Information processing apparatus capable of authentication processing with improved user convenience, control program for information processing apparatus, and recording medium having control program for information processing apparatus recorded thereon
09633189 ยท 2017-04-25
Assignee
Inventors
Cpc classification
H04L9/3226
ELECTRICITY
H04N1/4433
ELECTRICITY
H04N1/4413
ELECTRICITY
International classification
G06F21/30
PHYSICS
H04L9/32
ELECTRICITY
Abstract
An information processing apparatus determines whether a device accesses a box region of the information processing apparatus. When it is determined that the box region is accessed, a box ID entry screen is displayed on the device. The information processing apparatus determines whether a box ID is entered by a user of the device. If it is determined that a box ID is entered, then device information about the device is obtained. After the device information is obtained, the information processing apparatus determines whether the device possesses a hardware keyboard. If it is determined that the device possesses a hardware keyboard, a password authentication screen is displayed on the device. If it is determined that the device does not possess a hardware keyboard, an image authentication screen is displayed on the device.
Claims
1. An information processing apparatus, comprising: a hardware processor, wherein the hardware processor is configured to implement the following control units: a first processing unit configured to accept an access from each of a plurality of different kinds of connectable operation devices, wherein the connectable operation devices each comprise a display device, a device information obtaining unit configured to receive information relating to a display format of the display device of an operation device of said plurality of different kinds of connectable operation devices, a generating unit configured to generate an authentication image suitable for the display format of the display device of said operation device, wherein said authentication image is based on said received information relating to the display format of the display device of said operation device, wherein the generated authentication image is to be displayed on the display device of said operation device together with a number of images, and a second processing unit configured to (i) accept a selection of an authentication image from the number of images displayed on said display device, in response to access from said operation device, wherein said selection is provided by an input to said operation device, and (ii) execute an image authentication process based on an agreement between said selected authentication image and a stored authentication image, and wherein the information relating to the display format includes (i) information of a display size of the display device of the operation device and (ii) information of a colored display or a monochrome display of the display device of the operation device.
2. The information processing apparatus according to claim 1, wherein said information relating to a display format further includes information concerning gray scale of said display device of said operation device.
3. The information processing apparatus according to claim 1, further comprising a first storing unit for storing, in a memory, an authentication image generated by said generating unit, wherein said memory stores information relating to a display format of said authentication image with said authentication image.
4. The information processing apparatus according to claim 3, further comprising a second storing unit for storing at least one image, other than an authentication image generated by said generating unit, which is included in said number of images.
5. The information processing apparatus according to claim 1, wherein the authentication image generated based on the received information relating to the display format of the display device of the operation device possesses different display characteristics than a second authentication image generated for the display format of the display device of a second operation device.
6. The information processing apparatus according to claim 5, wherein the different display characteristics of the authentication image and the second authentication image are a monochrome image and a color image.
7. The information processing apparatus according to claim 5, wherein the different display characteristics of the authentication image and the second authentication image are a different image size.
8. A control method for an information processing apparatus, comprising the steps of: accepting an access to said information processing apparatus from each of a plurality of different kinds of connectable operation devices, wherein the connectable operation devices each comprise a display device, receiving, from an operation device of said plurality of different kinds of connectable operation devices, information relating to a display format of the display device of the operation device, generating an authentication image suitable for the display format of the display device of said operation device, wherein said authentication image is based on said received information relating to the display format of said display device of said operation device, wherein the generated authentication image is to be displayed on the display device of said operation device together with a number of images, accepting a selection of an authentication image from the number of images, in response to access from said operation device, wherein said selection is provided by an input to said operation device, and executing an image authentication process based on an agreement between said selected authentication image and a stored authentication image, wherein the information relating to the display format includes (i) information of a display size of the display device of the operation device and (ii) information of a colored display or a monochrome display of the display device of the operation device.
9. A control method for an information processing apparatus according to claim 8, further comprising the step of storing, in a memory, an authentication image generated by said generating step which corresponds to an operation device that obtains access to the information processing apparatus.
10. A control method for an information processing apparatus according to claim 9, wherein said method further includes the steps of: transmitting an array of images including said generated authentication image stored in said memory and at least one other image, different from said authentication image, to present said number of images on the display device of the operation device, and accepting a selection of an image from the images displayed in said array, from said operation device.
11. A non-transitory computer-readable storage medium storing a control program for causing a computer of an information processing apparatus to execute processing including the steps of: accepting an access to said information processing apparatus from each of a plurality of different kinds of connectable operation devices, wherein the connectable operation devices each comprise a display device, receiving, from an operation device of said plurality of different kinds of connectable operation devices, information relating to a display format of the display device of the operation device, generating an authentication image suitable for the display format of the display device of said operation device, wherein said authentication image is based on said received information relating to the display format of the display device said operation device, wherein the generated authentication image is to be displayed on the display device of said operation device together with a number of images, accepting a selection of an authentication image from the number of images, in response to access from said operation device, wherein said selection is provided by an input to said operation device, and executing an image authentication process based on an agreement between said selected authentication image and a stored authentication image, wherein the information relating to the display format includes (i) information of a display size of the display device of the operation device and (ii) information of a colored display or a monochrome display of the display device of the operation device.
12. A non-transitory computer-readable storage medium according to claim 11, said control program further causing said computer to execute the step of storing, in a memory, an authentication image generated by said generating step, which corresponds to an operation device that makes access to the information processing device.
