JP7354865B2 - Image forming device, image processing system, and program - Google Patents

Description

The present disclosure relates to an image forming apparatus that has a one-time password function in a user authentication function that restricts access to the image forming apparatus.

Conventionally, many image forming apparatuses such as MFPs (Multi-Functional Peripherals) are equipped with a user authentication function that restricts access to the apparatus. In one example of the user authentication function, when a user inputs a user name and password, the image forming apparatus allows the user to use the apparatus if the input user name and password match those registered. To give permission. Regarding image forming apparatuses equipped with such a user authentication function, Japanese Patent Laid-Open No. 2015-176591 (Patent Document 1) discloses a password that is valid only once for a certain period of time (hereinafter also referred to as one-time password or OTP (One Time Password)). An image forming apparatus is disclosed that is equipped with a "one-time password function" (OTP function) that generates a password, sends it to the user, and allows the user to use the password by inputting the same password.

Japanese Patent Application Publication No. 2015-176591

If the user cannot input the OTP into the image forming apparatus immediately after transmitting the OTP, various inconveniences may occur. For example, if a second user starts using the image forming apparatus while the first user is away from the image forming apparatus to check the OTP, the expiration date of the OTP expires while the second user is using the image forming apparatus. A situation may arise where it breaks.

The present disclosure has been devised in view of such actual circumstances, and its purpose is to prevent inconvenience to the user even if it takes a certain amount of time for the user to input the one-time password into the image forming apparatus. The aim is to provide technology to avoid this.

According to an aspect of the present disclosure, there is provided a memory that stores information that identifies a user in association with a destination, an input interface that accepts input of information that identifies the user, and an input interface that accepts input of information that identifies the user; a controller for transmitting a one-time password to a destination associated with information identifying a user entered into the interface; the controller measures a first time related to the expiration date of the one-time password; If the time measurement in step 1 is not completed, the user is authenticated for use of the image forming apparatus using the information input to the input interface in response to the input of the one-time password, and the user is authenticated for use of the image forming apparatus. An image forming apparatus is provided that does not accept input of a one-time password and suspends measurement of the first time for a given period.

Preferably, the given period includes a period during which a user other than the user specified by the information associated with the destination is using the image forming apparatus.

Preferably, the given period includes a period during which users other than the user identified by the information associated with the destination are authenticated.

Preferably, users other than the user identified by the information associated with the destination are authenticated by operations on the input interface.

Preferably, users other than the user specified by the information associated with the destination are authenticated by operating a terminal capable of communicating with the image forming apparatus.

Preferably, the given period includes a period during which the imaging device is performing the given operation, and the controller specifies the estimated period of execution of the given operation as the length of the given period. do.

Preferably, the given operation includes an operation of a job related to image processing, and the estimate is an estimate of the time required to perform the job.

Preferably, the given operation includes an image stabilization operation in the image forming device.
Preferably, the given operation includes downloading data via a network and processing the data at the image forming device.

Preferably, the given operation includes virus check processing in the image forming apparatus.
Preferably, the memory stores settings for the image forming device, and the controller controls the operation of the image forming device according to the settings stored in the memory, and the controller controls the operation of the image forming device when a period of inactivity for the image forming device continues for a second period of time. , the settings stored in the memory are initialized, and even if the image forming device is not operated for a second time period, if the first time measurement is not completed, the one-time password will be input. Then, the user is authenticated for use of the image forming apparatus using the information inputted into the input interface to identify the user.

Preferably, the memory stores settings for the image forming device, and the controller controls the operation of the image forming device according to the settings stored in the memory, and the controller controls the operation of the image forming device when a period of inactivity for the image forming device continues for a second period of time. , the settings stored in memory are initialized, and if the image forming device is not operated for a second period of time, the user can be authenticated by entering a one-time password even before the first period of measurement is completed. do not.

According to another aspect of the present disclosure, the image forming apparatus includes an image forming apparatus and an authentication server that authenticates a user who uses the image forming apparatus, and the image forming apparatus includes an input interface that receives input of information that identifies the user, and an input interface that accepts input of information that identifies the user. a first controller that sends a request for temporary authentication to the authentication server for information identifying the user entered in the input interface when the interface accepts the request for temporary authentication; A memory that stores identifying information in association with a destination, and a one-time password that stores a one-time password for the destination associated with the user identifying information entered in the input interface when a temporary authentication request is received from the image forming device. a second controller, the first controller transmits the one-time password entered into the input interface to the authentication server, and accepts input of the one-time password into the input interface during a given period. First, the second controller measures a first time related to the expiration date of the one-time password, and if the first time has not been measured yet, the second controller measures the first time related to the expiration date of the one-time password, and if the first time is not completed, the second controller measures the one-time password that is input to the input interface in response to the one-time password input. An image processing system is provided that authenticates a user for use of an image forming apparatus with respect to user identifying information and suspends measurement of a first time for a given period.

Preferably, the given period includes a period during which a user other than the user specified by the information associated with the destination is using the image forming apparatus.

Preferably, the given period includes a period during which users other than the user identified by the information associated with the destination are authenticated.

Preferably, users other than the user identified by the information associated with the destination are authenticated by operations on the input interface.

Preferably, users other than the user specified by the information associated with the destination are authenticated by operating a terminal capable of communicating with the image forming apparatus.

Preferably, the given period includes a period during which the image forming device is performing the given operation, and the second controller calculates the estimated value of the period of execution of the given operation for the length of the given period. Specify as

Preferably, the given operation includes an operation of a job related to image processing, and the estimate is an estimate of the time required to perform the job.

Preferably, the given operation includes an image stabilization operation in the image forming device.
Preferably, the given operation includes downloading data via a network and processing the data at the image forming device.

Preferably, the given operation includes virus check processing in the image forming apparatus.
Preferably, the image forming device further includes a storage device that stores settings of the image forming device, and the first controller controls the operation of the image forming device according to the settings stored in the storage device, and controls the operation of the image forming device. If the operation time continues for the second time period, the settings stored in the storage device are initialized, and the second controller If it is before the completion of time measurement in step 1, the user is authenticated for use of the image processing system using the information input to the input interface that identifies the user in response to the input of the one-time password.

Preferably, the image forming device further includes a storage device that stores settings of the image forming device, and the first controller controls the operation of the image forming device according to the settings stored in the storage device, and controls the operation of the image forming device. When the operation time continues for a second time period, the settings stored in the storage device are initialized, and the first controller controls the operation of the image forming device according to the settings stored in the storage device, and controls the image forming device. When the non-operation time continues for a second time period, the settings stored in the storage device are initialized, and when the non-operation time for the image forming apparatus continues for the second time period, the second controller initializes the settings stored in the storage device. Users are not authenticated by entering a one-time password even before measurement is complete.

According to still another aspect of the present disclosure, when the input interface of the image forming apparatus receives a request for temporary authentication, the input interface of the image forming apparatus is executed by the computer of the image forming apparatus. If the step of sending the one-time password to the destination associated with the information that identifies the user and the measurement of the first time related to the expiration date of the one-time password have not been completed, the one-time password cannot be entered. Accordingly, the step of authenticating the user for use of the image forming device with respect to information identifying the user entered into the input interface, and the step of authenticating the user for use of the image forming device with respect to information identifying the user inputted into the input interface, A program is provided that executes the step of interrupting time measurement.

According to the present disclosure, measurement of time related to the expiration date is interrupted during a period in which the image forming apparatus does not accept input of a one-time password. As a result, the time set as the expiration date can be substantially secured as the period during which the user can input the one-time password into the image forming apparatus.

1 is a diagram showing the configuration of a first embodiment of an image processing system. 1 is a diagram showing a hardware configuration of an MFP 100. FIG. 2 is a diagram showing a hardware configuration of an information processing device 200. FIG. 3 is a diagram showing the hardware configuration of an authentication server 300. FIG. FIG. 3 is a diagram showing the data structure of a user information database. It is a figure showing the data structure of an OTP stop management table. FIG. 3 is a diagram showing an overview of user authentication in the first embodiment. It is a figure showing an example of a login screen. It is a figure which shows an example of an OTP transmission request screen. FIG. 3 is a diagram illustrating an example of a screen for notifying OTP transmission (OTP transmission notification screen). It is a figure showing an example of a top menu screen. 3 is a flowchart of processing executed in MFP 100 for user authentication using OTP. 3 is a flowchart of processing executed in MFP 100 for user authentication using OTP. 14 is a diagram showing a modification of the portion shown in FIG. 13. FIG. 14 is a diagram showing a modification of the portion shown in FIG. 13. FIG. FIG. 7 is a diagram showing an overview of user authentication using OTP in a third embodiment. 12 is a flowchart of processing executed for user authentication using OTP in the third embodiment. 12 is a flowchart of processing executed for user authentication using OTP in the third embodiment. 12 is a flowchart of processing executed for user authentication using OTP in the fourth embodiment. 12 is a flowchart of processing executed for user authentication using OTP in the fourth embodiment. 12 is a flowchart of processing executed for user authentication using OTP in the fourth embodiment. 12 is a flowchart of processing executed for user authentication using OTP in the fourth embodiment. 19 is a diagram illustrating an alternative part of the process shown in FIG. 18 that is executed by MFP 100. FIG. 19 is a diagram illustrating an alternative portion of the processing shown in FIG. 18 that is executed by the authentication server 300. FIG.

Embodiments of an image processing system will be described below with reference to the drawings. In the following description, the same parts and components are given the same reference numerals. Their names and functions are also the same. Therefore, these descriptions will not be repeated.

<First embodiment>
[Image processing system configuration]
FIG. 1 is a diagram showing the configuration of a first embodiment of an image processing system. As shown in FIG. 1, the image processing system includes an MFP 100 that is an example of an image forming apparatus, an information processing apparatus 200, and an authentication server 300. MFP 100 includes a human sensor 106, an operation panel 120, and a camera 150. Operation panel 120 includes a display 121. Details of the configuration of MFP 100 including human sensor 106 and operation panel 120 will be described later with reference to FIG. 2.

MFP 100 is an example of an image forming apparatus, and user authentication is required to use MFP 100. In an image processing system, MFP 100 or authentication server 300 may authenticate users. MFP 100 can authenticate users using passwords registered in advance for each user, or can authenticate users using OTP issued in response to each user's request. That is, MFP 100 has a function (OTP function) that allows use of MFP 100 through user authentication using OTP.

[Hardware configuration of MFP100]
FIG. 2 is a diagram showing the hardware configuration of MFP 100. As shown in FIG. 2, the MFP 100 includes a control section 110, a timer circuit 101, a document reading section 102, a printout section 103, a paper transport section 104, a facsimile (FAX) section 105, and a human sensor. 106, a network interface (I/F) 107, a Bluetooth (registered trademark) interface (I/F) 108, a storage device 109, an operation panel 120, and a camera 150. Each element shown in FIG. 2 is connected to each other by an internal bus.

