JP2017041090A - Information processing system, authentication method, information processing apparatus, and authentication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To confirm whether a device is being used by a legitimate user or not.SOLUTION: An information processing system which authenticates an information processing apparatus and a terminal device using the information processing apparatus includes: authentication information receiving means of receiving user information and at least one piece of additional authentication information; image data generation means of generating image data by use of the user information and at least one additional authentication information received from the authentication information receiving means; storage means of storing the image data generated by the image data generation means on the terminal device; read means of reading the image data stored in the storage means; decoding means of decoding authentication information included in the image data read by the read means; first authentication means of confirming validity by use of the additional authentication information of the authentication information decoded by the decoding means; and second authentication means of performing second authentication using the authentication information when authentication is successful in the first authentication means.SELECTED DRAWING: Figure 3

Description

  The present invention relates to an information processing system, an authentication method, an information processing apparatus, and an authentication program.

  In an information processing apparatus such as an image forming apparatus (for example, MFP (Multifunction Peripheral)) used by a plurality of users, authentication is performed using an IC (Integrated Circuit) card such as an employee ID card, and only a user who has succeeded in the authentication. There is a mechanism that permits the use of the device.

  For example, there is a mechanism in which authentication information used for authentication is converted to a QR code (registered trademark), and printing on the image forming apparatus is permitted by reading the QR code.

  However, when authenticating with a QR code, if the QR code image is leaked, anyone can impersonate and it is not possible to know whether it is used by a legitimate user or an unauthorized user. End up.

  In view of the above problems, an object of the present invention is to provide an information processing system, an authentication method, an information processing apparatus, and an authentication program that can confirm whether or not a legitimate user is using the system.

  As one aspect, the present invention provides an information processing apparatus and an authentication information receiving unit that receives user information and at least one additional authentication information in an information processing system that authenticates a terminal device that uses the information processing apparatus. The image data generating means for generating image data using the user information received from the authentication information receiving means and at least one additional authentication information, and the image data generated by the image data generating means are stored in the terminal device. Storage means; reading means for reading image data stored in the storage means; decoding means for decoding authentication information included in image data read by the reading means; and authentication decoded by the decoding means Among the information, the first authentication means that confirms the validity using the additional authentication information and the first authentication means are permitted to authenticate The case, and a second authentication means for performing a second authentication using the authentication information.

  It can be confirmed whether or not a legitimate user is using it.

It is a figure which shows schematic structure of an information processing system. It is a figure which shows an example of a function structure of the terminal device in 1st Embodiment. FIG. 2 is a diagram illustrating an example of a functional configuration of an image forming apparatus according to the first embodiment. It is a figure which shows an example of the hardware constitutions of a terminal device. 2 is a diagram illustrating an example of a hardware configuration of an image forming apparatus. FIG. It is a sequence diagram which shows an example of the QR code production | generation process in 1st Embodiment. It is a sequence diagram which shows an example of the authentication process using QR code in 1st Embodiment. It is a figure which shows the example of a screen in 1st Embodiment. It is a figure which shows the function structural example of the image forming apparatus in 2nd Embodiment. It is a sequence diagram which shows an example of the QR code production | generation process in 2nd Embodiment. It is a sequence diagram which shows an example of the authentication process using QR code in 2nd Embodiment.

  DESCRIPTION OF EMBODIMENTS Hereinafter, embodiments for carrying out the present invention will be described with reference to the drawings. In the present embodiment, a print authentication system will be described as an example of an information processing system. However, the present invention is not limited to this, and for example, an authentication method when the target apparatus is used for FAX transmission, scanner execution, mail transmission, or the like. Can be used.

<First Embodiment>
<Outline of information processing system>
FIG. 1 is a diagram illustrating a schematic configuration of an information processing system. An information processing system 10 illustrated in FIG. 1 includes a terminal device 11, an image forming apparatus 12 as an example of an information processing apparatus that executes one or a plurality of processes on various pieces of input information, and an authentication server 13. . The terminal device 11, the image forming device 12, and the authentication server 13 are connected in a state where data can be transmitted and received by a communication network N typified by, for example, the Internet or a LAN (Local Area Network). In the example of FIG. 1, the terminal device 11, the image forming device 12, and the authentication server 13 are connected one by one. Further, the authentication server 13 may be a cloud server configured by cloud computing using one or more information processing apparatuses, for example. Further, the terminal device 11 does not necessarily have to be connected on the same communication network N.

  The terminal device 11 is a communication terminal such as a smartphone, a tablet terminal, or a mobile phone. The terminal device 11 generates, for example, QR code image data based on the telephone number of the terminal device 11, a user (user) password, and additional authentication information. Here, the telephone number used for generating the image data is a number uniquely assigned to the terminal device 11 in order to make a call using the terminal device 11. Note that the information for specifying the terminal device 11 and the user is not limited to the telephone number. A password (hereinafter referred to as “PW” as necessary) is a password of a user registered in the authentication server 13. The additional authentication information is information that is set by a user input or dynamically when the user generates image data in the terminal device 11. The additional authentication information is, for example, a PIN (Personal Identification Number) code or QR code generation date / time information, but is not limited thereto. The image data includes, in addition to the QR code, one-dimensional or two-dimensional image data such as Data Matrix, PDF417, and barcode, but is not limited to this, and a plurality of different colors and shapes are included. You may have used information. The image data may be a combination of a plurality of the various image data described above. The terminal device 11 may store the generated image data or display it on the screen.

