JP7314809B2 - Image forming apparatus, image processing system, and program - Google Patents

Description

The present disclosure relates to an image forming apparatus having a one-time password function in a user authentication function that restricts access to the image forming apparatus.

Conventionally, many image forming apparatuses such as MFPs (Multi-Functional Peripherals) have a user authentication function that restricts access to the apparatus. In one example of the user authentication function, when a user enters a user name and password, the image forming apparatus permits the user to use the apparatus if the entered user name and password match those registered. Regarding an image forming apparatus equipped with such a user authentication function, Japanese Patent Application Laid-Open No. 2015-176591 (Patent Document 1) discloses an image forming apparatus equipped with a "one-time password function" (OTP function) that generates a password that is valid only once for a certain period of time (hereinafter, also referred to as a one-time password or OTP (One Time Password)), transmits it to the user, and allows use by prompting the user to enter the password.

JP 2015-176591 A

After the OTP is transmitted, inconvenience may occur when the user confirms the transmitted OTP at a location away from the image forming apparatus. For example, if the second user uses the image forming apparatus while the first user is away from the image forming apparatus to check the OTP, and the information that the first user has input into the image forming apparatus for authentication is erased, there may arise the inconvenience of having to re-input the information that the first user has already input. Furthermore, if the items entered by the second user remain in the image forming apparatus, the first user may be required to delete the items entered by the second user. In this sense as well, the first user is required to perform complicated work.

The present disclosure has been conceived in view of such circumstances, and an object thereof is to provide a technique for avoiding a situation in which a user using an image forming apparatus is required to perform complicated operations using a one-time password.

According to one aspect of the present disclosure, an image forming apparatus includes a memory, a controller that controls operation of the image forming apparatus, and an input interface that receives input of information identifying a user, the memory stores information identifying the user in association with a destination, the controller transmits a one-time password to the destination associated with the information identifying the user input to the input interface when the input interface receives a request for temporary authentication, measures a certain period of time regarding the expiration date of the one-time password, and receives the request for temporary authentication. There is provided an image forming apparatus that notifies that the image forming apparatus is in use during at least a part of the period from when a one-time password is input to when the input of the one-time password is accepted, and authenticates the user for use of the image forming apparatus in accordance with the input of the one-time password in response to the input of the one-time password.

Preferably, the controller initiates notification in response to the input interface accepting the request for temporary authentication.

Preferably, the controller initiates notification in response to generating the one-time password.

Preferably, the controller initiates notification in response to sending the one-time password to the destination.

Preferably, the controller initiates notification in response to detection that the user has left the image forming apparatus.

Preferably, the controller ends the notification in response to re-input of the information identifying the user to the input interface after the input interface accepts the request for temporary authentication.

Preferably, the controller terminates the notification in response to detecting that the user who has input the request to the input interface has returned to the image forming apparatus after detecting that the user has left the image forming apparatus.

Preferably, the input interface further includes a luminous body, and the controller performs notification by lighting the luminous body.

Preferably, the image forming apparatus further includes a luminous body provided in the main body of the image forming apparatus, and the controller performs notification by lighting the luminous body.

Preferably, the controller performs notification by outputting sound.
According to another aspect of the present disclosure, the image forming apparatus includes an image forming apparatus and an authentication server that authenticates a user who uses the image forming apparatus, the image forming apparatus includes a first controller that controls operation of the image forming apparatus, and an input interface that receives an input of information identifying the user, the first controller, when the input interface receives a request for temporary authentication, transmits to the authentication server a request for temporary authentication of information identifying the user input to the input interface, and the authentication server stores the information identifying the user in association with a destination. and a second controller that, upon receiving a temporary authentication request from the image forming apparatus, transmits the one-time password to a destination associated with the user-specifying information input to the input interface, the second controller measuring a certain period of time related to the expiration date of the one-time password, and the first controller notifying that the image forming apparatus is in use during at least a part of the period from when the input interface receives the temporary authentication request until when the input of the one-time password is received, and the input interface receives the one-time password. An image processing system is provided in which a one-time password is transmitted to an authentication server, and a second controller authenticates a user for use of the image forming apparatus with respect to user-specifying information received from the image forming apparatus if the one-time password is transmitted from the image forming apparatus before a certain period of time relating to the expiration date of the one-time password is measured.

Preferably, the first controller initiates notification in response to the input interface accepting the request for temporary authentication.

Preferably, the first controller initiates notification in response to generation of the one-time password.

Preferably, the first controller initiates notification in response to transmission of the one-time password to the destination.

Preferably, the first controller initiates notification in response to detection that the user has left the image forming apparatus.

Preferably, the first controller terminates the notification in response to re-input of information identifying the user to the input interface after the input interface accepts the request for temporary authentication.

Preferably, the first controller terminates the notification when it is detected that the user who has input the request to the input interface has returned to the image forming apparatus after it is detected that the user has left the image forming apparatus.

Preferably, the image forming apparatus further includes a light emitter provided in the input interface, and the first controller performs notification by lighting the light emitter.

Preferably, the image forming apparatus further includes a light emitter provided in the main body of the image forming apparatus, and the first controller performs notification by lighting the light emitter.

Preferably, the first controller performs notification by outputting sound.
According to still another aspect of the present disclosure, the computer of the image forming apparatus, when a request for temporary authentication is received at the input interface, sends a one-time password to the destination associated with the information identifying the user input to the input interface, the step of notifying that the image forming apparatus is in use during at least a part of the period from when the input interface receives the request for temporary authentication to when the input of the one-time password is accepted, and the step of inputting the one-time password if it is before the completion of measurement for a certain period of time. and authenticating the user for use of the image forming apparatus with respect to information identifying the user entered into the input interface.

According to the present disclosure, during at least a part of the period from when the input interface of the image forming apparatus accepts the request for temporary authentication until the input of the one-time password is accepted, it is notified that the image forming apparatus is in use. Thus, even if the first user leaves the image forming apparatus to confirm the one-time password transmitted in response to the temporary authentication request, the second user is restrained from using the image forming apparatus by the notification. As a result, it is possible to avoid a situation in which the first user is required to perform complicated work due to the image forming apparatus being used by the second user while the one-time password of the first user is being confirmed.

1 is a diagram showing the configuration of an image processing system according to a first embodiment; FIG. 2 is a diagram showing a hardware configuration of MFP 100; FIG. 2 is a diagram showing a hardware configuration of an information processing device 200; FIG. 3 is a diagram showing the hardware configuration of an authentication server 300; FIG. It is a figure which shows the data structure of a user information database. FIG. 2 is a diagram showing an overview of user authentication in the first embodiment; FIG. It is a figure which shows an example of a login screen. FIG. 10 is a diagram showing an example of an OTP transmission request screen; FIG. 10 is a diagram showing an example of a screen (OTP transmission notification screen) for notifying OTP transmission; FIG. 10 is a diagram showing an example of a top menu screen; FIG. 4 shows an example of a login screen including an indication that MFP 100 is in use; FIG. 10 is a diagram showing a modification of MFP 100 that further includes a display device in addition to display 121. FIG. 4 is a flowchart of processing executed in MFP 100 for user authentication by OTP. 4 is a flowchart of processing executed in MFP 100 for user authentication by OTP. FIG. 14 is a diagram showing a first modification of FIG. 13; FIG. 14 is a diagram showing a second modification of FIG. 13; FIG. 14 is a diagram showing a third modification of FIG. 13; FIG. 10 is a diagram showing an outline of user authentication using OTP in the second embodiment; FIG. 10 is a flowchart of processing executed for user authentication by OTP in the second embodiment; 10 is a flowchart of processing executed for user authentication by OTP in the second embodiment; 10 is a flowchart of processing executed for user authentication by OTP in the second embodiment; 10 is a flowchart of processing executed for user authentication by OTP in the second embodiment; 10 is a flowchart of processing executed for user authentication by OTP in the second embodiment; 10 is a flowchart of processing executed for user authentication by OTP in the second embodiment;

Embodiments of an image processing system will be described below with reference to the drawings. In the following description, identical parts and components are given identical reference numerals. Their names and functions are also the same. Therefore, these descriptions will not be repeated.