The control unit 110 includes a CPU (Central Processing Unit) 111, a RAM (Random Access Memory) 112, and a ROM (Read Only Memory) 113. CPU 111 controls the operation of MFP 100 by executing a given program. The RAM 112 functions as a work area when the CPU 111 executes a program. The ROM 113 stores various data including programs executed by the CPU 101.

MFP 100 may include a dedicated integrated circuit (for example, a field-programmable gate array) used for controlling MFP 100 instead of or together with control section 110.

The timer circuit 101 is an electric circuit for measuring time. By acquiring the time measurement result by the timer circuit 101, the control unit 110 can determine various events such as whether or not the expiration date of the OTP has expired.

The document reading unit 102 is realized by a so-called scanner, and generates image data of the document by scanning the document set in the MFP 100.

The print output unit 103 forms an image on recording paper based on the image data. In one implementation, print output section 103 includes a photoreceptor drum and a transfer roller. The print output unit 103 forms an image according to, for example, an electrophotographic method, but the image forming method is not limited thereto.

Paper transport unit 104 includes a roller for transporting a document and/or recording paper, and a motor for rotating the roller in MFP 100.

The FAX unit 105 transmits and receives image data by facsimile communication.
The human sensor 106 is installed in front of the MFP 100, as shown in FIG. 1, and includes, for example, an infrared sensor. Control unit 110 detects whether a user is present within a given distance from MFP 100 (human sensor 106) based on a signal output from human sensor 106. In this sense, the human sensor 106 is an example of a first sensor.

Network I/F 107 allows MFP 100 to communicate with other devices (authentication server 300 and information processing device 200) via a network, and is realized by, for example, a NIC (Network Interface Card).

Bluetooth_I/F 108 causes MFP 100 to wirelessly communicate with other devices according to the Bluetooth standard. The control unit 110 may determine whether the user is carrying a terminal based on whether the Bluetooth_I/F 108 is communicating with a terminal associated with the user. In this sense, Bluetooth_I/F 108 is an example of a second sensor.

The storage device 109 is a nonvolatile storage device configured by, for example, a hard disk drive (HDD) or a solid state drive (SSD), and stores programs and/or data. Storage device 109 may store job data. That is, the control unit 110 stores job data received from a personal computer via the network in the storage device 109, and then reads the job data from the storage device 109, thereby executing a job related to the job data. .

Operation panel 120 includes a display 121, a touch sensor 122, and operation keys 123. The display 121 displays various screens such as a login screen to be described later. Touch sensor 122 covers at least a portion of display 121. The display 121 and the touch sensor 122 constitute a touch panel. The operation key 123 is realized as a hardware key such as a power key. The control unit 110 controls the display on the display 121 and receives signals output according to operations on the touch sensor 122 and operation keys 123. In this sense, the operation panel 120 is an example of an input interface that accepts input from the user.

Camera 150, in one implementation, is installed on operation panel 120, as shown in FIG. Thereby, the camera 150 can capture an image of the area including the face of the user viewing the operation panel 120. Note that the installation position of camera 150 is not limited to this. Furthermore, in the image processing system, camera 150 may be provided as a separate device from MFP 100. That is, camera 150 does not need to be included in MFP 100.

[Hardware configuration of information processing device 200]
FIG. 3 is a diagram showing the hardware configuration of the information processing device 200. The information processing device 200 may be a mobile terminal such as a smartphone, or may be a built-in terminal such as a personal computer.

As shown in FIG. 3, the information processing device 200 includes a CPU 201, a RAM 202, a storage 203, a display 204, an input device 205, a NIC 206, and a Bluetooth I/F 207 as main components. Each element shown in FIG. 3 is connected to each other by an internal bus.

CPU 201 controls the operation of information processing device 200 . The RAM 202 functions as a work area when the CPU 201 executes processing. The storage 203 is a nonvolatile storage device that stores various programs executed by the CPU 201 and data used for executing the programs. The storage 203 is realized by, for example, a flash EEPROM (Electrically Erasable Programmable Read-Only Memory), a flash ROM, an HDD, and/or an SSD, but is not limited thereto.

The display 204 is a display device for displaying an image showing the processing result of the program executed by the CPU 201.

In one implementation, the input device 205 is implemented by a keyboard, operation keys, and/or a touch sensor. When input device 205 receives input of information, it sends the information to CPU 201 .

The NIC 206 is a communication interface that allows the information processing device 200 to communicate with other devices (such as the MFP 100) via a network.

The Bluetooth I/F 207 is a communication interface for allowing the information processing device 200 to communicate with other devices such as the MFP 100 over short distances.

[Hardware configuration of authentication server 300]
FIG. 4 is a diagram showing the hardware configuration of the authentication server 300. Authentication server 300 may be implemented by a general purpose computer in one implementation.

As shown in FIG. 4, the authentication server 300 includes a CPU 301, a RAM 302, a storage device 303, a display 304, an input device 305, a NIC 306, and a timer circuit 307 as main components. Each element shown in FIG. 4 is connected to each other by an internal bus.

CPU 301 controls the operation of authentication server 300. The RAM 302 functions as a work area when the CPU 301 executes processing. The storage device 303 is a nonvolatile storage device that stores various programs executed by the CPU 301 and data used for executing the programs. The storage device 303 is realized by, for example, an HDD or an SSD, but is not limited to these.

The display 304 is a display device for displaying an image showing the processing result of the program executed by the CPU 301.

In one implementation, the input device 305 is implemented by a keyboard, operation keys, and/or a touch sensor. When input device 305 receives input of information, it sends the information to CPU 301 .

The NIC 306 is a communication interface that allows the authentication server 300 to communicate with other devices (such as the MFP 100) via a network.

The timer circuit 307 is an electric circuit for measuring time. The CPU 301 obtains the time measurement result by the timer circuit 307.

[Data structure of user information database]
FIG. 5 is a diagram showing the data structure of the user information database. The user information database is used for user authentication, and may be stored in the storage device 109 of the MFP 100, for example.

As shown in FIG. 5, the user information database stores "user name", "password", "OTP transmission destination", "OTP", "OTP clock start date and time", "expiration date", and "stop time" in association with each other.

"User name" is information that identifies each user. A "password" is information assigned to each user and used for authenticating each user. “OTP transmission destination” is information that defines the destination (email address, etc.) to which the OTP is sent for each user. “OTP” is information that defines the OTP issued to each user. “OTP time measurement start date and time” is information that defines the timing at which measurement of the OTP expiration date is started. The "expiration date" is information that defines the length of time of the OTP expiration date from the timing specified as the "OTP clock start date and time." The "stop time" is information representing the length of time during which counting of the expiration date has been stopped (or is scheduled to be stopped).

In one implementation example, a user who is permitted to use the MFP 100 has a "user name," "password," and "OTP destination" registered, and when an OTP is generated for the user, the "OTP destination" is registered. "OTP clock start date and time" and "expiration date" are registered.

Next, a specific example of the meaning of the values shown in FIG. 5 will be explained.
In the example in Figure 5, "User0001" is an example of "user name,""Pass0001" is an example of "password,""u001@company.com" is an example of "OTP destination," and "u001@company.com" is an example of "OTP destination." An example is "728951", an example of "OTP time measurement start date and time" is "2019/10/31_9:21:05", an example of "expiration date" is "10 minutes", and an example of "stop time" is ``3 minutes and 40 seconds'' are registered as the respective times.

The above example means that the password "Pass0001" is registered for the user specified by "User0001". Therefore, by inputting "User0001" as a user name and "Pass0001" as a password into MFP 100, the user is authenticated in the image processing system and can use MFP 100.

In addition, the above example means that the character string "728951" was issued as an OTP to the user specified by "User0001", and the OTP was issued at 9:21 on October 31, 2019. This means that it is valid for 10 minutes (validity period) from 05 seconds (OTP clock start date and time). Therefore, basically, the user must enter "User0001" as the username and "Pass0001" as the password or "728951" as the OTP by 9:31:05 on October 31, 2019. By doing so, the user is authenticated in the image processing system and can use the MFP 100.

Further, the above example means that the OTP notification is realized by sending an OTP to "u001@company.com" (OTP sending destination).

In this embodiment, the period during which OTP is valid is extended by the time registered as the stop time. That is, basically, the MFP 100 determines that the OTP is not valid when the MFP 100 operates for the time registered as the expiration date from the date and time registered as the "OTP time measurement start date and time", but the OTP of the operating time of the MFP 100 The measurement related to the expiration date is stopped for the time registered as the stop time. That is, the expiration date of the OTP is extended by the length of time registered as the stop time. As a result, the length of time initially set as the expiration date can be secured for the user as the length of time during which the OTP can be input into the MFP 100.

For example, in the example in Figure 5, the OTP for the user name "User0001" will basically become invalid after 9:31:05 on October 31, 2019, but the outage time will be "3 minutes 40 minutes". Since "second" is registered, it is effectively valid until 9:34:45 on the same day.

Note that the fact that the operating time of the MFP 100 is measured "in relation to the expiration date" means that among the measurement of the operating time of the MFP 100, the time that is related to the remaining time of the period in which the OTP is valid is measured. That is, the "operating time of MFP 100" is continuously measured while the MFP 100 is operating (power is turned on). During operation of MFP 100, measurement of operating time related to the OTP expiration date may be interrupted. During the interruption, the "operating time of the MFP 100" is measured, but the time measured at that time does not affect the remaining time of the period in which the OTP is valid. In one example, "measuring operating time related to the OTP expiration date" means that the MFP 100 is equipped with a given timer for measuring the remaining time of the OTP validity period, and the timer is set when the MFP 100 is powered on. This is achieved by performing a time measurement operation independently of the timer that measures the time that has been set.

In the example in Figure 5, another example of "Username" is "User0002," another example of "Password" is "Pass0002," and another example of "OTP destination" is "u002@company.com." are registered respectively. In the example of FIG. 5, for the user specified by "User0002", the values of "OTP", "OTP clock start date and time", "expiration date", and "stop time" are not registered. The values of "OTP", "OTP clocking start date and time", and "expiration date" are values that are registered in response to the transmission of OTP. The value of "stop time" is a value that is registered in response to the occurrence of a situation in which measurement of the operating time of MFP 100 related to the OTP expiration date is stopped after the OTP is transmitted. That is, in the state shown in FIG. 5, the OTP has not yet been sent to the user specified by "User0002."

[OTP stop management table]
FIG. 6 is a diagram showing an example of the data structure of the OTP stop management table. In one implementation, the OTP shutdown management table is stored in storage device 109 of MFP 100.

The OTP stop management table associates a user name with an OTP clock stop date and time. The OTP time measurement stop date and time represents the date and time when an event that should stop measuring the operating time of the MFP 100 related to the expiration date of the OTP occurs. In the example in Figure 6, for the user name "User0001", the OTP clock stop date and time "2019/10/31/_9:24:12" (9:24:12 on October 31, 2019) is listed. . A specific method of using the OTP clock stop date and time will be described later.