  The image forming apparatus 12 reads, for example, image data such as a QR code, and decrypts original authentication information (for example, a telephone number, a password, and additional authentication information) from the read QR code. Further, the image forming apparatus 12 performs an authentication process (first authentication unit) for confirming the validity using the additional authentication information among the decrypted authentication information. Further, when the additional authentication information is successfully authenticated (authentication permitted), the image forming apparatus 12 uses the authentication server 13 to perform authentication processing (second authentication means) based on the telephone number and password. For example, when the additional authentication information is a PIN (for example, four or more alphanumeric characters), the image forming apparatus 12 checks whether the PIN input by the user matches. Further, when the additional authentication information is the QR code generation date and time, the image forming apparatus 12 determines whether or not the difference between the date and time when the terminal device 11 holds the QR code on the image forming apparatus 12 and the generation date and time is within a certain time. Check if. The image forming apparatus 12 may be, for example, an MFP, or an information processing apparatus such as a projector, a FAX machine, a copier, a printer, or a PC (Personal Computer).

  Based on the authentication request from the image forming apparatus 12, the authentication server 13 compares the telephone number and password received from the image forming apparatus 12 with previously registered authentication information, and determines whether or not the authentication is successful. Therefore, in the first embodiment, a telephone number and a password are used for user authentication in the authentication server 13.

  For example, the user information registered in advance in the authentication server 13 includes a telephone number (phone number of the terminal device 11 possessed by the user) used for user authentication in association with information identifying the user such as a user name, and the like. Password authentication information is registered. In other words, in the first embodiment, if user authentication is conventionally performed based on the user ID and password, it can be said that the telephone number is used as the user ID. The password may not be essential. In this case, image data that does not include a password is also generated in the terminal device 11, and the password is omitted in processing that will be described later.

  Further, the authentication server 13 outputs an authentication result to the image forming apparatus 12. The authentication server 13 can use a general authentication device such as an Active Directory or an LDAP (Lightweight Directory Access Protocol) server, but is not limited thereto. For example, the authentication server 13 may be included in the image forming apparatus 12.

  Here, an outline of the authentication process using the information processing system 10 described above will be described. The user uses not only the telephone number and password (PW), which are user authentication information for authenticating the user authentication in the authentication server 13, as authentication information for generating the QR code using the terminal device 11, but also the image forming apparatus. 12, the QR code is generated also using additional authentication information such as a PIN code for collation with the information input by the user.

  When the user wants to use the image forming apparatus 12, the QR code generated from the authentication information is displayed on the terminal device 11 and held over the image forming apparatus 12, thereby causing the image forming apparatus 12 to read the QR code.

  The image forming apparatus 12 decodes the read QR code, and acquires the telephone number, password, and PIN code information. Thereafter, the image forming apparatus 12 displays a screen for prompting the PIN code input. The user inputs the PIN code specified when generating the QR code. In addition, the image forming apparatus 12 confirms whether the PIN code acquired from the QR code matches the PIN code input by the user.

  If they match, the image forming apparatus 12 authenticates the authentication destination with the user authentication information of the telephone number and password, and if the authentication is successful, permits the target user to use the image forming apparatus 12. If they do not match, an authentication error occurs at that time, and the target user is not permitted to use the image forming apparatus 12. Thereby, for example, even if the QR code leaks to a third party, the image forming apparatus 12 cannot be used without knowing the PIN code. Therefore, since it can be determined whether or not a legitimate user is using the PIN code, it is possible to restrict the use of the image forming apparatus 12 that is the target apparatus while maintaining security.

  Next, functional configuration examples of the terminal device 11 and the image forming apparatus 12 described above will be described with reference to the drawings.

<Example of Functional Configuration of Terminal Device 11>
FIG. 2 is a diagram illustrating an example of a functional configuration of the terminal device according to the first embodiment. The terminal device 11 illustrated in FIG. 2 includes an authentication information reception unit 21 as an example of an authentication information reception unit that receives authentication information, and a QR code generation as an example of an image data generation unit that generates image data in which authentication information is encoded. A storage unit 23 as an example of a storage unit that stores various types of data; and a display unit 24 as an example of a display unit that displays various types of information.

  The authentication information receiving unit 21 receives user authentication information (telephone number, password, additional authentication information). Since the telephone number is information stored in the terminal device 11, the telephone number can be input by the user or automatically acquired. The authentication information is not limited to this, and a user affiliation code, company code, or the like may be used.

  The QR code generating unit 22 generates image data encoded into a code or the like based on the authentication information received from the authentication information receiving unit 21. The QR code generation unit 22 generates a QR code as an example of image data, but is not limited to this. For example, as described above, the QR code generating unit 22 may generate one-dimensional or two-dimensional image data such as Data Matrix, PDF 417, and barcode, image data using a plurality of different colors and shapes, and the like.

  The storage unit 23 stores the QR code generated by the QR code generation unit 22. The information to be stored is not limited to this, and the execution progress and result of each process in the present embodiment, address information for connecting to other devices via the communication network N, and the like are stored. May be.

  The display unit 24 displays image data such as a QR code stored in the storage unit 23 on the screen in response to a display request from the user. For example, the display unit 24 may be a touch panel that displays various screens for the user to operate and can accept input from the user.