<First Embodiment>
[Configuration of image processing system]
FIG. 1 is a diagram showing the configuration of the first embodiment of an image processing system. As shown in FIG. 1, the image processing system includes an MFP 100, which is an example of an image forming apparatus, an information processing apparatus 200, and an authentication server 300. FIG. MFP 100 includes human sensor 106 and operation panel 120 . Details of the human sensor 106 and the operation panel 120 will be described later with reference to FIG.

MFP 100 is an example of an image forming apparatus, and use of MFP 100 requires user authentication. In the image processing system, MFP 100 or authentication server 300 may authenticate the user. MFP 100 can authenticate a user using a password registered in advance for each user, or can authenticate a user using an OTP issued in response to a request from each user. That is, MFP 100 has a function (OTP function) of permitting use of MFP 100 by user authentication using OTP.

[Hardware Configuration of MFP 100]
FIG. 2 is a diagram showing the hardware configuration of MFP 100. As shown in FIG. As shown in Fig. 2, MFP100 is the main component of the control unit, the control unit 110, the timer circuit 101, the manuscript reading unit 102, the printing output unit 103, the paper transportation unit 104, the facsimile (FAX) section 105, the human sensor 106, the network interface (I / F) 107, B. Includes Luetooth (registered trademark) interface (I / F) 108, storage device 109, and operation panel 120. Each element shown in FIG. 2 is connected to each other by an internal bus.

The control unit 110 includes a CPU (Central Processing Unit) 111 , a RAM (Random Access Memory) 112 and a ROM (Read Only Memory) 113 . CPU 111 controls the operation of MFP 100 by executing a given program. The RAM 112 functions as a work area when the CPU 111 executes programs. ROM 113 stores various data including programs executed by CPU 101 .

MFP 100 may include a dedicated integrated circuit (for example, a Field-Programmable Gate Array) used for controlling MFP 100 instead of controller 110 or together with controller 110 .

A timer circuit 101 is an electric circuit for measuring time. The control unit 110 can determine various events, such as whether or not the OTP has expired, by acquiring the result of time measurement by the timer circuit 101 .

Document reading unit 102 is implemented by a so-called scanner, and scans a document set on MFP 100 to generate image data of the document.

A print output unit 103 forms an image based on image data on a recording sheet. In one implementation, print output 103 includes a photoreceptor drum and a transfer roller. The print output unit 103 forms an image according to, for example, an electrophotographic method, but the image forming method is not limited to this.

In MFP 100, paper transport unit 104 includes rollers for transporting the document and/or recording paper, and motors for rotating the rollers.

A FAX unit 105 transmits and receives image data by facsimile communication.
Human sensor 106 is installed in front of MFP 100 as shown in FIG. 1 and includes an infrared sensor, for example. Control unit 110 detects whether a user is present within a given distance range from MFP 100 (human sensor 106) based on a signal output from human sensor 106. FIG. In this sense, the human sensor 106 is an example of a first sensor.

Network I/F 107 allows MFP 100 to communicate with other devices (authentication server 300 and information processing device 200) via a network, and is implemented by, for example, a NIC (Network Interface Card).

Bluetooth_I/F 108 allows MFP 100 to wirelessly communicate with other devices according to the Bluetooth standard. Control unit 110 may determine whether the user is carrying a terminal based on whether Bluetooth_I/F 108 is communicating with a terminal associated with the user. In this sense, the Bluetooth_I/F 108 is an example of a second sensor.

Storage device 109 is a non-volatile storage device configured by, for example, a hard disk drive (HDD) or solid state drive (SSD), and stores programs and/or data. The storage device 109 may store job data. That is, control unit 110 stores job data received from a personal computer via a network in storage device 109, and then reads the job data from storage device 109, thereby executing a job related to the job data.

Operation panel 120 includes display 121 , touch sensor 122 , and operation keys 123 . The display 121 displays various screens such as a login screen to be described later. The touch sensor 122 covers at least part of the display 121 . A touch panel is configured by the display 121 and the touch sensor 122 . Operation keys 123 are implemented as hardware keys such as a power key. Control unit 110 controls display on display 121 and receives signals output according to operations on touch sensor 122 and operation keys 123 .

[Hardware Configuration of Information Processing Device 200]
FIG. 3 is a diagram showing the hardware configuration of the information processing device 200. As shown in FIG. The information processing device 200 may be a mobile terminal such as a smart phone, or a built-in terminal such as a personal computer.

As shown in FIG. 3, information processing apparatus 200 includes CPU 201, RAM 202, storage 203, display 204, input device 205, NIC 206, and Bluetooth I/F 207 as main components. Each element shown in FIG. 3 is connected to each other by an internal bus.

The CPU 201 controls operations of the information processing apparatus 200 . The RAM 202 functions as a work area when the CPU 201 executes processing. The storage 203 is a non-volatile storage device that stores various programs executed by the CPU 201 and data used for executing the programs. The storage 203 is implemented by, for example, flash EEPROM (Electrically Erasable Programmable Read-Only Memory), flash ROM, HDD, and/or SSD, but is not limited to these.

A display 204 is a display device for displaying an image showing the processing result of the program executed by the CPU 201 .

Input device 205, in one implementation, is implemented by a keyboard, operation keys, and/or touch sensors. The input device 205 sends the information to the CPU 201 upon receiving the input of the information.

The NIC 206 is a communication interface that allows the information processing apparatus 200 to communicate with other apparatuses (such as the MFP 100) via a network.

A Bluetooth I/F 207 is a communication interface for allowing the information processing apparatus 200 to perform short-range communication with another apparatus such as the MFP 100 .

[Hardware Configuration of Authentication Server 300]
FIG. 4 is a diagram showing the hardware configuration of the authentication server 300. As shown in FIG. Authentication server 300 may be implemented by a general-purpose computer in one implementation.

As shown in FIG. 4, authentication server 300 includes CPU 301, RAM 302, storage device 303, display 304, input device 305, NIC 306, and timer circuit 307 as main components. Each element shown in FIG. 4 is connected to each other by an internal bus.

CPU 301 controls the operation of authentication server 300 . The RAM 302 functions as a work area when the CPU 301 executes processing. The storage device 303 is a nonvolatile storage device that stores various programs executed by the CPU 301 and data used for executing the programs. Storage device 303 is implemented by, for example, an HDD or SSD, but is not limited to these.

A display 304 is a display device for displaying an image showing the processing result of the program executed by the CPU 301 .

The input device 305, in one implementation, is implemented by a keyboard, operation keys, and/or touch sensors. The input device 305 sends the information to the CPU 301 upon receiving the input of the information.

NIC 306 is a communication interface that allows authentication server 300 to communicate with other devices (such as MFP 100) via a network.

A timer circuit 307 is an electric circuit for measuring time. The CPU 301 acquires the result of time measurement by the timer circuit 307 .

[Data structure of user information database]
FIG. 5 is a diagram showing the data structure of the user information database. The user information database is used for user authentication and can be stored in storage device 109 of MFP 100, for example.

