JP4826251B2 - User authentication method, computer software, and apparatus having user authentication function - Google Patents

Description

  The present invention relates to a user authentication method, computer software, and an apparatus having a user authentication function.

  When logging in to an image forming apparatus or the like provided with a personal computer or a hard disk capable of storing documents, input of a login ID and a password is required for security.

It is complicated to input a login ID and password for each login, and in order to eliminate this complexity, fingerprint authentication data is stored in advance in association with the login ID and password, and if fingerprint authentication is successful, they are associated with each other. A technique for automatically inputting a login ID and a password into a login ID field and a password field on a login input screen is known (see, for example, Patent Document 1).
JP 2003-36247 A

  However, biometric authentication such as fingerprint authentication is not complete, and there is a possibility that another person may be mistakenly identified as the principal, and there is a risk that the other person logs in with the login ID and password of the principal.

  The present invention has been made in view of the above problems, and provides a user authentication method that makes it easy to log in and prevents other people from logging in with their own login ID and password. It is intended to provide.

User user authentication method of the present invention receives an input of biometric information by the user, a first step of performing authentication of the biological information, if the biological information in the first step is authenticated, which corresponds to the biological information A user authentication screen in which a name and a part of a password corresponding to the user name are automatically input, and the number of characters automatically input and the number of characters to be input can be discriminated , or the biometric information in the first step is If not authenticated , a second step of displaying a user authentication screen that accepts all input of a user name and password, and an input for complementing the password that has been partially input to the user , or of all passwords a third step of receiving an input, which is the automatic input and the complementary input the user name that is the automatic input password And de is characterized by having a fourth step for collating the user name and password registered in advance authenticated, the.

The computer software of the present invention automatically inputs the user name corresponding to the biometric information received from the user and a part of the password corresponding to the user name, and can determine the number of characters automatically input and the number of characters to be input and to a first step of displaying a user authentication screen was, if the biometric information is authenticated, the user, or receives an input for the complement of the password which the part is automatically entered, or, the biological information If the password is not authenticated , the computer executes a second step of accepting all input of a user name and a password, and a third step of collating the automatically entered user name with the automatically entered and complementary entered password It is characterized by making it.

An apparatus having a user authentication function according to the present invention is displayed on the display unit when a display unit that displays a user authentication screen, an operation unit that performs input to the user authentication screen, and biometric information is authenticated. to have authentication screen, the a portion of the password corresponding to the user name and the user name corresponding to the biometric information to automatically input, and distinguishably displaying the number of characters to be input with the number of characters has been filled in, Accepting an input for complementing the partially entered password from the operation unit , and displaying the user authentication screen for accepting all user name and password inputs when the biometric information is not authenticated , Yes and a control unit that authenticates the automatic input user name and the automatic input and complementary input password, or all entered username and password It is characterized in Rukoto.

  According to the present invention, when the login ID and the password are automatically entered in the login ID field and the password field on the login input screen with the success of the biometric authentication, all the passwords are not automatically entered, and a part of the user is entered. Since it is set as an input, the input at the time of login is simplified and another person is prevented from logging in with his / her own login ID and password.

(Device configuration)
FIG. 1 is a block diagram showing a configuration of an image forming apparatus 1 to which a user authentication method of the present invention is applied. The image forming apparatus 1 includes an apparatus main body 10 and a fingerprint authentication module 30.

  The apparatus main body 10 is centered on a CPU 11 that executes control of the apparatus main body 10 in accordance with a program, and a bus 12, a ROM 13, a RAM 14, a document reading unit 15, an image forming unit 16, a hard disk 17, a nonvolatile memory 18, an operation unit 19, The display unit 20 and the communication unit 21 are connected to each other.

  The ROM 13 stores various programs and data, and the CPU 11 executes control of the image forming apparatus 1 using these programs and data.

  The RAM 14 is used as a work area by the CPU 11 and temporarily stores programs and data required when the CPU 11 executes control.

  The document reading unit 15 reads the document and generates image data. The generated image data is output to the image forming unit 16 or the hard disk 17 or the like.

  The image forming unit 16 forms an image on a recording medium based on image data or document data input from the document reading unit 15 or the hard disk 17 or the like.

  The hard disk 17 stores and stores image data input from the document reading unit 15 or the like.

  The nonvolatile memory 18 stores the login ID and password for each user in association with the registration number.

  The operation unit 19 is operated by a user, and a login ID and password are input, an image formation instruction, a storage instruction to the hard disk, and the like are performed from the operation unit 19.

  The display unit 20 displays a user login screen that accepts input of a login ID and password from the user. The display unit 20 may be configured with a touch panel and may also serve as the operation unit 19.

  The communication unit 21 is connected to a fingerprint authentication module 30 described later, and transmits a fingerprint authentication instruction to the fingerprint authentication module 30.

  The fingerprint authentication module 30 has a CPU 33 that executes control of the fingerprint authentication module 30 according to a program, and a ROM 33, a RAM 34, a fingerprint input unit 35, a nonvolatile memory 36, and a communication unit 37 are connected to each other by a bus 32. Yes.