<Functional Configuration Example of Image Forming Apparatus 12>
FIG. 3 is a diagram illustrating an example of a functional configuration of the image forming apparatus according to the first embodiment. The image forming apparatus 12 illustrated in FIG. 3 includes a QR code reading unit 31 as an example of a reading unit that reads image data, and a QR as an example of a decoding unit that decodes encoded image data to obtain authentication information. The code decoding unit 32, the PIN input receiving unit 33 as an example of the additional information receiving unit that receives the input of additional information, the first authentication unit that executes authentication based on the additional information, and the authentication based on user authentication information An authentication unit 34 as an example of a second authentication unit, an image forming unit 35 as an example of an image forming unit that executes various processes for forming an image, provides an application, and the like, and an operation content by a user or the like And an operation unit 36 as an example of an operation unit that receives the information.

  The QR code reading unit 31 reads image data for authentication such as a QR code displayed on the terminal device 11 by the user. The QR code reading unit 31 has an imaging unit such as a camera, for example, and has a function of capturing a screen of the terminal device 11 by the imaging unit, analyzing the captured image, and acquiring image data such as a QR code. Also good. The QR code reading unit 31 may have a function such as a QR code reader.

  The QR code decoding unit 32 decodes the original authentication information (telephone number, password, additional authentication information) from the QR reading unit code read by the QR code reading unit 31.

  The PIN input receiving unit 33 displays a PIN code input screen and receives information related to the PIN input by the user. The PIN input screen is, for example, a dialog screen, and can be input using a touch panel or the like on the image forming apparatus 12, but is not limited thereto.

  The authentication unit 34 verifies the validity of the authentication information using the additional authentication information included in the authentication information decrypted by the QR code decrypting unit 32. For example, the authentication unit 34 checks whether the PIN included in the additional authentication information matches the PIN input from the PIN input reception unit 33 (first authentication unit). Further, when the PIN is correct (when authentication is permitted), the authentication unit 34 authenticates the authentication server 13 via the communication network N and acquires the result (second authentication unit). If the PIN is not correct (authentication failure in the first authentication unit) or the authentication result of the authentication server 13 fails (authentication failure in the second authentication unit), the authentication unit 34 An error message is displayed on the screen to notify the user.

  The image forming unit 35 executes processing such as printing and provides an application to a user who has been successfully authenticated by the authentication unit 34. The image forming unit 35 can provide various functions such as printing, scanner, FAX, and mail transmission, but is not limited thereto.

  The operation unit 36 performs operations for a user or the like to cause the image forming apparatus 12 to perform various processes. The operation unit 36 is a touch panel or the like, and a user can input various instructions through a menu screen or the like displayed on a panel (operation panel). Further, the operation unit 36 may display a message for reading authentication image data (QR code), a message for inputting a PIN, and the like.

<Hardware configuration example of terminal device 11>
FIG. 4 is a diagram illustrating an example of a hardware configuration of the terminal device. In the example of FIG. 4, the terminal device 11 includes a CPU 41, a ROM (Read Only Memory) 42, a RAM (Random Access Memory) 43, a flash ROM 44, a display unit 45, an operation unit 46, and a media I / F 47. A wireless LAN communication unit 48, a carrier communication unit 49, and a camera 50.

  The CPU 41 controls the overall operation of the terminal device 11 by executing a program 51 stored in the flash ROM 44. For example, the CPU 41 controls various processes in the authentication information reception unit 21, the QR code generation unit 22, and the display unit 24 described above. The ROM 42 stores IPL (Initial Program Loader) and static data. The RAM 43 is used as a work area when the CPU 41 executes the program 51.

  The flash ROM 44 stores a program 51 executed by the CPU 41. The program 51 includes an OS (for example, Android (registered trademark), iOS (registered trademark), Windows (registered trademark)), middleware, and a program that provides the following functions of the terminal device 11.

  The display unit 45 displays a user interface (UI) screen such as liquid crystal or organic EL. A graphic control unit (not shown) interprets a drawing command written in the video RAM by the CPU 41 and displays various information such as a window, a menu, a cursor, a character, or an image on the display unit 45. The display unit 45 has a touch panel integrally. The display unit 45 displays image data such as a QR code used at the time of authentication.

  The operation unit 46 is a hard key or button that accepts a user operation, and a touch panel. The operation content is notified to the CPU 41.

  The media I / F 47 controls reading or writing (storage) of data with respect to a recording medium such as a flash memory.

  The wireless LAN communication unit 48 controls the modulation method, transmission speed, frequency, etc. based on IEEE802.11b / 11a / 11g / 11n, etc., and converts the received radio wave into a digital signal. Further, the data requested to be transmitted from the CPU 41 is modulated according to the standard and transmitted as a radio wave.

  The carrier communication unit 49 performs various communications by a telecommunications carrier contracted by the user of the terminal device 11. The telecommunications carrier is, for example, a mobile phone carrier, a WiMax carrier, or the like that communicates with a communication standard such as CDMA (Code Division Multiple Access) or LTE (Long Term Evolution). A SIM (Subscriber Identity Module Card) card is attached to the carrier communication unit 49. The SIM card is an IC card that stores contractor information issued by a telecommunications carrier to a contractor, and mainly stores a unique number called IMSI (International Mobile Subscriber Identity), a mobile phone number, and the like. .

  The carrier communication unit 49 performs modulation or the like according to a communication method determined by a telecommunications carrier and communicates with a base station connected to the Internet. The base station is connected to a carrier server of a telecommunications carrier, and the carrier server gives a temporary IP address to the terminal device 11. Note that the terminal device 11 can also communicate with the authentication server 13 via the Internet. The terminal device 11 often has a carrier communication unit 49 in addition to the wireless LAN communication unit 48 connected to the wireless LAN, for example.

