JP2008217716A - Authentication apparatus, image forming apparatus, authentication system, authentication program, recording medium, and authentication method - Google Patents

Abstract

A user-friendly authentication is realized.
A multifunction device displays an authentication image on which a plurality of different types of objects are arranged on a touch panel of an operation panel, and controls the operation panel to allow a user to control a plurality of images in the authentication image. Panel control unit 101 that accepts operations for touching objects in order, authentication key generation unit 102 that generates an authentication key composed of coordinates of touched positions and information on the touch order, and an authentication key is checked against a registration key And a collation unit 103.
[Selection] Figure 1

Description

  The present invention relates to an authentication device, an authentication system, an authentication program, and an authentication method for authenticating a user.

  In recent years, various authentication methods have been proposed in order to prevent unauthorized use and impersonation of an apparatus by a third party. In these authentication methods, a certain authentication key acquired from the user at the time of authentication is checked against a pre-registered key (hereinafter referred to as a registration key). Many of them are determined to be users.

  For example, in basic authentication, which is one of the most basic authentications, a user creates a password in advance and registers the created password in the database in association with a user ID. At the time of authentication, the authentication device requests the user ID and password from the user, and acquires the password associated with the user ID acquired from the user from the database. Then, the password acquired from the user and the password acquired from the database are collated, and if the two match, access to the desired directory is permitted, but if the two do not match, the access is denied.

  In basic authentication, a user inputs a password as an authentication key using a keyboard. However, in this case, when a user assigns a word that can be easily guessed to the password, an unauthorized third party often uses the dictionary file or the like to see the password. On the other hand, if a random character string is used so that the password cannot be forgotten, there is a problem that the user forgets the password.

  Therefore, an authentication method that does not use a keyboard to input a password has been proposed. Patent Document 1 proposes an authentication method in which paper on which a plurality of barcodes are printed is prepared and the order in which the barcodes are read is used as an authentication key.

  By the way, as a security-related technique, various techniques other than the above-described authentication have been studied. One of them is digital watermarking. The digital watermark is used when embedding specific information in data such as an image, a moving image, and sound so as not to be noticed. This digital watermark is added not only to the electronic data itself but also to a hard-copy image.

  As a technique related to digital watermarking, Patent Document 2 embeds a large amount of additional information that can be reliably read without impairing the image quality of an original image formed on a recording medium in a state invisible to human eyes. An image forming apparatus is disclosed.

Further, in Patent Document 3, confidential level information for instructing copy restriction of an original is embedded as an electronic watermark in the hard copy of the original, and when the user attempts to copy the hard copy, the user's attribute and the embedded confidential information are embedded. Techniques have been proposed for determining whether copying is possible based on level information.
JP 2003-345760 A (released on December 5, 2003) JP 2003-91220 A (published March 28, 2003) JP 2006-167986 A (released June 29, 2006)

  However, the authentication method of Patent Document 1 described above still causes problems similar to basic authentication.

  In the technique of Patent Document 1, if the number of barcodes to be read is small, an unauthorized user succeeds in unauthorized authentication by trying the barcode reading order with brute force. Therefore, in order to improve reliability, many barcodes must be printed on paper and the user must read them in a predetermined order. However, as the number of barcodes to be read increases, the user tends to forget the barcode reading order.

  The present invention has been made in view of the above problems, and an object thereof is to realize user-friendly authentication.

  In order to solve the above-described problem, an authentication apparatus according to the present invention is an authentication apparatus for authenticating a user, an image storage unit storing an authentication image in which a plurality of different types of objects are arranged, and the authentication A registration key storage unit that stores registration key information generated based on a plurality of predetermined regions in the image and the order thereof, and a display control unit that displays an authentication image stored in the image storage unit on a display device , An operation accepting unit that receives an operation for sequentially specifying a plurality of regions in the authentication image from the user by controlling the operation device, a plurality of the regions designated by the operation accepted by the operation accepting unit, and the designation thereof Authentication key generation means for generating authentication key information based on the order, and comparison means for comparing the authentication key information generated by the authentication key generation means with the registration key information stored in the registration key storage unit Characterized in that it comprises a.

  In order to solve the above problems, an authentication method according to the present invention is an authentication method for authenticating a user executed by an authentication device, wherein the display control means of the authentication device includes a plurality of different types of objects. A display step for displaying the arranged authentication image on the display device, and an operation in which the operation receiving unit of the authentication device controls the operation device to receive an operation for sequentially specifying a plurality of areas in the authentication image from the user. An authentication key generating step in which an authentication key generating unit of the authentication device generates authentication key information based on the plurality of areas specified by the operation received in the operation receiving step and the specified order; and an authentication device The comparison means includes the authentication key information generated by the authentication key generation means as registration key information stored in a registration key storage unit of the authentication apparatus, and a plurality of predetermined key in the authentication image. Characterized in that it comprises a comparison step of comparing the frequency and registration key information created based on the order.

  An image forming apparatus according to the present invention includes the authentication device, the display device, the operation device, and an image forming unit, and the operation of the image forming unit is a comparison result by a comparison unit of the authentication device. It is characterized by being limited based on

  Here, the authentication key information and the registration key information may include information on a plurality of areas in the authentication image and the order thereof, or may be generated from the plurality of areas in the authentication image and the order thereof. Or a hash value (hashed information).

  According to the above configuration, the authentication key information is created when a user who has viewed the authentication image designates a predetermined area in the authentication image in a predetermined order. Here, since a plurality of different types of objects are arranged in the authentication image, the user stores the areas that must be specified and the order in association with the objects in the authentication image. be able to. In other words, the user only has to assemble a story using objects in the authentication image and specify a predetermined area in the authentication image in a predetermined order based on the story. Cheap. By adopting the authentication method based on the cognitive characteristics in this way, user-friendly authentication can be realized.

  The authentication device further includes an image acquisition control unit that controls the image acquisition device to acquire the authentication image printed on a recording medium and stores the acquired authentication image in the image storage unit. May be. Examples of the image acquisition device include a scanner and a digital camera.

  According to the above configuration, the authentication image printed on the recording medium is presented to the user. Accordingly, a system in which a user carries a recording medium on which an authentication image is printed and presents the recording medium to an authentication apparatus at the time of authentication, thereby having a recording medium on which the authentication image is printed. A third party who does not have a clue to know the predetermined area and its designated order makes it difficult to succeed in unauthorized authentication. Therefore, the reliability of authentication is improved.

