 changes the aforementioned flag to FALSE, and ends this process. Further, in S609, if the CPU 211 determines that the distance to the MFP 101 is not a predetermined distance or more, the CPU 211 advances the process to S602. Further, if it is determined in S610 that the MFP 101 is not in use, the process ends immediately.

Note that the MFP connection application 317 does not necessarily need to be activated in S601. For example, the MFP connection application 317 can previously request the platform 314 to monitor whether or not an advertising packet has been received from a predetermined MFP. It is also possible for the platform 314, which has received the advertising packet from a predetermined MFP, to start the stopped MFP connection application 317.

In this way, simply by bringing the mobile terminal 102 close to a predetermined MFP, the MFP can be brought into a usable state. Note that the mobile terminal 102 is always carried by the user, and unlike an IC card, the user never forgets to carry it.

FIG. 7 is a flowchart showing details of the MFP usage process in S608 of FIG.

When the mobile terminal 102 starts processing for using the MFP 101, the CPU 211 first establishes a Bluetooth communication connection with the MFP 101 in step S701. Unless otherwise specified, subsequent data communication between the mobile terminal 102 and the MFP 101 is by Bluetooth. Next, the process advances to step S702, and the CPU 211 acquires Bluetooth service information from the MFP 101. In the first embodiment, it is assumed that information on the user authentication service 501 and the services provided by the MFP 101 can be acquired at this point. Next, the process advances to S703, and the CPU 211 reads the Status ID 505 provided in the user authentication service 501. The process then advances to S704, and the CPU 211 determines whether a login request can be made to the MFP 101 based on the distance calculated in S604 and the value obtained by reading the Status ID 505. Here, for example, if the calculated distance is 2 m to 30 cm, it is determined whether a login request can be made to the MFP 101 at the login request level 1 based on the value obtained by the Status ID 505. As shown in Table 6 above, if the Status ID 505 is "1", a login request is possible, but if it indicates any other value, it is determined that the login request is not possible. Similarly, if the calculated distance is, for example, 30 cm to 10 cm, it is determined whether a login request of login request level 2 is possible or not based on the value obtained from the Status ID 505. In this case, if the Status ID 505 is "1" or "2", it is determined that the login request is possible, and if the Status ID 505 is "3", it is determined that the login request is not possible. Furthermore, if the calculated distance is 10 cm or less, the login request level is 3, so it is determined that the login request is possible regardless of the value of the Status ID 505.

If the CPU 211 determines in S704 that a login request is possible, the process advances to S705 and requests the MFP 101 to log in. Specifically, values are written to User Name 506, Password 507, and Request ID 508 of the user authentication service 501. For example, the information shown in the authentication information in Table 3 is written in User Name 506 and Password 507, and the values "1", "2", and "3" shown in the Request ID list shown in Table 7 are written in Request ID 508, according to the calculated distance. Write one. Next, the process advances to step S706, and the CPU 211 receives updates of the Result ID 509 and Status ID 505 as a response from the MFP 101 via Notification. Then, the process advances to step S707, and the CPU 211 disconnects the Bluetooth connection with the MFP 101, and ends this process.

On the other hand, if it is determined in S704 that the login request is not possible, the process proceeds to S708, and the CPU 211 displays a screen such as the one shown in FIG. present.

FIG. 8 is a diagram illustrating an example of a screen displayed on the operation unit of the mobile terminal 102 according to the first embodiment, showing an example of presenting an alternative function when it is not possible to log in to the MFP.

Here, a message indicating that the MFP 101 cannot be used because it is being used by another user and a list of alternative functions are displayed. As instruction buttons for alternative functions, a "Connect to remote UI" button 801, a "Print" button 802, a "View maintenance information" button 803, and a "Cancel" button 804 are displayed.

Next, the process advances to S709, and the CPU 211 determines which alternative function the user has selected on the screen shown in FIG. If the user presses the cancel button 804 without selecting an alternative function, the process advances to step S707, where the Bluetooth connection with the MFP 101 is disconnected and the process ends. On the other hand, if the user selects any alternative function, the process advances to S710, and the alternative function selected by the user is provided to the user. After providing the alternative function, when the process by that function is completed, the process advances to step S707, where the Bluetooth connection with the MFP 101 is disconnected, and this process ends.

FIG. 9 is a flowchart illustrating details of the alternative function usage process in S710 of FIG.

First, in S901, the CPU 211 determines the alternative function selected by the user via the screen of FIG. 8, and executes processing according to the selected alternative function. For example, if the user selects the "Connect to remote UI" button 801, the process advances to S902. In S902, the CPU 211 reads the URL 510 of the MFP information service 502 and obtains the URL of the remote UI 311 of the MFP 101. Next, the process advances to S903, and the CPU 211 starts the web browser 318 and connects to the remote UI 311 of the MFP 101 via the wireless network I/F 216. Then, the process advances to S904, and the CPU 211 performs remote login using the HTTP protocol.

On the other hand, if the user selects the "Print" button 802 in S901, the process advances to S905, and the CPU 211 issues a login request for Bluetooth service access to the MFP 101. Specifically, values are written into User Name 506, Password 507, and Request ID 508 of the user authentication service 501, respectively. Here, the authentication information of the user of the mobile terminal 102 shown in Table 3 is written in the User Name 506 and Password 507. Further, the value "5" indicating the login request for accessing the Bluetooth service shown in Table 7 is written in the Request ID 508. Next, the process advances to step S906, and the CPU 211 receives an update of the Result ID 509 from the MFP 101 as the authentication result via Notification. If the login via Bluetooth is successful here, the CPU 211 acquires service information in S906 and proceeds to S907.