As shown in FIG. 5, the user information database stores "user name", "password", "OTP transmission destination", "OTP", "OTP timing start date and time", and "expiration date" in association with each other.

“User name” is information that identifies each user. A "password" is information assigned to each user and used for authentication of each user. The “OTP transmission destination” is information that defines the destination (e-mail address, etc.) to which the OTP is transmitted for each user. “OTP” is information that defines the OTP issued to each user. The “OTP timing start date and time” is information that defines the timing at which measurement of the OTP expiration date is started. The “expiration date” is information that defines the length of time of the OTP expiration date from the timing specified as the “OTP timing start date and time”.

In one implementation, a "user name", "password", and "OTP transmission destination" are registered for a user who is permitted to use the MFP 100, and furthermore, when an OTP is generated for the user, the "OTP", "OTP timing start date and time", and "expiration date" are registered.

Next, a specific example of the meaning of the values shown in FIG. 5 will be described.
In the example of FIG. 5, "User0001" is an example of a "user name", "Pass0001" is an example of a "password", "u001@company.com" is an example of an "OTP destination", "728951" is an example of an "OTP", "2019/10/31_9:21:05" is an example of an "OTP start date and time", and "10 minutes" is an example of an "expiration date". are registered respectively.

The above example means that the password "Pass0001" is registered for the user identified by "User0001". Therefore, the user can use MFP 100 by being authenticated in the image processing system by entering "User0001" as the user name and "Pass0001" as the password into MFP100.

The above example also means that the character string "728951" has been issued as the OTP to the user identified by "User0001", and that the OTP is valid for 10 minutes (expiration date) from 9:21:05 on October 31, 2019 (OTP clock start date and time). Therefore, by 09:31:05 on October 31, 2019, the user enters "User0001" as the user name and "Pass0001" as the password or "728951" as the OTP to be authenticated in the image processing system and use the MFP 100.

The above example also means that the OTP notification is realized by sending an OTP to "u001@company.com" (OTP transmission destination).

In the example of FIG. 5, "User0002" is registered as another example of "user name", "Pass0002" is registered as another example of "password", and "u002@company.com" is registered as another example of "OTP destination". In the example of FIG. 5, for the user identified by "User0002", the values of "OTP", "OTP timing start date and time", and "expiration date" are not registered. The values of "OTP", "OTP timing start date and time", and "expiration date" are values registered in response to transmission of the OTP. That is, in the state shown in FIG. 5, the OTP has not yet been sent to the user identified by "User0002".

[Outline of user authentication using OTP]
FIG. 6 is a diagram showing an overview of user authentication in the first embodiment. On the left side of FIG. 6, in addition to MFP 100 and information processing apparatus 200, a user to be authenticated is indicated as "user 400". The right side of FIG. 6 shows a schematic flow of processing executed by each of MFP 100 and information processing apparatus 200 in authentication of user 400 using OTP.

First, MFP 100 displays a login screen as shown in step SA1 and waits for input of authentication information from the user.

FIG. 7 is a diagram showing an example of a login screen. In one implementation, login screen 500 shown in FIG. 7 is displayed on display 121 of MFP 100 . The login screen 500 includes input fields 501 and 502 , a key 503 and a link 504 . An input field 501 accepts input of a user name. Input field 502 accepts input of a password or OTP. Key 503 accepts a request for authentication (login) using a user name (entered in entry field 501) and password or OTP (entered in entry field 502). Link 504 accepts requests to send OTPs.

Returning to FIG. 6, user 400 using information processing apparatus 200 approaches MFP 100 to use MFP 100, as shown as step SB1.

User 400 approaches MFP 100 and enters a user name into MFP 100, as shown as step SB2. For reasons such as forgetting the password, user 400 inputs a request for OTP transmission to MFP 100, as shown as step SB3. A request to send an OTP is an example of a request for temporary authentication.

In one implementation, a user name is entered in input field 501 of login screen 500 and input of a request to send an OTP is completed by manipulating link 504 . In another example, the input of the OTP transmission request is completed by an operation on a screen (OTP transmission request screen) displayed when the link 504 is operated.

FIG. 8 is a diagram showing an example of the OTP transmission request screen. In one implementation, OTP request to send screen 510 shown in FIG. 8 is displayed on display 121 of MFP 100 . The OTP transmission request screen 510 includes an input field 511 and keys 512 and 513 . The input field 511 accepts input of a user name. Key 512 accepts a request to send an OTP. A key 513 accepts a request to return the display to the login screen 500 .

MFP 100 generates an OTP in response to the OTP transmission request, and transmits the generated OTP to the destination associated with the user name entered in input field 511 . This destination is, for example, the OTP transmission destination associated with the username in the user information database. Note that MFP 100 may display the user name entered in input field 501 (FIG. 6) in input field 511 (FIG. 7). This eliminates the need for the user to re-enter the user name entered in the input field 501 in the input field 511 .

6, when MFP 100 receives an OTP transmission request, MFP 100 generates an OTP for user 400 identified by the user name entered in input field 501 or input field 511, and transmits the generated OTP to the destination associated with user 400. MFP 100 may report the transmission of the OTP.

FIG. 9 is a diagram showing an example of a screen for notifying OTP transmission (OTP transmission notification screen). In one implementation, the send OTP notification screen 520 shown in FIG. 9 includes the title “Send OTP” and the message “A one-time password has been sent to your registered address. Please login with the sent one-time password.” OTP transmission notification screen 520 further includes a key 521 . MFP 100 returns the display of display 121 to login screen 500 in response to operation of key 521 .

Incidentally, when the OTP transmission fails, the MFP 100 may report the failure. In this case, MFP 100 may display a screen (OTP transmission failure screen) including, for example, the title "OTP transmission failure" and the message "The one-time password could not be transmitted to your registered address. Please register another address." The user 400 can transmit another destination as an OTP transmission destination to the user information database in response to the OTP transmission failure screen being displayed.

Returning to FIG. 6, as shown as step SC1, information processing apparatus 200 receives the transmitted OTP using, for example, a mailer. The reception of the OTP by the information processing device 200 may be of a pull type based on user operation, a push type based on active transmission from an external device such as a network server, or a pseudo-push type based on polling.

On the other hand, as shown as step SB4, user 400 returns to his/her seat after requesting OTP transmission (step SB3). Then, the user 400 instructs the information processing device 200 at his seat to display the OTP, as shown as step SB5. For example, user 400 uses the mailer of information processing apparatus 200 to instruct display 204 to display an email text including an OTP. In response to an instruction from user 400, information processing apparatus 200 displays the OTP on display 204, as shown as step SC2.

As shown as step SB6, the user 400 confirms the OTP displayed on the information processing device 200. FIG. At this time, the user 400 may copy the OTP on a memo paper so as not to forget the OTP while returning to the MFP 100 .

User 400 then returns to MFP 100, as shown as step SB7, and enters the user name and OTP into MFP 100, as shown as step SB8. If the user name has already been entered into MFP 100, the entry of the user name at step SB8 can be omitted.

In FIG. 6 , the time from user 400 inputting an OTP transmission request to MFP 100 until user 400 confirms the OTP with information processing apparatus 200 and returns to MFP 100 is indicated as time TA. Preferably, the OTP expiration time is at least longer than the time TA.

MFP 100 performs user authentication using the input user name and OTP, as shown as step SA3. When the user authentication is successful, MFP 100 displays the top menu screen on display 121 of MFP 100 as shown as step SA4. As a result, the MFP 100 is ready for use.