13. A non-transitory computer-readable storage medium according to claim 12, said control program further causing said computer to execute the steps of: transmitting, said generated authentication image stored in said memory and at least one other image, different from said authentication image, in an array to present said number of images on a display of an operation device, and accepting a selection of an image from the images displayed in the array by said, from said operation device.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(9)
(10)
(11)
(12)
(13)
(14)
(15)
(16)
(17)
(18)
(19)
(20)
(21)
(22)
(23)
(24)
(25)
(26)
(27)
(28)
(29)
(30)
(31)
(32)
(33)
(34)
(35)
(36)
DESCRIPTION OF THE PREFERRED EMBODIMENTS
(37) In the following, embodiments of the present invention will be described in detail with reference to the figures. It is noted that in the figures the same or corresponding parts are denoted with the same reference numerals and a description thereof will not be repeated.
First Embodiment
(38) An information processing system 1 in accordance with a first embodiment of the present invention will be described using
(39) Referring to
(40) PC 12 or PDA and MFP 11 are connected such that they can communicate data with each other through LAN 13.
(41) A mobile phone 16 is also connected with MFP 11 to communicate data via radio communication.
(42) LAN 13 is connected with a router 14, and router 14 is connected with a WAN 15 which is a second network. WAN 15 is connected with a PC 12A, so that PC 12A can communicate data with MFP 11 through WAN 15 or the like and router 14.
(43) In the first embodiment, a process of accessing a box function of MFP 11 from a device connected with MFP 11 via LAN or WAN will be described.
(44) Although a configuration in which one PC serving as a terminal device is connected with LAN 13 or WAN 15 is described here, the number of devices is not limited to one and more than one device may be connected. In other words, any configuration may be employed as long as MFP 11 can be accessed from the plurality of devices (operating devices).
(45) At least one device is connected. Not only LAN but also WAN (Wide Area Network) or the like may be employed.
(46) Using
(47) Referring to
(48) CPU 110 controls the entire MFP 11 and outputs a predetermined instruction to each unit.
(49) Network I/F unit 111 is an interface that executes data communication with an external device through LAN 13 or the like.
(50) Authentication image data generation unit 112 is a unit for generating image data for authentication as described later.
(51) Authentication processing unit 113 is a unit for executing an authentication process as described later.
(52) HDD 105 is a storage region for storing a variety of data.
(53) Operation panel 116 is an input interface of MFP 11 and accepts the user's operation input to accept input of an instruction, for example, for setting a variety of jobs. A display is also provided to present predetermined information to the user.
(54) Device information obtaining unit 117 is a unit for obtaining information of a device connected with MFP 11.
(55) Scanner 118 scans a document set on a not-shown platen to obtain image data.
(56) Printer 119 prints image data on prescribed paper.
(57) MFP 11 is connected with PC 12 serving as a terminal device through LAN 13.
(58) PC 12 includes a display 121, a user information input unit 122, and a communication I/F 123.
(59) For example, user information input unit 122 is an input interface such as a mouse or a keyboard. The user inputs data using the mouse or keyboard as user information input unit 122, in accordance with a predetermined content (login screen or the like) appearing on display 121, and the input data is, for example, sent to MFP 11 through communication I/F 123. Alternatively, information sent from MFP 11 is received by communication I/F 123 and then displayed on display 121 in accordance with the received content.
(60) Although the description has been made to PC 12, other devices, that is, PDA 17, mobile phone 16 and another PC also have the similar function.
(61) In this embodiment, a description will be made to a case where the box function is used by accessing MFP 11 from a plurality of connected devices.
(62) Using
(63) Here, a process of registering a user who uses the box function of MFP 11 will be described.
(64) First, CPU 110 of MFP 11 receives input of a box registration request command (sequence sq1). CPU 110 of MFP 11 then requests user information from PC 12 in response to the box registration request command from PC 12. Furthermore, device information obtaining unit 117 of MFP 11 requests data of the information terminal device connected with MFP 11, etc. (sequence sq2).
(65) Using
(66) Referring to
(67) Then, in the lower region of the screen, an OK button 506 and a Cancel button 508 are provided. The user specifies OK button 506 whereby the user ID data input in entry field 502 is output as user information to MFP 11.
(68) Furthermore, in response to the request from device information obtaining unit 117, data of the information terminal device and the like is output from PC 12 together with the user information. For example, data such as the model number, the manufacturer name, the product serial number, the presence/absence of a hardware keyboard, monochrome/color, gray scale, display, etc. is output.
(69) On the other hand, user account generation screen 500 is cleared by specifying Cancel button 508, and the box request command is cancelled.
(70) Referring to
(71) Using
(72) Device information obtaining unit 117 stores the information terminal device data that is the obtained device information, etc. in the device information registration table. The connected device IDs are allocated in the order of storage.
(73) Referring to
(74) For example, for the connected device ID 000001, registered are the model number of an operation panel MI-E1, the manufacturer name S Corporation, the product serial number A1234567, the presence/absence of hardware keyboard absent monochrome/color color, gray scale 16 levels, display small, the IP address, and the like.
(75) For the connected device ID 000002, registered are the model number of PC SH-04, the manufacturer name S Corporation, the product serial number S9876543, the presence/absence of hardware keyboard present, monochrome/color color, gray scale 256 levels, display large, the IP address, and the like.