In the first embodiment, after Bluetooth login, the MFP 101 allows access to the print service, and print service information can be acquired. The CPU 211 of the mobile terminal 102 that has acquired the print service information in this way can use the print service in S907. Further, for example, information about jobs associated with the authenticated user can be acquired from the print service. Further, for example, a user's job can be displayed on the operation unit 214 and a print instruction from the user can be accepted. When the user instructs printing, a print request is written in the Request ID 508 and the MFP 101 is instructed to print.

Further, in S901, for example, if the user selects the "View maintenance information" button 803, the process advances to S908, and the CPU 211 requests the MFP 101 to log in for Bluetooth service access. Next, the process advances to S909, and the CPU 211 acquires service information. In the first embodiment, if the login is successful using Bluetooth and the role of the authenticated user is administrator, the MFP 101 allows access to the maintenance service, and it becomes possible to obtain the maintenance service. If the maintenance service is successfully accessed in this way, the process advances to S910, and the CPU 211 uses the maintenance service. Here, for example, information on the counter 306 can be acquired from the maintenance service and the counter value can be displayed on the operation unit 214.

FIG. 10 is a flowchart showing details of the process of terminating the use of the MFP 101 in S611 of FIG.

First, in step S1001, the CPU 211 starts logout processing, and then connects the MFP 101 via Bluetooth. Next, the process advances to step S<b>1002 , and the CPU 211 obtains service information, and obtains information on the user authentication service 501 . Next, the process advances to S1003, and the CPU 211 reads the value of StatusID505. Next, the process advances to step S<b>1004 , and the CPU 211 determines whether or not local login is in progress to the MFP 101 based on the value of the Status ID 505 . In the first embodiment, from the list of Status IDs 505 in Table 6, if the Status ID 505 is "2", this indicates that a local login is in progress. If it is determined that local login is in progress, the process advances to step S1005, and the CPU 211 issues a logout request to the MFP 101. Specifically, the user name is written in UserName 506, and the value "4" (Table 7) indicating a logout request is written in Request ID 508. Then, the process advances to step S1006, and the Bluetooth connection with the MFP 101 is disconnected, and this process ends. On the other hand, if it is determined in S1004 that local login is not in progress, the process proceeds to S1006 without issuing a logout request, disconnects the Bluetooth connection with the MFP 101, and ends this process.

According to the process described above, it is possible to log into the MFP 101 and use the MFP 101 simply by bringing the mobile terminal 102 close to the MFP 101 that has been set in advance. At this time, when the MFP 101 is being used by another user, a selectable alternative function is presented to the user who owns the mobile terminal 102, and the user can select and execute the alternative function. . Further, after logging in to MFP 101, when the user who owns mobile terminal 102 moves away from MFP 101 by a predetermined distance, the user automatically logs out from MFP 101, so it is possible to prevent the user from forgetting to log out after logging in.

FIG. 11 is a flowchart illustrating the operation of local login processing in the MFP 101 according to the first embodiment. Note that unless otherwise specified here, the main body of operation of the MFP 101 is the CPU 201. Unless otherwise specified, the main body of the software is the login service 312, or the login service 312 calls an API provided by the platform 301, and the platform 301 performs processing on its behalf.

When the CPU 201 starts accepting local login requests, it enables login using a keyboard, login using an IC card, and login from a mobile device. Specifically, in S1101, the CPU 201 enables login from the keyboard, displays a login screen on the operation unit 205, and makes it possible to detect a login operation by the user. Further, in the case of login using an IC card, the CPU 201 makes the IC card detectable by the IC card reader 208 in S1102. In addition, for mobile login, in step S1103, the CPU 201 publishes the user authentication service defined in the Bluetooth GATT profile, and makes it possible to detect local login requests using Bluetooth.

In this way, the process advances to S1104, and when the CPU 201 detects a login request from any one, the process advances to S1105. In S1105, the CPU 201 identifies the issuer of the login request and performs authentication processing according to the issuer of the login request.

If the CPU 201 determines in S1105 that the login is using the keyboard of the operation unit 205, the process advances to S1106, where the CPU 201 detects the operation on the login screen of the operation unit 205 and inputs the user name and password entered on the login screen. get. Next, the process advances to S1107, and the CPU 201 authenticates the user by comparing and collating the obtained value with information registered in the MFP 101 in advance, for example, registered in the user information list shown in Table 1 above, and then performs user authentication in S1116. Proceed to.

On the other hand, if the CPU 201 determines in S1105 that the login is by IC card, the process proceeds to S1108, and if the CPU 201 detects that an IC card is held over the IC card reader 208, it acquires the IC card number. The process then proceeds to S1109, and the CPU 201 compares and verifies the acquired IC card number with the IC card number registered in the user information list registered in advance in the MFP 101 (see Table 1), and determines whether the IC card is owned by the user. The user is authenticated, and the process advances to S1116.

If the CPU 201 determines in S1105 that the login is by mobile, the process advances to S1110, and the CPU 201 detects that an ID indicating a login request is written in the Request ID 508 of the user authentication service 501. Then, the CPU 201 obtains the level of the login request (Table 7) from the value written in the Request ID 508, compares it with the login permission status in Table 2, and determines whether the level of the login request is acceptable. Here, for example, in response to a level 1 login request, if the login permission status is not login possible (StatusID=1) but StatusID=2 or 3, the login process is canceled. Similarly, when the login permission status indicates that the level 2 login request is not accepted (StatusID=3), the login process is similarly canceled. If the login process is canceled here, the process advances to S1115, and the CPU 201 sets the value "3" (Table 8) indicating cancellation in Result ID 509, and notifies the mobile terminal 102 that made the login request of the cancellation using Notification. do. Further, in S1110, if the login request is level 3, the login request is accepted unconditionally. In this manner, when the CPU 201 determines in S1110 that the login request level is acceptable, the process proceeds to S1111, and the CPU 201 determines whether another user is currently logging in locally. If it is determined that another user is currently logged in, the process advances to step S1112, where the CPU 201 forcibly executes processing to log out the logged-in user, and the process advances to step S1113. Also, if no other user is logging in at S1111, the process advances to S1113. In S1113, the CPU 201 refers to the User Name 506 and Password 507 written from the mobile terminal 102, and obtains the user name and password. Then, the process advances to step S1114, and the CPU 201 authenticates the user by comparing and collating the obtained value with information recorded in a user information list registered in the MFP 101 in advance. Next, the process advances to S1115, and the CPU 201 sets the user's authentication result in Result ID 509, sends the result of the login process to the mobile terminal 102 that made the login request using Notification, and advances to S1116.