  The camera 50 captures a predetermined subject or the like based on camera parameters such as a preset angle of view and resolution, and acquires image data. The program 51 is a file in an installable format or an executable format, and is recorded and distributed on a computer-readable recording medium. The program 51 is distributed to the terminal device 11 in a file that can be installed or executed from an external server or the like. The program 51 may include an authentication program in the present embodiment and other applications (such as a maintenance application).

<Hardware Configuration Example of Image Forming Apparatus 12>
FIG. 5 is a diagram illustrating an example of a hardware configuration of the image forming apparatus. In the example of FIG. 5, the image forming apparatus 12 includes a controller 61, an FCU (facsimile control unit) 62, a scanner engine 63, a plotter engine 64, and an operation panel 65. Further, the operation panel 65 has a display unit 66.

  The controller 61 includes a CPU 71, an NB (North Bridge) 72, an MEM-P (System Memory) 73, an MEM-C (Local Memory) 74, an ASIC 75, an SB (South Bridge) 76, and an NIC (Network Interface). Controller) 77, USB device 78, IEEE 1394 device 79, Centronics device 80, HDD (hard disk drive) 81, and memory card slot 82. The HDD 81 has a program 83. The memory card slot 82 can be loaded with a memory card 84, and information stored in the memory card 84 can be read or written.

  The CPU 71 is an IC for executing various types of information processing, and executes programs for providing applications and services in parallel on a process basis by an OS such as UNIX (registered trademark) or Linux (registered trademark). For example, the CPU 71 controls various processes in the above-described QR code reading unit 31, QR code decoding unit 32, PIN input receiving unit 33, authentication unit 34, and image forming unit 35.

  The NB 72 is a bridge for connecting the CPU 71 and the ASIC 75. The SB 76 is a bridge for connecting the NB 72 and peripheral devices. The ASIC 75 and the NB 72 are connected via an AGP (Accelerated Graphics Port).

  The MEM-P 73 is a memory connected to the NB 72. The MEM-C 74 is a memory connected to the ASIC 75. The ASIC 75 is an image processing IC. For example, the ASIC 75 performs not only processing on image data at the time of printing but also decoding of the read QR code.

  The NIC 77 is a controller for performing data communication using a MAC address or the like via a network or the like. The USB device 78 is a device for providing a serial port compliant with the USB standard. The IEEE 1394 device 79 is a device for providing a serial port conforming to the IEEE 1394 standard. The Centronics device 80 is a device for providing a parallel port conforming to the Centronics specification.

  The NIC 77, USB device 78, IEEE 1394 device 79, and Centronics device 80 are connected to the NB 72 and the SB 76 via a PCI (Peripheral Component Interconnect) bus.

  The HDD 81 is a storage connected to the ASIC 75, and is used to perform image data accumulation, document data accumulation, program accumulation, font data accumulation, form data accumulation, and the like.

  The memory card slot 82 is connected to the SB 76 and is used for setting (inserting) the memory card 84. The memory card 84 is a flash memory such as a USB memory, and is used for distributing the program 83.

  The program 83 includes an OS (Operating System), middleware, and programs that provide various functions in the present embodiment. The program 83 is a file in an installable or executable format, and is distributed by being recorded on a computer-readable recording medium. The program 83 is distributed in a file that can be installed or executed from an external server or the like.

  The FCU 62 is connected to the network via the NIC 77 and is connected to, for example, T.F. 37, T.A. The image data is transmitted and received according to a communication procedure corresponding to the 38 standard or a communication procedure corresponding to the G3 and G4 standards by connecting to the public communication network. Even if the image data is received when the power of the image forming apparatus 12 is OFF, the plotter engine 64 can be activated to print the image data on paper.

  The scanner engine 63 optically scans the document placed on the contact glass, performs A / D conversion on the reflected light, performs image processing, and performs digital processing with a predetermined resolution (hereinafter also referred to as “image data”). Say). Further, the scanner engine 63 may have a function of reading the image data for authentication (for example, QR code) displayed on the screen of the terminal device 11 as the above-described QR code reading unit 31. Note that the image data reading function for authentication is not limited to this. For example, a camera or the like is provided, and an image displayed on the screen of the terminal device 11 is captured by the camera. Also good. The camera may be built in the image forming apparatus 12 or may be externally attached. Therefore, the QR code displayed on the screen of the terminal device 11 may be read by an external camera, and the read QR code image data may be input to the image forming apparatus 12.

  The plotter engine 64 has, for example, a tandem type photosensitive drum, modulates a laser beam based on image data and PDL data received from the terminal device 11, and scans the photosensitive drum to form a latent image. The image for each page, developed by attaching toner to the latent image, is transferred to a sheet with heat and pressure. It is not limited to such an electrophotographic plotter, but may be an ink jet type plotter engine that discharges droplets to form an image.

  The operation panel 65 is hardware (operation unit) for the user to input to the image forming apparatus 12 such as an MFP, and a display unit that is hardware for the image forming apparatus 12 to provide visible information to the user. 66. The operation panel 65 is connected to the ASIC 75. The FCU 62, the scanner engine 63, and the plotter engine 64 are connected to the ASIC 75 via the PCI bus.

<Example of QR Code Generation Processing in First Embodiment>
FIG. 6 is a sequence diagram illustrating an example of a QR code generation process in the first embodiment. In the process shown in FIG. 6, the user 90 inputs authentication information (telephone number, PW (password), PIN, etc.) to generate a QR code from the terminal device 11. The authentication information reception unit 21 receives the input authentication information (telephone number, PW, PIN) (S01), and outputs a QR code generation request to the QR code generation unit 22 based on the information (S02). .