  Further, the recording medium is further invisiblely printed with the registration key information stored in the registration key storage unit or link information indicating the storage location of the registration key information, and the image acquisition control means includes the authentication image. At the same time, it is preferable to obtain registration key information or link information printed on the recording medium.

  According to the above configuration, the registration key information for comparison with the authentication key information or the link information indicating the storage location of the registration key information is printed on the recording medium together with the authentication image. Third parties who are not able to receive authentication from the authentication device. In other words, in order to succeed in authentication, it is not sufficient to know the areas to be designated and their order, and it is necessary to have the above recording medium. Therefore, unauthorized authentication becomes more difficult and authentication reliability is further improved. Note that the above registration key information or link information is invisiblely printed on the recording medium, so even if a third party steals this recording medium, it knows the area to be specified and the order of authentication. I can't.

  Note that “invisible” may be a state where the retina of the user's eyes cannot be sensed, or a state where the retina of the user's eyes can be sensed but the user's brain cannot identify it as information. Also good.

  As an example of a configuration for realizing the former, the authentication device further includes the image acquisition device, the registration key information is printed on the recording medium with infrared ink, and the image acquisition device is configured with the infrared ink. The printed registration key information may be readable.

  Alternatively, as an example of a configuration for realizing the latter, the authentication device further includes a decrypting unit, and the registration key information is embedded in the recording image as a digital watermark in the recording medium. The digital watermark acquired by the image acquisition control means may be decrypted to acquire the registration key information, and the acquired registration key information may be stored in the registration key storage unit.

  In this case, it is not necessary for the image acquisition apparatus to read the registration key information printed with special ink or the like, so that the cost can be reduced.

  In any case, the authentication apparatus further includes decryption means, and the encrypted registration key information is printed on the recording medium. The decryption means is acquired by the image acquisition control means. The encrypted registration key information is preferably decrypted and stored in the registration key storage unit.

  Even if the registration key information is printed invisible, it may be possible to read the registration key information using a special device. However, according to the above configuration, the registration key information is encrypted. It becomes even more difficult for an unauthorized third party to know the contents of the registration key information. Therefore, the reliability of authentication is further improved.

  The authentication device further includes a receiving unit that controls the communication device to receive the authentication image stored in the image storage unit and the registration key information stored in the registration key storage unit from an external server. May be.

  The authentication system according to the present invention includes the authentication device and the external server.

  According to the above configuration, since the authentication image and the registration key information are provided from the external server, the user does not need to carry the recording medium on which the authentication image and the registration key information are printed, and can be authenticated at any time. .

  The authentication apparatus further includes identification information acquisition means for acquiring user identification information, and the reception means includes the authentication image and registration key information corresponding to the user identification information acquired by the identification information acquisition means. Is preferably received from the external server.

  According to the above configuration, an authentication image and registration key information can be set for each user, and user-specific authentication can be performed.

  The authentication apparatus further includes decryption means, the reception means receives the registration key information encrypted from the external server, and the decryption means receives the encrypted above-mentioned encrypted information acquired by the reception means. It is preferable to decrypt the registration key information and store it in the registration key storage unit.

  According to the above configuration, since the registration key information provided from the external server is encrypted, even if a third party steals the registration key information flowing on the network, the area to be specified at the time of authentication And their order. Therefore, the reliability of authentication is improved.

  In addition, the registration key information and the authentication key information are characters indicating a character string obtained by concatenating one or more characters previously associated with each region obtained by dividing the authentication image in the above order. It may be column information.

  According to the above configuration, the registration key information and the authentication key information are hash values generated from a plurality of areas in the authentication image and their designated order, and it is determined whether or not the authentication is successful by collating the hash values. The Therefore, even if a third party looks at the registration key information, it is impossible to know the areas to be specified and their order in authentication. Therefore, it is not necessary to encrypt the registration key when storing the registration key information, so that the decryption process of the registration key information can be omitted at the time of authentication.

  The operation accepting unit may accept an operation for designating a keyword related to the object that overlaps the area, together with an operation for designating an area in the authentication image.

  According to the above configuration, since the user can assemble a story including keywords together with the object, it becomes easier to remember the area to be designated and the designation order in the authentication.

  Further, the authentication device includes a key generation information acquisition unit that receives key generation information for designating a plurality of the predetermined areas and their order in the authentication image from a user via a communication network, and the key generation information acquisition unit A registration key generation unit that generates registration key information based on the predetermined areas specified by the key generation information acquired by the key generation information and the order thereof, and the key generation information acquisition unit and the registration key generation unit include: It is preferable to operate according to the Web application program.

  According to the above configuration, the user can create a registration key by the key creation information acquisition unit and the registration key generation unit. Here, since these means are configured as a Web application, the user can create registration key information from a PC terminal device or the like at hand when creating registration key information. , The burden is reduced. Further, it is not necessary to separately install a registration key information creation tool on the user's PC terminal device, and management of registration key information creation work can be centralized in the authentication device. Therefore, the transfer operation of the created registration key information is simplified, and the operation can be performed more safely.

  By the way, the authentication device may be realized by hardware or may be realized by causing a computer to execute a program. Specifically, the program according to the present invention is a program that causes a computer to operate as each unit of the authentication apparatus, and the program is recorded on the recording medium according to the present invention.

  When these programs are executed by a computer, the computer operates as the authentication device. Therefore, user-friendly authentication can be realized in the same manner as the authentication device.

  As described above, the present invention displays an authentication image in which a plurality of different types of objects are arranged on a display device, and receives an operation for sequentially specifying a plurality of areas in the authentication image from the user. Authentication key information including information on the plurality of received areas and the designation order thereof is generated, and authentication is performed by comparing the authentication key information with registration key information.

  Therefore, as described above, there is an effect that user-friendly authentication can be realized.

Embodiment 1
The first embodiment of the present invention will be described with reference to FIGS. 1 to 8 as follows. First, an outline of the authentication method employed in the present embodiment will be described.

  In this embodiment, an authentication method using an image is adopted, and one image in which a plurality of different types of objects are arranged is used as an authentication image (see FIG. 3). Then, the user selects in advance a plurality of desired objects among the objects included in the authentication image, specifies the order for the selected objects, and registers the information. The object selected here and the information on the order thereof are the keys used for collation.