In S1116, the CPU 201 determines whether the user authentication has been successful, and if it is determined that the authentication has failed, the process returns to the beginning of the flowchart in FIG. 11 and waits for the detection of the next login request. On the other hand, if the CPU 201 determines in S1116 that the user authentication has been successful, the process advances to S1117. In S1117, the CPU 201 updates the Status ID 505 of the login permission state to a value "2" indicating "login request level 1 is not accepted because another user is currently logged in." Then, the process advances to S1118, and the CPU 201 transitions the display on the operation unit 205 from the login screen to the menu screen, and ends this login process.

Note that if the mobile terminal 102 is configured to check in advance whether or not login to the MFP 101 is possible and is configured so that it will not make a login request to the MFP 101 by mistake, the level of the login request in S1110 is determined. Processing is not necessarily necessary.

Next, the logout operation in the MFP 101 will be explained.

FIG. 12 is a flowchart showing the operation of logout processing in the MFP 101 according to the first embodiment. Note that unless otherwise specified here, the main body of operation of the MFP 101 is the CPU 201. Unless otherwise specified, the main body of the software is the login service 312, or the login service 312 calls an API provided by the platform 301, and the platform 301 performs processing on its behalf.

When the user logs in locally, the MFP 101 starts accepting logout requests. Here, as logout methods, manual logout, logout using the timer 223, and mobile logout are enabled. Specifically, in manual logout, in step S1201, the CPU 201 displays the logout button 410 (FIG. 4) on the operation unit 205, so that pressing of the logout button 401 by the user can be detected. Further, in the case of logout using the timer 223, in step S1202, the CPU 201 uses timer processing to make it possible to detect that there is no operation by the user for a certain period of time. Further, in the case of mobile logout, in step S1203, the CPU 201 makes it possible to detect writing of a logout request in the Request ID 508 from the mobile terminal via Bluetooth.

Then, the process advances to step S1204, and when the CPU 201 detects a logout request, the process advances to step S1205. In step S1205, the CPU 201 determines whether the logout request is from a manual, timer, or mobile device, and performs processing according to the logout request.

If the CPU 201 detects that the logout button 410 has been pressed in S1205, the CPU 201 advances to S1206 and executes logout processing. Next, the process advances to step S1207, and the CPU 201 updates the tatus ID 505 indicating the login permission status to the value "3" indicating that "login requests level 1 and level 2 are not accepted because the login request has just been logged out." Further, the process advances to S1208, and the CPU 201 starts the timer 223 to check the passage of time. The process then proceeds to S1209, and the CPU 201 causes the display on the operation unit 205 to transition to the login screen. At this time, login using a keyboard, login using an IC card, and login using login request level 3 from Bluetooth become possible. Thereafter, in S1210, when the CPU 201 detects that there is no login request for a certain period of time and the timer 223 detects that a certain period of time (for example, 10 seconds) has elapsed, the process proceeds to S1211. In S1211, the CPU 201 updates the Status ID 505 indicating the login permission state to the value "1" indicating "login possible". This returns all login methods to a valid state.

On the other hand, if the CPU 201 detects in step S1205 that there is no user operation for a certain period of time based on the timer 223, the process advances to step S1212, and the CPU 201 executes logout processing. Next, the process advances to S1213, and the CPU 201 updates the Status ID 505 indicating the login permission state to the value "1" indicating "login possible". Then, in S1214, the CPU 201 displays a login screen on the operation unit 205, and ends this process.

Further, in S1205, when the CPU 201 detects that a user name has been written in the UserName 506 and a logout request has been written in the Request ID 508 from the mobile terminal 102 via Bluetooth, the process advances to S1215. In step S1215, the CPU 201 detects logout from the mobile and determines whether the logged-in user name and the user name written in UserName 506 are the same. If it is determined that the user names do not match, the logout request is canceled, the process returns to the beginning of this flowchart, and the next logout request is waited for. If it is determined in S1215 that the user names match, the process advances to S1216 and the CPU 201 executes logout processing. Next, the process advances to S1217, and the CPU 201 updates the Status ID 505 indicating the login permission status to the value "1" indicating "login possible". Then, in S1218, the CPU 201 displays a login screen on the operation unit 205, and ends this process.

FIG. 13 is a flowchart showing the operation when the MFP 101 according to the first embodiment receives a login request for Bluetooth service access from the mobile terminal 102. Note that unless otherwise specified here, the main body of operation of the MFP 101 is the CPU 201. Unless otherwise specified, the main body of the software is the login service 312, or the login service 312 calls an API provided by the platform 301, and the platform 301 performs processing on its behalf.

This process is started in step S1301 when the CPU 201 detects that a "login request for Bluetooth service access" has been written in the Request ID 508 of the user authentication service 501. Next, the process advances to S1302, and the CPU 201 refers to the User Name 506 and Password 507 written from the mobile terminal 102, and obtains the user name and password, which are the user's authentication information. The process then proceeds to S1303, and the CPU 201 performs user authentication by comparing and collating the value acquired in S1302 with information recorded in the user information list (Table 1) registered in advance in the MFP 101. Then, in S1304, the CPU 201 determines whether the user authentication is successful or not. If the user authentication is successful, the process advances to S1305, and the CPU 201 makes the print service findable from the mobile terminal 102 in the same Bluetooth connection. On the other hand, if the CPU 201 determines in S1304 that user authentication has failed, the process advances to S1308. Following S1305, the process advances to S1306, and the CPU 201 checks the role of the authenticated user. Here, if the user's role is administrator, the process advances to S1307, and in the same Bluetooth connection period, the maintenance service is set to a findable state from the mobile terminal 102 in the same Bluetooth connection, and the process advances to S1308. On the other hand, if the CPU 201 determines in S1306 that the user's role is not an administrator, the process advances to S1308.