[Overview of user authentication using OTP]
FIG. 7 is a diagram showing an overview of user authentication in the first embodiment. On the left side of FIG. 7, in addition to the MFP 100 and the information processing device 200, a user to be authenticated is shown as a "user 400." The right side of FIG. 7 shows a schematic flow of processing executed by MFP 100 and information processing apparatus 200 in authenticating user 400 using OTP.

First, the MFP 100 displays a login screen as shown in step SA1, and waits for the user to input authentication information.

FIG. 8 is a diagram showing an example of a login screen. In one implementation, login screen 500 shown in FIG. 8 is displayed on display 121 of MFP 100. Login screen 500 includes input fields 501 and 502, keys 503, and links 504. An input field 501 accepts input of a user name. The input field 502 accepts input of a password or OTP. The key 503 accepts a request for authentication (login) using a user name (entered in the input field 501) and password or OTP (entered in the input field 502). Link 504 accepts requests for OTP transmission.

Returning to FIG. 7, as shown as step SB1, user 400 using information processing device 200 approaches MFP 100 in order to use MFP 100.

As shown in step SB2, user 400 who approaches MFP 100 inputs a user name into MFP 100. The user 400 inputs a request for OTP transmission to the MFP 100, as shown in step SB3, for reasons such as forgetting the password. A request to send an OTP is an example of a request for temporary authentication.

In one implementation, a user name is entered in input field 501 of login screen 500, and entry of a request to send an OTP is completed by operation on link 504. In another example, the input of the OTP transmission request is completed by operating a screen (OTP transmission request screen) that is displayed when the link 504 is operated.

FIG. 9 is a diagram showing an example of an OTP transmission request screen. In one implementation example, OTP transmission request screen 510 shown in FIG. 9 is displayed on display 121 of MFP 100. OTP transmission request screen 510 includes an input field 511 and keys 512 and 513. The input field 511 accepts input of a user name. Key 512 accepts requests for OTP transmission. Key 513 accepts a request to return the display to login screen 500.

MFP 100 generates an OTP in response to the OTP transmission request, and transmits the generated OTP to the destination associated with the user name input in input field 511. This destination is, for example, the OTP sending destination associated with the username in the user information database. Note that the MFP 100 may display the user name input in the input field 501 (FIG. 7) in the input field 511 (FIG. 8). Thereby, the user does not need to input the user name entered in the input field 501 into the input field 511 again.

Returning to FIG. 7, as shown in step SA2, upon receiving the request to send an OTP, the MFP 100 generates an OTP for the user 400 identified by the user name entered in the input field 501 or the input field 511. , and transmits the generated OTP to the destination associated with the user 400. MFP 100 may notify the transmission of OTP.

FIG. 10 is a diagram illustrating an example of a screen for notifying OTP transmission (OTP transmission notification screen). In one implementation example, the OTP transmission notification screen 520 shown in FIG. Please.” OTP transmission notification screen 520 further includes a key 521. MFP 100 returns display 121 to login screen 500 in response to key 521 being operated.

Note that when the MFP 100 fails to transmit the OTP, it may notify the failure. In this case, the MFP 100 displays a screen (for example) containing the title "OTP transmission failure" and the message "The one-time password could not be sent to your registered address. Please register another address." (OTP transmission failure screen) may be displayed. User 400 may send another destination as the OTP transmission destination to the user information database in response to the OTP transmission failure screen being displayed.

Returning to FIG. 7, as shown as step SC1, the information processing device 200 receives the transmitted OTP using, for example, a mailer. The information processing device 200 may receive the OTP by a pull type based on a user's operation, by a push type based on active transmission from an external device such as a network server, or by a pseudo type by polling. It may also be a push type.

On the other hand, as shown in step SB4, the user 400 requests transmission of the OTP (step SB3), and then returns to his/her desk. Then, the user 400 instructs the information processing device 200 at his/her seat to display the OTP, as shown in step SB5. For example, the user 400 uses the mailer of the information processing device 200 to instruct the display 204 to display a mail message including the OTP. In response to the instruction from the user 400, the information processing device 200 displays the OTP on the display 204, as shown in step SC2.

As shown in step SB6, the user 400 confirms the OTP displayed on the information processing device 200. At this time, the user 400 may copy the OTP onto a memo sheet so as not to forget it while returning to the MFP 100.

Thereafter, user 400 returns to MFP 100, as shown as step SB7, and enters the user name and OTP into MFP 100, as shown as step SB8. If a user name has already been input into MFP 100, input of the user name in step SB8 may be omitted.

In FIG. 7, the time from when the user 400 inputs a request to send an OTP to the MFP 100 until the user 400 confirms the OTP on the information processing device 200 and returns to the MFP 100 is shown as time TA. Preferably, the expiration date of the OTP is at least longer than the time TA.

MFP 100 executes user authentication using the input user name and OTP, as shown in step SA3. When the MFP 100 succeeds in user authentication, the MFP 100 displays a top menu screen on the display 121 of the MFP 100, as shown in step SA4. This makes the MFP 100 available for use.

Successful user authentication means that the combination of username and password (or (OTP)) entered by the user matches the combination of username and password (or (OTP)) registered in the user information database.User Authentication If successful, the user can log in to the MFP 100 and use the MFP 100.

User authentication failure means that the combination of user name and password (or (OTP)) entered by the user does not match the combination of user name and password (or (OTP)) registered in the user information database. In this case, the user cannot log in to MFP 100 and cannot use MFP 100.

FIG. 11 is a diagram showing an example of the top menu screen. Top menu screen 530 shown in FIG. 11 includes various setting items (color, paper, magnification, etc.) for instructing MFP 100 to perform a job such as a copy job.

Top menu screen 530 includes a column 531 indicating the number of copies in a copy job. The initial value of the number of copies in MFP 100 is "1". When MFP 100 receives a setting for the number of copies from the user, MFP 100 stores the set value in a memory such as storage device 109 and displays the set value in column 531. For example, when "3" is input as the set value for the number of copies, the MFP 100 stores "3" as the set value for the number of copies in the storage device 109, and also changes the number displayed in the column 531 to "1". to "3".

MFP 100 returns the setting value input by the user to the initial value when the non-operation time continues for a "certain period of time" or more set for the auto-reset function. After "3" is input as the set value for the number of copies, if the non-operation time continues for the above-mentioned certain period of time or more, the MFP 100 returns the set value for the number of copies in the storage device 109 to the initial value "1", and The number displayed in column 531 is changed back from "3" to "1". Note that the "number of copies" is just one example of the item to be set.

MFP 100 suspends measurement of operating time related to the expiration date when a given event (for example, remote login described below as step S411) occurs. Thereafter, when an event occurs that restarts the measurement, the MFP 100 restarts the measurement. That is, in MFP 100, the expiration date of OTP can be extended.

[Processing flow]
12 and 13 are flowcharts of processing executed in MFP 100 for user authentication using OTP. In MFP 100, for example, when the power is turned on, the processes shown in FIGS. 12 and 13 are started. MFP 100 executes the processes shown in FIGS. 12 and 13 by, for example, CPU 111 executing a given program.

Referring to FIG. 12, when MFP 100 is powered on, in step S401, MFP 100 executes MFP 100 initialization processing.

In step S403, MFP 100 displays a login screen (FIG. 8) on display 121.

In step S405, MFP 100 determines whether a logout request has been accepted. In one implementation, logging out means deauthenticating the user. If the MFP 100 determines that the logout request has been accepted (YES in step S405), the MFP 100 advances control to step S431. On the other hand, if the MFP 100 determines that the logout request has not been accepted (NO in step S405), control proceeds to step S407.

In step S431, the MFP 100 determines whether measurement of operating time related to the expiration date is currently stopped for a user other than the user who received the logout request in step S405. In step S431, if the MFP 100 determines that the measurement is being stopped (YES in step S431), the control proceeds to step S433; otherwise (NO in step S431), the control proceeds to step S403. return.

In step S433, MFP 100 restarts the stopped measurement. After that, control is returned to step S403.

In this embodiment, as will be described later with reference to FIG. 13, after an OTP is issued to a certain user (user A), another user (user B) operates the MFP 100 or remotely When the user A logs in, measurement of the operating time of the MFP 100 related to the expiration date of the OTP issued to the user A is interrupted (stopped) (step S461). In step S431, the measurement stopped in step S461 is restarted. In step S433, when user B logs out, the measurement of the operating time of MFP 100 related to the expiration date of user A's OTP, which was interrupted in step S461, is restarted.

In step S407, MFP 100 determines whether the OTP transmission request has been accepted. If the MFP 100 determines that the OTP transmission request has been received (YES in step S407), the process proceeds to step S441; otherwise (NO in step S407), the process proceeds to step S409 (FIG. 13). .

In step S441, MFP 100 determines whether the destination to which the OTP is to be transmitted can be specified. This determination may be made, for example, as to whether the user information database stores any value as the "OTP transmission destination" associated with the user name included in the request for OTP transmission, or whether the stored value is This is realized based on whether the value conforms to a given format (for example, a value conforms to the format of an email address).

If the MFP 100 determines that the destination to which the OTP is to be transmitted can be specified (YES in step S441), control proceeds to step S443; otherwise (NO in step S441), control proceeds to step S455.

In step S455, MFP 100 displays on display 121 that OTP transmission is not possible. This display is realized, for example, by displaying an OTP transmission failure screen. Thereafter, the MFP 100 returns control to step S405. At this time, the display on the display 121 may be returned to the login screen.

Note that the MFP 100 may determine in step S441 whether all of the information necessary for transmitting the OTP has been input and registered. Then, if the MFP 100 determines that all the information has been input or registered, the control may proceed to step S443, and if it determines that at least some information has not been input or registered, the control may proceed to step S455. For example, if a user name has not been input to MFP 100 at the time of the OTP transmission request, MFP 100 may display a screen on display 121 notifying that a user name has not been input in step S455.

In step S443, MFP 100 generates an OTP for the user name input when requesting OTP transmission.

In step S435, MFP 100 registers the OTP generated in step S443 in the user information database. At this time, MFP 100 may further register an "expiration date" associated with the OTP in the user information database.

In one implementation example, MFP 100 may set a predetermined value (for example, 5 minutes) as the expiration date, and set this value as the "expiration date."

In another implementation, the MFP 100 obtains information identifying the type of terminal used by the user to be authenticated, obtains an "expiration date" value associated with the identified type, and obtains the "expiration date" value associated with the identified type. The value of "expiration date" may be registered as "expiration date" in the user information database. One example of the type of terminal is a "personal PC", and another example is a "mobile terminal". When the terminal type is a "personal PC", a longer time may be set as the "expiration date" than when the terminal type is a "portable terminal". More specifically, in the case of a "mobile terminal", the user may request the MFP 100 to transmit the OTP while carrying the mobile terminal, and may directly check the OTP using the mobile terminal. On the other hand, if it is a "personal PC", the user may request the MFP 100 to send the OTP, and then move from the MFP 100 to the personal PC and check the OTP. That is, in the latter case, it is assumed that the time required for the user to confirm the OTP will be longer than in the former case. By setting the length of time of the expiration date according to the type of terminal, the minimum necessary time expected to be required for OTP confirmation can be set as the expiration date.