  At the time of authentication, the user browses the authentication image displayed on the touch panel, and sequentially touches the objects in the authentication image. If the object touched by the user and the order thereof match those registered in advance, the authentication is successful.

  Hereinafter, an example in which the authentication apparatus according to the present invention is applied to a multifunction machine will be described. The multi-function device of the present embodiment has a multi-function device having a scan function for scanning a document, a print function for printing based on print data received from an external PC (Personal Computer) terminal device, a copy function for copying a document It is.

  FIG. 1 is a block diagram illustrating a functional configuration of the multifunction machine 1 according to the present embodiment. As shown in FIG. 1, the multifunction device 1 includes a control unit 10, a storage unit (image storage unit, key information storage unit) 11, an operation panel (operation device) 12, a scanner (image acquisition device) 13, a printer (image formation). Part) 14, a network interface (hereinafter referred to as network I / F) (communication device) 15, and a bus 20.

  The control unit 10, the storage unit 11, the operation panel 12, the scanner 13, the printer 14, and the network I / F 15 are connected to each other via a bus 20 and can exchange data.

  The memory | storage part 11 memorize | stores various information primary or long-term. Examples of information stored in the storage unit 11 include an authentication image and a registration key. The operation panel 12 is a device that accepts user operations and displays information, and has a touch panel and hard keys.

  The scanner 13 is a device for optically reading a document placed on a platen glass (not shown) and generating image data indicating an image printed on the document. In the present embodiment, the scanner 13 can detect not only visible light but also infrared rays.

  The printer 14 is a device for printing an image on recording paper or the like. An image printing method is not particularly limited, and any method such as an inkjet method or an electrophotographic method may be used. In the present embodiment, the printer 14 can perform printing using infrared ink that is invisible to the human eye, in addition to printing using toner and ink that are visible to the human eye.

  The network I / F 15 is a device for exchanging information with an external terminal. The multifunction device 1 is connected to the network via the network I / F 15 and can communicate with an external terminal device.

  The control unit 10 controls each of the above-described units. Specifically, the control unit 10 includes a panel control unit (display control unit, operation receiving unit) 101, an authentication key generation unit (authentication key generation unit) 102, a verification unit (comparison unit). ) 103, a registration key creation unit (key creation information acquisition unit, registration key generation unit) 104, a decryption unit (decryption unit) 105, and an apparatus control unit (image acquisition control unit) 106 are included as functional blocks.

  The panel control unit 101 controls the operation panel 12. The operation panel 12 displays an image or a message on the touch panel according to the control of the panel control unit 101, or accepts a user operation using the touch panel or a hard key.

  The authentication key generation unit 102 generates an authentication key based on a user operation received by the panel control unit 101. The collation unit 103 collates the authentication key generated by the authentication key generation unit 102 with the registration key stored in the storage unit 11 to determine whether the user is a regular user or an unauthorized user. It is.

  The registration key creation unit 104 obtains information specifying a plurality of areas in the authentication image and their order from the user, and creates a registration key based on the obtained information. The decrypting unit 105 decrypts the encrypted data.

  The device control unit 106 controls the scanner 13 and the printer 14. The scanner 13 and the printer 14 execute various jobs according to the control of the device control unit 106. However, until the verification unit 103 determines that the user is a regular user, the apparatus control unit 106 prohibits or restricts the execution of jobs by the scanner 13 and the printer 14 and allows the user to freely execute jobs. I can't do it.

  Of the functional blocks 101 to 105 of the control unit 10, the panel control unit 101, the authentication key generation unit 102, and the verification unit 103 constitute an authentication module (authentication device). The authentication module may further include a registration key creation unit 104.

  Each block of the control unit 10, specifically, the panel control unit 101, the authentication key generation unit 102, the verification unit 103, the registration key generation unit 104, and the device control unit 106 may be configured by hardware logic. However, it may be realized by software using a CPU as follows.

  That is, the MFP 1 includes a central processing unit (CPU) that executes instructions of a control program that realizes each function, a ROM (read only memory) that stores the program, a RAM (random access memory) that expands the program, A storage device (recording medium) such as a memory for storing the program and various data is provided. An object of the present invention is to provide a recording medium in which a program code (execution format program, intermediate code program, source program) of a control program of the multifunction machine 1 that is software that realizes the above-described functions is recorded so as to be readable by a computer. This can also be achieved by supplying the MFP 1 and reading and executing the program code recorded on the recording medium by the computer (or CPU or MPU).

  Examples of the recording medium include tapes such as magnetic tapes and cassette tapes, magnetic disks such as floppy (registered trademark) disks / hard disks, and disks including optical disks such as CD-ROM / MO / MD / DVD / CD-R. Card system such as IC card, IC card (including memory card) / optical card, or semiconductor memory system such as mask ROM / EPROM / EEPROM / flash ROM.

  Further, the multifunction device 1 may be configured to be connectable to a communication network, and the program code may be supplied via the communication network. The communication network is not particularly limited. For example, the Internet, intranet, extranet, LAN, ISDN, VAN, CATV communication network, virtual private network, telephone line network, mobile communication network, satellite communication. A net or the like is available. Also, the transmission medium constituting the communication network is not particularly limited. For example, even in the case of wired such as IEEE 1394, USB, power line carrier, cable TV line, telephone line, ADSL line, etc., infrared rays such as IrDA and remote control, Bluetooth ( (Registered trademark), 802.11 wireless, HDR, mobile phone network, satellite line, terrestrial digital network, and the like can also be used. The present invention can also be realized in the form of a computer data signal embedded in a carrier wave in which the program code is embodied by electronic transmission.

  Next, a method for creating a registration key by the multifunction machine 1 according to the present embodiment will be described. FIG. 2 is a flowchart showing registration key creation processing in the present embodiment. In the present embodiment, the registration key creation unit 104 operates as a web application according to the web server program and the web application program. Therefore, the user can access the registration key creation unit 104 of the multifunction machine 1 using a general-purpose Web browser installed on the PC at hand and create a registration key.

  First, the user starts a Web browser on the PC at hand and accesses the multifunction device 1. As a result, the registration key creation unit 104 of the multifunction device 1 starts operating. All subsequent user operations are performed using the Web browser of the user's PC.

  Next, the user selects an image to be used as an authentication image (S101). As the authentication image, as shown in FIG. 3, a photographic image in which various types of different objects are arranged is preferable. Then, the registration key creation unit 104 of the multifunction device 1 receives the authentication image selected by the user via the network I / F 15.