  Next, the QR code generating unit 22 generates a QR code based on the input authentication information (telephone number, PW, PIN) (S03), receives the generated QR code (S04), and receives the QR code data. It memorize | stores in the memory | storage part 23 (S05).

  Next, when receiving a QR code display request from the user 90 (S06), the display unit 24 makes an acquisition request to the storage unit 23 to acquire the QR code (S07), and displays the acquired QR code. (S08). Thereby, the QR code display is recognized by the user 90 (S09).

<Example of Authentication Processing Using QR Code in First Embodiment>
Next, an example of authentication processing using a QR code in the first embodiment will be described. FIG. 7 is a sequence diagram illustrating an example of an authentication process using a QR code in the first embodiment. When the user 90 holds the terminal device 11 or the like on which the QR code is displayed over the QR code reading unit 31 on the image forming apparatus 12, the QR code reading unit 31 reads the QR code displayed on the screen (S11). Next, the QR code reading unit 31 outputs the read QR code decoding request to the QR code decoding unit 32 (S12).

  The QR code decrypting unit 32 decrypts the authentication information (telephone number, PW, PIN) from the QR code (S13), and acquires the decrypted telephone number, PW, PIN information (S14). Next, the QR code decoding unit 32 requests the PIN input receiving unit 33 to display a PIN input screen (S15).

  Next, the PIN input receiving unit 33 displays a PIN input screen (S16), receives a PIN input from the user 90 (S16), and outputs the received input PIN to the QR code decoding unit 32 (S17). ).

  Next, the QR code decrypting unit 32 acquires the input PIN from the PIN input receiving unit 33 (S18), and the acquired input PIN and the decrypted authentication information (telephone number, PW, PIN) are authenticated. 34 (S19).

  As the first authentication process, the authentication unit 34 determines whether the PIN included in the authentication information matches the input PIN by the user (S20). If they match, the authentication succeeds via the communication network N. Then, an authentication request is transmitted to the authentication server 13 (S21). If the PINs do not match in the process of S20, the authentication unit 34 notifies the user 90 of a message indicating an authentication error without making an authentication request to the authentication server 13, and ends the process.

  The authentication server 13 performs an authentication process (second authentication process) in response to the authentication request from the authentication unit 34 (S22), and transmits the result to the authentication unit 34 (S23). As a result of authentication by the authentication server 13, the authentication unit 34 notifies the user 90 of information indicating the use permission when the use of the image forming apparatus 12 is permitted (when the authentication is successful) (S24). In the process of S24, a message indicating that the image forming apparatus 12 can be used may be displayed, or a menu screen for executing the image forming apparatus 12 may be displayed.

  Further, when the authentication result in the process of S23 does not permit the use (when the authentication fails), the authentication unit 34 notifies the corresponding error information to the user 90 and uses the image forming apparatus 12. The process is terminated without permission.

<Screen example>
FIG. 8 is a diagram illustrating an example of a screen in the first embodiment. 8A and 8B show screen examples of the operation panel of the image forming apparatus 12. As described above, in the first embodiment, the image forming apparatus 12 displays the message 101 for reading the authentication image data (QR code) on the screen 100-1 as shown in FIG. To do. The user who sees the display displays the image data 102 such as a QR code on the screen of his / her terminal device 11 and holds the image data over a position where the image forming apparatus 12 can read the image data (a position where the image can be taken from a camera or the like). .

  The image forming apparatus 12 that has read the image data displays the image data 102 on a screen (PIN input screen) 100-2 as shown in FIG. 8B. In addition, the image forming apparatus 12 displays a message 103 that prompts the user to input a PIN code corresponding to the read image data (QR code). The user inputs the PIN corresponding to the PIN input area 104 on the screen 100-2, whereby the above-described authentication process is executed.

  If the authentication in the first embodiment is successful, the image forming apparatus 12 permits the user to log in, permits the execution of various processes based on the user's authority, and performs processes such as copying, printing, scanning, and faxing. A normal operation menu screen or the like is displayed. If the authentication fails, the user is not permitted to log in and a message to that effect is displayed on the screen.

  Processing performed by the image forming apparatus 12 by user operation after login is recorded as a log. For example, if the user performs copying or printing, the number of printing sheets output at that time, printing conditions such as color or monochrome, and the like are recorded. The log includes a telephone number. The log may include user identification information such as a user name, and can be used in place of the telephone number as long as the telephone number identification information can identify the telephone number. That is, by associating the contents of the processing executed by the image forming apparatus 12 with a telephone number, for example, the usage number (utilization fee) calculated based on this log is used to log in the telephone number of the terminal device 11 used for login. It becomes possible to link with. Therefore, for example, the usage fee of the terminal device 11 and the usage fee based on the log can be added together and managed, and it becomes possible to charge (collect) the fee collectively.

  According to the configuration shown in the first embodiment described above, even if the QR code leaks to a third party, the target image forming apparatus 12 cannot be used without knowing the PIN code information. Accordingly, it is possible to restrict the use of the image forming apparatus 12, which is an example of the target apparatus, while maintaining security.

Second Embodiment
Next, a second embodiment of the information processing system described above will be described. In the second embodiment, an expiration date of image data for authentication such as a QR code is set. For example, in the first embodiment described above, illegal use of the image forming apparatus 12 can be prevented even when a QR code image leaks by using a PIN.