(76) For the connected device ID 000003, registered are the model number of a mobile phone KX-FE830, the manufacturer name M Corporation, the product serial number M456789, the presence/absence of hardware keyboard absent, monochrome/color color, gray scale 256 levels, display small, the IP address, and the like.
(77) For the connected device ID 000004, registered are the model number of a PC M1-F1, the manufacturer name S Corporation, the product serial number F147258, the presence/absence of hardware keyboard present, monochrome/color color, gray scale 256 levels, display large, the IP address, and the like.
(78) Referring to
(79) Using
(80) Referring to
(81) Specifically, on password request screen 510, Please enter your password appears together with an entry field 512. In this example, 3k9thg78 is input in entry field 512.
(82) In the lower region of the screen, a Set button 514 and a Cancel button 516 are provided. The user specifies Set button 514 whereby data input in entry field 512 is output as password data to MFP 11.
(83) On the other hand, password request screen 510 is cleared by specifying Cancel button 516, and the box request command is cancelled.
(84) Referring to
(85) Then, an authentication image is generated (sequence sq7). Specifically, an authentication image is generated by authentication image data generation unit 112. An authentication image generation process in authentication image data generation unit 112 will be described later.
(86) Then, the generated authentication image is output to PC 12 (sequence sq8).
(87) Using
(88) Referring to
(89) Then, in the lower region of the screen, an OK button 522 and a Cancel button 524 are provided. The user specifies OK button 522 whereby data is output to MFP 11 to indicate that the displayed object image 526 is confirmed as an authentication image.
(90) Referring to
(91) Then, a registration complete notice is output to PC 12 (sequence sq11).
(92) Using
(93) Referring to
(94) Here, the colored object image 526 generated by authentication image data generation unit 112 is displayed as an authentication image.
(95) Using
(96) Referring to
(97) Then, it is determined whether the display format of the display is monochrome or color (step S4).
(98) If the display format of the display is monochrome in step S4, then process proceeds to step S6.
(99) On the other hand, if the display format of the display is color, then the process proceeds to step S20.
(100) Then, if it is determined as being monochrome in step S4, then it is determined whether the gray scale of the display is 16 levels or 256 levels (step S6).
(101) If the gray scale of the display is 16 levels in step S6, then the process proceeds to step S8.
(102) Then, it is determined whether the display size of the display is large or small (step S8). Specifically, it is determined whether the display size is equal to or greater than 640480 dots, by way of example.
(103) If the display size of the display is small (if less than 640480 dots) in step S8, it is determined that the characteristics of the display are monochrome, 16 levels, small display size (step S10). Then, an authentication image is generated in accordance with those characteristics. On the other hand, if the display size of the display is large (if equal to or more than 640480 dots) in step S8, it is determined that the characteristics of the display are monochrome, 16 levels, and large display size (step S12). Then, an authentication image is generated in accordance with those characteristics.
(104) Similarly, if it is determined that the gray scale of the display is 256 levels in step S6, then it is determined whether the display size of the display is large or small (step S14).
(105) If the display size of the display is small (if less than 640480 dots) in step S14, it is determined that the characteristics of the display are monochrome, 256 levels, small display size (step S16). Then, an authentication image is generated in accordance with those characteristics. On the other hand, if the display size of the display is large in step S14, it is determined that the characteristics of the display are monochrome, 256 levels, and large display size (step S18). Then, an authentication image is generated in accordance with those characteristics.
(106) If it is determined as being color in step S4, then it is determined whether the gray scale of the display is 16 levels or 256 levels (step S20).
(107) If the gray scale of the display is 16 levels in step S20, then the process proceeds to step S22.
(108) Then, it is determined whether the display size of the display is large or small (step S22).
(109) If the display size of the display is small (if less than 640480 dots) in step S22, it is determined that the characteristics of the display are color, 16 levels, small display size (step S24). Then, an authentication image is generated in accordance with those characteristics. On the other hand, if the display size of the display is large in step S22, it is determined that the characteristics of the display are color, 16 levels, and large display size (step S26). Then, an authentication image is generated in accordance with those characteristics.
(110) Similarly, if it is determined that the gray scale of the display is 256 levels in step S20, then it is determined whether the display size of the display is large or small (step S28).
(111) If the display size of the display is small in step S28, it is determined that the characteristics of the display are color, 256 level, and small display size (step S30). Then, an authentication image is generated in accordance with those characteristics. On the other hand, if the display size of the display is large in step S28, it is determined that the characteristics of the display are color, 256 levels, and large display size (step S32). Then, an authentication image is generated in accordance with those characteristics.
(112) Execution of this processing allows an authentication image to be generated in accordance with the display format of the information device.
(113) Using
(114) Referring to
(115) It is noted that a valid period during which an authentication image is available may be set, and the authentication image may be invalidated after the certain period of time. Specifically, the authentication image may be deleted.
(116) Although not shown here, for example, data such as the color, gray scale, and size of an object image is also stored as attribute information of the authentication image, together with the object image.
(117) Using
(118) Referring to
(119) If it is determined that box region 115 is accessed in step ST2, then a box ID entry screen is displayed (step ST3).
(120) Using
(121) In this example, the box is accessed from an operation panel, by way of example.
(122) Referring to
(123) For example, here, box ID 000300 is specified.
(124) Referring to
(125) If it is determined that a box ID is entered in step ST4, then CPU 110 obtains device information (step ST5). Specifically, CPU 110 gives an instruction to device information obtaining unit 117 so that device information obtaining unit 117 executes data communication with the information device that has made access. In this example, device information obtaining unit 117 executes data communication with the operation panel, and it is determined that access has been made by the operation panel of the connected device ID 000001 stored in the device information registration table, by way of example.