In S1308, the CPU 201 sets the user authentication result in the Result ID 509, and sends the result of the login process to the mobile terminal 102 that made the login request using Notification. Thereafter, the process advances to step S1309, and when the CPU 201 detects that Bluetooth is disconnected, the process advances to step S1310, where the CPU 201 resets the public state of the service. Specifically, the print service and maintenance service are returned to a state where they cannot be found using Bluetooth.

According to this process, a mobile terminal user issues a login request for Bluetooth service access from the mobile terminal to an MFP, and if the login is approved, the user can use services such as printing that the MFP has. can do.

FIG. 14 is a diagram illustrating an example of the state of the MFP 101 and the mobile terminal according to the first embodiment of the present invention. The effects of the first embodiment will be described below with reference to FIG. 14.

FIG. 14A shows a state in which a user (Alice) approaches the MFP 101 with the mobile terminal 102 in a state where no one is logged in to the MFP 101. In this case, when Alice's mobile terminal 102 detects that it has come within 2 meters from the MFP 101, it issues a login request to the MFP 101. Therefore, the login is completed when Alice reaches the operation unit 205 of the MFP 101, and Alice can use the MFP 101 immediately without having to wait in front of the operation unit 205 for login. Furthermore, when Alice, who is holding the mobile terminal 102, leaves the MFP 101, she is automatically logged out when she is 5 meters or more away from the MFP 101, thereby preventing her from forgetting to log out.

FIG. 14B shows a state in which a user (Bob) who owns the mobile terminal 103 is using the MFP 101 and a user (Alice) approaches the MFP 101 with the mobile terminal 102 in hand. In this case, Alice's mobile terminal 102 does not make a login request to the MFP 101 because the MFP 101 is in use. Therefore, the mobile terminal 102 does not interfere with Bob's use of the MFP 101. On the other hand, since an alternative means is presented to Alice's mobile terminal 102, Alice can also use the functions of the MFP 101 within the range of functions provided by the alternative means.

In FIG. 14C, the user (Carol) has finished using the MFP 101 but has forgotten to log out, so while Carol is still logged in, Alice takes the mobile terminal 102. The case where the user approaches the MFP 101 is shown. In this case, if the distance between the MFP 101 and the mobile terminal 102 is 30 cm to 2 meters, Alice's mobile terminal 102 does not issue a login request. However, when Alice reaches the operation unit 205 of the MFP 101 and the distance between the MFP 101 and the mobile terminal 102 becomes less than 30 cm, Alice's mobile terminal 102 issues a login request to the MFP 101. As a result, the MFP 101 forcibly logs out Carol and logs Alice in. This can prevent Alice from accidentally using the MFP 101 while Carol is still logged in. Furthermore, Alice does not need to press the logout button 410 displayed on the operation unit 205 instead of Carol.

FIG. 14D shows the state immediately after the logout button 410 displayed on the operation unit 205 of the MFP 101 is pressed. In this case, even if Bob's mobile terminal 103 is nearby, Bob's mobile terminal 103 does not issue a login request. Therefore, even if Alice is in front of the operation unit 205 of the MFP 101, login using Bob's mobile terminal 103 will not be performed, which is safe. Furthermore, if the user who pressed the logout button 410 is Alice and she wants to log in to the MFP 101 again immediately after she performs the logout operation, Alice brings the mobile terminal 102 closer to the MFP 101 within 10 cm. As a result, Alice's mobile terminal 102 makes a login request to the MFP 101. In this way, Alice can log in to the MFP 101 again even after logging out.

[Embodiment 2]
Next, a second embodiment of the present invention will be described. In the second embodiment, an example will be shown in which a more secure communication method than the communication shown in the detailed flow at login shown in the first embodiment is implemented. Note that the configurations of the MFP 101 and the mobile terminals 102, 103 and their system configurations according to the second embodiment are the same as those of the first embodiment, and therefore their descriptions will be omitted.

FIG. 15 is a diagram illustrating a Bluetooth user authentication service and characteristics provided in the MFP 101 according to the second embodiment of the present invention. Here, parts common to those in FIG. 5 described above are indicated by the same numbers. In the second embodiment, the user authentication service of the MFP 101 includes the following two characteristics instead of the password 507 of the first embodiment. The rest is the same as in the first embodiment described above.
・Challenge1501
Characteristic used to store challenges. This value stores a random number issued each time by the MFP 101.
・Hash1502
Characteristic used to store hash values.

In the second embodiment, in order to prevent unauthorized acquisition of passwords due to packet eavesdropping or impersonation of the MFP, a challenge-response type user authentication is implemented using Bluetooth characteristics.

FIG. 16 is a diagram showing a sequence when the mobile terminal 102 issues a login request to the MFP 101 according to the second embodiment. A method of using characteristics of the user authentication service according to the second embodiment will be described with reference to FIG. 16. Note that the basic operation of the mobile terminal 102 here is the same as that in FIG. 7 in the first embodiment.