In step S437, MFP 100 transmits the OTP generated in step S443 to the destination (OTP transmission destination) associated with the user name input when requesting OTP transmission.

In step S439, MFP 100 starts measuring the OTP expiration date. More specifically, MFP 100 registers the current date and time as the "OTP clock start date and time" of the OTP generated in step S443 in the user information database. Under the control of step S439, the time when the OTP is transmitted becomes the starting point of the OTP expiration date.

In step S451, MFP 100 registers the image of the user who requested OTP transmission in storage device 109. An example of how the MFP 100 acquires an image of a user who has requested transmission of an OTP is an image taken by a camera that captures the vicinity of the operation panel 120. In this case, the image processing system further includes a camera that photographs the vicinity of operation panel 120, and MFP 100 is connected to the camera. When the MFP 100 determines in step S407 that the OTP transmission request has been received (YES in step S407), the MFP 100 acquires a captured image from the camera and extracts an image of a person from the captured image. Extraction of a person's image can be achieved using, for example, pattern recognition technology. MFP 100 registers the extracted image of the person as the image of the user who requested the OTP transmission.

In step S453, MFP 100 displays the OTP transmission result on display 121. The OTP transmission notification screen 520 is an example of the OTP transmission result. Thereafter, the MFP 100 returns control to step S405. At this time, MFP 100 may return the display on display 121 to the login screen.

Referring to FIG. 13, in step S409, MFP 100 determines whether a user other than the one to whom the OTP is issued has come to operate MFP 100 during OTP confirmation.

In one example, if the MFP 100 detects that the image taken by the camera 150 includes a user different from the user in the image registered in step S451, the MFP 100 determines that another user has come to operate the MFP 100; Otherwise, it may be determined that no other user has come to operate MFP 100. In another example, when the MFP 100 includes a short-range communication device and detects as a communication partner an ID different from the ID of the terminal of the communication partner of the short-range communication device when determining that the OTP transmission request has been accepted in step S407. Alternatively, it may be determined that another user has come to operate MFP 100, and if not, it may be determined that no other user has come to operate MFP 100.

If MFP 100 determines that another user has come to operate MFP 100 (YES in step S409), control proceeds to step S461; otherwise (NO in step S409), control proceeds to step S411.

In step S411, MFP 100 determines whether a user other than the user to whom the OTP is issued has logged into MFP 100 by remote login during OTP confirmation. Remote login means logging into MFP 100 by operating a device different from MFP 100 (for example, a personal computer) that can communicate with MFP 100 without operating operation panel 120. If the MFP 100 determines that the other user has logged in to the MFP 100 by remote login (YES in step S411), the process proceeds to step S461; otherwise (NO in step S411), the process proceeds to step S413. Proceed.

In step S461, the MFP 100 stops measuring the operating time related to the expiration date of the OTP for the user who has issued the OTP. In one example, the MFP 100 registers the current time as the OTP clock stop date and time in the OTP stop management table (FIG. 6) for the user, and also measures the time that is registered as the stop time in the user information database (FIG. 5). Start. Thereafter, the MFP 100 returns control to step S405 (FIG. 12).

In step S413, MFP 100 determines whether a login request has been accepted. MFP 100 accepts a login request by operating key 503 (FIG. 8), for example. If the MFP 100 determines that the login request has been accepted (YES in step S413), the process proceeds to step S471; otherwise (NO in step S413), the process proceeds to step S415.

In step S471, MFP 100 determines whether the combination of user name and password or combination of user name and OTP input in the login request matches a combination registered in the user information database. If the MFP 100 determines that they match (YES in step S471), the control proceeds to step S473, and if not (NO in step S471), the control proceeds to step S481.

In step S481, MFP 100 displays failure of user authentication on display 121, and then returns control to step S405. After displaying that user authentication has failed, MFP 100 may return the display on display 121 to the login screen.

In step S473, MFP 100 determines whether the information used for authentication in step S471 was OTP. For example, if the MFP 100 determines that the information input along with the user name in the login request matches "OTP" rather than "password" in the user information database, the MFP 100 determines that the information used for authentication is OTP in step S471. I judge that there was.

If the MFP 100 determines that the information used for user authentication is OTP (YES in step S473), the process proceeds to step S475; otherwise (NO in step S473), the process proceeds to step S477. .

In step S475, MFP 100 determines whether the OTP is before expiration. If the OTP validity period has not yet expired (YES in step S475), the MFP 100 advances the control to step S477; otherwise (NO in step S475), the MFP 100 advances the control to step S481.

In one implementation, MFP 100 refers to the current time and the user information database (FIG. 5) to determine whether the OTP has expired. More specifically, if the "stop time" is not registered, the MFP 100 determines that the expiration date has not yet expired if the current time is before the time registered as the expiration date from the OTP clock start date and time. If not, it is determined that the expiration date has expired. On the other hand, if the "stop time" is registered, the MFP 100 determines that the current time has passed the time specified by the sum of the time registered as the expiration date and the time registered as the stop time from the OTP clock start date and time. If it is before the time, it is determined that the expiration date has not yet expired; otherwise, it is determined that the expiration date has expired.

In step S477, the MFP 100 deletes the OTP used for user authentication from the user information database, and proceeds to step S479. This prevents the OTP once used for authentication from being used again. Note that in the image processing system, the OTP may be a password that is used for multiple authentications as long as an expiration date is set.

In step S479, MFP 100 displays top menu screen 530 on display 121, and then returns control to step S405.

Under the control of steps S471 to S481, if a combination of user name and password registered in the user information database is input in the login request (YES in step S471 and NO in step S473), step S477 After the OTP registered in association with the user name is cleared in step S479, the top menu screen 530 is displayed. As a result, the user is permitted to use MFP 100.

In the login request, if the combination of the user name and OTP registered in the user information database is input (YES in step S471 and YES in step S473), it is determined that the OTP has not yet expired. As a condition (YES in step S475), the top menu screen 530 is displayed in step S479. In this case, in step S477, the OTP used for user authentication is deleted from the user information database. This can prevent the OTP once used for user authentication from being used thereafter.

Displaying the top menu screen 530 in step S479 means that user authentication has been successful. The fact that authentication failure is displayed in step S481 means that user authentication has failed.

In step S415, the MFP 100 determines whether a request other than the above-mentioned requests (logout in step S405, OTP transmission in step S407, and login in step S413) has been received. An example of the request determined in step S415 (hereinafter also referred to as "other request") is a request input to the top menu screen 530 (such as a request to change the number of copies); This is a request to start execution of a copy job by operation.

If the MFP 100 determines that the other request has been received (YES in step S415), the process proceeds to step S491, and if not (NO in step S415), the process returns to step S405.

In step S491, MFP 100 executes processing according to the request, and then returns control to step S405. An example of processing in response to a request is updating the top menu screen 530 and updating copy job settings in response to a change in the number of copies. That is, after the user logs in to the MFP 100, the MFP 100 executes a process according to the user's request in step S491. Furthermore, the MFP 100 accepts the input of a user name before login in step S491.

In the embodiment described above, after an OTP is issued to a certain user (user A) (S443, S435, S437), when another user (user B) comes to operate the MFP 100 ( (YES in step S409), or if another user (user B) remotely logs in to the MFP 100 (YES in step S411), the MFP 100 performs the relevant operation related to the expiration date of the OTP issued to user A. The measurement of the operating time of the MFP 100 is stopped. Upon receiving the logout request from user B (YES in step S431), MFP 100 resumes measuring the operating time (step S433). Resuming the measurement of the operation time is realized, for example, by stopping counting of the stop time for user A in the user information database (FIG. 5). That is, in one example, counting of the "stop time" of the user information database starts in step S461 and ends in step S433. Accordingly, the "stop time" represents the length of time from when counting is stopped in step S461 until counting is restarted in step S433. The validity period of the OTP is then substantially extended by the length of time.

In one implementation example, in MFP 100, the number of users that can be authenticated at one time is set to "1". In this case, while user B is logged in to MFP 100, MFP 100 cannot accept user A's login. Therefore, a state in which user B remotely logs in to MFP 100 (a state in which MFP 100 authenticates user B) is an example of a period in which MFP 100 does not accept OTP input.

Furthermore, the period during which the user is logged in to MFP 100 is an example of the period during which the user uses MFP 100. In this sense, instead of or in addition to the period in which user B is remotely logging in to MFP 100, during the period in which user B is logging in to MFP 100 by operating operation panel 120, MFP 100: The measurement of operating time related to the expiration date of the OTP issued to user A may be stopped.

Furthermore, the period from when the user approaches MFP 100 to when he leaves MFP 100 is an example of the period during which the user uses MFP 100.

More specifically, when user B approaches MFP 100, even before user B logs in to MFP 100, if user B operates operation panel 120 to log in, user A uses OTP to access MFP 100. may be difficult to enter. Considering such a case, after issuing an OTP to user A, the MFP 100 detects that user B has approached the MFP 100 (YES in step S409), and then issues an OTP to user A. The measurement of the operating time related to the expiration date of the OTP is stopped (step S461).

In this case, MFP 100 may restart measuring the operation time in response to detecting that user B has left MFP 100. In one example, MFP 100 detects that user B has moved away from MFP 100 by detecting that the image captured by camera 150 does not include user B's face image. If the image taken by camera 150 includes the face of user B, it is assumed that user B is not a user who simply passes by MFP 100 but a user who uses MFP 100. Based on this, in the present embodiment, it can be determined whether user B is operating MFP 100 based on whether user B's face is included in the image captured by camera 150. Then, the MFP 100 may stop measuring the operation time described above until the user B approaches the MFP 100 and leaves the MFP 100. In this case, the period from when the user B approaches the MFP 100 until the user B leaves the MFP 100 is is an example of the period during which the MFP 100 is used.

<Second embodiment>
The second embodiment of the image processing system has the same system configuration as the first embodiment. In the second embodiment, a period in which the MFP 100 is performing a given operation is exemplified as a period in which the MFP 100 does not accept OTP input.

FIGS. 14 and 15 are diagrams showing part of the processing executed in MFP 100 for user authentication using OTP. In the second embodiment, the portion shown in FIG. 13 of the process described with reference to FIGS. 12 and 13 is replaced with that shown in FIGS. 14 and 15. That is, the processing executed in the second embodiment is shown in FIGS. 12, 14, and 15.

If the MFP 100 determines in step S407 of FIG. 12 that the OTP transmission request has not been received (NO in step S407), the MFP 100 advances control to step S909 (FIG. 14).

Referring to FIG. 14, in step S909, similarly to step S409, MFP 100 determines whether a user other than the user to whom the OTP is issued has come to operate MFP 100 during OTP confirmation.

If MFP 100 determines that another user has come to operate MFP 100 (YES in step S909), control proceeds to step S961; otherwise (NO in step S909), control proceeds to step S911.

In step S961, the MFP 100 sets the state of the "other user use flag", which is a type of flag, to ON, and advances the control to step S963. Note that the initial state of the flag is OFF.