(126) On the other hand, if it is determined that no box ID is entered in step ST4, CPU 110 ends the process (END).
(127) After the device information is obtained in step ST5, CPU 110 then determines whether a hardware keyboard is present or not (step ST6). CPU 110 can make determination based on the information stored in the device information registration table, as described above.
(128) If it is determined that a hardware keyboard is present in step ST6 (YES in step ST6), CPU 110 gives an instruction to authentication processing unit 113 so that authentication processing unit 113 displays a password authentication screen (step ST8).
(129) On the other hand, if it is determined that no hardware keyboard is present in step ST6, CPU 110 gives an instruction to authentication processing unit 113 so that authentication processing unit 113 displays an image authentication screen (step ST18).
(130) Using
(131) In this example, it is assumed that the box is accessed from an operation panel without a hardware keyboard, by way of example.
(132) Referring to
(133) Image authentication screen 620 includes the user's own authentication image among a plurality of object images, and the user can specify his/her own authentication image from among the plurality of object images and specify an OK button 624 to initiate an authentication process.
(134) Specifically, authentication processing unit 113 places the authentication image stored corresponding to the specified box ID and other dummy images on image authentication screen 620. Here, for example, an object image 622 corresponding to the box ID 000300 and other dummy images are placed. Although eight object images are placed here, the number of images is not limited as long as more than one image is placed. The security can be enhanced by increasing the number.
(135) It is noted that the placed dummy images are selected from the plurality of object images stored in HDD or the like in advance.
(136) Referring to
(137) Therefore, according to the process in accordance with the first embodiment of the present invention, for example, when an information device (operation panel) without a hardware keyboard makes access, if data is registered in authentication data storage unit 114, image authentication can be executed. Thus, the authentication process can easily be executed even without a hardware keyboard, thereby offering convenience to the users.
(138) On the other hand, if it is determined that the image authentication is failed by authentication processing unit 113 (NO in step ST20), the process proceeds to step ST8, and authentication processing unit 113 displays a password authentication screen.
(139) Using
(140) In this example, it is assumed that the box is accessed from an operation panel without a hardware keyboard, by way of example.
(141) Referring to
(142) On password authentication screen 610, the user makes an entry by specifying characters and the like displayed on software keyboard 614 for input in entry field 612 and specifies OK button 616 to initiate an authentication process.
(143) Referring to
(144) Then, the specified box is set available (step ST14). Then, the process ends (END). More specifically, authentication processing unit 113 notifies CPU 110 that the authentication is successful, and then CPU 110 sets the box available and displays the contents stored in the box.
(145) On the other hand, if the password authentication is failed, the use of the specified box is prohibited (step ST16). Specifically, authentication processing unit 113 notifies CPU 110 that the authentication is failed, and CPU 110 sets the specified box unavailable. The process then ends (END).
(146) Using
(147) In this example, it is assumed that the box is accessed from an operation panel without a hardware keyboard, by way of example.
(148) Referring to
(149) In a case where image authentication is once failed in image authentication screen 620 and password authentication is successful, the authentication image is displayed again to allow the user to remember again the object image for image authentication that has previously been registered by the user and to access the box using the authentication image when making access from the operation panel next time, thereby offering convenience to the user.
(150) In the foregoing description, a box is accessed from an operation panel without a hardware keyboard. A description will now be made to a case where a box is accessed from PC 12 having a hardware keyboard.
(151) Using
(152) In this example, it is assumed that a box is accessed from PC 12 having a hardware keyboard, by way of example.
(153) Referring to
(154) Then, an OK button 634 and a Cancel button 636 are provided in the lower region. When OK button 634 is specified, data input in entry field 632 is transmitted to MFP 11. For example, here, box ID 000300 is specified.
(155) Accordingly, in step ST4 in
(156) On the other hand, when Cancel button 636 is specified, in step ST4 in
(157) Then, if it is determined that a box ID is entered in step ST4, CPU 110 obtains device information (step ST5). In this example, device information obtaining unit 117 executes data communication with PC 12, and it is determined that the access is made from the operation panel of the connected device ID 000002 stored in the device information registration table.
(158) Then, if it is determined that a hardware keyboard is present in step ST6 (YES in step ST6), CPU 110 gives an instruction to authentication processing unit 113 so that authentication processing unit 113 displays a password authentication screen. In this example, data for displaying the password authentication screen is sent to PC 12. The password authentication screen is then displayed on the display of PC 12.
(159) Using
(160) In this example, it is assumed that a box is accessed from PC 12 having a hardware keyboard, by way of example.
(161) Referring to
(162) On password authentication screen 640, Please enter your password appears together with a password entry field 642. An authentication process can be initiated by entering the user's password in entry field 642 and specifying an OK button 644.
(163) Then, if the authentication is successful in authentication processing unit 113, authentication processing unit 113 makes a notification to CPU 110, and CPU 110 reads out and displays an object image for authentication stored in authentication image data region 114b of authentication data storage unit 114.
(164) Using
(165) In this example, it is assumed that a box is accessed from PC 12 having a hardware keyboard, by way of example.
(166) Referring to
(167) Display of the authentication image confirmation screen allows the user to remember again the object image for image authentication that has previously been registered and to access the box using this authentication image when making access from an operation panel next time, thereby offering convenience to the user.