When the mobile terminal 102 starts the login request process in S705, it issues a Read request for Challenge 1501 in S1601, and acquires the challenge value in S1602. Next, in step S1603, the mobile terminal 102 calculates a hash value using the obtained challenge and the user's password. As an algorithm for generating a challenge and calculating a hash value, there is a Challenge-Response Authentication Mechanism (CRAM) described in RFC2195, but the present invention is not limited to this. Next, in S1604, the mobile terminal 102 writes the user name to UserName506, the calculated hash value to Hash1502, and writes a login request to RequestID508. As a result, the MFP 101 detects the login request and reads the user name, hash value, and challenge from the characteristic. After reading these values, clear them so that they cannot be referenced when other terminals access them. Then, in step S1605, the MFP 101 performs user authentication processing using the user name, hash value, and challenge acquired from the characteristic. Specifically, a characteristically set challenge and a user password registered in the user DB are obtained, and a hash value is calculated using the same algorithm as the mobile terminal 102. Then, the calculated hash value is compared with the hash value obtained from the characteristic. When the MFP 101 completes the user authentication in this way, it updates the characteristic challenge with a new value in preparation for the next authentication. The subsequent operations after user authentication are the same as in the first embodiment.

As explained above, according to the second embodiment, challenge response type user authentication is realized using Bluetooth, which is more secure than the first embodiment, and has the effect of preventing unauthorized acquisition of passwords due to packet eavesdropping and impersonation of the MFP. It will be done.

[Embodiment 3]
In the first embodiment described above, regarding the manual logout processing in S1206 to S1211 in FIG. 12, the problem that occurs immediately after logout is solved by not accepting login requests other than level 3 immediately after manual logout. did.

FIG. 17 shows a method according to Embodiment 3 that achieves the same effect. Note that the configurations of the MFP 101 and the mobile terminals 102, 103 and their system configurations according to the third embodiment are the same as those of the first embodiment, and therefore their descriptions will be omitted.

FIG. 17 is a flowchart illustrating manual logout processing by the MFP 101 according to the third embodiment. Note that unless otherwise specified here, the main body of operation of the MFP 101 is the CPU 201. Unless otherwise specified, the main body of the software is the login service 312, or the login service 312 calls an API provided by the platform 301, and the platform 301 performs processing on its behalf.

First, in S1701, when the CPU 201 detects that the logout button 410 is pressed, it executes logout processing. Next, the process advances to step S1702, and the CPU 201 stops sending out Bluetooth advertising packets. Next, the process advances to S1703, and the CPU 201 starts the timer 223 to check the passage of time. The process then proceeds to S1704, and the CPU 201 causes the display on the operation unit 205 to transition to the login screen. At this time, login using a keyboard, login using an IC card, and login using login request level 3 from Bluetooth become possible. Thereafter, in step S1705, when the CPU 201 detects that there is no login request for a certain period of time and the timer 223 detects that a certain period (for example, 10 seconds) has elapsed, the process proceeds to step S1706. In S1706, the CPU 201 resumes sending out advertising packets after a certain period of time has elapsed after manual logout.

This makes it impossible for the mobile terminal 102 to detect the distance between the mobile terminal 102 and the MFP 101 while the MFP 101 stops sending out advertising packets. This can prevent the mobile terminal 102 from issuing a login request to the MFP 101 when the MFP 101 is executing a manual logout process.

[Embodiment 4]
In the first to third embodiments described above, an example was shown in which the mobile terminal 102 checks the login permission status to the MFP 101 and determines whether to issue a login request. For example, the determination in S704 in FIG. 7 corresponds to this. On the other hand, in the fourth embodiment, an example is shown in which the mobile terminal 102 does not determine whether login is possible, but leaves the determination to MFP 101 as to whether login is possible. Note that the configurations of the MFP 101 and the mobile terminals 102, 103, and the system configuration thereof according to the fourth embodiment are the same as those of the first embodiment, and therefore their descriptions will be omitted.

FIG. 18 is a diagram illustrating characteristics included in the user authentication service of the MFP 101 according to the fourth embodiment of the present invention. Here, parts common to those in FIG. 5 and FIG. 15 described above are indicated by the same numbers, and their explanation will be omitted. The user authentication service of the MFP 101 according to the fourth embodiment includes Distance 1801 and Distance 1802 for writing the distance calculated by the mobile terminal 102 in addition to the characteristics of the first and second embodiments described above. Further, regarding the login request, there is no need for the levels 1 to 3 as shown in the first embodiment described above, and one Request ID indicating the login request is used. It is assumed that the MFP 101 according to the fourth embodiment stores in advance a login permission status list of the fourth embodiment shown in Table 11 below as a setting.

The operation of the mobile terminal 102 according to the fourth embodiment is the same as that described in the flowchart of FIG. 6 of the first embodiment, so the description thereof will be omitted.

FIG. 19 is a flowchart illustrating details of the process of S608 in FIG. 6 according to the fourth embodiment. The detailed flow of S608 in the fourth embodiment will be described with reference to FIG. 19.

When the CPU 211 of the mobile terminal 102 starts the process of using the MFP 101, it first connects to the MFP 101 using Bluetooth in S1901. Next, the process advances to step S1902, and the CPU 211 acquires Bluetooth service information from the MFP 101. In the fourth embodiment, it is assumed that information on the user authentication service 501 and the MFP information service 502 can be obtained at this point. Next, the process advances to S1903, and the CPU 211 issues a login request to the MFP 101. In the fourth embodiment, when making this login request, the distance from the MFP 101 calculated by the CPU 211 of the mobile terminal 102 is written in Distance (1801 and 1802). Next, the process advances to step S1904, and the CPU 211 receives updates of Result ID and Status ID from the MFP 101 as a result of the login process via Notification.

Then, in S1905, the CPU 211 determines whether the login is successful or not based on the received result. If it is determined that the login has been successful, the CPU 211 advances to step S1906, disconnects the Bluetooth connection with the MFP 101, and ends this process.