In step S963, the MFP 100 stops measuring the operating time related to the expiration date of the OTP for the user who has issued the OTP, as described in step S461 (FIG. 13). In one implementation example, under the control of step S963, the current time is registered as the OTP clock stop date and time in the OTP stop management table (FIG. 6), and measurement of "stop time" in the user information database (FIG. 5) is started. Ru. Thereafter, the MFP 100 returns control to step S405 (FIG. 12).

In step S911, the MFP 100 determines whether or not there is a job execution request from a user other than the user to whom the OTP is issued during OTP confirmation. In one example, the MFP 100 determines whether the user is an "other user" based on the user name included in the OTP transmission request (step S407). More specifically, if the user name associated with the job accepted in step S911 is different from the user name included in the OTP transmission request, the MFP 100 determines that the job accepted in step S911 is not associated with "another user". It is determined that this is a job execution request.

If the MFP 100 determines that there is a job execution request from another user (YES in step S911), the process proceeds to step S967; otherwise (NO in step S911), the process proceeds to step S913. .

In step S913, MFP 100 determines whether the execution timing for a given operation defined in MFP 100 has arrived. The given operation is, for example, an operation for which the MFP 100 cannot execute other operations in parallel, such as an image stabilization operation (image quality adjustment of the print output unit 103), an operation related to data downloading (downloading and (installation of an application using the acquired data) and virus check (checking for computer viruses in the control unit 110).

The MFP 100 may be set to start the image stabilization operation at regular intervals, or may be configured to start the image stabilization operation when a change in the environment (temperature, etc.) is detected. . Furthermore, the MFP 100 may start an operation related to data download in response to an instruction from a user who is logged in to the MFP 100, or when a reserved time (for example, a time reserved as an application update time) arrives. It may be started in response to a given server on the network, or it may be started when given data (firmware of MFP 100 for updating) is registered in a given server on the network. MFP 100 may start the virus check operation in response to the arrival of a reserved time, or in response to an instruction from a user logged into MFP 100.

If the MFP 100 determines that the execution timing for the given operation has arrived (YES in step S913), the MFP 100 advances the control to step S965; otherwise (NO in step S913), the MFP 100 advances the control to step S915. .

In step S965, the MFP 100 stops measuring the operating time related to the expiration date of the OTP for the user who has issued the OTP, as described in step S461 (FIG. 13). Thereafter, the MFP 100 advances control to step S967.

In step S967, MFP 100 specifies the estimated value of "unavailable time." The "unavailable time" is an example of a period during which MFP 100 does not accept OTP input. In one implementation example, the MFP 100 calculates the required time of the job requested in step S911, or calculates the required time of the operation for which execution timing has arrived in step S913 among the given operations. By calculating the estimated value, the estimated value of the "unavailable time" is specified.

As a specific example of calculating the time required for a job, a method for calculating the time required for a copy job will be described. In one implementation example, the MFP 100 calculates the time required for a copy job by dividing the product of the number of originals whose images have been read by the scanner (image reading unit 102) and the number of copies by the print speed (system speed) of the MFP 100. Calculate by. For example, if the number of originals is 20, the number of copies is 5, and the printing speed is 25 ppm (pages per minute), the required time is calculated as 4 minutes according to the following formula [1].

20 (sheets) x 5 (copies) ÷ 25 (ppm) = 4 (minutes) … [1]
The estimated time required for a given operation may be specified by reading a predetermined time required for each type of operation, or may be specified using conditions such as network communication speed. good.

For example, if the above-mentioned "given operation" is an operation related to downloading data, the MFP 100 will perform the required operation related to downloading if the capacity of the data to be downloaded is 5M and the communication speed of the network is 1M/min. The time is calculated as 5 minutes (capacity divided by communication speed).

The MFP 100 registers the estimated value specified in step S967 together with the current time in the storage device 109 as "measurement restart specification information", and then returns control to step S405 (FIG. 12).

In step S915, the MFP 100 determines whether the timing has arrived to restart measurement of the OTP expiration date. In one implementation example, the MFP 100 determines that the timing to restart the measurement has arrived when the time registered as the "measurement restart specific information" has elapsed from the time registered as the "current time" in step S967. If not, it is determined that it has not arrived yet.

If the MFP 100 determines that the timing to restart the measurement has arrived (YES in step S915), the MFP 100 advances the control to step S970; otherwise (NO in step S915), the MFP 100 advances the control to step S917. .

In step S917, MFP 100 determines whether the "other user" who came to operate MFP 100 in step S909 has left MFP 100.

In one example, MFP 100 determines that another user has left MFP 100 when detecting that the image taken by camera 150 no longer includes a user different from the user in the image registered in step S451. In another example, the MFP 100 includes a short-range communication device and detects that the communication partner does not have an ID other than the ID of the terminal of the communication partner of the short-range communication device when it is determined that the OTP transmission request is accepted in step S407. In this case, it may be determined that another user has left MFP 100.

If the MFP 100 determines that the "other user" has left the MFP 100 (YES in step S917), the process proceeds to step S970; otherwise (NO in step S917), the process proceeds to step S913 (FIG. 15). Advance control.

In step S970, the MFP 100 sets the state of the "other user use flag" that was turned ON in step S961 to OFF, and proceeds to step S969.

In step S969, the MFP 100 restarts the measurement of the OTP expiration date that was stopped in step S963. In one implementation example, the control in step S969 erases the time registered as the OTP clock stop date and time in the OTP stop management table (Figure 6), and also erases the measurement of the "stop time" in the user information database (Figure 5). Terminate it. Thereafter, the MFP 100 returns control to step S405 (FIG. 12).

Referring to FIG. 15, in step S913, MFP 100 determines whether a login request has been accepted. MFP 100 accepts a login request by operating key 503 (FIG. 8), for example. If the MFP 100 determines that the login request has been accepted (YES in step S913), the process proceeds to step S971; otherwise (NO in step S913), the process proceeds to step S915.

The control from step S971 to step S981 corresponds to the control from step S471 to step S481 described with reference to FIG. That is, in step S971, the MFP 100 determines whether the combination of user name and password or combination of user name and OTP input in the login request matches a combination registered in the user information database. do. If the MFP 100 determines that they match (YES in step S971), the control proceeds to step S973; otherwise (NO in step S971), the control proceeds to step S981.

In step S981, MFP 100 displays failure of user authentication on display 121, and then returns control to step S405 (FIG. 12). After displaying that user authentication has failed, MFP 100 may return the display on display 121 to the login screen.

In step S973, MFP 100 determines whether the information used for authentication in step S471 was OTP. For example, if the MFP 100 determines that the information input along with the user name in the login request matches "OTP" rather than "password" in the user information database, the MFP 100 determines that the information used for authentication is OTP in step S971. I judge that there was.

If the MFP 100 determines that the information used for user authentication is OTP (YES in step S973), the process proceeds to step S975; otherwise (NO in step S973), the process proceeds to step S977. .

In step S975, MFP 100 determines whether the OTP is before expiration. If the OTP validity period has not yet expired (YES in step S975), the MFP 100 advances the control to step S977; otherwise (NO in step S975), the MFP 100 advances the control to step S981.

In step S977, the MFP 100 deletes the OTP used for user authentication from the user information database, and proceeds to step S979. This prevents the OTP once used for authentication from being used again. Note that in the image processing system, the OTP may be a password that is used for multiple authentications as long as an expiration date is set.

In step S979, MFP 100 displays top menu screen 530 on display 121, and then returns control to step S405 (FIG. 12).

In step S915, the MFP 100 determines whether a request other than the above-mentioned requests (logout in step S405, OTP transmission in step S407, and login in step S913) has been received.

If the MFP 100 determines that the other request has been received (YES in step S915), the control proceeds to step S991, and if not (NO in step S915), the control returns to step S405 (FIG. 12).

In step S991, similarly to step S491, the MFP 100 executes processing according to the request, and then returns control to step S405 (FIG. 12).

In the second embodiment described above, after an OTP is issued to a certain user (user A) (S443, S435, S437), another user (user B) comes to operate the MFP 100. If so (YES in step S909), measurement of the operating time of the MFP 100 related to the expiration date of the OTP issued to user A is stopped (step S963). An example of the length of time during which measurement is stopped at this time is the estimated time required for the job requested to be executed by the other user (step S967, YES in step S915, step S969).

That is, when MFP 100 is operated by user B after issuing an OTP to user A, it is not assumed that the MFP 100 will authenticate user A until at least the job requested by user B is completed. Therefore, in MFP 100, measurement of the operating time related to the expiration date of user A's OTP is suspended until the time when the job requested by user B is expected to be completed.

Furthermore, in the second embodiment, the MFP 100 suspends measurement of operation time related to the OTP expiration date during a period in which user authentication is not performed due to execution of a given operation (step S913). YES, step S965). The measurement is restarted at the timing when the given operation is scheduled to end (YES in step S915, step S969). This virtually guarantees that the length of time given to the user as an OTP expiration date will not be disturbed by the performance of a given operation. One example of a given operation is an image stabilization operation, another example is an operation related to downloading data, and yet another example is a virus checking operation.

<Third embodiment>
The third embodiment of the image processing system has the same system configuration as the first embodiment. In the third embodiment, MFP 100 further includes an auto-reset function. Hereinafter, two types of aspects will be explained regarding the relationship between the time measured by the timer of the auto-reset function and the expiration date of the OTP.

(Synchronization of OTP expiry date and auto-reset function timer)
MFP 100 may manage the expiration date of the OTP in association with clock times related to other functions of MFP 100.

For example, the MFP 100 may include an auto-reset function, and may manage the OTP expiration date in association with the time measured by a timer used for the auto-reset function. The auto-reset function is a function that returns at least some of the various settings (for example, the number of copies related to a copy job) that have been changed from the initial values in the MFP 100 to the initial values if the MFP 100 is not operated for a certain period of time or more. "Operation" may mean only the user's operation on the operation panel 120, or may include, in addition to the operation on the operation panel 120, opening and closing operations of the cover of the main body of the MFP 100 and the cover of the platen glass. The latter operation is detected, for example, by a sensor provided in MFP 100.

Then, when the MFP 100 activates the auto-reset function and returns the above settings to the initial values because the MFP 100 has not been operated for a certain period of time, the MFP 100 performs a It may be allowed to expire.

In one example, MFP 100 generates an OTP in response to a request from user A, and transmits the OTP to a destination associated with user A. At this time, it is assumed that 10 minutes is set as the expiration date of the OTP. On the other hand, it is assumed that in the MFP 100, 5 minutes is set as the measurement time of the timer of the auto-reset function (the time to return the settings to the initial values as described above due to continued non-operation time). At this time, the MFP 100 not only returns the user A's user name and other settings input to the MFP 100 to their initial values (that is, deletes them from the input field 501) when the MFP 100 has been inactive for 5 minutes. , also invalidates the OTP issued to user A.

MFP 100 invalidates OTP, for example, by deleting the value registered as "OTP" from the user information database (FIG. 5).

