JP2013251621A - Image processing device and authentication device - Google Patents

Abstract

An image processing apparatus and an authentication apparatus that can ensure high security are provided.
An operation panel is used for inputting authentication information. The authentication condition holding unit 401 holds authentication conditions. The authentication unit 402 determines whether the authentication information input from the operation panel 200 satisfies the authentication conditions held in the authentication condition holding unit 401. The authentication condition update unit 403 registers a new authentication condition uniquely generated in the authentication condition holding unit 401 instead of the previously held authentication condition at a timing designated in advance. The notification unit 404 notifies the new authentication condition generated by the authentication condition update unit 403 together with an identifier that uniquely identifies the image processing apparatus.
[Selection] Figure 4

Description

  The present invention relates to an image processing apparatus having an authentication function and an authentication apparatus.

  In recent years, MFPs (Multi Function Peripherals) having functions such as scanners, facsimiles, printers, and copiers have been used in offices and the like. A multifunction machine is often used in a situation where it is connected to an information processing terminal such as a personal computer through a network such as a LAN (Local Area Network). Then, it functions as an image forming device that prints image data input from the information processing terminal on paper, functions as an image reading device that acquires image data used in the information processing terminal, and searches document image data. It functions as a document management device that accumulates as possible.

  In an environment such as an office where a single multifunction device is shared by a plurality of users, image data input from an information processing terminal as a print job and document image data stored in the multifunction device are highly sensitive. This includes things that you don't want others to get. For this reason, in this type of multi-function peripheral, by confirming the user's usage qualification by entering authentication information, etc., output (printing) of image data input as a print job and access to stored document image data User authentication that permits only an authorized person to use this is widely used. As such authentication information, a user ID and a password associated with the user ID are widely used.

  On the other hand, some multifunction peripherals have a normal mode in which a general user performs image processing, and a maintenance mode that is open only to a limited number of persons such as service personnel. The maintenance mode is a mode in which all information of the image processing apparatus can be accessed, such as a change in unit price table as a charging standard, counter information, and user information retrieval. Such a transition to the maintenance mode needs to be surely prevented from being executed by a person other than the service person from the viewpoint of preventing information leakage. That is, not only a general user but also an administrator or the like who has been given a wider authority than a general user, such as a user registration authority, cannot be allowed to enter the maintenance mode.

  For this reason, some MFPs employ a method different from user authentication using a user ID and password, such as authentication by special operation on the operation unit, for authentication for shifting to the maintenance mode. The special operation is an operation that is not performed in order to execute image processing. For example, the operation button is pressed for a long time, a plurality of operation buttons are simultaneously pressed, and a specific order of the operation buttons is pressed. In such an authentication method, unlike an authentication method by inputting a user ID and a password, a user other than a person who knows a special operation for shifting to the maintenance mode finds an entrance for shifting to the maintenance mode. Even it becomes difficult and security can be improved.

  In addition, as a technique related to the present invention, Patent Document 1 described later captures a barcode or two-dimensional code generated based on the abnormality as an image in a portable terminal when an abnormality occurs in the printing apparatus, The maintenance system which acquires the maintenance information with respect to abnormality by a portable terminal communicating with a server based on the said image is disclosed.

JP 2007-041840 A

  In the above-described method of requesting the user for some operation (input) and confirming the user's authority based on whether or not the performed operation matches a pre-registered operation, the user asks the multifunction device. If the registered operation content (hereinafter referred to as registered operation content) is forgotten, authentication becomes impossible. Even in this case, for example, when a person with higher authority such as an administrator for a general user is set, the higher authority changes the registration operation contents of the general user to new contents. Thus, the general user can be authenticated by executing the newly registered operation.

  However, if a higher-level authority is not set, such as a service person who is permitted to execute the maintenance mode, the registration operation cannot be changed to a new one. Have difficulty. For example, if the service person changes the registration operation content for transition to maintenance mode to any operation content, if that service person forgets the operation content after the change, it will not be possible to transition to maintenance mode, Maintenance work cannot be performed on the machine. Such a situation needs to be surely avoided because it causes a great deal of trouble to the user of the multifunction device at the installation location of the multifunction device. For this reason, the registration operation content for shifting to the maintenance mode is set to be the same for all multifunction devices (or the same model), and the multifunction device may have a function for changing the registration operation content. There is a fact that a serviceman is operationally prohibited from changing a registered operation content to an arbitrary operation content.

  However, if the registration operation contents are the same in all the multifunction peripherals, if the registration operation contents are leaked, the use of the leaked registration operation contents enables the transition to the maintenance mode in all the multifunction peripherals. Since all the service personnel are aware of the registration operation content, it is extremely difficult to reliably prevent any leakage including the retired service personnel. In addition, it is not impossible for a malicious person to decipher the registration operation contents by observing how the serviceman is operating. It is possible to give some degree of resistance against leakage of registered operation contents by periodically changing the registered operation contents at once, but until the registered operation contents are changed, the leaked registered operation contents It is still possible to shift to the maintenance mode in all the multifunction machines by using.