  Next, the user selects some areas corresponding to the object in the selected authentication image and designates the order for the selected areas (S103). For example, it is assumed that the user selects apple and cork removal as objects in the authentication image of FIG. In this case, as shown in FIG. 4, the user designates an area 311 corresponding to an apple and an area 312 corresponding to cork removal by sequentially clicking the vertices of the respective areas. In addition, the user designates a ranking for apples and corkscrews.

  The registration key creation unit 104 of the multifunction device 1 receives an operation for designating the above-described area and an operation for designating the order by the user from the user's PC via the communication network and the network I / F 15.

  Then, the registration key creation unit 104 generates a registration key based on the operation received from the user (S105). This registration key is generated by encoding area information indicating the positions and ranges of the areas 311 and 312 and order information indicating the order of the areas 311 and 312. Note that a clickable map technique defined in HTML can be applied to the area information included in the registration key.

  FIG. 5 is a diagram showing the data structure of the registration key in the present embodiment. As shown in FIG. 5, in the registration key data, data indicating a user ID (ID001 in FIG. 5) is arranged at the head. Then, after the user ID, the coordinates of the vertices of the first area (here, the area 311 corresponding to the apple) are arranged so as to make one round in the clockwise direction. In FIG. 5, (55, 20) to (45, 30) correspond to this. Next to the data indicating the first area, the coordinates of the vertices of the second area (here, the area 312 corresponding to cork removal) are arranged so as to make one turn in the clockwise direction. In FIG. 5, (30, 82) to (15, 75) correspond to this. As described above, in this embodiment, the region information is expressed by an ordered set of the vertex coordinates of the region, and the order information is expressed by the arrangement order of the region data.

  Subsequently, the registration key creation unit 104 encrypts the generated registration key (S107). The encryption method here is not specifically limited, For example, the encryption method using a common key is employable.

  When the encrypted registration key is generated in this way, the printer 14 prints the authentication image and the encrypted registration key information on a recording sheet according to the control of the apparatus control unit 106 (S109). The registration key printing method, that is, the method of printing the encoded data as an image is not particularly limited, and a known technique can be used. However, while the authentication image is printed with normal toner or ink, the registration key is printed with infrared ink. As a result, the user can view the authentication image on the output recording sheet, but the user cannot view the registration key. The registration key is printed in a predetermined area on the recording sheet. As an example, as shown in FIG. 6, the registration key may be printed in a horizontally long area 301 that is spaced a predetermined distance from the upper left of the printable area. Also, a plurality of registration keys may be printed on a recording sheet so that the registration keys can be read reliably.

  The user carries a recording sheet (hereinafter referred to as an authentication sheet) on which the authentication image and the registration key are printed as an ID card.

  In the above example, the configuration is such that the user creates a registration key using a general-purpose Web browser installed on the PC at hand. Instead, the MFP 1 is provided with a Web browsing function. Alternatively, the registration key may be created by the user operating the operation panel 12 of the multifunction device 1 and using the Web browsing function.

  Next, an authentication method by the multifunction machine 1 according to the present embodiment will be described. FIG. 6 is a flowchart showing authentication processing in the present embodiment.

  When the user wants to use the multifunction machine 1, the user places an authentication sheet on the platen glass of the multifunction machine 1 and instructs to scan. In response to this, the scanner 13 of the multifunction device 1 scans the authentication sheet according to the control of the apparatus control unit 106, and acquires the authentication image and the registration key printed on the authentication sheet (S111). As described above, since the scanner 13 can detect infrared rays, it can also read a registration key that is not visible to the user.

  Then, after the read authentication image is temporarily stored in the storage unit 11, the panel control unit 101 reads it and displays it on the touch panel of the operation panel 12 (S113). At this time, the registration key is not displayed. Next, the decryption unit 105 decrypts the registration key read in step S111 (S115), and stores the decrypted registration key in the storage unit 11. Note that the decryption method in this step corresponds to the encryption method used in step S107 described above.

  Subsequently, the panel control unit 101 controls the operation panel 12 to accept a user operation (S119). In this step, the user browses the authentication image displayed on the touch panel, and sequentially touches a plurality of objects using the picture of the object (apple or cork removal) included in the authentication image as a clue. Then, the authentication key generation unit 102 generates an authentication key based on the user operation received by the panel control unit 101 (S121). This authentication key includes the coordinates of all positions touched by the user and information on the order of touching.

  Next, the collation unit 103 collates the registration key stored in the storage unit 11 with the authentication key generated by the authentication key generation unit 102, and determines whether or not the authentication key matches the registration key (S123). ). Here, when all the coordinates indicated by the authentication key are included in the area indicated by the registration key and the touch order indicated by the authentication key is the same as the order indicated by the registration key (for example, in the example of FIG. 4) If the apple and the corkscrew are touched in this order), it is determined that the authentication key matches the registration key, and the authentication is successful (S125). As a result, the apparatus control unit 106 releases the usage restrictions on the scanner 13 and the printer 14, and the user can cause the multifunction device 1 to execute various jobs.

  On the other hand, if the authentication key does not match the registration key in step S123, the authentication fails (S127), and the usage restrictions on the scanner 13 and the printer 14 are not released.

  As described above, the MFP 1 according to the present embodiment displays an authentication image on which a plurality of different types of objects are arranged on the touch panel, and touches a plurality of objects in the authentication image from the user in order. The authentication is performed using the coordinates of the touched position and the touch order thereof as an authentication key.

  As described above, since an image in which various objects are arranged is used as an image used for authentication, the user generates a key by assembling a story using the object included in the authentication image, and remembers the story. You can touch the objects in order. The authentication method disclosed in Patent Document 1 employs a method of sequentially scanning the same type of barcode. Since the barcode is not a characteristic picture or number, storing the scan order and the like is not recommended. However, in this embodiment, the authentication method based on the cognitive characteristics is adopted, so that the authentication key (here, touched objects and their order) is less likely to be forgotten and highly reliable authentication is realized. can do.

  In the above-described embodiment, only the area where the object is arranged is specified as the predetermined area in the authentication image touched by the user at the time of authentication, but the present invention is not limited to this. For example, in the example of FIG. 3, a background area on an apple may be designated. Even in such a case, forgetting can be suppressed by assembling a story related to the object such as “shooting on the apple”.