(Management of OTP expiration date independent of the auto-reset function timer)
On the other hand, the MFP 100 may manage the OTP expiration date independently of the timer of the auto-reset function.

In other words, in the above example where the timer measurement time of the auto-reset function is set to "5 minutes", the MFP 100 is configured to change the setting by user A (for example, input into the MFP 100) after 5 minutes of no operation on the MFP 100 (user A's user name) returned to its initial value. However, MFP 100 does not invalidate the OTP (the value of "OTP" in the user information database is maintained) until the expiration date of the OTP for user A at that time.

<Fourth embodiment>
The image processing system of the fourth embodiment includes an MFP 100, an information processing device 200, and an authentication server 300, as in FIG. In the fourth embodiment, authentication server 300 performs at least a portion of user authentication. Control unit 110 of MFP 100 is an example of a first controller, and CPU 301 of authentication server 300 is an example of a second controller. The user information database (FIG. 5) and the OTP suspension management table (FIG. 6) are stored in the storage device 303 of the authentication server 300.

[Overview of user authentication using OTP]
FIG. 16 is a diagram showing an overview of user authentication using OTP in the fourth embodiment. Similar to FIG. 7, FIG. 16 shows an MFP 100, an information processing device 200, and a user 400. Note that FIG. 16 shows processing in authentication server 300 in addition to processing in MFP 100 and information processing apparatus 200.

Referring to FIG. 16, MFP 100 displays a login screen as shown in step SA1 and waits for the user to input authentication information.

A user 400 using information processing device 200 approaches MFP 100 to use MFP 100, as shown in step SB1.

As shown in step SB2, user 400 who approaches MFP 100 inputs a user name into MFP 100. The user 400 requests transmission of the OTP, as shown in step SB3, for reasons such as forgetting the password.

The MFP 100 requests the authentication server 300 to transmit the OTP of the user 400 in response to the request from the user 400 to transmit the OTP, as shown in step SA11. At this time, MFP 100 notifies authentication server 300 of the user name of user 400.

In step SC1, authentication server 300 generates an OTP for user 400 in response to a request from MFP 100, and transmits the generated OTP to a destination associated with the user name of user 400. This destination is, for example, the OTP sending destination associated with the username in the user information database.

Authentication server 300 notifies MFP 100 of the completion of OTP transmission in step SA12. In response to this notification, MFP 100 may display an OTP transmission notification screen (FIG. 10) on display 121.

The information processing device 200 receives the transmitted OTP using, for example, a mailer, as shown in step SC1.

On the other hand, the user 400 returns to his/her seat after requesting the transmission of the OTP (step SB3), as shown in step SB4. Then, the user 400 instructs the information processing device 200 at his/her seat to display the OTP, as shown in step SB5.

The information processing device 200 displays the OTP on the display 204 in response to the instruction from the user 400, as shown in step SC2.

The user 400 confirms the OTP displayed on the information processing device 200, as shown in step SB6.

Thereafter, user 400 returns to MFP 100, as shown as step SB7, and enters the user name and OTP into MFP 100, as shown as step SB8. If a user name has already been input into MFP 100, input of the user name in step SB8 may be omitted.

MFP 100 uses the input user name and OTP to request user authentication from authentication server 300, as shown in step SA13.

Authentication server 300 executes user authentication in response to a request from MFP 100, as shown in step SD2, and notifies MFP 100 of the result of the user authentication, as shown in step SD3.

MFP 100 displays a screen on display 121 according to the authentication result. For example, if the authentication result indicates successful authentication, MFP 100 displays a top menu screen on display 121, as shown in step SA4. This makes the MFP 100 available for use.

When a given event (for example, remote login in step S411 (FIG. 13)) occurs, MFP 100 requests authentication server 300 to stop measuring the operating time related to the expiration date. In response, the authentication server 300 suspends the measurement. Thereafter, when an event occurs that restarts the measurement, the MFP 100 requests the authentication server 300 to restart the measurement. In response, the authentication server 300 restarts the measurement. That is, depending on the occurrence of an event in MFP 100, authentication server 300 can extend the expiration date of the OTP.

[Processing flow]
17 to 22 are flowcharts of processing executed for user authentication using OTP in the fourth embodiment. In FIGS. 17 to 22, controls corresponding to those explained in FIGS. 12 to 13 are given the same reference numerals (such as "S401") as in FIGS. 12 to 13. In each of FIGS. 17 to 21, processing in MFP 100 is shown on the left, and processing in authentication server 300 is shown on the right. FIG. 22 shows processing in MFP 100.

Referring to FIG. 17, when MFP 100 is powered on, in step S401, MFP 100 executes MFP 100 initialization processing.

In step S403, MFP 100 displays a login screen (FIG. 8) on display 121.

In step S405, MFP 100 determines whether a logout request has been accepted. If the MFP 100 determines that the logout request has been accepted (YES in step S405), the process proceeds to step S405A; otherwise (NO in step S405), the process proceeds to step S407.

In step S405A, MFP 100 notifies authentication server 300 of logout. The notification may include information that identifies the user who requested logout. After that, the MFP 100 returns control to step S403. As a result, a login screen is displayed on the display 121 of the MFP 100. Therefore, in order to use MFP 100, the user needs to log in to MFP 100 again.

Meanwhile, in step S430, authentication server 300 determines whether a logout notification has been received from MFP 100. If the authentication server 300 determines that it has received the logout notification (YES in step S430), the process proceeds to step S431; otherwise (NO in step S430), the process proceeds to step S460 (FIG. 18). .

In step S431, the authentication server 300 determines whether measurement of operating time related to the expiration date has been stopped in the authentication server 300 for a user other than the user associated with the logout notified in step S430. to judge. Note that the authentication server 300 stops measuring the operating time related to the expiration date in step S461, which will be described later.

If the authentication server 300 determines that the measurement is being stopped for the other user (YES in step S431), the process proceeds to step S433; otherwise (NO in step S431), the process proceeds to step S430. Return control.

In step S433, the authentication server 300 restarts measurement of the expiration date of the OTP whose measurement has been stopped, and returns control to step S430.

On the other hand, in step S407, MFP 100 determines whether a request for OTP transmission has been accepted. If the MFP 100 determines that the OTP transmission request has been received (YES in step S407), the process proceeds to step S451; otherwise (NO in step S407), the process proceeds to step S432.

In step S451, MFP 100 registers the image of the user who requested OTP transmission in storage device 109.

In step S407A, MFP 100 requests authentication server 300 to send an OTP. The request is realized, for example, by sending a message including the user name input by the user. Thereafter, the MFP 100 returns control to step S405.

On the other hand, in step S420, authentication server 300 determines whether or not it has received an OTP transmission request (step S407A) from MFP 100. If the authentication server 300 determines that a request to send an OTP has been received (YES in step S420), control proceeds to step S441; otherwise (NO in step S420), control proceeds to step S460 (FIG. 18). proceed.

In step S441, the authentication server 300 determines whether the destination to which the OTP is to be sent can be specified. If the authentication server 300 determines that the destination to which the OTP is to be sent can be specified (YES in step S441), the process proceeds to step S443; otherwise (NO in step S441), the process proceeds to step S444 (FIG. 19). ).

In step S443, the authentication server 300 generates an OTP for the user name input when requesting OTP transmission.

In step S435, the authentication server 300 registers the OTP generated in step S443 in the user information database. At this time, the authentication server 300 may further register an "expiration date" associated with the OTP in the user information database. In one implementation, authentication server 300 registers a constant value (eg, 3 minutes) as the "expiration date." In another implementation example, the authentication server 300 sets a value to be registered as the "expiration date" according to the type (for example, the first type or the second type) of the information processing device 200 that the user uses to confirm the OTP. do.

In step S437, the authentication server 300 transmits the OTP generated in step S443 to the destination ("OTP transmission destination") associated with the user name input at the time of the OTP transmission request. .

In step S438, authentication server 300 notifies MFP 100 of the OTP transmission.

On the other hand, MFP 100 determines in step S432 whether a notification of OTP transmission has been received. If the MFP 100 determines that the OTP transmission notification has been received (YES in step S432), the MFP 100 displays the OTP transmission notification screen (FIG. 10) on the display 121 in step S453, and then returns control to step S405. At this time, the display on the display 121 may be returned to the login screen. If the MFP 100 determines that the OTP transmission notification has not been received (NO in step S432), the control proceeds to step S409 (FIG. 18).

On the other hand, the authentication server 300 starts measuring the expiration date of the OTP in step S439. Under the control of step S439, in the authentication server 300, the time when the OTP is transmitted becomes the starting point of the OTP expiration date. After that, the authentication server 300 returns control to step S430.

Referring to FIG. 18, in step S409, the MFP 100 determines whether the OTP is issued during OTP confirmation, whether another user has come to operate the MFP 100, as described with reference to FIG. Decide whether or not. If the MFP 100 determines that the other user has come to operate the MFP 100 (YES in step S409), the MFP 100 advances the control to step S412; otherwise (NO in step S409), the MFP 100 advances the control to step S411. .

In step S411, the MFP 100 determines whether a user other than the user to whom the OTP is issued has logged into the MFP 100 by remote login during OTP confirmation, as described with reference to FIG. If the MFP 100 determines that the other user has logged in to the MFP 100 by remote login (YES in step S411), the process proceeds to step S412; otherwise (NO in step S411), the process proceeds to step S454 (FIG. 19). ).

In step S412, the MFP 100 transmits to the authentication server 300 a request to stop measuring the operating time related to the expiration date of the OTP for the user who has issued the OTP. Thereafter, the MFP 100 returns control to step S405 (FIG. 17).

On the other hand, in step S460, authentication server 300 determines whether or not it has received a request to stop measuring the expiration date (step S412) from MFP 100. If the authentication server 300 determines that the request has been received (YES in step S460), the process proceeds to step S461; otherwise (NO in step S460), the process proceeds to step S466 (FIG. 20). .

In step S461, the authentication server 300 stops measuring the operating time related to the expiration date of the OTP for the user who issued the OTP. In one example, the authentication server 300 registers the current time as the OTP clock stop date and time in the OTP stop management table (FIG. 6), and starts measuring the time that is registered as the stop time in the user information database (FIG. 5). do. As a result, the time measurement operation related to the expiration date of the OTP in the authentication server 300 is interrupted. After that, the authentication server 300 returns control to step S430 (FIG. 17).

Referring to FIG. 19, in step S444, authentication server 300 notifies MFP 100 that the destination to which the OTP is to be sent cannot be specified.

In step S454, the MFP 100 determines whether or not it has received a notification indicating that the destination to which the OTP is to be sent cannot be specified. If it determines that the notification has been received (YES in step S454), the MFP 100 determines in step S455. If not (NO in step S454), control proceeds to step S413 (FIG. 20).

In step S455, MFP 100 displays on display 121 that OTP transmission is not possible. This display is realized, for example, by displaying an OTP transmission failure screen. After that, the MFP 100 returns control to step S405. At this time, the display on the display 121 may be returned to the login screen.