  However, since it takes time to input the PIN, there is a user's need to authenticate only by holding the QR code. Therefore, in the second embodiment, an authentication method without PIN input will be described.

  Note that the system configuration and the configuration of the terminal device 11 can use the same configurations as those of the first embodiment described above, and thus a specific description thereof will be omitted.

<Example of Functional Configuration of Image Forming Apparatus in Second Embodiment>
FIG. 9 is a diagram illustrating a functional configuration example of the image forming apparatus according to the second embodiment. In the example of FIG. 9, the image forming apparatus 12 ′ is an example of a QR code reading unit 31 as an example of a reading unit that reads image data, and an example of a decoding unit that decodes the encoded image data to obtain authentication information. As a QR code decoding unit 32, a first authentication unit that executes recognition based on information other than PIN, and an authentication unit 34 ′ as an example of a second authentication unit that executes authentication based on user authentication information; , An image forming unit 35 as an example of an image forming unit that executes various processes for forming an image, provides an application, and the like, and an operation unit 36 as an example of an operation unit that accepts an operation content by a user or the like. .

  The image forming apparatus 12 ′ illustrated in FIG. 9 does not include the PIN input receiving unit 33 as compared with the image forming apparatus 12 in the first embodiment. In this case, the authentication unit 34 ′ performs authentication in the first authentication unit using other information without using the PIN.

  For example, the authentication unit 34 ′ checks whether the difference between the additional authentication information (for example, QR code generation date / time) included in the authentication information decoded by the QR code decoding unit 32 and the current date / time is within a certain time ( Perform expiration date check).

  Further, if the difference between the dates and times is within a certain time as a result of the check, the authentication unit 34 ′ regards the authentication as successful, performs authentication processing on the authentication server 13 as second authentication processing, and the authentication result Accordingly, the use of the image forming apparatus 12 ′ is restricted for the target user.

<Example of QR Code Generation Processing in Second Embodiment>
FIG. 10 is a sequence diagram illustrating an example of a QR code generation process in the second embodiment. In the process shown in FIG. 10, the user 90 inputs authentication information (telephone number, PW) used for QR code generation from the terminal device 11, and the authentication information reception unit 21 receives the input authentication information (phone number, PW). (PW) is received (S31). Next, the authentication information reception unit 21 outputs a QR code generation request to the QR code generation unit 22 based on the input information (S32).

  When the QR code generation unit 22 acquires the input authentication information (telephone number, PW), the QR code generation unit 22 acquires the current date and time information (S33), sets the current date information as the generation date and time (S34), the generation date and time, and the authentication A QR code is generated based on the information (telephone number, PW) (S35). The QR code generating unit 22 receives the generated QR code (S36), and stores the QR code data in the storage unit 23 (S37).

  Next, upon receiving a QR code display request from the user 90 (S38), the display unit 24 makes an acquisition request to the storage unit 23 to acquire the QR code (S39), and displays the acquired QR code. (S40). Thereby, the QR code display is recognized by the user 90 (S41).

<Example of authentication processing using QR code in the second embodiment>
FIG. 11 is a sequence diagram illustrating an example of an authentication process using a QR code in the second embodiment. In the example of FIG. 11, when the user 90 holds the terminal device 11 or the like on which the QR code is displayed over the QR code reading unit 31 on the image forming apparatus 12 ′ during authentication, the QR code reading unit 31 displays the QR code information. Is read (S51). Next, the QR code reading unit 31 outputs a QR code decoding request to the QR code decoding unit 32 (S52).

  The QR code decoding unit 32 decodes the authentication information (telephone number, PW, QR code generation date) from the QR code (S53), and acquires the telephone number, PW, QR code generation date (S54).

  Next, the QR code decoding unit 32 outputs an authentication request based on the telephone number, PW, and QR code generation date and time to the authentication unit 34 ′ (S55). Upon receiving the authentication request from the QR code decoding unit 32, the authentication unit 34 ′ acquires the QR code generation date (date information) included in the authentication request (S56). Further, the authentication unit 34 ′ obtains the current date and time information (S57), compares the dates and times as the first authentication process, and checks whether the difference is within a certain time or not. (Generation date / time, current date / time) is performed (S58). If the difference is within a certain period of time, the authentication unit 34 ′ transmits an authentication request using the telephone number and PW to the authentication server 13 (S59). In the process of S58, if the difference is not within a certain time, the authentication unit 34 ′ notifies the user 90 of a message indicating an authentication error without making an authentication request to the authentication server 13, and ends the process. To do.

  The authentication server 13 performs an authentication process (second authentication process) in response to the authentication request from the authentication unit 34 ′ (S60), and transmits the result to the authentication unit 34 ′ (S61). As a result of authentication by the authentication server 13, the authentication unit 34 ′ notifies the user of information indicating the use permission when the use of the image forming apparatus 12 ′ is permitted (when the authentication is successful) (S62). In the process of S62, a message indicating that the image can be used may be displayed, or a menu screen for executing the image forming apparatus 12 ′ may be displayed.

  If the authentication result in S61 does not permit use (if authentication fails), the authentication unit 34 ′ notifies the corresponding error information to the user 90 and the image forming apparatus 12 ′. The process is terminated without permitting use.

<Example of expiration date check>
Next, an example of the above-described expiration date check will be described. An example of a comparison method between the current date and time information and the QR code generation date and time is, for example, “OK (authentication successful) if the difference between the current date and time and the generation date and time is within a certain time (for example, within 12 hours). As another example, if the current date and time and the date and time of occurrence are the same date, it may be OK.