  In the above-described example, the registration key is created by the user specifying two objects, an apple and a corkscrew. In practice, it is preferable to specify more objects. Even when more objects are designated, the user can remember the objects to be touched and their order in authentication by assembling a story using the objects.

  In addition, each time the user touches the object, the keyword related to the object may be input together with a hard key or a soft key. In other words, the panel control unit 101 of the multi-function peripheral 1 displays keyword options (for example, “tap”, “eat”, etc.) indicating an operation on the object together with the authentication image on the operation panel 12, and authentication from the user An operation for designating a keyword related to the object overlapping the designated area may be accepted together with an operation for designating the area in the image for use. As a result, the user can create a story that is more easily fixed in memory. Of course, these keywords may be included in the registration key and the authentication key and used as key information used for authentication.

  In the present embodiment, the MFP 1 performs authentication, but the present invention is not limited to this. A configuration may be adopted in which authentication is performed by an information processing apparatus including only the authentication module including the panel control unit 101, the authentication key generation unit 102, the collation unit 103, and the decryption unit 105 described above. Further, a digital camera or the like may be used instead of the scanner 13 as an image acquisition device for reading the authentication image on the authentication sheet.

  In this embodiment, the user carries a hard copy of the authentication image as an authentication sheet, and the scanner 13 of the multifunction device 1 scans the authentication sheet to obtain an authentication image. Therefore, a third party who does not have this authentication sheet has no clue to guess which area should be specified and in what order, and it is difficult to find the authentication key. It becomes difficult. Therefore, it is possible to suppress unauthorized authentication.

  In addition to the authentication image, the registration key itself is invisiblely printed on the authentication sheet, and the verification is performed using the registration key read from the authentication sheet. Therefore, a third party who does not have an authentication sheet cannot perform the authentication process. In other words, in order for an unauthorized user to succeed in authentication, in addition to knowing information on the area to be touched and its order, it is necessary to have an authentication sheet, so that unauthorized authentication can be further suppressed. .

  In this embodiment, the registration key is printed invisible with infrared ink so that the user cannot identify the registration key on the authentication sheet. Therefore, the authentication sheet can be seen only as a sheet on which an image is printed and is less likely to be known as an authentication sheet. Therefore, the risk of successful authentication by an unauthorized user can be reduced. .

  In this embodiment, in order to make the registration key on the authentication sheet invisible, printing is performed using infrared ink, but the present invention is not limited to this. For example, the registration key may be printed as an electronic watermark embedded in a part of the authentication image. Even if it is a digital watermark, since the user cannot see substantially, the same effect as the case of infrared ink can be acquired.

  FIG. 8 is a block diagram showing a functional configuration of the multifunction machine 1 in this modification. In this case, when the registration key is printed on the sheet together with the authentication image in step S109 described above, the registration key creation unit 104 embeds and prints the registration key as an electronic watermark in the authentication image. The control unit 10 of the multifunction machine 1 further includes a decoding unit (decoding means) 107 as shown in FIG. 8, and after reading the authentication image in step S111, it is embedded in the read authentication image. The decryption unit 107 decrypts the digital watermark and extracts the registration key. Therefore, the printer 14 and the scanner 13 do not need to have special functions such as printing with infrared ink and infrared detection, and the cost of the multifunction device 1 can be reduced.

  In the present embodiment, the registration key is printed on the authentication sheet. In this case, even if infrared ink or digital watermark is used, it cannot be said that the registration key cannot be read using a special machine. However, in this embodiment, since the registration key printed on the authentication sheet is in an encrypted state, even if another person reads the registration key on the authentication sheet, It is not possible to know the areas to be touched and their order.

  In this embodiment, the registration key itself is printed on the authentication sheet. Instead, the registration key is stored in the multifunction device 1 or an external server, and the registration key has a registration key. Only the link information indicating the storage location stored may be printed. In this way, even if the user reads information invisiblely printed on the authentication sheet by any method, it is impossible to know the touched area and the order in the authentication image.

[Embodiment 2]
The second embodiment of the present invention will be described with reference to FIGS. 9 to 13 as follows. In the first embodiment described above, the user performs authentication using the authentication sheet on which the authentication image and the registration key are printed. However, in this embodiment, the authentication image and the registration key are external accounts. The difference is that it is stored on the server. Hereinafter, only the configuration different from that of the first embodiment will be described, and description of the same configuration will be omitted.

  FIG. 9 is a block diagram showing the configuration of the authentication system of this embodiment. As shown in FIG. 9, the authentication system includes a multifunction peripheral 1 ′ and an account server 2. The multifunction device 1 ′ is similar to the multifunction device 1 of the first embodiment, and the account server 2 manages various information necessary for user authentication processing and the like. Note that the account server 2 may be built in the multifunction peripheral 1 ′. In this case, since information used for authentication is not transmitted over the network, it is safer.

  FIG. 10 is a block diagram illustrating a functional configuration of the multifunction peripheral 1 ′ according to the present embodiment. As shown in FIG. 10, the control unit 10 of the multifunction machine 1 ′ further includes an authentication data communication unit (reception unit) 108. The authentication data communication unit 108 is a functional block for controlling the network I / F 15 to communicate with the account server 2 and exchange various data necessary for authentication. This authentication data communication unit 108 can also be realized by a combination of a CPU and software.

  FIG. 11 is a block diagram showing a functional configuration of the account server 2. The account server 2 includes a management unit 21, a network I / F 22, and a user account database (hereinafter referred to as user account DB) 23.

  The network I / F 23 is a device for exchanging information with an external device. The account server 2 is connected to the network via the network I / F 23 and can communicate with the multifunction peripheral 1 ′.

  FIG. 12 is a diagram showing a record structure of the user account DB 23. As shown in FIG. 12, the user account DB 23 stores an authentication image and a registration key for each user.

  The management unit 21 stores data in the user account DB 23 and reads data from the user account DB 23 in accordance with an instruction from the multifunction peripheral 1 ′. The management unit 21 can be realized by a combination of a CPU and software.

  Next, a registration key creation method and an authentication method by the multifunction peripheral 1 ′ according to the present embodiment will be described. First, when creating a registration key, after the registration key creation unit 104 encrypts the registration key in step S107 described above, the authentication data communication unit 108 sends the authentication image and the registration key to the account server 2 together with the user ID. Send. Then, the management unit 21 of the account server 2 stores the received authentication image and registration key in the user account DB 23 in association with the received user ID. Therefore, in this embodiment, the authentication sheet is not output. At this time, the processing information after authentication may be stored in the user account DB 23 as necessary.