Referring to FIG. 20, in step S413, MFP 100 determines whether a login request has been accepted. If the MFP 100 determines that the login request has been accepted (YES in step S413), the process proceeds to step S413A; otherwise (NO in step S413), the process proceeds to step S478 (FIG. 21).

In step S413A, MFP 100 transmits a login request to authentication server 300. The request includes the user and password or OTP input by the user. Thereafter, the MFP 100 returns control to step S405 (FIG. 17).

Authentication server 300 determines whether a login request has been received in step S466. If the authentication server 300 determines that a login request has been received (YES in step S466), control proceeds to step S471 (FIG. 21); otherwise (NO in step S466), control proceeds to step S420 (FIG. 17). ).

Referring to FIG. 21, in step S471, authentication server 300 determines that the combination of user name and password or combination of user name and OTP received as a login request matches the combination registered in the user information database. Decide whether or not to do so. If the authentication server 300 determines that they match (YES in step S471), the process proceeds to step S473, and if not (NO in step S471), the process proceeds to step S452.

In step S452, authentication server 300 notifies MFP 100 of the user authentication failure, and then returns control to step S420 (FIG. 17).

In step S473, the authentication server 300 determines whether the information used for authentication in step S471 was OTP. If the authentication server 300 determines that the information used for user authentication is OTP (YES in step S473), control proceeds to step S475; otherwise (NO in step S473), control proceeds to step S476A. proceed.

In step S475, the authentication server 300 determines whether or not the OTP has not yet expired. If the OTP validity period has not yet expired (YES in step S475), the authentication server 300 advances the control to step S476A; otherwise (NO in step S475), the authentication server 300 advances the control to step S476B.

In one implementation, the authentication server 300 references the current time and the user information database (FIG. 5) to determine whether the OTP has expired. More specifically, if the "stop time" is not registered, the authentication server 300 determines whether the expiration date is valid if the current time is before the time registered as the expiration date from the OTP clock start date and time. It is determined that it has not yet expired, and if not, it is determined that the expiration date has expired. On the other hand, if the "stop time" is registered, the authentication server 300 specifies that the current time is the sum of the time registered as the expiration date and the time registered as the stop time from the OTP clock start date and time. If the time is before the elapsed time, it is determined that the expiration date has not yet expired; otherwise, it is determined that the expiration date has expired.

In step S476A, authentication server 300 notifies MFP 100 of the success of user authentication, and then advances control to step S477. On the other hand, in step S476B, authentication server 300 notifies MFP 100 of the user authentication failure, and then returns control to step S420 (FIG. 17).

In step S477, MFP 100 deletes the OTP used for user authentication from the user information database, and returns control to step S420 (FIG. 17).

On the other hand, MFP 100 determines in step S478 whether notification of successful user authentication has been received. If MFP 100 determines that the notification of success has been received (YES in step S478), control proceeds to step S479; otherwise (NO in step S478), control proceeds to step S480.

In step S479, MFP 100 displays top menu screen 530 on display 121, and then returns control to step S405. As a result, the user is permitted to use MFP 100. Thereafter, the MFP 100 returns control to step S405 (FIG. 17).

In step S480, MFP 100 determines whether a notification of user authentication failure has been received. If the MFP 100 determines that the notification of failure has been received (YES in step S480), the control proceeds to step S481; otherwise (NO in step S480), the control proceeds to step S415 (FIG. 22).

In step S481, MFP 100 displays on display 121 that the user authentication has failed, and then returns control to step S405 (FIG. 17). After displaying that user authentication has failed, MFP 100 may return the display on display 121 to the login screen.

Referring to FIG. 22, in step S415, MFP 100 issues requests (hereinafter referred to as "other requests") other than the above-mentioned requests (logout in step S405, OTP transmission in step S407, and login in step S413). ) is accepted. If the MFP 100 determines that the other request has been received (YES in step S415), the process proceeds to step S491, and if not (NO in step S415), the process returns to step S405.

In step S491, MFP 100 executes processing according to the request, and then returns control to step S405. An example of processing in response to a request is updating the top menu screen 530 and updating copy job settings in response to a change in the number of copies. That is, after the user logs in to the MFP 100, the MFP 100 executes a process according to the user's request in step S491. Furthermore, the MFP 100 accepts the input of a user name before login in step S491.

In the fourth embodiment described above, after an OTP is issued to a certain user (user A) (S443, S435, S437), another user (user B) comes to operate the MFP 100. (YES in step S409), or if another user (user B) remotely logs in to the MFP 100 (YES in step S411), the authentication server 300 determines the expiration date of the OTP issued to user A. The measurement of the operating time of the authentication server 300 related to this is stopped. When the authentication server 300 receives a logout request from the user B (YES in step S431), the authentication server 300 resumes measuring the operation time (step S433). Resuming the measurement of the operation time is realized, for example, by stopping counting of the stop time for user A in the user information database (FIG. 5). That is, in one example, counting of the "stop time" of the user information database starts in step S461 and ends in step S433. Accordingly, the "stop time" represents the length of time from when counting is stopped in step S461 until counting is restarted in step S433. The validity period of the OTP is then substantially extended by the length of time.

In one implementation example, the number of users that can be authenticated at one time is set to "1" for MFP 100. In this case, the authentication server 300 cannot accept user A's login to MFP 100 while user B is logged in to MFP 100. Therefore, a state in which user B is remotely logged in to MFP 100 (a state in which user B is authenticated to MFP 100) is an example of a period in which MFP 100 does not accept OTP input. Authentication server 300 can also request MFP 100 not to display the login screen during such a period. In response to the request, MFP 100 may display another screen (such as a screen saver or a screen containing a message such as "In use by another user") on display 121 instead of the login screen.

Further, the period during which a certain user is logged into MFP 100 is an example of the period during which the user uses MFP 100. In this sense, instead of or in addition to the period when user B is logging in to MFP 100 remotely, during the period when user B is logging into MFP 100 by operating operation panel 120, authentication server 300 may stop measuring the operating time related to the expiration date of the OTP issued to user A.

Furthermore, the period from when the user approaches MFP 100 to when he leaves MFP 100 is an example of the period during which the user uses MFP 100.

More specifically, when user B approaches MFP 100, even before user B logs in to MFP 100, if user B operates operation panel 120 to log in, user A uses OTP to access MFP 100. may be difficult to enter. Considering such a case, the authentication server 300 issues an OTP to the user A, and then, when the MFP 100 detects that the user B approaches the MFP 100 (YES in step S409), the authentication server 300 issues an OTP to the user A. The measurement of the operating time related to the expiration date of the OTP issued is stopped (step S461).

In this case, the authentication server 300 may restart measuring the operation time in response to detecting that the user B has left the MFP 100. In one example, authentication server 300 detects that user B has moved away from MFP 100 by detecting that the image captured by camera 150 does not include a face image of user B. That is, authentication server 300 may stop measuring the operation time from when user B approaches MFP 100 until when user B leaves MFP 100. In this case, the period from when user B approaches MFP 100 until when user B leaves MFP 100 is as follows: This is an example of a period during which user B uses MFP 100.

<Fifth embodiment>
The fifth embodiment of the image processing system has the same system configuration as the fourth embodiment. In the fifth embodiment, a period in which the MFP 100 is performing a given operation is exemplified as a period in which the MFP 100 does not accept OTP input. The processing executed in the fifth embodiment can be realized by partially changing the fourth embodiment. FIG. 23 is a diagram illustrating an alternative portion of the process shown in FIG. 18 that is executed by MFP 100. FIG. 24 is a diagram showing an alternative part of the process shown in FIG. 18 that is executed by the authentication server 300.

If the MFP 100 determines that the OTP transmission request is not accepted in step S432 of FIG. 17 (NO in step S432), the MFP 100 advances control to step S909 (FIG. 23).

Referring to FIG. 23, in step S909, similarly to step S409 (FIG. 18), during OTP confirmation, MFP 100 determines whether the OTP issuance target is another user who has come to operate MFP 100. do.

If MFP 100 determines that another user has come to operate MFP 100 (YES in step S909), control proceeds to step S961; otherwise (NO in step S909), control proceeds to step S911.

In step S961, the MFP 100 sets the state of the "other user use flag", which is a type of flag, to ON, and proceeds to step S963A. Note that the initial state of the flag is OFF.

In step S963A, the MFP 100 authenticates the request to stop measuring the operating time related to the expiration date of the OTP for the user who has issued the OTP, as described in step S412 (FIG. 23). Send to server 300. Thereafter, the MFP 100 returns control to step S405 (FIG. 17).

In step S911, the MFP 100 determines whether or not there is a job execution request from a user other than the user to whom the OTP is issued during OTP confirmation. In one example, the MFP 100 determines whether the user is an "other user" based on the user name included in the OTP transmission request (step S407). More specifically, if the user name associated with the job accepted in step S911 is different from the user name included in the OTP transmission request, the MFP 100 determines that the job accepted in step S911 is not associated with "another user". It is determined that this is a job execution request.

If the MFP 100 determines that there is a job execution request from another user (YES in step S911), the process proceeds to step S967; otherwise (NO in step S911), the process proceeds to step S913. .

In step S913, MFP 100 determines whether the execution timing for a given operation defined in MFP 100 has arrived. The given operation is, for example, an operation for which the MFP 100 cannot execute other operations in parallel, such as an image stabilization operation (image quality adjustment of the print output unit 103), an operation related to data downloading (downloading and (installation of an application using the acquired data) and virus check (checking for computer viruses in the control unit 110).

If the MFP 100 determines that the execution timing for the given operation has arrived (YES in step S913), the MFP 100 advances the control to step S965A; otherwise (NO in step S913), the MFP 100 advances the control to step S915. .

In step S965A, the MFP 100 authenticates the request to stop measuring the operating time related to the expiration date of the OTP for the user who has issued the OTP, as described in step S412 (FIG. 23). Send to server 300. Thereafter, the MFP 100 advances control to step S967.

In step S967, the MFP 100 specifies the estimated value of the "unavailable time" similarly to step S967 described with reference to FIG. MFP 100 registers the identified estimated value together with the current time in storage device 109, and then returns control to step S405 (FIG. 18).

On the other hand, if the authentication server 300 determines in step S420 of FIG. 17 that the OTP transmission request has not been accepted (NO in step S420), control proceeds to step S962 (FIG. 24).

Referring to FIG. 24, in step S962, authentication server 300 determines whether or not it has received a request from MFP 100 to stop measuring the operating time related to the expiration date (steps S963A and 965A). If the authentication server 300 determines that the request has been received (YES in step S962), the process proceeds to step S963; otherwise (NO in step S962), the process proceeds to step S968.

In step S963, the authentication server 300 stops measuring the operating time related to the expiration date of the OTP for the user who issued the OTP. In one example, the authentication server 300 registers the current time as the OTP clock stop date and time in the OTP stop management table (FIG. 6), and starts measuring the time that is registered as the stop time in the user information database (FIG. 5). do. As a result, the time measurement operation related to the expiration date of the OTP in the authentication server 300 is interrupted. After that, the authentication server 300 returns control to step S430 (FIG. 17).