Successful user authentication means that the combination of user name and password (or OTP) entered by the user matches the combination of user name and password (or (OTP)) registered in the user information database. If user authentication succeeds, the user can log in to MFP 100 and use MFP 100.

User authentication failure means that the combination of user name and password (or OTP) entered by the user does not match the combination of user name and password (or (OTP)) registered in the user information database. In this case, the user cannot log in to MFP 100 and cannot use MFP 100.

FIG. 10 is a diagram showing an example of the top menu screen. Top menu screen 530 shown in FIG. 10 includes various setting items (color, paper, magnification, etc.) for instructing MFP 100 to perform a job such as a copy job.

The top menu screen 530 includes a column 531 indicating the number of copies in the copy job. The initial value of the number of copies in MFP 100 is "1". When MFP 100 accepts the setting of the number of copies from the user, MFP 100 stores the set value in memory such as storage device 109 and displays the set value in column 531 . For example, when "3" is input as the set value for the number of copies, MFP 100 stores "3" as the set value for the number of copies in storage device 109, and also changes the number displayed in column 531 from "1" to "3."

MFP 100 restores the set values input by the user to the initial values when the non-operation time continues for the "predetermined time" set for the auto-reset function. After "3" is input as the set value of the number of copies, if the non-operation time continues for the predetermined time or more, the MFP 100 resets the set value of the number of copies in the storage device 109 to the initial value of "1" and returns the number displayed in the column 531 from "3" to "1". Note that "number of copies" is merely an example of items to be set.

MFP 100 notifies that MFP 100 is busy during at least part of the period indicated as time TA. In one implementation, when MFP 100 detects that user 400 has left MFP 100 after receiving a request to send an OTP, MFP 100 announces that MFP 100 is in use until the user returns to MFP 100 . This can prevent other users from using MFP 100 . Therefore, while user 400 is away from MFP 100 to check the OTP, it is possible to avoid the need for user 400 to re-enter settings that have already been entered by another user using MFP 100, and to prevent another user from impersonating user 400 and using MFP 100. The notification may be a display, an audio output, vibration of a vibrator, or a combination thereof.

FIG. 11 shows an example of a login screen including an indication that MFP 100 is in use. Login screen 500X shown in FIG. 11 further includes object 505 compared to login screen 500 shown in FIG. Object 505 contains the string "in use".

FIG. 12 is a diagram showing a modification of MFP 100 that further includes a display device in addition to display 121. As shown in FIG. In the example of FIG. 12, an LED (Light Emitting Diode) lamp is shown as an example of the display device. More specifically, MFP 100A shown in FIG. 12 includes LED lamps 129 provided on the outer edge of operation panel 120 and LED lamp group 190 provided on the front surface of the main body. LED lamp 129 and LED lamp group 190 are controlled by control unit 110 . MFP 100A may turn on LED lamp 129 and/or LED lamp group 190 instead of displaying object 505 or in addition to displaying object 505 .

Note that the notification may be performed continuously, or may be performed only for a certain period of time when it is detected that another user approaches MFP 100 or attempts to operate MFP 100 .

MFP 100 may have a speaker for audibly notifying that MFP 100 is in use. Operation of the speaker may be controlled by the controller 110 . MFP 100 may include a vibrator to notify by vibration that MFP 100 is in use. The operation of the transducer can be controlled by control unit 110 .

[Process flow]
13 and 14 are flow charts of processing executed in MFP 100 for user authentication by OTP. In MFP 100, for example, the processing shown in FIGS. 13 and 14 is started when power is turned on. MFP 100 executes the processes shown in FIGS. 13 and 14 by, for example, CPU 111 executing a given program.

Referring to FIG. 13, when MFP 100 is powered on, MFP 100 executes initialization processing of MFP 100 in step S401.

In step S<b>403 , MFP 100 displays a login screen ( FIG. 7 ) on display 121 .

In step S405, MFP 100 determines whether or not a logout request has been received. In one implementation, logging out means canceling a user's authorization. When MFP 100 determines that the logout request has been received (YES in step S405), the control returns to step S403. As a result, the display on the display 121 is returned to the login screen. On the other hand, when MFP 100 determines that the logout request has not been accepted (NO in step S405), the control proceeds to step S407.

In step S407, MFP 100 determines whether or not the OTP transmission request has been accepted. When MFP 100 determines that the OTP transmission request has been received (YES at step S407), the control proceeds to step S421, otherwise (NO at step S407), the control proceeds to step S409 (FIG. 14).

In step S421, MFP 100 determines whether or not the destination to which the OTP is transmitted can be specified. This determination is realized, for example, based on whether the user information database stores any value as the "OTP transmission destination" associated with the user name included in the OTP transmission request, or whether the stored value conforms to a given format (for example, a value conforming to the email address format).

When MFP 100 determines that the destination to which the OTP is transmitted can be specified (YES at step S421), the control proceeds to step S423, otherwise (NO at step S421), the control proceeds to step S435.

In step S435, MFP 100 displays on display 121 that the OTP cannot be transmitted. The display is realized by displaying an OTP transmission failure screen, for example. After that, the MFP 100 returns control to step S405. At this time, the display on the display 121 may be returned to the login screen.

Note that MFP 100 may determine in step S421 whether or not all the information necessary for OTP transmission has been input and registered. MFP 100 may proceed to step S423 when determining that all information has been input or registered, and may proceed to step S435 when determining that at least part of the information has not been input or registered. For example, if the user name has not been input to MFP 100 at the time of the OTP transmission request, MFP 100 may display a screen on display 121 informing that the user name has not been input in step S435.

In step S423, MFP 100 generates an OTP for the user name input when requesting OTP transmission.

At step S425, MFP 100 registers the OTP generated at step S423 in the user information database. At this time, MFP 100 may further register the "expiration date" associated with the OTP in the user information database.

In one implementation, MFP 100 may set a predetermined value (eg, 5 minutes) as the expiration date and set that value as the "expiration date."

In another implementation, the MFP 100 may obtain information identifying the type of terminal used by the user to be authenticated, obtain the value of the "expiration date" associated with the identified type, and register the obtained "expiration date" value as the "expiration date" in the user information database. One example of the terminal type is "personal PC", and another example is "portable terminal". When the terminal type is "personal PC", a longer time may be set as the "expiration date" than when the terminal type is "portable terminal". More specifically, in the case of a "portable terminal", the user may request MFP 100 to transmit an OTP while carrying the portable terminal, and may check the OTP directly on the portable terminal. On the other hand, in the case of a "personal PC", the user may move from MFP 100 to the personal PC and check the OTP after requesting MFP 100 to transmit the OTP. That is, in the latter case, it is assumed that the time required for the user to confirm the OTP will be longer than in the former case. By setting the length of time of the expiration date according to the type of terminal, the minimum necessary time that is assumed to be required for OTP confirmation can be set as the expiration date.

In step S427, MFP 100 transmits the OTP generated in step S423 to the destination (OTP transmission destination) associated with the user name input when requesting transmission of the OTP.

In step S429, MFP 100 starts measuring the expiration date of the OTP. More specifically, MFP 100 registers the current date and time in the user information database as the “OTP clock start date and time” of the OTP generated in step S423. The time at which the OTP is transmitted by the control in step S429 is the start point of the validity period of the OTP.