(168) As described above, in the technique in accordance with the first embodiment of the present invention, the priority of authentication methods can be switched depending on the kind of information devices that make access to a box.
(169) Specifically, when a box is accessed from an information device without a keyboard, an authentication process can be executed with higher priority given to image authentication than password authentication.
(170) On the other hand, when a box is accessed from an information device having, a keyboard, an authentication process can be executed with higher priority given to password authentication than image authentication.
(171) Therefore, the priority of authentication methods can be switched depending on the presence/absence of a keyboard, thereby offering convenience to the user.
(172) In this embodiment, the description has been made to the configuration in which the authentication process is executed with the priority of the authentication process being switched, in a case of access to a box. However, the present invention is not limited to access to a box and is applicable similarly to a case where an authentication process is executed when any other function is performed.
(173) Furthermore, this embodiment is also applicable similarly to portable information devices such as mobile phones and PDA.
First Modification of First Embodiment
(174) In the foregoing description, an authentication process is executed with the priority of authentication methods being switched depending on the presence/absence of a keyboard. However, the determination can be made not only depending on the presence/absence of a keyboard but also based on any other condition.
(175) Using
(176) Referring to
(177) In this modification, after device information is obtained in step ST5, it is determined whether local connection is established or not in step ST22.
(178) Specifically, CPU 110 gives an instruction to device information obtaining unit 117 so that device information obtaining unit 117 executes data communication with the information device that has made access. In this example, it is assumed that device information obtaining unit 117 executes data communication with PC 12, and it is determined that access is made from the operation panel of the connected device ID 000002 stored in the device information registration table. At this time, the IP address of the information device is obtained.
(179) Then, CPU 110 determines whether the information device is locally connected or not based on the obtained IP address. CPU 110 determines that the information device that is connected with WAN 15 external to router 14 is not locally connected, and determines that the information device that is connected with LAN 13 is locally connected.
(180) Then, if it is determined that the information device that has made access is not locally connected (NO in step ST7), CPU 110 gives an instruction to authentication processing unit 113 so that authentication processing unit 113 displays a password authentication screen (step ST8).
(181) On the other hand, if it is determined that the information device that has made access is locally connected (YES in step ST7), CPU 110 gives an instruction to authentication processing unit 113 so that authentication processing unit 113 displays an image authentication screen (step ST18). The subsequent processes are similar to those described in the foregoing first embodiment and therefore a detailed description thereof will not be repeated.
(182) In this modification, in the case of local connection, an authentication process is executed with higher priority given to image authentication, whereas in the case of non-local connection, an authentication process is executed with higher priority given to password authentication. According to this technique, for an information device that is locally connected, the user's convenience is taken account of, whereas for an external information device that is not locally connected, password authentication is preferentially performed, taking security into account.
(183) In this modification, the description has been made to the case where the priority of authentication methods is switched based on whether local connection is established or not. However, the determination may be made on a condition of whether the connection is via an in-house intranet or not.
(184) Furthermore, the determination may be made in combination with the condition of the presence/absence of a keyboard.
Second Modification of First Embodiment
(185) The technique in
(186) Using
(187) Referring to
(188) In this modification, after device information is obtained in step ST4, whether a hardware keyboard is present or not is determined in step ST6. CPU 110 can make determination based on the information stored in the device information registration table, as described above.
(189) Then, if it is determined that a hardware keyboard is provided in step ST6 (YES in step ST6), CPU 110 gives an instruction to authentication processing unit 113 so that authentication processing unit 113 displays the password authentication screen (step ST8).
(190) On the other hand, if it is determined that a hardware keyboard is not provided in step ST6, CPU 110 verifies performance differences (step ST24).
(191) Specifically, CPU 110 verifies performance differences based on the information stored in the device information registration table and the attribute information of the authentication image that is specified corresponding to the box ID, if the data is registered in authentication data storage unit 114. For example, in the case where data is registered in authentication data storage unit 114 and where a colored authentication image is registered as attribute information of the authentication image that is specified corresponding to the box ID, if access is made from a device capable of only displaying monochrome images, the colored authentication image cannot be displayed on the above-noted image authentication screen for the device that has made access.
(192) Therefore, after the verification of performance differences in step ST24, it is determined whether image authentication is possible or not (step ST26). Then, if it is determined that image authentication is possible, the process proceeds to step ST18, and the image authentication screen is displayed. The subsequent processes are similar as described above and therefore a detailed description thereof will not be repeated.
(193) On the other hand, after the verification of performance differences, if image authentication is not possible in step ST26 (NO in step ST26), the password authentication screen is displayed (step ST8).
(194) As described above, for example, an authentication image cannot be displayed appropriately on the device that makes access, depending on the attribute information of the authentication image, which is data registered in authentication data storage unit 114. Therefore, whether image authentication is possible or not is determined, and if possible, image authentication is executed, and if impossible, password authentication is executed. According to this technique, if the device that makes access is a device without a hardware keyboard, it is determined whether image authentication can be executed appropriately or not depending on the attributes of the device. If executable, an authentication process is executed with higher priority given to image authentication, and if not executable, an authentication process is performed with higher priority given to password authentication. According to this technique, an appropriate authentication process can be executed depending on the device that makes access.