Returning to FIG. 23, in step S915, the MFP 100 determines whether the timing has arrived to restart measurement of the OTP expiration date. In one implementation example, the MFP 100 determines that the timing to restart the measurement has arrived when the time registered as the "measurement restart specific information" has elapsed from the time registered as the "current time" in step S967. If not, it is determined that it has not arrived yet.

If the MFP 100 determines that the timing to restart the measurement has arrived (YES in step S915), the MFP 100 advances the control to step S970; otherwise (NO in step S915), the MFP 100 advances the control to step S917. .

In step S917, MFP 100 determines whether the "other user" who came to operate MFP 100 in step S909 has left MFP 100, similar to step S917 described with reference to FIG.

If the MFP 100 determines that the "other user" has left the MFP 100 (YES in step S917), the process proceeds to step S970; otherwise (NO in step S917), the process proceeds to step S454 (FIG. 19). Advance control.

In step S970, the MFP 100 sets the state of the "other user use flag" that was turned ON in step S961 to OFF, and proceeds to step S969A.

In step S969A, MFP 100 transmits to authentication server 300 a request to restart measurement of operating time related to the OTP expiration date. Thereafter, the MFP 100 returns control to step S405 (FIG. 17).

Referring to FIG. 24, in step S968, authentication server 300 determines whether or not it has received a request from MFP 100 to restart measurement of operating time related to the expiration date of the OTP. If the authentication server 300 determines that the request has been received (YES in step S968), the process proceeds to step S969; otherwise (NO in step S968), the process proceeds to step S466 (FIG. 20). .

In step S969, the authentication server 300 restarts the measurement of the operating time related to the expiration date of the OTP, as described in step S433 with reference to FIG. 17, and returns control to step S430 (FIG. 17). return.

In the fifth embodiment described above, after an OTP is issued to a certain user (user A) (steps SS443, S435, S437), another user (user B) comes to operate the MFP 100. If so (YES in step S909), the authentication server 300 stops measuring the operating time related to the expiration date of the OTP issued to user A (step S963). An example of the length of time during which measurement is stopped at this time is the estimated time required for the job requested to be executed by the other user (YES in step S967 and step S915, steps S969A and S969). .

That is, when MFP 100 is operated by user B after issuing an OTP to user A, it is not assumed that MFP 100 will authenticate user A until at least the job requested by user B is completed. Therefore, the authentication server 300 suspends measurement of the operating time related to the expiration date of the OTP of the user A until the time when the job requested by the user B is expected to be completed.

Also, in the fifth embodiment, similarly to the second embodiment, while the MFP 100 is performing a given operation, the authentication server 300 suspends measurement of the operation time related to the expiration date of the OTP. (YES in step S913, step S965). The measurement is restarted at the timing when the given operation is scheduled to end (YES in step S915, step S969). This virtually guarantees that the length of time given to the user as an OTP expiration date will not be disturbed by the performance of a given operation. One example of a given operation is an image stabilization operation, another example is an operation related to downloading data, and yet another example is a virus checking operation.

<Sixth embodiment>
In the sixth embodiment of the image processing system, like the third embodiment, the MFP 100 may have an auto-reset function. The authentication server 300 may associate the expiration date of the OTP with the time measured by the timer of the auto-reset function of the MFP 100.

More specifically, MFP 100 uses a timer of the auto-reset function to measure the amount of time that no operation continues in MFP 100 (non-operation time). When the non-operation time reaches a certain time, the timer finishes counting.

When the timer of the auto-reset function completes timing (when the period of no operation reaches a certain period), MFP 100 notifies authentication server 300 of this fact.

When the authentication server 300 is notified from the MFP 100 that the non-operation time has reached a certain period of time, the authentication server 300 invalidates the valid OTP accordingly. In one example, authentication server 300 disables OTP by deleting the value of "OTP" from the user information database. As a result, in the image processing system, the expiration date of the OTP is managed in association with the timer of the auto-reset function.

On the other hand, the authentication server 300 can also manage the OTP expiration date independently of the timer of the auto-reset function in the MFP 100. In this case, even if the timer of the auto-reset function completes timing, the MFP 100 does not need to notify the authentication server 300 of this fact.

Each of the embodiments disclosed this time should be considered to be illustrative in all respects and not restrictive. The scope of the present invention is indicated by the claims rather than the above description, and it is intended that all changes within the scope and meanings equivalent to the claims are included. Further, the inventions described in the embodiments and each modification are intended to be implemented alone or in combination to the extent possible.

100 MFP, 106 motion sensor, 120 operation panel, 200 information processing device, 300 authentication server, 400 user, 500 login screen, 510 transmission request screen, 520 transmission notification screen, 530 top menu screen.

Claims (25)

An image forming apparatus,
A memory that stores information that identifies the user in association with the destination;
an input interface that accepts input of information that identifies a user;
a controller that, when the input interface accepts a request for temporary authentication, sends a one-time password to a destination associated with information identifying the user input to the input interface;
The controller includes:
Measuring a first time related to the expiration date of the one-time password;
If before the measurement of the first time is completed, in response to the input of the one-time password, the user is authenticated for use of the image forming apparatus with respect to information identifying the user input into the input interface;
not accepting input of the one-time password during a given period;
The image forming apparatus suspends measurement of the first time during the given period. The image forming apparatus according to claim 1, wherein the given period includes a period during which a user other than the user specified by the information associated with the destination is using the image forming apparatus. The image forming apparatus according to claim 2, wherein the given period includes a period during which a user other than the user specified by the information associated with the destination is authenticated. The image forming apparatus according to claim 3, wherein a user other than the user specified by the information associated with the destination is authenticated by an operation on the input interface. The image forming apparatus according to claim 3, wherein a user other than the user specified by the information associated with the destination is authenticated by operating a terminal capable of communicating with the image forming apparatus. The given period includes a period during which the image forming apparatus is performing a given operation,
The image forming apparatus according to claim 1, wherein the controller specifies an estimated value of a period of execution of the given operation as the length of the given period. The given operation includes a job operation related to image processing,
The image forming apparatus according to claim 6, wherein the estimated value is an estimated value of the time required to execute the job. The image forming apparatus according to claim 6, wherein the given operation includes an image stabilization operation in the image forming apparatus. The image forming apparatus according to claim 6, wherein the given operation includes downloading data via a network and processing the data in the image forming apparatus. The image forming apparatus according to claim 6, wherein the given operation includes virus check processing in the image forming apparatus. the memory stores settings of the image forming apparatus;
The controller includes:
controlling the operation of the image forming apparatus according to settings stored in the memory;
Initializing the settings stored in the memory when the image forming device is left without operation for a second period of time;
Even if the second period of non-operation with respect to the image forming apparatus continues, if the measurement of the first period of time is not completed, the one-time password may be input to the input interface in response to input of the one-time password. The image forming apparatus according to any one of claims 1 to 10, wherein the image forming apparatus authenticates a user for use of the image forming apparatus with respect to information identifying the user. the memory stores settings of the image forming apparatus;
The controller includes:
controlling the operation of the image forming apparatus according to settings stored in the memory;
Initializing the settings stored in the memory when the image forming device is left without operation for a second period of time;
If the second period of non-operation with respect to the image forming apparatus continues, the user is not authenticated by inputting the one-time password even before the first period of time has been measured. The image forming apparatus according to any one of Item 10. comprising an image forming apparatus and an authentication server that authenticates a user using the image forming apparatus,
The image forming apparatus includes:
an input interface that accepts input of information that identifies a user;
a first controller that, when the input interface accepts a request for temporary authentication, transmits a request for temporary authentication to the authentication server regarding information identifying the user input to the input interface;
The authentication server is
A memory that stores information that identifies a user in association with a destination;
a second controller that, when receiving the request for temporary authentication from the image forming apparatus, transmits a one-time password to a destination associated with information identifying the user input to the input interface; including,
The first controller is
Sending the one-time password entered into the input interface to the authentication server,
not accepting one-time password input to the input interface during a given period;
The second controller is
Measuring a first time related to the expiration date of the one-time password,
If before the measurement of the first time is completed, in response to the input of the one-time password, the user is authenticated for use of the image forming apparatus with respect to information identifying the user input into the input interface;
The image processing system suspends measurement of the first time during the given period. 14. The image processing system according to claim 13, wherein the given period includes a period during which a user other than the user specified by the information associated with the destination is using the image forming apparatus. The image processing system according to claim 14, wherein the given period includes a period during which users other than the user specified by the information associated with the destination are authenticated. The image processing system according to claim 15, wherein users other than the user specified by the information associated with the destination are authenticated by operations on the input interface. 16. The image processing system according to claim 15, wherein a user other than the user specified by the information associated with the destination is authenticated by operating a terminal capable of communicating with the image forming apparatus. The given period includes a period during which the image forming apparatus is performing a given operation,
14. The image processing system of claim 13, wherein the second controller specifies an estimate of the duration of execution of the given operation as the length of the given period. The given operation includes a job operation related to image processing,
The image processing system according to claim 18, wherein the estimated value is an estimated value of the time required to execute the job. The image processing system according to claim 18, wherein the given operation includes an image stabilization operation in the image forming device. The image processing system according to claim 18, wherein the given operation includes downloading data via a network and processing the data in the image forming apparatus. The image processing system according to claim 18, wherein the given operation includes virus check processing in the image forming apparatus. The image forming apparatus further includes a storage device that stores settings of the image forming apparatus,
The first controller is
controlling the operation of the image forming apparatus according to settings stored in the storage device;
Initializing settings stored in the storage device when the image forming device is left without operation for a second period of time;
The second controller is
Even if the second period of non-operation with respect to the image forming apparatus continues, if the measurement of the first period of time is not completed, the one-time password may be input to the input interface in response to input of the one-time password. The image processing system according to any one of claims 13 to 22, wherein the image processing system authenticates a user for use of the image processing system with respect to information identifying the user. The image forming apparatus further includes a storage device that stores settings of the image forming apparatus,
The first controller is
controlling the operation of the image forming apparatus according to settings stored in the storage device;
Initializing settings stored in the storage device when the image forming device is left without operation for a second period of time;
The first controller is
controlling the operation of the image forming apparatus according to settings stored in the storage device;
Initializing settings stored in the storage device when the image forming device is left without operation for a second period of time;
The second controller is
If the second period of non-operation with respect to the image forming apparatus continues, the user is not authenticated by inputting the one-time password even before the measurement of the first period of time is completed. The image processing system according to any one of Item 22. By being executed by the computer of the image forming apparatus, the image forming apparatus is provided with:
when the input interface of the image forming apparatus receives a request for temporary authentication, transmitting a one-time password to a destination associated with information identifying the user input to the input interface;
If the measurement of the first time related to the expiration date of the one-time password is not completed, the information identifying the user input to the input interface is input to the image forming apparatus in response to the input of the one-time password. authenticating the user for use;
suspending measurement of the first time during a given period in which the image forming apparatus does not accept input of a one-time password;
A program to run.

Images