  FIG. 13 is a flowchart showing authentication processing in the present embodiment. At the time of authentication, first, the panel control unit (identification information acquisition unit) 101 of the multifunction peripheral 1 ′ controls the operation panel 12 to receive a user ID from the user. Then, the authentication data communication unit 108 transmits the user ID accepted by the panel control unit 101 to the account server 2 and requests the account server 2 for an authentication image and a registration key. In response to this, the management unit 21 of the account server 2 acquires an authentication image and a registration key corresponding to the received user ID from the user account DB 23, and transmits them to the multifunction device 1 '. Then, the authentication data communication unit 108 of the multifunction device 1 receives the authentication image and the registration key and stores them in the storage unit 11 (S211).

  The subsequent processing is the same as steps S113 to S127 of the first embodiment described above.

  As described above, in this embodiment, the authentication data communication unit 108 receives the authentication image and the registration key stored in the storage unit 11 from the account server 2. Therefore, the user does not need to carry the authentication sheet at the time of authentication and is comfortable. Further, since the printer 14 and the scanner 13 do not need to have special functions such as printing with infrared ink and infrared detection, the cost of the multifunction device 1 can be reduced.

  Further, in the present embodiment, the panel control unit 101 receives a user ID from a user, and the authentication data communication unit 108 receives an authentication image and a registration key corresponding to the user ID from the account server 2. . Therefore, an authentication image and a registration key can be set for each user, and user-specific authentication can be performed.

  In the above-described embodiment, the registration key and the authentication image are separate data (files). However, the present invention is not limited to this, and the registration key is embedded in the tag field of the image file of the authentication image. You can also

[Embodiment 3]
A third embodiment of the present invention will be described with reference to FIGS. 14 to 19 as follows. In the first and second embodiments described above, the area in the authentication image, which is one of the key information included in the registration key and the authentication key, is indicated by coordinates. However, in this embodiment, the authentication image is a predetermined key. A difference is that a character string is associated with each of the divided regions obtained by division in a style, and the match / mismatch of the regions is determined using the character string associated with the divided region. Hereinafter, only the configuration different from that of the first embodiment will be described, and description of the same configuration will be omitted.

  The authentication system of the present embodiment includes a multifunction device 1 ″ and an account server 2. FIG. 14 is a block diagram showing a functional configuration of the multifunction device 1 ″ of the present embodiment. The multi-function device 1 ″ is basically the same as the multi-function device 1 of the first embodiment, but the control unit 10 includes a decryption unit 107 and an authentication data communication unit 108 as shown in FIG. The function of the decryption unit 107 is the same as that of the modification of the first embodiment, and the function of the authentication data communication unit 108 is basically the same as that of the second embodiment. The account server 2 is basically the same as that of the second embodiment.

  A registration key creation method and an authentication method by the multifunction peripheral 1 ″ of the present embodiment will be described. First, in the registration key creation process, steps S103 and S105 described above are different. In step S101, the user selects an authentication image. Upon selection, the registration key creation unit 104 of the multifunction peripheral 1 ″ instructs the Web browser of the PC terminal device operated by the user to display an authentication image. Subsequently, the registration key creation unit 104 instructs the Web browser to display the grid so as to overlap the authentication image as shown in FIG.

  Next, the user selects several areas corresponding to the object in the authentication image and designates the order for the selected areas. For example, as in the first embodiment, it is assumed that the user selects apples and corkscrews. In this case, as shown in FIG. 16, the user selects all the lattice areas 411 including apples with the mouse. Similarly, all the lattice regions 412 including cork removal are also selected.

  Next, the registration key creation unit 104 associates the same predetermined character string (for example, “eukv6jtf”) with each of the lattice areas 411 corresponding to the apple selected by the user. Similarly, each of the lattice areas 412 corresponding to the cork removal selected by the user is associated with a predetermined character string (for example, “jtfuk67r”) different from that of the apple. When the user designates areas in the order of apples and corks, the registration key creation unit 104 concatenates character strings corresponding to the areas in this designation order. In the case of the above example, this creates a character string “eukv6jtfjtfuk67r”. In this embodiment, this character string is used as a registration key.

  Then, the registration key creation unit 104 encrypts the created registration key and transmits it to the account server 2, and the management unit 21 of the account server 2 receives and decrypts this registration key and associates it with the user ID. Register in the account DB 23. FIG. 17 is a diagram showing a record structure of the user account DB 23. As shown in FIG. 17, the user account DB 23 stores a registration key for each user.

  Next, the registration key creation unit 104 associates a character string with each of the lattice areas not selected by the user (non-selected lattice areas) so as not to overlap. The character string associated with the non-selected lattice area is different from the character string associated with the lattice areas 411 and 412 described above. By this processing, the character string is associated with all the lattice areas in the authentication image. Hereinafter, a character string associated with each lattice area is referred to as corresponding character string information.

  Then, the printer 14 creates an authentication sheet according to the control of the apparatus control unit 106. At this time, the printer 14 prints all the corresponding character string information created by the registration key creation unit 104 invisible in the corresponding grid area in the authentication image. The method for printing the corresponding character string information invisible may be either the method using the infrared ink or the method using the digital watermark described above, but in this embodiment, the corresponding character string information is authenticated by the digital watermark. The image is embedded in each grid area of the image. The printer 14 also prints the user ID in a specific area of the authentication sheet.

  The user carries the authentication sheet thus created as an ID card and uses it for authentication.

  Next, a description will be given of an authentication method using the multi function device 1 ″ according to this embodiment. FIGS. 18 and 19 are flowcharts showing authentication processing according to this embodiment.

  When the user wants to use the multifunction device 1 ″, the user places an authentication sheet on the platen glass of the multifunction device 1 and instructs to scan. In response to this, the scanner 13 of the multifunction device 1 Then, the authentication sheet is scanned in accordance with the control of the apparatus control unit 106, and an authentication image printed on the authentication sheet is acquired (S311) The user ID and the authentication image acquired by the scanner 13 are included in the authentication image. Corresponding character string information is also included.