  The ROM 33 stores various programs and data, and the CPU 31 executes control of the fingerprint authentication module 30 using these programs and data.

  The RAM 34 is used as a work area by the CPU 31 and temporarily stores programs and data required when the CPU 31 executes control.

  The fingerprint input unit 35 reads the user's fingerprint and generates fingerprint data.

  The nonvolatile memory 36 is a memory in which the generated fingerprint data is stored, and stores the fingerprint data in association with the registration number.

  The communication unit 37 is connected to the apparatus main body 10 and transmits a registration number stored in the nonvolatile memory 36 to the apparatus main body 10 when fingerprint authentication is successful.

(Device control)
FIG. 2 is a control flow diagram relating to login processing of the image forming apparatus of FIG. This control is performed when the CPU 11 and the CPU 31 cooperate to execute processing based on programs stored in the ROM 13 and the ROM 33.

  First, the CPU 11 displays, for example, “Please input fingerprint” on the display unit 20 (step S1). Further, the CPU 11 instructs the CPU 31 to perform fingerprint authentication (step S2). In accordance with this instruction, the user places a finger on the fingerprint input unit 35.

  Next, the CPU 31 causes the fingerprint input unit 35 to read the user's fingerprint and input fingerprint data (step S3).

  Next, the CPU 31 determines whether there is fingerprint data that matches the input fingerprint data in the fingerprint data stored in the nonvolatile memory 36 and performs fingerprint authentication (step S4).

  Next, the CPU 31 transmits an authentication result (authentication success or authentication failure) to the apparatus main body 10 via the communication unit 37 (step S5). When authentication is successful, a registration number corresponding to the matched fingerprint data is added and transmitted.

  Next, the CPU 11 determines whether or not the authentication result transmitted from the fingerprint authentication module 30 is successful (step S6). If the authentication is successful (step S6; Yes), the CPU 11 reads the login ID and password corresponding to the added registration number from the nonvolatile memory 18 to the RAM 14 (step S7).

  Next, the CPU 11 displays a login screen on which the login ID read in step S7 and a part of the password are input and displayed on the display unit 20, and prompts the user to input a complementary password (step S8). For example, as shown in FIG. 3, if the password is 8 characters, the password is automatically entered for 6 characters from the beginning and 6 * s are displayed, and an underbar for 2 characters is added after the last *. indicate. In accordance with this display, the user performs complementary input of the password through the operation unit 19. In the case of the example in FIG. 3, the user inputs the remaining two characters in the portion where the underbar is displayed. By displaying the number of characters to be input with an underbar or the like, for example, even when a password with a long number of characters is displayed, the user can immediately recognize how many characters should be input.

  As a result, a password complement input is made to the CPU 11 (step S9). In the case of the example in FIG. 3, two * s are added to the end of the six * s that are displayed on the login screen.

  By letting the user perform complementary input in this way, even if another person is mistakenly identified as the person and the verification succeeds, the other person cannot log in by itself and must complete the password. Log in with the login ID and password of the person.

  If authentication fails in step S6 (step S6; No), the process proceeds to step S10, and the CPU 11 displays a login screen with a blank login ID and password on the display unit 20, and inputs the login ID and password to the user. Prompt. In accordance with this instruction, the user inputs all characters of the login ID and password through the operation unit 19.

  For example, even when the fingerprint registration state is bad and the fingerprint authentication fails even though the person is the person himself, the user can log in by entering all characters of the login ID and password.

  In step S11, all characters of the login ID and password are input to the CPU 11.

  When the login ID and password are input and the login is executed in step S9 or step S11, the CPU 11 refers to the login ID and password stored in the nonvolatile memory 18 and authenticates the input login ID and password. Is performed (step S12). If the authentication is successful (step S12; Yes), the CPU 11 outputs a use permission signal for the image forming apparatus (step S13). If the authentication has failed (step S12; No), the CPU 11 outputs a use prohibition signal for the image forming apparatus (step S14).

  As described above, according to the present embodiment, when the login ID and the password are automatically entered in the login ID field and the password field on the login input screen with the success of the biometric authentication, all the passwords are automatically entered. In addition, since a part of the user input is used, it is easy to input at the time of login, and another person is prevented from logging in with his / her own login ID and password.

  In the present embodiment, the end part of the password is complemented and input, but it may be the start part or the intermediate part. In the case of the complementary input of the head part or the tail part, it is preferable because the user can easily memorize it.

  Further, in the present embodiment, as an example of display for prompting the user for complementary input and accepting the input, an example using underbars corresponding to the number of characters (number of digits) of the complementary input has been described. For example, a display form as shown in FIG. 4 may be used. In the case of the example in this figure, as in the case of FIG. 3, the password is described as 8 characters. For example, the password is automatically entered for 6 characters from the beginning, and 6 * s are displayed. A prompt (for example, a blinking cursor) is displayed after *. In the case of the example shown in the figure, the user follows the prompt and inputs the remaining two characters. Here, if the number of digits of the password itself is different for each user, it is not possible for a genuine user to know how many more characters should be input according to the prompt. Thus, in the case of the present embodiment, the number of characters to be complemented can be given a meaning like a password, which is more preferable for ensuring security.