In step S431, MFP 100 registers in storage device 109 the image of the user who requested transmission of the OTP. As an example of acquiring the image of the user who requested the transmission of the OTP, the MFP 100 uses the image of the camera that captures the vicinity of the operation panel 120 . In this case, the image processing system further includes a camera that captures the vicinity of operation panel 120, and MFP 100 is connected to this camera. When MFP 100 determines in step S407 that the OTP transmission request has been received (YES in step S407), MFP 100 acquires a captured image from the camera and extracts an image of a person from the captured image. Extraction of images of people can be accomplished using pattern recognition techniques, for example. MFP 100 registers the extracted image of the person as the image of the user who requested transmission of the OTP.

In step S<b>433 , MFP 100 displays the OTP transmission result on display 121 . The OTP transmission notification screen 520 is an example of the OTP transmission result. After that, the MFP 100 returns control to step S405. At this time, MFP 100 may return the display on display 121 to the login screen.

Referring to FIG. 14, in step S409, MFP 100 determines whether the user associated with the OTP transmission destination in step S427 has left MFP 100 or not.

In one implementation, after accepting the OTP transmission request in step S407, MFP 100 determines that the user associated with the destination of the OTP transmission has not left MFP 100 if motion sensor 106 continues to detect an infrared-emitting object, and determines that the user has left MFP 100 if motion sensor 106 no longer detects an infrared-emitting object. In another implementation example, it is determined that the user has not left the MFP 100 while the image of the user whose image is registered in step S431 is included in the image captured by the camera, and that the user has left the MFP 100 when it is detected that the image is no longer included in the image captured by the camera. In yet another implementation, MFP 100 determines that the user has left MFP 100 when it detects that the camera's captured image does not include a person. In yet another implementation, the MFP 100 determines that the user has not left the MFP 100 until receiving an operation representing leaving the MFP 100 from the user, and determines that the user has left the MFP 100 when the operation is received. After accepting the OTP transmission request in step S407, MFP 100 may display on display 121 a key for accepting the “operation indicating leaving”.

When MFP 100 determines that the user has left MFP 100 (YES at step S409), control proceeds to step S441, otherwise (NO at step S409), control proceeds to step S411.

In step S441, MFP 100 notifies that MFP 100 is in use. The notification may be display, sound, vibration, or a combination thereof. In one example, the display 121 displays a login screen 500X (FIG. 11). If the user who has left MFP 100 can be identified, the notification may be accompanied by information identifying the user. After that, the MFP 100 returns control to step S405.

In step S411, MFP 100 determines whether or not a user name has been entered (in entry field 501) on the login screen. When MFP 100 determines that the user name has been input on the login screen (YES at step S411), the control proceeds to step S445, otherwise (NO at step S411), the control proceeds to step S413.

In step S<b>413 , MFP 100 determines whether or not the user who requested transmission of the OTP has returned to MFP 100 . In one implementation, the MFP 100 determines that the user who requested transmission of the OTP has returned to the MFP 100 when it detects that the user identified by the image registered in step S431 has once disappeared from the camera-captured image and then has been included in the camera-captured image again. When MFP 100 determines that the user who requested transmission of the OTP has returned to MFP 100 (YES at step S413), the control proceeds to step S447, otherwise (NO at step S413), the control proceeds to step S415.

In step S445, MFP 100 determines whether the user name determined to have been input in step S411 is the user name associated with the destination to which the OTP was transmitted in step S427, ie, the user name included in the OTP transmission request. When MFP 100 determines that the input user name is the user name included in the OTP transmission request (YES at step S445), MFP 100 advances control to step S447, otherwise (NO at step S445), returns control to step S405.

At step S447, MFP 100 terminates the notification started at step S441. For example, when login screen 500X (FIG. 11) is displayed in step S441, the display is replaced with login screen 500 (FIG. 7) in step S447. As a result, the object 505 disappears from the login screen. After that, the MFP 100 returns control to step S405.

In step S415, MFP 100 determines whether or not a login request has been accepted. MFP 100 accepts a login request by operating key 503 (FIG. 7), for example. When MFP 100 determines that the login request has been accepted (YES at step S415), the control proceeds to step S451, otherwise (NO at step S415), the control proceeds to step S417.

In step S451, MFP 100 determines whether the combination of user name and password or the combination of user name and OTP input in the login request matches the combination registered in the user information database. When MFP 100 determines that they match (YES at step S451), the control proceeds to step S453, otherwise (NO at step S451), the control proceeds to step S461.

In step S461, MFP 100 displays failure of user authentication on display 121, and then returns control to step S405. MFP 100 may return the display on display 121 to the login screen after displaying the user authentication failure.

At step S453, MFP 100 determines whether or not the information used for authentication at step S451 was the OTP. For example, when MFP 100 determines that the information entered together with the user name in the login request matches "OTP" instead of "password" in the user information database, MFP 100 determines that the information used for authentication was OTP in step S451.

When MFP 100 determines that the information used for user authentication is the OTP (YES at step S453), the control proceeds to step S455, otherwise (NO at step S453), the control proceeds to step S457.

In step S455, MFP 100 determines whether or not the expiration date of the OTP has yet to expire. If the expiration date of the OTP has not yet expired (YES at step S455), MFP 100 advances control to step S457, otherwise (NO at step S455), advances control to step S461.

In step S457, MFP 100 deletes the OTP used for user authentication from the user information database, and advances control to step S459. This prevents the OTP once used for authentication from being used again. Note that in the image processing system, the OTP may be a password that is used for authentication multiple times as long as an expiration date is set.

In step S459, MFP 100 displays top menu screen 530 on display 121, and then returns the control to step S405.

Under the control of steps S451 to S461, if a combination of a user name and password registered in the user information database is entered in the login request (YES in step S451 and NO in step S453), the OTP registered in association with the user name is cleared in step S457, and then top menu screen 530 is displayed in step S459. Thereby, the user is permitted to use MFP 100 .

If a combination of a user name registered in the user information database and an OTP is entered in the login request (YES in step S451 and YES in step S453), top menu screen 530 is displayed in step S459 on condition that the OTP has not expired (YES in step S455). In this case, the OTP used for user authentication is deleted from the user information database in step S457. This can prevent the OTP once used for user authentication from being used again.

Displaying the top menu screen 530 in step S459 means that user authentication has succeeded. The display of authentication failure in step S461 means that user authentication has failed.

In step S417, MFP 100 determines whether or not a request other than the above-described requests (logout in step S405, OTP transmission in step S407, and login in step S415) has been received. An example of the request determined in step S417 (hereinafter also referred to as "another request") is a request input to the top menu screen 530 (a request to change the number of copies, etc.), and another example is a request to start execution of a copy job by key operation.

When MFP 100 determines that the other request has been received (YES at step S417), control proceeds to step S471, otherwise (NO at step S417), control returns to step S405.

In step S471, MFP 100 executes the process according to the request, and then returns control to step S405. An example of processing in response to a request is updating the top menu screen 530 and updating copy job settings in response to a change in the number of copies. That is, after the user logs in to MFP 100, MFP 100 executes processing according to the user's request in step S471. Also, MFP 100 accepts input of a user name before login in step S471.

In the embodiment described above, when it is detected that the user requesting transmission of the OTP has left MFP 100 (YES in step S409), MFP 100 starts reporting that MFP 100 is in use (step S441). After that, when the user name of the user who requested the transmission of the OTP is input to operation panel 120 (YES in steps S411 and S445), or when it is detected that the user who requested the transmission of the OTP has returned to MFP 100 (YES in step S413), the notification ends (step S447).

[Modification (1)]
15 is a diagram showing a first modification of FIG. 13. FIG. FIG. 15 further includes step S407A as compared to FIG. In the example of FIG. 15, the MFP 100 executes step S407A instead of step S441.