(195) In this modification, the description has been made to the case where whether image authentication is possible or not is determined based on the comparison between the attribute information of the device, that is, the information as to whether the display format of the display is monochrome or color, and the attribute information of the authentication image as to whether it is monochrome or color. However, the present invention is not limited to such a manner, and the determination can be made based on the comparison between the attribute information such as the gray scale of the display or the display size of the display and the attribute information of the authentication image.
Second Embodiment
(196) In a second embodiment, a description will be made to a technique in which data stored in the authentication data storage unit of MFP 11 is transferred (copied) to another MFP 11a.
(197) Using
(198) Referring to
(199) PC 10, MFP 11, and MFP 11a are connected such that they can communicate data with each other through LAN 13.
(200) In the second embodiment, data in the authentication data storage unit is transferred (copied) to MFP 11a connected with MFP 11 via LAN or the like.
(201) It is noted that although one PC is connected to LAN 13 as a terminal device, the number of terminal devices is not limited to one and more than one device may be connected. In other words, any configuration may be employed as long as MFP 11 can be accessed from a plurality of devices.
(202) The configuration of MFP 11, 11a is similar to the one described in
(203) It is noted that, in the initial state, no information is stored in authentication data storage unit 114 of MFP 11a.
(204) Using
(205) Referring to
(206) The display means corresponds to a display 1206. An input unit 1209 is configured to include a keyboard as key input means, a mouse as a pointing device, and the like.
(207) Although it will be described in this embodiment that display 1206 and input unit 1209 are integrally formed, they may be formed separately.
(208) Display 1206 may be a liquid crystal display, a CRT (Cathode Ray Tube) display, a plasma display, or any other display as long as it is capable of display.
(209) The body unit includes a CPU (Central Processing Unit) 1201 for running a variety of programs including an operating system (OS), a RAM 1212 for temporarily storing data necessary for CPU 1201 to run the programs, a hard disk drive (HDD) 1211 for storing programs or data executed in CPU 1201 in a non-volatile manner, and a ROM 1213 in which the programs run by CPU 1201 are stored beforehand. Basic software (OS) is stored beforehand in ROM 1213 or HDD 1211, and execution of the OS allows a variety of applications to run.
(210) A variety of software programs for executing the processing described later are stored in HDD 1211, and the software programs are read by CPU 1201 to realize the processing function as described later.
(211) Such programs are read from a flexible disk 1317a or a CD-ROM 1315a by an FD drive 1217 or a CD-ROM (Compact Disc-Read Only Memory) drive 1215, respectively. The read programs are then stored in HDD 1211 for use.
(212) CPU 1201 receives an instruction from a user through input unit 1209 and outputs a screen output generated by execution of a program to a display control unit 1205.
(213) Display control unit 1205 outputs a screen output to display 1206.
(214) CPU 1201 also transmits information to MFP 11 or the like connected to LAN 13 (or WAN etc.) through a network interface card (NIC) 1207 such as a LAN card.
(215) The above-noted units communicate data with each other through an internal bus 1203.
(216) Using
(217) It is assumed that data is copied from MFP 11 and copied to MFP 11a.
(218) Here, a process of accessing MFP 11 from PC 10 and registering data in the authentication data storage unit into MFP 11a will be described.
(219) First, PC 10 requests MFP information from MFP 11 (sequence sq20). Specifically, CPU 1201 of PC 10 outputs a command for requesting MFP information to MFP 11 in accordance with a prescribed operation instruction from input unit 1209 by the user.
(220) CPU 110 of MFP 11 sends MFP information to PC 10 in response to the MFP information request command from PC 10 (sequence sq21). Specifically, the device performance of MFP 11, for example, information of the display format and size of the operation panel, etc. is transmitted.
(221) CPU 1201 of PC 10 then stores the obtained MFP information of MFP 11, for example, in RAM 1212.
(222) PC 10 then requests authentication data from MFP 11 (sequence sq22). Specifically, CPU 1201 of PC 10 sends an authentication data request command to MFP 11.
(223) MFP 11 receives the authentication data request command from PC 10 and then sends the authentication data (sequence sq23). Specifically, the information stored in authentication data storage unit 114 of MFP 11, user information, authentication image data, password, box information, and the like are transmitted.
(224) PC 10 then requests MFP information from MFP 11a (sequence sq24). Specifically, CPU 1201 of PC 10 outputs a command for requesting MFP information to MFP 11a in accordance with a prescribed operation instruction from input unit 1209 by the user.
(225) CPU of MFP 11a sends MFP information to PC 10 in response to the MFP information request command from PC 10 (sequence sq25). Specifically, the device performance of MFP 11a, for example, information of the display format and size of the operation panel, etc. is transmitted.
(226) CPU 1201 of PC 10 then stores the obtained MFP information of MFP 11a, for example, in RAM 1212.
(227) CPU 1201 of PC 10 then verifies the performance differences between MFP 11 and MFP 11a (sequence sq26).
(228) Using
(229) Referring to
(230) In this embodiment, it is assumed that for the item of color/monochrome as the operation panel information, MFP 11 provides color and MFP 11a provides monochrome, by way of example.
(231) For the item of panel gray scale, MFP 11 provides 256 levels and MFP 11a provides 128 levels.
(232) For the item of presence/absence of keyboard, MFP 11 provides a ten-key software keyboard and MFP 11a also provides a ten-key software keyboard.
(233) For the item of panel size, MFP 11 provides 800400 dots and MFP 11a provides 640240 dots.