  In the present embodiment, fingerprint data is stored in association with the registration number in the nonvolatile memory 36 of the fingerprint authentication module 30, and a login ID and password are stored in association with the registration number in the nonvolatile memory 18 of the apparatus body 10. When the authentication is successful by the fingerprint authentication module 30, the login ID and password corresponding to the fingerprint are specified by transmitting the registration number from the fingerprint authentication module 30 to the apparatus body 10, but the nonvolatile memory 36 of the fingerprint authentication module 30 is identified. The login ID and password may be stored in the device, and when the authentication by the fingerprint authentication module 30 is successful, the login ID and password stored in the nonvolatile memory 36 may be transmitted from the fingerprint authentication module 30 to the apparatus main body 10. .

  In this embodiment, the fingerprint authentication module 30 is controlled by the CPU 31 different from the CPU 11 of the apparatus main body 10, but may be configured to be controlled by the CPU 11 of the apparatus main body 10.

  In this embodiment, the user authentication method of the present invention is used to authorize the use of the image forming apparatus, but image data, document data, a personal address book used for Scan to E-mail, etc. The user authentication method of the present invention can also be used when accessing.

  In this embodiment, the user authentication method of the present invention is applied to the image forming apparatus. However, it is also applied to an apparatus having other authentication functions, for example, a personal computer, an ATM (Auto Teller Machine), an entry / exit management apparatus, and the like. Needless to say, you can.

  In this embodiment, a fingerprint is used as the authentication module. However, the present invention can also use other biological information such as a vein, a face, an iris, a retina, a voiceprint, and a handwriting.

1 is a block diagram illustrating a configuration of an image forming apparatus according to an exemplary embodiment. FIG. 5 is a control flow diagram relating to login processing of the image forming apparatus according to the present exemplary embodiment. It is an example of the login screen of this embodiment. It is an example of another login screen of this embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Image forming apparatus 10 Apparatus main body 11 CPU
13 ROM
18 Nonvolatile Memory 19 Operation Unit 20 Display Unit 30 Fingerprint Authentication Module 31 CPU
35 Fingerprint input part 36 Non-volatile memory

Claims (7)

A first step of accepting input of biometric information by a user and authenticating the biometric information ;
When the biometric information is authenticated in the first step, the user name corresponding to the biometric information and a part of the password corresponding to the user name are automatically input, and the number of automatically input characters should be input A user authentication screen that can determine the number of characters , or a second step of displaying a user authentication screen that accepts all input of a user name and a password when the biometric information is not authenticated in the first step;
A third step of accepting an input for complementing a password that has been automatically entered by the user , or an input of all passwords ;
A fourth step of verifying the user name and password registered in advance against the user name and password registered in advance, the automatically entered user name and the automatically entered password and the complementary entered password;
A user authentication method comprising: The character string excluding a predetermined number of characters at a head portion or a tail portion of a password corresponding to the user name is automatically input as the password that is partially input automatically in the second step. 2. The user authentication method according to 1. Based on the comparison result in the fourth step, have a fifth step of restricting the use of equipment by the user, if the authentication is successful allow the use of the device, if the authentication fails the device 3. The user authentication method according to claim 1, wherein use is prohibited . The user name corresponding to the biometric information received from the user and a part of the password corresponding to the user name are automatically entered , and a user authentication screen is displayed that allows the number of characters entered automatically and the number of characters to be entered to be distinguished. A first step of
When the biometric information is authenticated, the user receives an input for complementing the partially entered password , or when the biometric information is not authenticated, all input of the user name and password A second step of accepting ,
A third step of collating the automatically entered user name with the automatically entered and complemented password;
Computer software characterized by causing a computer to execute. The character string in which a predetermined number of characters at the beginning or end of a password corresponding to the user name is omitted is automatically input as a partly automatically entered password in the first step. 5. Computer software according to 4 . Based on the collation result in the third step, use of the device is restricted by permitting use of the device if authentication is successful, and prohibiting use of the device if authentication fails. The computer software according to claim 4 or 5 , wherein the computer is caused to execute a fourth step. A display unit for displaying a user authentication screen;
An operation unit for performing input to the user authentication screen;
When the biometric information is authenticated, the authentication screen displayed on the display unit, and a part of the password corresponding to the user name and the user name corresponding to the biological information automatically inputs are automatically entered The number of characters and the number of characters to be input are displayed in a distinguishable manner, and an input for complementing the password that has been partially input is accepted from the operation unit , and if the biometric information is not authenticated, the user name and password receiving an input to display the user authentication screen for accepting all input, the automatic input user name and the automatic input and complementary input password, or all you authenticate the user name and password input control unit When,
A device provided with a user authentication function.

Images