  The present invention has been made in view of such problems of the conventional technology, and an object thereof is to provide an image processing apparatus and an authentication apparatus that can ensure high security. It is another object of the present invention to provide an image processing apparatus and an authentication apparatus that can reliably prevent the occurrence of an unauthenticated state due to a forgotten registration operation content.

  In order to achieve the above object, the present invention employs the following technical means. That is, the image processing apparatus according to the present invention has an authentication function, and includes an operation unit, an authentication condition holding unit, an authentication unit, an authentication condition update unit, and a notification unit. The operation unit is used for inputting authentication information. The authentication condition holding unit holds authentication conditions. The authentication unit determines whether the authentication information input from the operation unit satisfies the authentication condition held in the authentication condition holding unit. The authentication condition update unit registers the newly generated new authentication condition in the authentication condition holding unit in place of the previously held authentication condition at a timing specified in advance. The notification unit notifies the new authentication condition generated by the authentication condition update unit together with an identifier that uniquely identifies the image processing apparatus. Here, the timing designated in advance means that, for example, authentication by the authentication unit is permitted in addition to when the authentication state by the authentication unit is canceled (when logging out) or when an authentication condition update instruction is input by the user. It also includes the time of login (during login). This configuration can be particularly suitably used for authentication for shifting from the normal mode to the maintenance mode in an image processing apparatus having a normal mode for performing image processing and a maintenance mode for apparatus maintenance.

  In this image processing apparatus, the authentication condition (registration operation content) is updated to a new authentication condition at a timing designated in advance. For example, every time the user logs out from the maintenance mode, the authentication condition for shifting to the maintenance mode is updated to a new authentication condition. In this way, by adopting a configuration in which the authentication condition is updated to the one uniquely generated by the authentication condition update unit, for example, the authentication condition (registration operation content) for shifting to the maintenance mode is made different for each apparatus. It becomes possible. Therefore, it is possible to reliably avoid, for example, a situation in which it is possible to shift to the maintenance mode in all multifunction peripherals due to leakage of authentication conditions (registration operation content), and high security can be ensured. In addition, since the new authentication condition generated by the authentication condition update unit is notified together with an identifier that uniquely identifies the image processing apparatus, it is not confused with the authentication conditions of other image processing apparatuses.

  The image processing apparatus further includes an external interface for transmitting data to an external storage device provided independently of the image processing apparatus, and the notification unit is generated by the authentication condition update unit via the external interface. A configuration may be employed in which the new authentication condition is notified to the external storage device together with an identifier that uniquely identifies the image processing device. The external storage device can be installed, for example, at a sales office (for example, a head office) of a multifunction machine sales store to which a service person belongs. In this case, for example, when receiving the authentication of the maintenance mode shift of the image processing apparatus, the service person accesses the external storage device by a portable communication terminal or the like held by the service person and is associated with the image processing apparatus to be maintained. Acquire authentication conditions. Then, by inputting the authentication condition acquired through the operation unit to the image processing apparatus, it is possible to receive the authentication for transition to the maintenance mode. In this configuration, the new authentication condition and the identifier that uniquely identifies the image processing apparatus are notified to and stored in an external storage device different from the image processing apparatus, so that it is possible to ensure that an unauthenticated state occurs due to forgotten authentication conditions. Can be prevented. Further, it is possible to realize authentication for unspecified service personnel while ensuring high security.

  Registration of a new authentication condition in the external storage device is information including an identifier for uniquely specifying the new authentication condition generated by the authentication condition update unit and the image processing device by the display unit provided in the operation unit. May be displayed on the display unit, and a new authentication condition and identifier may be registered in the external storage device through the mobile communication terminal that acquired the information. In this configuration, when the mobile communication terminal acquires a new authentication condition, the service person can confirm the content. Therefore, for example, when the image processing apparatus needs to be authenticated again on the spot due to a work mistake or the like, it is possible to recognize new authentication conditions without accessing the external storage device. In this configuration, even when the image processing apparatus cannot communicate directly with the external storage device, new authentication conditions and identifiers can be stored in the external storage device.

  The image processing apparatus described above further includes an external interface for receiving data from the external storage device, and the authentication condition update unit has completed registration of new authentication conditions and identifiers from the external storage device through the external interface. When a notification indicating this is received, the newly generated authentication condition may be registered in the authentication condition holding unit in place of the previously held authentication condition. Thereby, it is possible to prevent the authentication condition from being updated under a situation where a new authentication condition and an identifier are not stored in the external storage device due to some trouble.

  On the other hand, from another viewpoint, the present invention can also provide an authentication device.