  The read authentication image is temporarily stored in the storage unit 11, and then read out by the panel control unit 101 and displayed on the touch panel of the operation panel 12 (S213). Next, the decrypting unit 107 reads the authentication image stored in the storage unit 11 and decrypts the user ID and the corresponding character string information embedded in the authentication image as a digital watermark. Then, the decrypting unit 107 creates a lattice area-character string correspondence table indicating the relationship between each lattice area of the authentication image and the corresponding character string information associated with the lattice area from the decrypted corresponding character string information. (S315).

  Next, the authentication data communication unit 108 transmits the user ID decrypted by the decryption unit 107 to the account server 2 and requests the account server 2 for a registration key. In response to this, the account server 2 acquires a registration key corresponding to the received user ID from the user account DB 23 shown in FIG. 17, encrypts it, and transmits it to the multifunction device 1 ″. Authentication of the multifunction device 1 ″ The data communication unit 108 receives this registration key (S317), and the decryption unit 105 decrypts this registration key and stores it in the storage unit 11 (S319). Next, the authentication key generation unit 102 clears a buffer for temporarily storing a character string serving as an authentication key (S321). As a result, the buffer becomes an empty string.

  Then, the panel control unit 101 controls the operation panel 12 to accept a user operation (S323). In this step, the user browses the authentication image displayed on the touch panel, and touches one of the objects using the picture of the object (apple or cork removal) included in the authentication image as a clue. Then, the authentication key generation unit 102 acquires a user operation from the panel control unit 101, and acquires a character string associated with the lattice region touched by the user from the lattice region-character string correspondence table of the storage unit 11. . Then, the authentication key generation unit 102 concatenates the acquired character string to the end of the character string in the buffer (S325). However, when the user touches the first object, the character string associated with the grid area touched by the user is stored in the buffer as it is.

  Subsequently, the collation unit 103 counts the number of characters included in the character string in the buffer, and determines whether or not the number of characters is within a specified value (S327). Here, if the number of characters exceeds the specified value, the collation unit 103 determines that the authentication has failed (S333), and does not instruct the device control unit 106 to cancel the usage restrictions on the scanner 13 and the printer 14.

  On the other hand, if the number of characters is within the specified value in step S327, the collation unit 103 reads the registration key from the storage unit 11, and the character string in the buffer (that is, the character string of the authentication key) matches the character string of the registration key. It is determined whether or not to perform (S331). Here, if the two match, the collation unit 103 determines that the authentication is successful (S331), and instructs the device control unit 106 to release the restrictions on the use of the scanner 13 and the printer 14. On the other hand, if the two do not match in step S331, the process returns to step S323 in order to accept further object designation from the user.

  As an example, an authentication process in the case where a certain user designates an apple and a corkscrew in this order and creates the above-described registration key will be described. In this case, when the user first touches the apple in step S323, the character string associated with the lattice area overlapping with the apple is “eukv6jtf”, so the character string in the buffer becomes “eukv6jtf” in step S325. In step S327, it is determined that the character string in the buffer does not match the character string of the registration key (“eukv6jtfjtfuk67r”), and the process returns to step S323.

  Subsequently, when the user touches the cork removal, in step S325, the character string “jtfuk67r” associated with the lattice area overlapping with the cork removal is connected to the end of the character string “eukv6jtf” in the buffer, and the character in the buffer. The column becomes “eukv6jtfjtfuk67r”. As a result, in step S327, it is determined that the character string in the buffer matches the registration key, and authentication is successful.

  On the other hand, if an unauthorized user randomly specifies an object, it is determined in step S327 that the character string in the buffer does not match the character string of the registration key, and the number of characters in the buffer exceeds the specified value over time. Authentication fails.

  As described above, in this embodiment, the registration key and the authentication key are characters obtained by concatenating a predetermined character string associated with each region obtained by dividing the authentication image in the region designation order. It is a column. As described above, in this embodiment, since the registration key is a hash value, even if a third party steals the registration key stored in the account server 2, the areas to be specified and the order of the areas should be specified. I can't know. Therefore, it is not necessary to encrypt the registration key when storing the registration key, and the management of the registration key is facilitated.

  In practice, the size of the lattice region (interval of the lattice) is preferably smaller than that in FIG. If the size of the lattice area is reduced, the probability that a user who does not know the contents of the registration key will succeed in authentication by chance can be reduced. When the size of the lattice area is reduced, it is preferable to sufficiently lengthen the character string associated with each lattice area so that the same character string is not associated with different lattice areas. Even if the amount of information that can be embedded as a watermark in the authentication image is small, there is no problem if character strings without duplication are prepared in advance and these character strings are assigned to the lattice areas in a random order. .

  In this embodiment, the authentication image and the corresponding character string information are printed on the authentication sheet. However, as in the second embodiment described above, the authentication image and the corresponding character string information are stored in the account server 2. It is good also as a structure stored in user account DB23. In this case, the user account DB 23 stores the authentication image, the corresponding character string information, and the registration key in association with the user ID, and at the time of authentication, the multifunction device 1 ″ uses the user ID in some way from the user. In addition to the acquisition, the authentication image, the corresponding character string information, and the registration key corresponding to the acquired user ID may be received from the account server 2. With this configuration, the same effects as those of the above-described second embodiment are obtained. Can be obtained.

  In the present embodiment, the registration key is stored in the user account DB 23 of the account server 2, but the registration key may be printed on a recording sheet as in the first embodiment. With this configuration, the same effects as those of the first embodiment described above can be obtained.

  The present invention is not limited to the above-described embodiments, and various modifications are possible within the scope shown in the claims, and embodiments obtained by appropriately combining technical means disclosed in different embodiments. Is also included in the technical scope of the present invention.

  The present invention can be applied to a multifunction machine that requires user authentication during job processing.