On the other hand, if the CPU 211 determines in S1905 that the login has failed, the process advances to S1907, and instead of locally logging into the MFP 101, the CPU 211 presents available functions to the user as alternative functions. This is similar to FIG. 8 described above. Then, the process advances to S1908, and the CPU 211 determines whether the user has selected an alternative function. If the user presses the cancel button 804 without selecting an alternative function, the process advances to step S1906, where the CPU 211 disconnects the Bluetooth connection with the MFP 101 and ends this process. On the other hand, if the CPU 211 determines in S1908 that the user has selected an alternative function, the process proceeds to S1909 and provides the user with the alternative function selected by the user, as described with reference to the flowchart of FIG. 9 above. After providing this alternative function, the process advances to step S1906, where the CPU 211 disconnects the Bluetooth connection with the MFP 101 that is no longer needed, and ends this process.

FIG. 20 is a flowchart illustrating the operation of local login processing in the MFP 101 according to the fourth embodiment. Note that in FIG. 20, the same processes as those in FIG. 11 described above are given the same numbers, and the description thereof will be omitted. In the above-described first embodiment, the MFP 101 that has received the login request compares the login request level and the login permission status in S1110 of FIG. 11 to determine whether the login request level is an acceptable level.

On the other hand, when the CPU 201 of the MFP 101 according to the fourth embodiment detects a login request from the mobile terminal 102, the process advances to S2001 and acquires distance information written in Distance (1801, 1802). Next, the process advances to S2002, and the CPU 201 refers to the list of login permission status (Table 11) of the fourth embodiment and determines whether the distance between the mobile terminal 102 and the MFP 101 is a distance that accepts a login request. For example, if the acquired distance is between 2m and 30m, and from Table 11, if the login permission status is not ``1'', which indicates login possible, but is ``2'' or ``3'', then Determine that login is not possible and cancel the login process. Further, for example, if the acquired distance is between 30 cm and 10 cm, and the login permission status indicates "3", it is determined that login is not possible, and the login processing is canceled. When the login process is canceled, a value "3" indicating that the login has been canceled is set in ResultID, and the result is notified to the mobile terminal 102 in S2003.

As described above, according to the fourth embodiment, the mobile terminal 102 does not need to perform determination or processing according to the distance from the MFP 101, so that the processing of the mobile terminal 102 can be simplified.

[Embodiment 5]
Next, a fifth embodiment of the present invention will be described. In the first to fourth embodiments described above, the MFP 101 transmits an advertisement packet, the mobile terminal 102 receives it, and calculates the distance between the MFP 101 and the mobile terminal 102. In contrast, in the fifth embodiment, an example will be described in which the mobile terminal 102 transmits an advertisement packet, the MFP 101 receives it, and the MFP 101 calculates the distance between the MFP 101 and the mobile terminal 102. Although the processing will be described here as being between the mobile terminal 102 and the MFP 101, it goes without saying that it can be performed similarly in the case of the mobile terminal 103 as in the above-described embodiment.

FIG. 21 is a block diagram illustrating the hardware configuration of the MFP 101 according to the fifth embodiment of the present invention. Note that the hardware configuration of the mobile terminal 102 and the configuration of the system including the MFP 101 and the mobile terminal 102 are the same as in the first embodiment described above, so a description thereof will be omitted. Since the MFP 101 according to the fifth embodiment is basically the same as the MFP 101 according to the above-described embodiment, parts common to those in FIG. 2 described above are indicated by the same symbols, and their explanation will be omitted.

The configuration of the control unit 2100 of the MFP 101 is as follows. A CPU 201, RAM 203, ROM 202, SRAM 2101, network interface 210, RIP 2103, scanner image processing unit 2104, printer image processing unit 2105, and storage controller 2108 are connected via a system bus 2114. Further, the CPU 201 is connected to the operation unit 205 via a UART interface 2101, and is also connected to the Bluetooth module 2113 of the operation unit 205 via a USB interface 2109 and a USB connector 2110. A scanner image processing unit 2104 receives image data obtained by scanning a document with a scanner 207 via a scanner I/F 2106, performs image processing, and outputs the image data to a system bus 2114. Further, the printer image processing unit 2105 performs color conversion, etc. on the image data received via the system bus 2114 in accordance with the characteristics of the printer 206, and then outputs the image data to the printer 206 via the printer I/F 2107 for printing. . A storage controller 2108 controls access to the HDD 204. The CPU 201 executes the boot program stored in the ROM 202 to expand the OS and programs installed in the HDD 204 onto the RAM 203 and execute them, thereby executing the processes described below.

Next, the configuration of the operation unit 205 will be explained.

The sub CPU 2111 controls the operation of the operation unit 205. The key display panel 2112 is a display panel equipped with a touch panel function, and receives user operations and notifies the sub CPU 2111 of the received operations. The ROM 2115 stores programs executed by the sub CPU 2111, various data, and the like. The RAM 2116 provides a work area for storing various data when the sub CPU 2111 executes processing. The Bluetooth module 2113 communicates with the Bluetooth I/F 215 of the mobile terminal 205 according to the Bluetooth standard.

The operation of the MFP 101 based on the above configuration will be briefly described. PDL data, which is print data, is received by the network interface 210 via the LAN 104 . The CPU 201 temporarily writes the received PDL data in the RAM 203 and stores it in the HDDD 204 via the storage controller 2108. The PDL data stored in the HDD 204 is converted into a display list by the CPU 201 and written to the HDD 204 again via the RAM 203. Next, the display list on the HDD 204 is read out by the CPU 201, sent to the RIP 2103, converted to raster data, and written to the HDD 204 again. In this way, the print job input to the MFP 101 is printed by the printer 206 when the user logs into the MFP 101 using the login method described later. During this printing, raster data is read from the HDD 204 via the system bus 2114, subjected to density, screen processing, etc. in the printer image processing unit 2105, and then output to the printer 206 via the printer I/F 2107. .

Next, a procedure for a user to log in to the MFP 101 will be explained.