  The fixed time may be set for each image forming apparatus 12 ′ in the information processing system 10, and is set variably according to the time zone, day of the week, and each user who uses the image forming apparatus 12 ′. May be.

  As described above, according to the second embodiment, the trouble of inputting a PIN using the PIN input screen as shown in FIG. 8B described above can be omitted, and security is maintained. It can be confirmed whether or not a legitimate user is using it. In addition, when the user is a valid user, the use of the target device (for example, the image forming device 12 ′) is permitted, thereby restricting the use of the target device. A user ID or the like may be used instead of the telephone number used in the second embodiment described above.

<Other embodiments>
Next, another embodiment will be described. In the first and second embodiments described above, the system configuration example including the authentication server 13 has been described. However, for example, authentication using a telephone number and a password (PW) may be performed in the image forming apparatus 12 (12 ′). . In this case, the function of the second authentication unit in the authentication server 13 is included in the image forming apparatus 12.

  In the first and second embodiments described above, the QR code for authentication is generated on the terminal device 11. However, an external device (for example, another device such as a PC or a server) is used. A QR code may be generated. In this case, for example, when the PIN is included in the QR code as shown in the first embodiment, the PIN code may be input in advance to an external device that generates the QR code. Further, the terminal device 11 can capture the QR code generated by the external device with the camera of the terminal device 11 or transmit an image of the QR code from the external device to the terminal device 11 using e-mail. A QR code can be acquired.

  In the first and second embodiments described above, PW is included in the authentication information, but the security is further improved by performing encryption without including the password information directly in the image data such as the QR code. Can be made.

  In that case, the QR code generation unit 22 described above performs encryption on the PW using the PIN code as a key, and generates a QR code based on the encrypted PW, the telephone number, and the PIN code. Note that the information to be encrypted may include not only the PW but also information such as a telephone number. Further, when a PIN code is input to the image forming apparatus 12 at the time of authentication, the PW encrypted based on the input PIN code is also decrypted to obtain the PW.

  When encryption is performed using the above-described PIN code, a key of “PIN + numerical value of predetermined number of digits, character” may be used by further adding a numerical value or character of a predetermined number of digits. As a result, the number of digits can be increased to further improve security. In this case, when inputting the PIN in the image forming apparatus 12, a numerical value of a predetermined number of digits, characters, and the like are input in addition to the PIN.

  Further, as described above, when the PIN code is used as the encryption key for the password (PW), the QR code may not include the PIN code. In this case, the PW is acquired from the authentication server 13 using the telephone number read from the QR code (not limited to the telephone number but may be a user ID, for example) as a key, and decrypted with the acquired PW. As a result, the authentication process can be performed based on whether the decrypted PIN code matches the PIN code value input on the input screen.

  As another embodiment, for example, in the process of S19 of FIG. 7 shown in the first embodiment, the QR code decryption unit 32 obtains the acquired input PIN and the decrypted authentication information (phone number, PW, PIN). ) May be output to the authentication unit 34, and a login notification (telephone call) indicating that there is an authentication request addressed to the telephone number obtained by decryption may be performed. Similarly, in the process of S55 of FIG. 11 shown in the second embodiment, the QR code decoding unit 32 outputs an authentication request based on the telephone number, PW, and QR code generation date to the authentication unit 34 ′. Not only login notifications may be made to phone numbers.

  For example, in the case of the terminal device 11 having a call function or the like, notification (short mail) can be performed using a telephone number. Accordingly, the image forming apparatus 12 (12 ′), after reading the QR code, notifies the telephone number obtained by decryption, so that even if the QR code voyeurized by a third party is used, Will be notified. Therefore, it can be confirmed that an unauthorized user is using it, and security can be maintained.

  As another embodiment, authentication can be performed using the shape of a QR code. For example, a QR code that has been voyeurized by someone is captured at an angle other than a distant position or front, and therefore does not basically become a square. Therefore, when the QR code is read by the QR code reading unit 31 of the image forming apparatus 12, the shape of the image of the QR code is determined, and it is determined whether the QR code is illegally acquired according to the degree of distortion. can do.

  For example, in the process of S14 of FIG. 7 shown in the first embodiment, the QR code decrypting unit 32 decrypts the authentication information (telephone number, PW, PIN) from the QR code and stores each of the telephone number, PW, PIN. Get information. At this time, the QR code decoding unit 32 determines the shape of the QR code image and acquires the degree of distortion. In the process of S54 of FIG. 11 shown in the second embodiment, the QR code decoding unit 32 decodes the authentication information (telephone number, PW, QR code generation date / time) from the QR code to obtain the telephone number, PW, Each information of QR code generation date is acquired. Similarly, at this time, the QR code decoding unit 32 determines the shape of the QR code image and acquires the degree of distortion. In addition, as a degree of distortion, for example, a degree can be obtained by quantifying the degree of distortion based on a preset shape such as a square and the inclination from the reference. It is not limited to this.

  In addition, the QR code decoding unit 32 compares the acquired degree of distortion with a preset distortion threshold, and when the acquired distortion is greater than the threshold (when greatly distorted), the subsequent steps The process ends without performing the process. At this time, the QR code decoding unit 32 may notify the user 90 that the processing has been completed. As a result, it can be confirmed whether or not a legitimate user is using it, and security can be maintained.