1 is a block diagram illustrating a functional configuration of a multifunction peripheral according to a first embodiment of the present invention. FIG. 3 is a flowchart illustrating a registration key creation process according to the first embodiment of this invention. It is a figure which shows an example of the image for authentication used in this invention. FIG. 3 is a diagram illustrating an example of selection of an object by a user according to the first embodiment of this invention. 1 illustrates a first embodiment of the present invention and is an example of data constituting a registration key. It is a figure which shows an example of the printing position of a registration key. FIG. 3 is a flowchart illustrating authentication processing by the multifunction peripheral according to the first embodiment of this invention. FIG. 9 is a block diagram illustrating a functional configuration of a multifunction peripheral, showing a modification example of the first embodiment. It is a block diagram which shows the 2nd Embodiment of this invention and shows the structure of an authentication system. FIG. 9 is a block diagram illustrating a functional configuration of a multifunction peripheral according to a second embodiment of the present invention. It is a block diagram which shows the 2nd Embodiment of this invention and shows the function structure of an account server. It is a figure which shows the 2nd Embodiment of this invention and shows the record structure of a user account database. FIG. 9 is a flowchart illustrating an authentication process performed by a multifunction machine according to a second embodiment of this invention. FIG. 9 is a block diagram illustrating a functional configuration of a multifunction peripheral according to a third embodiment of the present invention. It is a figure which shows the 3rd Embodiment of this invention and shows the example by which the grid | lattice area | region was superimposed and displayed on the image for authentication. It is a figure which shows the 3rd Embodiment of this invention and shows the example of selection of the object by a user. It is a figure which shows the 3rd Embodiment of this invention and shows the record structure of a user account database. FIG. 10 is a flowchart illustrating the first embodiment of the present invention and the first half of the authentication processing by the multifunction peripheral. FIG. 24 is a flowchart illustrating the second half of the authentication processing by the multifunction peripheral according to the third embodiment of this invention.

Explanation of symbols

1,1 ', 1 "MFP (authentication device)
2 Account server (external server)
11. Storage unit (image storage unit / registration key storage unit)
12 Operation panel (operation device)
13 Scanner (image acquisition device)
14 Printer (image forming unit)
15 Network interface (communication device)
101 Panel control unit (display control means / operation reception means / identification information acquisition means)
102 Authentication key generation unit (authentication key generation means)
103 Verification unit (comparison means)
104 Registration key creation unit (key creation information acquisition means / registration key generation means)
105 Decoding unit (decoding means)
107 Decryption unit (decoding means)
108 Authentication data communication unit (receiving means)

Claims (17)

An authentication device for authenticating a user,
An image storage unit for storing an authentication image in which a plurality of different types of objects are arranged;
A registration key storage unit for storing registration key information generated based on a plurality of predetermined regions and their order in the authentication image;
Display control means for displaying an authentication image stored in the image storage unit on a display device;
Operation receiving means for controlling the operating device and receiving an operation for sequentially specifying a plurality of areas in the authentication image from the user;
Authentication key generation means for generating authentication key information based on the plurality of areas specified by the operation received by the operation reception means and the designation order;
An authentication apparatus comprising: a comparison unit that compares the authentication key information generated by the authentication key generation unit with the registration key information stored in the registration key storage unit.   The image acquisition device further includes an image acquisition control unit that controls the image acquisition device to acquire the authentication image printed on a recording medium and stores the acquired authentication image in the image storage unit. The authentication device according to claim 1. On the recording medium, the registration key information stored in the registration key storage unit or link information indicating the storage location of the registration key information is printed invisible.
The authentication apparatus according to claim 2, wherein the image acquisition control unit also acquires registration key information or link information printed on the recording medium together with the authentication image. Further comprising the above image acquisition device,
On the recording medium, the registration key information is printed with infrared ink,
The authentication apparatus according to claim 3, wherein the image acquisition apparatus is capable of reading registration key information printed with the infrared ink. A decryption means,
In the recording medium, the registration key information is embedded in the authentication image as a digital watermark,
4. The decrypting unit decrypts the digital watermark acquired by the image acquisition control unit to acquire the registration key information, and stores the acquired registration key information in the registration key storage unit. The authentication device described in 1. Further comprising decryption means,
The encrypted registration key information is printed on the recording medium,
4. The authentication apparatus according to claim 3, wherein the decryption unit decrypts the encrypted registration key information acquired by the image acquisition control unit and stores the decrypted registration key information in the registration key storage unit.   It further comprises receiving means for controlling the communication device to receive the authentication image stored in the image storage unit and the registration key information stored in the registration key storage unit from an external server. The authentication device according to claim 1. It further comprises identification information acquisition means for acquiring user identification information,
The authentication apparatus according to claim 7, wherein the receiving unit receives the authentication image and registration key information corresponding to the user identification information acquired by the identification information acquisition unit from the external server. Further comprising decryption means,
The receiving means receives the registration key information encrypted from the external server,
8. The authentication apparatus according to claim 7, wherein the decryption unit decrypts the encrypted registration key information acquired by the reception unit and stores the decrypted registration key information in the registration key storage unit.   The registration key information and the authentication key information are characters indicating a character string obtained by concatenating one or more characters previously associated with each region obtained by dividing the authentication image in the above order. The authentication apparatus according to claim 1, wherein the authentication apparatus is column information.   The authentication apparatus according to claim 1, wherein the operation accepting unit accepts an operation of designating a keyword related to the object that overlaps the area, together with an operation of designating an area in the authentication image. Key creation information acquisition means for receiving key creation information for designating a plurality of the predetermined areas and their order in the authentication image from a user via a communication network;
Registration key generation means for generating registration key information based on the plurality of predetermined areas specified by the key generation information acquired by the key generation information acquisition means and their order;
The authentication apparatus according to claim 1, wherein the key creation information acquisition unit and the registration key generation unit operate according to a Web application program. An authentication device according to claim 1, the display device, the operating device, and an image forming unit,
An operation of the image forming unit is restricted based on a comparison result by a comparison unit of the authentication device.   8. An authentication system, comprising: the authentication device according to claim 7; and the external server.   An authentication program for causing a computer to function as each unit of the authentication apparatus according to claim 1.   A computer-readable recording medium on which the authentication program according to claim 15 is recorded. An authentication method for authenticating a user executed by an authentication device,
A display process in which the display control means of the authentication device displays an authentication image in which a plurality of different types of objects are arranged on the display device;
An operation receiving step in which an operation receiving unit of the authentication device receives an operation of controlling the operating device and sequentially specifying a plurality of areas in the authentication image from the user;
An authentication key generating step in which an authentication key generating means of the authentication device generates authentication key information based on the plurality of regions specified by the operation received in the operation receiving step and the specified order;
The comparison unit of the authentication device uses the authentication key information generated by the authentication key generation unit as registration key information stored in the registration key storage unit of the authentication device, and includes a plurality of predetermined regions in the authentication image and their order. And a comparison step of comparing with the registration key information created based on the authentication method.