CPU 201 controls Bluetooth module 2113 via USB connector 2110. Specifically, it receives an advertise packet of Bluetooth Low Energy communication transmitted from the mobile terminal 102 and executes a service in response to a login request or print job input from the mobile terminal 102. By authenticating to the MFP 101 using the mobile terminal 102 owned by the user, the user not only executes a print job but also transitions the operation screen of the MFP 101 to an operation menu screen and obtains the authority to use the MFP 101. Can be done.

Next, communication processing with the mobile terminal 102 by the MFP 101 according to the fifth embodiment will be described.

FIG. 22 is a flowchart illustrating a process in which the MFP 101 according to the fifth embodiment uses a signal from the mobile terminal 102 to cause the user of the mobile terminal 102 to log in and log out. Note that a program for executing this process is stored in the HDD 204, and at the time of execution, is expanded to the RAM 203 and executed by the CPU 201.

In the fifth embodiment, the MFP 101 and the mobile terminal 102 communicate with each other using the Bluetooth Low Energy communication standard. Here, the service requested from the mobile terminal 102 to the MFP 101 is to automatically log in according to the user ID sent from the mobile terminal 102 within a predetermined distance from the MFP 101, and automatically log out when the mobile terminal 102 is within a predetermined distance. control.

First, in S2201, the CPU 201 transitions to a Bluetooth Low Energy standby state. Next, the process advances to S2202, and the CPU 201 determines whether user authentication is possible. If the user can be authenticated, the process advances to S2203; otherwise, the process waits until the user can be authenticated, and then advances to S2203. In S2203, the CPU 201 determines whether a service that can receive requests from the mobile terminal 102, in this case authentication processing, is set. If the settings have not been made, the process advances to S2204, prompting the administrator to make settings to enable authentication, and the process advances to S2203. In this way, in S2203, when the CPU 201 determines that a service that can receive a request from the mobile terminal 102 has been set, the process proceeds to S2205, and determines whether a distance serving as a login reference has been set. If it is determined that the distance has not been set, the process advances to step S2206 and prompts the administrator of the MFP 101 to set the distance. Once the distance, which is a condition for connecting to the source of the received Bluetooth advertising packet, is set in the MFP 101, the process advances to S2207. In S2207, the CPU 201 transitions to a scanning state and waits for receiving an advertising packet. When the CPU 201 receives the advertising packet in S2208, the process advances to S2209 and analyzes the received advertising packet. Then, the CPU 201 acquires the distance from the transmission source, the service UUID, and the user ID. The process then advances to S2210, and the CPU 201 determines whether the distance from the source of the received advertising packet is within a certain value set in S2205. If it is determined that it is within the set value here, the process advances to S2211, but if not, the process advances to S2208. Here, too, the distance to be set may be changed depending on the user ID. That is, as described in the first embodiment, the distance to user A who always works near the MFP 101 may be, for example, 30 cm, and the distance set for other users may be, for example, 2 m. Therefore, in this case, in S2210, it is determined whether the connection distance is within the range corresponding to the user ID. In S2211, the CPU 201 determines whether the service UUID written in the received advertising packet is a compatible service set in the MFP 101, or in this case, whether it is a request for an authentication service. If so, the process advances to S2212; otherwise, the process advances to S2208.

In S2212, the CPU 201 transitions to the int state and proceeds to S2213, where the CPU 201 transmits a Connect Req packet to the mobile terminal 102 that has transmitted the advertising packet. When a Connect Req (connection request) packet is received from the mobile terminal 102 in S2214, the process advances to S2215. In S2215, the CPU 201 executes login processing using the user ID requested by the mobile terminal 102. Here, the user information list in Table 1 described above is referred to to determine whether or not to permit the user to log in. The process then proceeds to S2216, and the CPU 201 notifies the mobile terminal 102 of authentication success or authentication failure, which is the result of the login process. Next, the process advances to S2217, and the CPU 201 transitions to the scanning state in the same manner as in S2207, waits for reception of an advertising packet in S2218, and upon receiving the advertising packet, the process advances to S2219. In S2219, the CPU 201 analyzes the received advertising packet and obtains the distance from the source, the service UUID, and the user ID, as in S2209. Next, the process advances to S2220, and the CPU 201 determines whether the distance is enough to log out. If the CPU 201 determines in S2220 that the source of the advertising packet received in S2218 is the same as the logged-in user ID and that the distance is greater than or equal to the predetermined distance, the process proceeds to S2221. In S2221, the CPU 201 logs out the user of the mobile terminal 102 and returns to S2201.

In this way, the user of the mobile terminal 102 can log into the MFP 101 by simply approaching the MFP 101 to a preset distance while holding the mobile terminal 102. At this time, it is assumed that the MFP 101 has registered in advance the distance to the sender that allows login, the UUID of acceptable services, and the user information to be authenticated.

Next, the operation of the mobile terminal 102 according to the fifth embodiment will be explained.

FIG. 23 is a flowchart illustrating processing in which the mobile terminal 102 logs into the MFP 101 according to the fifth embodiment. Note that a program for executing this process is stored in the flash memory 213, and when executed, it is loaded into the RAM 211 and executed by the CPU 211.

First, in S2301, the CPU 211 starts an application stored in the mobile terminal 102. Note that this application is started by the user operating the mobile terminal 102. Next, the process advances to step S2302, and the CPU 211 determines whether a user ID for logging into the MFP 101 has been set. If it is determined that no user ID has been set, the CPU 211 advances to step S2303, and the CPU 211 prompts the mobile terminal 102 to set the user ID that the user wants to authenticate, and advances to step S2302. When the user ID has been set in this way, the process advances to step S2304, and the CPU 211 determines whether a service UUID to be requested to the MFP 101 has been set, or here, whether a request for authentication service to the MFP 101 has been set. If it is determined that the service UUID has not been set, the CPU 211 advances the process to S2305, prompts the user of the mobile terminal 102 to set the service UUID, and advances to S2304. When the service ID is set in step S2304, the process advances to step S2306, and the CPU 211 transitions to a state in which an advertising packet is transmitted.