(234) PC 10 determines an invalidation standard of the registered authentication image data based on the above-noted comparison of MFP information stored in RAM 1212 between MFP 11 and MFP 11a.
(235) For the invalidation standard based on this comparison, a software program for determining the standard is stored beforehand in HDD 1211. CPU 1201 loads the software program to set the invalidation standard shown in
(236) Specifically, for the item of color/monochrome, MFP 11 provides color and MFP 11a provides monochrome, so that colored authentication image data is invalidated.
(237) For the item of panel gray scale, MFP 11 provides 256 levels and MFP 11a provides 128 levels, so that such authentication image data as natural image that is difficult to discriminate is invalidated.
(238) Discrimination of natural images is a well-known technique, for example, as disclosed in Japanese Laid-Open Patent Publication No. 9-326922, and a detailed description of the technique is not repeated here.
(239) Although the description here has been made to the invalidation standard based on the comparison of color/monochrome and panel gray scale as the operation panel information, the other items are also set similarly.
(240) Referring to
(241) Using
(242) As shown in
(243) Furthermore, such authentication image data as natural image is also invalidated.
(244) Referring to
(245) CPU 1201 of PC 10 then sends the created new authentication data (sequence sq30).
(246) MPF 11a then saves the new authentication data sent from PC 10 in authentication data storage unit 114 of MFP 11a.
(247) Using
(248) Referring to
(249) Then, saving of the authentication data in authentication data storage unit 114 allows the user to execute password authentication or image authentication in a similar manner as described in the first embodiment when accessing the box of MFP 11a.
(250) When the user not having an authentication image makes access, password authentication is preferentially performed because of the absence of authentication image. Then, if the authentication is successful as a result of the password authentication, an authentication image may be generated at this time in authentication image data generation unit 112 and then registered.
(251) Specifically, an authentication image may be generated and displayed in step ST12 in the flowchart in
(252) According to this technique, when MFP 11a is newly connected to LAN 13, the data stored in the authentication data storage unit of MFP 11 can easily be transferred (copied) to another MFP 11a.
(253) At this point, the performances are compared, and if the authentication data is found to be difficult to use, depending on the performance difference, the corresponding authentication data is invalidated and registered.
(254) Accordingly, it can be avoided that the user accesses the box of MPF 11a to execute image authentication and finds it difficult to select the object image as, for example, a colored object image is displayed in monochrome due to the performance difference.
(255) In other words, the data in the authentication data storage unit is customized to the performance of MFP in use and is then transferred, thereby offering convenience to the users.
(256) Although in
Third Embodiment
(257) In a third embodiment, a technique in which an object image for use in image authentication is generated in authentication image data generation unit 112 will be described.
(258) In this embodiment, a character input as a password is designed and converted into an authentication image in authentication image data generation unit 112.
(259) Using
(260) Referring to
(261) Using
(262) Referring to
(263) The image processing makes it difficult for others to distinguish what is written, thereby enhancing the security. A well-known technique may be used in the image processing. The image processing can be performed easily, for example, using image editing software such as Photoshop (R) from Adobe Systems Incorporated.
(264) Using
(265) Referring to
(266) Then, in the lower region of the screen, an OK button 702 and a Cancel button 709 are provided. When the user specifies OK button 702, data is output to MFP 11 to indicate that the displayed object images 704, 706, 708 are confirmed as authentication images.
(267) Using
(268) Referring to
(269) Image authentication screen 710 includes the user's own authentication image among a plurality of object images. The user specifies his/her own authentication image from among the plurality of object images and specifies an OK button 714 to initiate an authentication process.
(270) Specifically, authentication processing unit 113 places the authentication image stored corresponding to the specified box ID and other dummy images on image authentication screen 710. Here, for example, an object image 712 corresponding to the box ID 000300 and other dummy images are placed. It is noted that there are three authentication images as described above and only the object image for A is placed here.
(271) Although four object images are placed here, the number of object images is not limited as long as more than one image is displayed. The security can be enhanced by increasing the number of images.
(272) The placed dummy images are selected from a plurality of object images stored beforehand in HDD or the like.
(273) Image authentication is initiated by specifying the OK button. In this embodiment, when object image 712 is specified and the OK button is specified, the next image authentication screen appears. For example, the screen including the object image for B as described above and dummy images appears. Then, after the object image for B is specified in the similar manner, the screen including the object image for C and dummy images further appears. Then, when the object image for C is specified in the similar manner, A, B, C are specified as authentication images, so that the authentication is successful.
(274) It is noted that authentication may be failed with even one mistake.
(275) When authentication images are presented to the user from among images stored beforehand in HDD, authentication image data generation unit 112 needs to store a plurality of images in HDD. However, according to the present technique, object images formed by designing and processing a password (characters) entered by the user are used as authentication images, so that the number of authentication images stored in HDD can be reduced, and authentication images can be generated easily.
(276) In addition, conveniently, the user can easily remember the authentication images since the password (characters) entered by the user is displayed as authentication images.
(277) In this embodiment, although it has been described that authentication images are selected three times, for example, A, B, C can be specified as authentication images on a single screen, as a matter of course. In such a case, the order of specification may be stored.
First Modification of Third Embodiment
(278) In the foregoing third embodiment, it has been described that characters are designed and converted into images. However, characters may not be simply designed but may be converted into an image related to the meaning of a word (characters), if the word has meaning.
(279) Using
(280) Here, in a case where a password is apple, images associated with the password are listed.