More specifically, when MFP 100 determines in step S407 that an OTP transmission request has been received (YES in step S407), control proceeds to step S407A. At step S407A, MFP 100 notifies that MFP 100 is in use. After that, control proceeds to step S421. That is, in the modified example described with reference to FIG. 15, MFP 100 starts notifying that MFP 100 is in use in response to receiving the OTP transmission request.

[Modification (2)]
16 is a diagram showing a second modification of FIG. 13. FIG. FIG. 16 further includes step S423A as compared to FIG. In the example of FIG. 16, the MFP 100 executes step S423A instead of step S441.

More specifically, MFP 100 advances the control to step S423A after generating the OTP in step S423. At step S423A, MFP 100 notifies that MFP 100 is in use. After that, control proceeds to step S425. That is, in the modified example described with reference to FIG. 16, MFP 100 starts reporting that MFP 100 is in use in response to generation of the OTP.

[Modification (3)]
17 is a diagram showing a third modification of FIG. 13. FIG. FIG. 17 further includes step S427A as compared to FIG. In the example of FIG. 17, MFP 100 executes step S427A instead of step S441.

More specifically, after transmitting the OTP in step S427, MFP 100 advances the control to step S427A. At step S427A, MFP 100 notifies that MFP 100 is in use. After that, control proceeds to step S429. That is, in the modified example described with reference to FIG. 17, MFP 100 starts reporting that MFP 100 is in use in response to OTP transmission.

<Second Embodiment>
The image processing system of the second embodiment includes MFP 100, information processing apparatus 200, and authentication server 300, as in FIG. In a second embodiment, authentication server 300 performs at least part of the user authentication. Control unit 110 of MFP 100 is an example of a first controller, and CPU 301 of authentication server 300 is an example of a second controller. A user information database ( FIG. 5 ) is stored in the storage device 303 of the authentication server 300 .

[Outline of user authentication using OTP]
FIG. 18 is a diagram showing an overview of user authentication using OTP in the second embodiment. FIG. 18 shows MFP 100, information processing apparatus 200, and user 400, as in FIG. FIG. 18 shows processing in authentication server 300 in addition to processing in each of MFP 100 and information processing apparatus 200 .

Referring to FIG. 18, MFP 100 displays a login screen as shown as step SA1 and waits for input of authentication information from the user.

User 400 using information processing apparatus 200 approaches MFP 100 to use MFP 100, as shown as step SB1.

User 400 approaches MFP 100 and enters a user name into MFP 100, as shown as step SB2. For reasons such as forgetting the password, the user 400 requests transmission of the OTP, as shown as step SB3.

MFP 100 requests authentication server 300 to transmit the OTP of user 400 in response to the OTP transmission request from user 400, as shown as step SA11. At this time, MFP 100 notifies authentication server 300 of the user name of user 400 .

At step SC1, authentication server 300 generates an OTP for user 400 in response to a request from MFP 100, and transmits the generated OTP to a destination associated with user 400's username. This destination is, for example, the OTP transmission destination associated with the username in the user information database.

At step SA12, authentication server 300 notifies MFP 100 of the completion of OTP transmission. In response to this notification, MFP 100 may display an OTP transmission notification screen (FIG. 9) on display 121 .

Information processing apparatus 200 receives the transmitted OTP using, for example, a mailer, as shown as step SC1.

On the other hand, as shown as step SB4, user 400 returns to his/her seat after requesting OTP transmission (step SB3). Then, the user 400 instructs the information processing device 200 at his seat to display the OTP, as shown as step SB5.

Information processing apparatus 200 displays an OTP on display 204 in accordance with an instruction from user 400, as shown as step SC2.

The user 400 confirms the OTP displayed on the information processing device 200, as shown as step SB6.

User 400 then returns to MFP 100, as shown as step SB7, and enters the user name and OTP into MFP 100, as shown as step SB8. If the user name has already been entered into MFP 100, the entry of the user name at step SB8 can be omitted.

MFP 100 requests authentication server 300 for user authentication using the entered user name and OTP, as shown as step SA13.

Authentication server 300 executes user authentication in response to a request from MFP 100, as indicated by step SD2, and notifies MFP 100 of the user authentication result, as indicated by step SD3.

MFP 100 displays a screen corresponding to the authentication result on display 121 . For example, if the authentication result indicates successful authentication, MFP 100 displays the top menu screen on display 121 as shown as step SA4. As a result, the MFP 100 is ready for use.

As in the first embodiment, also in the second embodiment, MFP 100 notifies that MFP 100 is busy during at least part of the period indicated as time TA.

[Process flow]
19 to 24 are flow charts of processing executed for user authentication by OTP in the second embodiment. In FIGS. 19-24, the controls corresponding to the controls described in FIGS. 13-14 are labeled with the same reference numerals as in FIGS. 13-14 (such as "S401"). In each of FIGS. 19 and 21 to 23, processing in MFP 100 is shown on the left, and processing in authentication server 300 is shown on the right. 20 and 24 each show processing in MFP 100. FIG.

When MFP 100 is powered on, MFP 100 executes initialization processing of MFP 100 in step S401.

In step S<b>403 , MFP 100 displays a login screen ( FIG. 7 ) on display 121 .

In step S405, MFP 100 determines whether or not a logout request has been received. When MFP 100 determines that the logout request has been received (YES in step S405), the control returns to step S403. As a result, the display on the display 121 is returned to the login screen. On the other hand, when MFP 100 determines that the logout request has not been received (NO in step S405), the control proceeds to step S407.

In step S407, MFP 100 determines whether or not the OTP transmission request has been accepted. When MFP 100 determines that the OTP transmission request has been received (YES at step S407), the control proceeds to step S431, otherwise (NO at step S407), the control proceeds to step S432.

In step S431, MFP 100 registers in storage device 109 the image of the user who requested transmission of the OTP.

In step S407A, MFP 100 requests authentication server 300 to transmit an OTP. The request is realized, for example, by sending a message containing the username entered by the user. After that, the MFP 100 returns control to step S405.

At step S420, authentication server 300 determines whether or not it has received an OTP transmission request from MFP 100 (step S407A). When authentication server 300 determines that an OTP transmission request has been received (YES at step S420), control proceeds to step S421; otherwise (NO at step S420), control proceeds to step S440 (FIG. 20).

In step S421, authentication server 300 determines whether or not the destination to which the OTP is transmitted can be specified. When authentication server 300 determines that the destination to which the OTP is sent can be specified (YES at step S421), the control proceeds to step S423, otherwise (NO at step S421), the control proceeds to step S424 (FIG. 21).

In step S423, authentication server 300 generates an OTP for the user name entered when requesting OTP transmission.

At step S425, authentication server 300 registers the OTP generated at step S423 in the user information database. At this time, the authentication server 300 may further register the "expiration date" associated with the OTP in the user information database. In one implementation, authentication server 300 registers a fixed value (eg, 3 minutes) as the "expiration date." In another implementation, the authentication server 300 sets a value to be registered as the “expiration date” according to the type of the information processing device 200 that the user uses to verify the OTP (eg, first type or second type).

In step S427, authentication server 300 transmits the OTP generated in step S423 to the destination ("OTP transmission destination") associated with the user name entered when requesting transmission of the OTP.

In step S428, authentication server 300 notifies MFP 100 of transmission of the OTP.

In step S432, MFP 100 determines whether or not notification of OTP transmission has been received. When MFP 100 determines that it has received the OTP transmission notification (YES in step S432), in step S433, it displays the OTP transmission notification screen (FIG. 9) on display 121, and then returns the control to step S405. At this time, the display on the display 121 may be returned to the login screen. When MFP 100 determines that the OTP transmission notification has not been received (NO in step S432), the control proceeds to step S409 (FIG. 20).