Next, the process advances to step S2307, and the CPU 211 waits for reception of the Connect Req packet from the MFP 101. When the CPU 211 receives the Connect Req packet, the process advances to step S2308, and transitions to a state where the CPU 211 is connected to the MFP 101. The process then proceeds to S2309, and the CPU 211 transmits a Connect Res packet to the MFP 101, and the process proceeds to S2310, where it waits to receive an authentication result indicating whether the login process was successful. When the authentication result is received in S2310, the process advances to S2311, and the content of the result is displayed on the operation unit 214 of the mobile terminal 102. Here, if the authentication is successful, for example, "Login successfully" is displayed, and if the authentication is unsuccessful, "Login failed" or the like is displayed. Then, the process advances to S2312, and the CPU 211 transitions to the advertising state, and the process advances to S2307.

In this way, the user of the mobile terminal 102 can execute processing for logging into the MFP 101 using the user ID set in the mobile terminal 102, simply by bringing the mobile terminal 102 closer to the MFP 101.

(Other embodiments)
The present invention provides a system or device with a program that implements one or more of the functions of the embodiments described above via a network or a storage medium, and one or more processors in the computer of the system or device reads and executes the program. This can also be achieved by processing. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.

The present invention is not limited to the embodiments described above, and various changes and modifications can be made without departing from the spirit and scope of the present invention. Therefore, to set out the scope of the invention, the following claims are hereby appended.

101... MFP, 102, 103... Mobile terminal, 104... LAN, 105... Wireless router, 201... CPU of MFP 101, 211... CPU of mobile terminal, 205, 214... Operation unit, 302, 315... Bluetooth control unit

Claims (19)

acquisition means for acquiring information based on a signal transmitted from the information processing device;
transmitting a login request to the information processing device when the received signal strength of the signal transmitted from the information processing device satisfies a predetermined condition and no other user is logged in to the information processing device;
a control unit configured to control not to transmit a login request to the information processing device when the received signal strength satisfies the predetermined condition and another user is logged in to the information processing device;
A mobile terminal comprising: acquisition means for acquiring information based on a signal transmitted from the information processing device;
Based on the received signal strength of the signal transmitted from the information processing device and status information indicating whether another user is logged in to the information processing device, which is included in the information acquired by the acquisition means, a control means for controlling transmission of a login request to the information processing device;
A mobile terminal comprising: The control means includes:
If the received signal strength satisfies a predetermined condition and the status information indicates that no other user is logged into the information processing device, controlling the login request to be transmitted;
When the received signal strength satisfies the predetermined condition and the status information indicates that another user is logged into the information processing device, the login request is controlled not to be transmitted. The mobile terminal according to claim 2, characterized in that: Display control that controls to display information indicating that login to the information processing device is not possible when the received signal strength satisfies the predetermined condition and another user is logged in to the information processing device. The mobile terminal according to claim 1 or 3, further comprising means. A claim characterized in that the control means controls not to transmit a login request to the information processing device based on the received signal strength when the received signal strength does not satisfy the predetermined condition. The mobile terminal according to any one of Items 1, 3, and 4. 6. The mobile terminal according to claim 1, wherein the predetermined condition includes a condition that the received signal strength is equal to or higher than a predetermined strength. Claims 1 and 3, wherein the predetermined condition includes a condition that the received signal strength is a strength corresponding to a distance between the information processing device and the mobile terminal being within a predetermined distance. 7. The mobile terminal according to any one of 6 to 6. A claim characterized in that the control means controls to transmit a login request to the information processing device based on the received signal strength when no other user is logged in to the information processing device. The mobile terminal according to any one of Items 1 to 7. The mobile phone according to any one of claims 1 to 8, wherein the control means controls the mobile terminal so that identification information and a password of the user of the mobile terminal are also transmitted when transmitting the login request. terminal. The control means controls whether or not to transmit the login request based on the strength of a received signal from an information processing device registered in advance in the mobile terminal, and controls whether or not to transmit the login request based on the strength of a received signal from an information processing device that is not registered in the mobile terminal. 10. The mobile terminal according to claim 1, wherein transmission of the login request is not controlled based on the login request. According to any one of claims 1 to 10, the login request is a login request for operating an operation unit of the information processing device to enable use of the functions of the information processing device. Mobile device listed. 12. The mobile terminal according to claim 1, wherein the received signal strength is a received signal strength in Bluetooth Low Energy communication. The control means controls transmission of the login request based on status information indicating whether another user is logged in to the information processing device, which is included in an advertising packet obtained from the information processing device. The mobile terminal according to any one of claims 1 to 12. 14. The mobile terminal according to claim 1, wherein the information processing device includes a print control section that controls the printing section to print an image on a sheet. 15. The mobile terminal according to claim 1, wherein the information processing device includes a scan control section that controls the reading section to read an image on a document. A control method for controlling a mobile terminal,
an acquisition step of acquiring information based on a signal transmitted from the information processing device;
transmitting a login request to the information processing device when the received signal strength of the signal transmitted from the information processing device satisfies a predetermined condition and no other user is logged in to the information processing device;
a control step of controlling not to transmit a login request to the information processing device when the received signal strength satisfies the predetermined condition and another user is logged in to the information processing device;
A control method characterized by having the following. A control method for controlling a mobile terminal,
an acquisition step of acquiring information based on a signal transmitted from the information processing device;
Based on the received signal strength of the signal transmitted from the information processing device and status information indicating whether another user is logged in to the information processing device, which is included in the information acquired in the acquisition step, a control step of controlling transmission of a login request to the information processing device;
A control method characterized by having the following. A program for causing at least one computer to function as each means of the mobile terminal according to any one of claims 1 to 15. A computer-readable storage medium storing a program for causing at least one computer to function as each means of the mobile terminal according to any one of claims 1 to 15.

Images