(281) The images associated with a password are presented as authentication images in this way, so that it is convenient for the user to easily remember the authentication image.
(282) The images associated with a word may be stored beforehand in HDD.
(283) Although a plurality of images associated with apple are listed here, one of them may be presented.
(284) The images associated with apple may be changed and presented for every authentication.
(285) In this modification, although it has been described that images are stored beforehand in HDD, the images may not be held in MFP 11 and images may be generated easily by externally obtaining images through a network.
(286) For example, in a case where authentication images are stored in PC 12A in the configuration as shown in
Second Modification of Third Embodiment
(287) In the foregoing first modification of the third embodiment, one word is designed and converted into an image. However, for example, words in a text may be associated with each other and then converted into images.
(288) For example, it is assumed that a password Trees in that mountain turn red is entered.
(289) For example, the text is segmented, so that the words that agree with vocabularies registered in HDD or the like are extracted.
(290) It is noted that a well-known technique may be used to segment a text.
(291) In this example, Trees mountain turn red agree with the registered vocabularies. Here, Trees is the plural form of Tree and therefore is treated as the singular form, for the sake of brevity.
(292) Using
(293) Referring to
(294) Referring to
(295) Referring to
(296) Using
(297) Referring to
(298) Image authentication screen 810 includes the user's own authentication image among a plurality of object images. The user specifies his/her own authentication image from among the plurality of object images and specifies an OK button 814 to initiate an authentication process.
(299) Specifically, authentication processing unit 113 places an authentication image (password image) stored corresponding to the specified box ID and other dummy images on image authentication screen 810. Here, for example, an object image 812 corresponding to Trees described above and other dummy images are placed. It is noted that there are three authentication images as described above and here only the object image for Trees is placed.
(300) Although it is shown here that four object images are placed, the number of the object images is not limited as long as more than one image is placed. The security can be enhanced by increasing the number of images.
(301) The placed dummy images are selected from among a plurality of object images stored beforehand in HDD or the like.
(302) Then, image authentication is initiated by specifying an OK button 814. In this example, when object image 812 is specified and the OK button is specified, the next image authentication screen appears.
(303) Using
(304) Referring to
(305) Specifically, authentication processing unit 113 places an authentication image (password image) stored corresponding to the specified box ID and other dummy images on image authentication screen 820. Here, for example, an object image 822 corresponding to mountain described above and other dummy images are placed. It is noted that there are three authentication images as described above and here only the object image for mountain is placed.
(306) Then, image authentication is initiated by specifying an OK button 824. In this example, when object image 822 is specified and the OK button is specified, the next image authentication screen appears.
(307) Using
(308) Referring to
(309) Specifically, authentication processing unit 113 places an authentication image (password image) stored corresponding to the specified box ID and other dummy images on image authentication screen 830. Here, for example, an object image 832 corresponding to turn red described above and other dummy images are placed. It is noted that there are three authentication images as described above and here only the object image for turn red is placed.
(310) Then, image authentication is initiated by specifying an OK button 834. In this example, when object image 832 is specified and the OK button is specified, the next image authentication screen appears.
(311) Through this process, for example, images corresponding to trees, mountain, turn red are specified as authentication images so that the authentication is successful.
(312) It is noted that the authentication may be failed with even one mistake.
(313) According to this technique, an image associated with a password is presented as an authentication image, so that it is convenient for the user to easily remember the authentication image.
(314) In this modification, although it has been described that authentication images are selected three times, for example, trees, mountain, turn red can be specified as authentication images on a single screen, as a matter of course.
(315) Using
(316) Referring to
(317) Here, the user specifies the images corresponding to trees, mountain, and turn red as authentication images by specifying object images 902, 906, 904, so that the authentication is successful.
(318) It is noted that the user may be asked to specify the images in order or may simply specify three images.
(319) Although in the foregoing description all the images are specified, an authentication success may be achieved by specifying any one of object images 902, 904, 906.
(320) It is noted that the images may be stored beforehand in HDD of MFP 11 as described above or may be obtained through an external network, as a matter of course.
(321) It is noted that, for each unit that controls the apparatus as described above, a program may be provided which allows a computer to function to execute the control as described in the above-noted flows. Such a program may be recorded in a computer readable recording medium such as a flexible disk, a CD-ROM (Compact Disk-Read Only Memory), a ROM (Read Only Memory), a RAM (Random Access Memory), and a memory card, which accompanies a computer, and be provided as a program product. Alternatively, the program may be recorded in a recording medium such as a hard disk contained in a computer. Alternatively, the program may be downloaded via a network.
(322) The program may allow the process to be executed by invoking necessary modules, among program modules provided as a part of Operating System (OS) of a computer, in a prescribed sequence at a prescribed timing. In this case, the aforementioned modules are not included in the program itself and the process is executed in cooperation with OS. The program that does not include such modules may also be included in the program in accordance with the present invention.
(323) Furthermore, the program in accordance with the present invention may be built in a part of another program. In this case, the modules included in another program are not included in the program itself, and the process is executed in cooperation with another program. Such a program built in another program may also be included in the program in accordance with the present invention.
(324) The program product to be provided is installed in a program storage portion such as a hard disk for execution. It is noted that the program product includes the program itself and a recording medium having the program recorded thereon.
(325) Although the present invention has been described and illustrated in detail, it is clearly understood that the same is by way of illustration and example only and is not to be taken by way of limitation, the scope of the present invention being interpreted by the terms of the appended claims.