The authentication server 300 starts measuring the expiration date of the OTP in step S429. Under the control of step S429, in the authentication server 300, the time at which the OTP is transmitted becomes the start point of the validity period of the OTP. Authentication server 300 then returns control to step S420.

Referring to FIG. 20, in step S409, MFP 100 determines whether the user associated with the OTP transmission destination in step S427 has left MFP 100 or not.

In one implementation, after accepting the OTP transmission request in step S407, MFP 100 determines that the user associated with the destination of the OTP transmission has not left MFP 100 if motion sensor 106 continues to detect an infrared-emitting object, and determines that the user has left MFP 100 if motion sensor 106 no longer detects an infrared-emitting object. In another implementation example, it is determined that the user has not left the MFP 100 while the image of the user whose image is registered in step S431 is included in the image captured by the camera, and that the user has left the MFP 100 when it is detected that the image is no longer included in the image captured by the camera. In yet another implementation, MFP 100 determines that the user has left MFP 100 when it detects that the camera's captured image does not include a person. In yet another implementation, the MFP 100 determines that the user has not left the MFP 100 until receiving an operation representing leaving the MFP 100 from the user, and determines that the user has left the MFP 100 when the operation is received. After accepting the OTP transmission request in step S407, MFP 100 may display on display 121 a key for accepting the “operation indicating leaving”.

When MFP 100 determines that the user has left MFP 100 (YES at step S409), control proceeds to step S441, otherwise (NO at step S409), control proceeds to step S411.

In step S441, MFP 100 notifies that MFP 100 is in use. After that, the MFP 100 returns control to step S405.

In step S411, MFP 100 determines whether or not a user name has been entered (in entry field 501) on the login screen. When MFP 100 determines that the user name has been input on the login screen (YES at step S411), the control proceeds to step S445, otherwise (NO at step S411), the control proceeds to step S413.

In step S<b>413 , MFP 100 determines whether or not the user who requested transmission of the OTP has returned to MFP 100 . In one implementation, the MFP 100 determines that the user who requested transmission of the OTP has returned to the MFP 100 when it detects that the user identified by the image registered in step S431 has once disappeared from the camera-captured image and then has been included in the camera-captured image again. When MFP 100 determines that the user who requested transmission of the OTP has returned to MFP 100 (YES at step S413), the control proceeds to step S447, otherwise (NO at step S413), the control proceeds to step S434 (FIG. 21).

In step S445, MFP 100 determines whether the user name determined to have been input in step S411 is the user name associated with the destination to which the OTP was transmitted in step S427, ie, the user name included in the OTP transmission request. When MFP 100 determines that the input user name is the user name included in the OTP transmission request (YES at step S445), MFP 100 advances control to step S447, otherwise (NO at step S445), returns control to step S405.

At step S447, MFP 100 terminates the notification started at step S441. For example, when login screen 500X (FIG. 11) is displayed in step S441, the display is replaced with login screen 500 (FIG. 7) in step S447. As a result, the object 505 disappears from the login screen. After that, the MFP 100 returns control to step S405.

On the other hand, in step S440, authentication server 300 determines whether or not it has received a notification of authentication prohibition from MFP 100 (step S409A). When authentication server 300 determines that the notification of authentication prohibition has been received (YES at step S440), the control proceeds to step S441, otherwise (NO at step S440), the control proceeds to step S446.

In step S441, the authentication server 300 controls the authentication server 300 to prohibit execution of authentication. An example of control in step S441 is to instruct MFP 100 to display login screen 500X (FIG. 11) as the login screen, or display a screen that does not include input field 502 as the login screen. MFP 100 updates the display on display 121 in accordance with the instruction. Authentication server 300 then returns control to step S420.

At step S446, authentication server 300 determines whether or not a notification of authentication permission (step S413A) has been received from MFP 100 or not. When authentication server 300 determines that the notification of authentication permission has been received (YES at step S446), control proceeds to step S447, otherwise (NO at step S446), control proceeds to step S450 (FIG. 22).

In step S447, MFP 100 cancels the prohibition of execution of authentication in step S441. As a result, the authentication server 300 is permitted to perform authentication. For example, when MFP 100 is instructed to display login screen 500X (FIG. 11) in step S441, authentication server 300 instructs to replace the display with login screen 500 (FIG. 7) in step S447. If MFP 100 is instructed to erase entry field 502 from the login screen in step S441, authentication server 300 instructs MFP 100 to restore entry field 502 in the login screen in step S447. MFP 100 updates the display on display 121 in accordance with the instruction. Authentication server 300 then returns control to step S420.

Referring to FIG. 21, authentication server 300 notifies MFP 100 in step S424 that the destination to which the OTP is to be transmitted cannot be specified.

In step S434, MFP 100 determines whether or not it has received a notification indicating that the destination to which the OTP is to be sent cannot be specified. If it determines that the notification has been received (YES in step S434), control proceeds to step S435, otherwise (NO in step S434), control proceeds to step S415 (FIG. 22).

In step S435, MFP 100 displays on display 121 that the OTP cannot be transmitted. The display is realized by displaying an OTP transmission failure screen, for example. After that, the MFP 100 returns control to step S405. At this time, the display on the display 121 may be returned to the login screen.

Referring to FIG. 22, at step S415, MFP 100 determines whether or not a login request has been accepted. When MFP 100 determines that a login request has been received (YES at step S415), control proceeds to step S415A, otherwise (NO at step S415), control proceeds to step S458 (FIG. 23).

In step S415A, MFP 100 transmits a login request to authentication server 300. FIG. The request includes the user and password or OTP entered by the user. After that, the MFP 100 returns control to step S405 (FIG. 19).

Authentication server 300 determines in step S450 whether or not a login request has been received. When authentication server 300 determines that a login request has been received (YES at step S450), control proceeds to step S451 (FIG. 23), otherwise (NO at step S450), control returns to step S420 (FIG. 19).

Referring to FIG. 23, authentication server 300, in step S451, determines whether the combination of user name and password or the combination of user name and OTP received as a login request matches the combination registered in the user information database. If authentication server 300 determines that they match (YES at step S451), the control proceeds to step S453, otherwise (NO at step S451), the control proceeds to step S452.

In step S452, authentication server 300 notifies MFP 100 of failure in user authentication, and then returns control to step S420 (FIG. 19).

At step S453, authentication server 300 determines whether or not the information used for authentication at step S451 was the OTP. When authentication server 300 determines that the information used for user authentication is the OTP (YES at step S453), the control proceeds to step S455, otherwise (NO at step S453), the control proceeds to step S456A.

In step S455, authentication server 300 determines whether or not the OTP has not yet expired. If the expiration date of the OTP has not yet expired (YES at step S455), authentication server 300 advances control to step S456A, otherwise (NO at step S455), advances control to step S456B.

In step S456A, authentication server 300 notifies MFP 100 of successful user authentication, and then advances the control to step S457. On the other hand, in step S456B, authentication server 300 notifies MFP 100 of failure in user authentication, and then returns control to step S420 (FIG. 19).

In step S457, MFP 100 erases the OTP used for user authentication from the user information database, and returns control to step S420 (FIG. 19).

On the other hand, MFP 100 determines in step S458 whether or not notification of successful user authentication has been received. When MFP 100 determines that the notification of success has been received (YES at step S458), the control proceeds to step S459, otherwise (NO at step S458), the control proceeds to step S460.