  According to each embodiment mentioned above, it can check that an unauthorized user is using. In addition, use of the target device can be restricted while maintaining security.

  The present invention is not limited to the specifically disclosed embodiments, and various modifications and changes can be made without departing from the scope of the claims. For example, in the authentication server 13 that performs authentication of a user who uses the image forming apparatus 12, the user name may not be registered in the user information. For example, if there is another user management server that manages the usage amount (utilization fee) based on the log in association with the terminal device 11 and charges it, a log including the telephone number and the usage amount is transmitted to the user management server. do it. However, in this case, the user management server cannot charge the user unless the telephone number of the terminal device 11 and the user name of the owner of the terminal device 11 are managed in association with each other. Therefore, when it is desired to manage the usage amount in association with the user, in any apparatus of the information processing system 10 including or not including the user management server, user identification information such as a user name and a terminal such as a telephone number It is necessary to associate and manage unique information.

  In addition, the sequence diagrams described in the above embodiments may be switched in order as long as there is no contradiction. Moreover, all or some of the above-described embodiments can be combined. In addition, all or a part of each of the embodiments described above installs a corresponding program (for example, an authentication program) in a computer (for example, at least one of the terminal device 11, the image forming apparatus 12, and the authentication server 13). Can be implemented. Further, this program can be stored in a recording medium (recording medium).

DESCRIPTION OF SYMBOLS 10 Information processing system 11 Terminal apparatus 12 Image forming apparatus (an example of information processing apparatus)
13 Authentication server 21 Authentication information receiving unit (an example of authentication information receiving means)
22 QR code generator (an example of image data generator)
23 storage unit (an example of storage means)
24 display unit (example of display means)
31 QR code reading unit (an example of reading means)
32 QR code decoding unit (an example of decoding means)
33 PIN input reception unit (an example of additional information reception means)
34 Authentication unit (an example of first authentication means and second authentication means)
35 Image forming section (an example of image forming means)
36 Operation unit 41, 71 CPU
42 ROM
43 RAM
44 Flash ROM
45 Display unit 46 Operation unit 47 Media I / F
48 Wireless LAN communication unit 49 Carrier communication unit 50 Camera 51, 83 Program 61 Controller 62 FCU
63 Scanner engine 64 Plotter engine 65 Operation panel 72 NB
73 MEMP
74 MEMC
75 ASIC
76 SB
77 NIC
78 USB device 79 IEEE 1394 device 80 Centronics device 81 HDD
82 Memory card slot 84 Memory card 90 User

JP 2010-218186 A

Claims (13)

In an information processing system that authenticates an information processing device and a terminal device that uses the information processing device,
Authentication information accepting means for accepting user information and at least one additional authentication information;
Image data generating means for generating image data using user information received from the authentication information receiving means and at least one additional authentication information;
Storage means for storing the image data generated by the image data generation means in the terminal device;
Reading means for reading the image data stored by the storage means;
Decoding means for decoding authentication information included in the image data read by the reading means;
Of the authentication information decrypted by the decryption means, a first authentication means for confirming validity using the additional authentication information;
An information processing system comprising: a second authentication unit that performs second authentication using the authentication information when authentication is permitted by the first authentication unit. The image data generating means
The information processing system according to claim 1, wherein the image data to be generated includes a QR code. The first authentication means includes
The information processing system according to claim 1 or 2, wherein a PIN code or a generation date and time of the image data is used as the additional authentication information.   The information processing system according to claim 1, wherein the user information includes a telephone number. In an authentication method for authenticating a terminal device using an information processing apparatus,
An authentication information acceptance procedure for accepting user information and at least one additional authentication information;
An image data generation procedure for generating image data using the user information received from the authentication information reception procedure and at least one additional authentication information;
A storage procedure for storing the image data generated in the image data generation procedure in the terminal device;
A reading procedure for reading the image data stored by the storing procedure;
A decoding procedure for decoding authentication information included in the image data read by the reading procedure;
Of the authentication information decrypted in the decryption procedure, a first authentication procedure for confirming validity using the additional authentication information;
And a second authentication procedure for performing a second authentication using the authentication information when authentication is permitted in the first authentication procedure. The image data generation procedure includes:
The authentication method according to claim 5, wherein the image data to be generated includes a QR code. The first authentication procedure includes:
The authentication method according to claim 5 or 6, wherein a PIN code or a date and time of generation of the image data is used as the additional authentication information.   The authentication method according to claim 5, wherein the user information includes a telephone number. In an information processing apparatus that authenticates a terminal device,
Reading means for reading image data displayed on the screen of the terminal device;
Decoding means for decoding authentication information included in the image data read by the reading means;
Of the authentication information decrypted by the decryption means, a first authentication means for confirming validity using preset additional authentication information;
An information processing apparatus comprising: a second authentication unit configured to perform a second authentication using the authentication information when authentication is permitted by the first authentication unit. The first authentication means includes
The information processing apparatus according to claim 9, wherein a PIN code or a generation date and time of the image data is used as the additional authentication information. Additional information receiving means for receiving the input of the PIN code;
11. The first authentication unit checks the validity by comparing the PIN code input by the additional information receiving unit with a PIN code included in the additional authentication information. The information processing apparatus described in 1. The first authentication means includes
11. The information processing according to claim 10, wherein the validity is confirmed by comparing date / time information when the image data is read by the reading unit and the generation date / time included in the additional authentication information. apparatus. Computer
The authentication program for functioning as each means which the information processing apparatus of any one of Claims 9 thru | or 12 has.

Images