In step S459, MFP 100 displays top menu screen 530 on display 121, and then returns the control to step S405. Thereby, the user is permitted to use MFP 100 . After that, the MFP 100 returns control to step S405 (FIG. 19).

In step S460, MFP 100 determines whether or not a notification of user authentication failure has been received. When MFP 100 determines that the notification of failure has been received (YES at step S460), control proceeds to step S461, otherwise (NO at step S460), control proceeds to step S417 (FIG. 24).

In step S461, MFP 100 displays on display 121 that user authentication has failed, and then returns control to step S405 (FIG. 19). MFP 100 may return the display on display 121 to the login screen after displaying the user authentication failure.

Referring to FIG. 24, at step S417, MFP 100 determines whether or not a request (hereinafter referred to as "another request") other than the above-described requests (logout at step S405, transmission of OTP at step S407, and login at step S415) has been received. When MFP 100 determines that the other request has been received (YES at step S417), control proceeds to step S471, otherwise (NO at step S417), control returns to step S405.

In step S471, MFP 100 executes the process according to the request, and then returns control to step S405. An example of processing in response to a request is updating the top menu screen 530 and updating copy job settings in response to a change in the number of copies. That is, after the user logs in to MFP 100, MFP 100 executes processing according to the user's request in step S471. Also, MFP 100 accepts input of a user name before login in step S471.

In the second embodiment described above, when it is detected that the user requesting transmission of the OTP has left MFP 100 (YES in step S409), MFP 100 starts reporting that MFP 100 is in use (step S441). After that, when the user name of the user who requested the transmission of the OTP is input to operation panel 120 (YES in steps S411 and S445), or when it is detected that the user who requested the transmission of the OTP has returned to MFP 100 (YES in step S413), the notification ends (step S447).

[Modification]
MFP 100 may perform step S407A instead of step S441, as described with reference to FIG. That is, MFP 100 may start notifying that MFP 100 is in use in response to receiving the OTP transmission request.

MFP 100 may perform step S423A instead of step S441, as described with reference to FIG. That is, MFP 100 may start reporting that MFP 100 is in use in response to generation of the OTP.

MFP 100 may perform step S427A instead of step S441 as described with reference to FIG. That is, MFP 100 may start reporting that MFP 100 is in use in response to OTP transmission.

Each embodiment disclosed this time should be considered as an illustration and not restrictive in all respects. The scope of the present invention is indicated by the scope of the claims rather than the above description, and is intended to include all modifications within the scope and meaning equivalent to the scope of the claims. In addition, the inventions described in the embodiments and modifications are intended to be implemented either singly or in combination as much as possible.

100 MFP, 106 motion sensor, 120 operation panel, 200 information processing device, 300 authentication server, 400 user, 500 login screen, 510 transmission request screen, 520 transmission notification screen, 530 top menu screen.

Claims (21)

An image forming apparatus,
a memory;
a controller that controls the operation of the image forming apparatus;
an input interface that accepts input of information identifying a user,
the memory stores information identifying a user in association with a destination;
The controller is
sending a one-time password to a destination associated with information identifying a user input to the input interface when the input interface receives a request for temporary authentication;
measuring a certain period of time regarding the expiration date of the one-time password;
performing notification that the image forming apparatus is in use during at least part of a period from when the input interface receives the request for temporary authentication to when the input of the one-time password is received;
An image forming apparatus that authenticates a user for use of the image forming apparatus with respect to information specifying the user input to the input interface in response to input of the one-time password before the measurement of the fixed time is completed. 2. The image forming apparatus according to claim 1, wherein said controller starts said notification in response to said input interface accepting said request for temporary authentication. 2. The image forming apparatus according to claim 1, wherein said controller starts said notification in response to generating said one-time password. 2. The image forming apparatus according to claim 1, wherein said controller starts said notification in response to transmitting said one-time password to said destination. 2. The image forming apparatus according to claim 1, wherein said controller initiates said notification in response to detection that a user has left said image forming apparatus. The image forming apparatus according to any one of claims 1 to 5, wherein the controller terminates the notification in response to re-input of information identifying the user to the input interface after the input interface has accepted the request for temporary authentication. The image forming apparatus according to any one of claims 1 to 5, wherein the controller terminates the notification in response to detecting that the user who input the request to the input interface has returned to the image forming apparatus after detecting that the user has left the image forming apparatus. further comprising a light emitter provided in the input interface;
The image forming apparatus according to any one of claims 1 to 7, wherein said controller executes said notification by lighting said light emitter. further comprising a luminous body provided in the main body of the image forming apparatus,
The image forming apparatus according to any one of claims 1 to 8, wherein said controller executes said notification by lighting said light emitter. The image forming apparatus according to any one of claims 1 to 9, wherein said controller executes said notification by outputting sound. comprising an image forming apparatus and an authentication server for authenticating a user who uses the image forming apparatus;
The image forming apparatus is
a first controller that controls the operation of the image forming apparatus;
an input interface that accepts input of user-identifying information;
The first controller is
when the input interface receives a request for temporary authentication, sending to the authentication server a request for temporary authentication of information identifying a user input to the input interface;
The authentication server is
a memory for storing information identifying a user in association with a destination;
a second controller that, upon receiving the request for temporary authentication from the image forming apparatus, transmits a one-time password to a destination associated with the information identifying the user input to the input interface;
The second controller is
measuring a certain period of time regarding the expiration date of the one-time password;
The first controller is
performing notification that the image forming apparatus is in use during at least part of a period from when the input interface receives the request for temporary authentication to when the input of the one-time password is received;
sending the one-time password entered in the input interface to the authentication server;
The second controller is
An image processing system that, if the one-time password is transmitted from the image forming apparatus before the measurement of the predetermined period of time is completed, authenticates the user for use of the image forming apparatus with respect to the information specifying the user received from the image forming apparatus. 12. The image processing system according to claim 11, wherein said first controller initiates said notification in response to said input interface accepting said request for temporary authentication. 12. The image processing system according to claim 11, wherein said first controller initiates said notification in response to generation of said one-time password. 12. The image processing system according to claim 11, wherein said first controller initiates said notification in response to transmission of said one-time password to said destination. 12. The image processing system according to claim 11, wherein said first controller initiates said notification in response to detection that a user has left said image forming apparatus. The image processing system according to any one of claims 11 to 15, wherein the first controller terminates the notification in response to re-input of information identifying the user to the input interface after the request for temporary authentication has been received by the input interface. The image processing system according to any one of claims 11 to 15, wherein the first controller terminates the notification in response to detecting that the user who input the request to the input interface has returned to the image forming apparatus after detecting that the user has left the image forming apparatus. The image forming apparatus further includes a light emitter provided in the input interface,
18. The image processing system according to any one of claims 11 to 17, wherein said first controller executes said notification by lighting said light emitter. The image forming apparatus further includes a light emitter provided on a main body of the image forming apparatus,
19. The image processing system according to any one of claims 11 to 18, wherein said first controller executes said notification by lighting said light emitter. The image processing system according to any one of claims 11 to 19, wherein said first controller executes said notification by outputting sound. By being executed by the computer of the image forming apparatus, the image forming apparatus:
sending a one-time password to a destination associated with user-identifying information entered in the input interface when a request for temporary authentication is received in the input interface;
performing notification that the image forming apparatus is in use during at least part of a period from when the input interface receives the request for temporary authentication until when the input of the one-time password is received;
a step of authenticating a user for use of the image forming apparatus with respect to the information specifying the user input to the input interface in response to the input of the one-time password, if it is before the completion of measurement of a certain period of time regarding the expiration date of the one-time password;
The program that causes the to run.

Images