  According to the present invention, high security can be ensured. It is also possible to reliably prevent the occurrence of an unauthenticated state due to the forgotten registration operation content.

1 is a schematic configuration diagram showing the overall configuration of a multifunction machine according to an embodiment of the present invention. 1 is a schematic diagram showing an operation panel of a multifunction machine according to an embodiment of the present invention. The figure which shows the hardware constitutions of the multifunctional device in one Embodiment of this invention. 1 is a functional block diagram showing a multifunction machine according to an embodiment of the present invention. The flowchart which shows an example of the authentication procedure which the multifunctional machine in one Embodiment of this invention implements

  Hereinafter, an embodiment of the present invention will be described in more detail with reference to the drawings. In the following, the present invention is embodied as a digital multifunction machine.

  FIG. 1 is a schematic configuration diagram illustrating an example of the overall configuration of a digital multifunction peripheral according to the present embodiment. As shown in FIG. 1, the multifunction peripheral 100 includes a main body 101 including an image reading unit 120 and an image forming unit 140, and a platen cover 102 attached above the main body 101. A document table 103 is provided on the upper surface of the main body 101, and the document table 103 is opened and closed by a platen cover 102. Further, the platen cover 102 includes a document conveying device 110.

  An image reading unit 120 is provided below the document table 103. The image reading unit 120 reads an image of a document with the scanning optical system 121 and generates digital data (image data) of the image. The document can be placed on the document table 103 or the document transport device 110. The scanning optical system 121 includes a first carriage 122, a second carriage 123, and a condenser lens 124. The first carriage 122 is provided with a linear light source 131 and a mirror 132, and the second carriage 123 is provided with mirrors 133 and 134. The light source 131 illuminates the document. The mirrors 132, 133, and 134 guide reflected light from the document to the condenser lens 124, and the condenser lens 124 forms an optical image on the light receiving surface of the line image sensor 125. In the scanning optical system 121, the first carriage 122 and the second carriage 123 are provided so as to be able to reciprocate in the sub-scanning direction 135. By moving the first carriage 122 and the second carriage 123 in the sub-scanning direction 135, the image of the document placed on the document table 103 can be read by the image sensor 125. When reading an image of a document set on the document conveying device 110, the image reading unit 120 temporarily fixes the first carriage 122 and the second carriage 123 according to the image reading position, and passes the image reading position. Are read by the image sensor 125. The image sensor 125 generates image data of a document corresponding to, for example, each color of R (red), G (green), and B (blue) from the light image incident on the light receiving surface. The generated image data can be printed on paper in the image forming unit 140. Further, the data can be transmitted to other devices (not shown) through the network 162 by the network interface 161.

  The image forming unit 140 prints image data obtained by the image reading unit 120 or image data received from another device connected to the network 162 on a sheet. The image forming unit 140 includes a photosensitive drum 141. The photosensitive drum 141 rotates in one direction at a constant speed. Around the photosensitive drum 141, a charger 142, an exposure unit 143, a developing unit 144, and an intermediate transfer belt 145 are arranged in this order from the upstream side in the rotation direction. The charger 142 uniformly charges the surface of the photosensitive drum 141. The exposure device 143 irradiates the surface of the uniformly charged photoconductor drum 141 with light according to the image data, and forms an electrostatic latent image on the photoconductor drum 141. The developing device 144 attaches toner to the electrostatic latent image and forms a toner image on the photosensitive drum 141. The intermediate transfer belt 145 transfers the toner image on the photosensitive drum 141 onto a sheet. When the image data is a color image, the intermediate transfer belt 145 transfers each color toner image onto the same sheet. The RGB color image is converted into C (cyan), M (magenta), Y (yellow), and K (black) format image data, and the image data of each color is input to the exposure unit 143.

  The image forming unit 140 feeds paper from the manual feed tray 151, the paper feed cassettes 152, 153, and 154 to the transfer unit between the intermediate transfer belt 145 and the transfer roller 146. Various sizes of paper can be placed or stored in the manual feed tray 151 and the paper feed cassettes 152, 153, and 154. The image forming unit 140 selects a sheet specified by the user or a sheet corresponding to the automatically detected document size, and feeds the selected sheet from the manual feed tray 151 or the cassettes 152, 153, and 154 by the feeding roller 155. . The fed paper is transported to the transfer section by transport rollers 156 and registration rollers 157. The sheet on which the toner image is transferred is conveyed to the fixing device 148 by the conveyance belt 147. The fixing device 148 has a fixing roller 158 and a pressure roller 159 with a built-in heater, and fixes the toner image on the sheet by heat and pressing force. The image forming unit 140 discharges the sheet that has passed through the fixing device 148 to the discharge tray 149.

  FIG. 2 is a diagram illustrating an example of an appearance of an operation panel included in the multifunction peripheral. The user can use the operation panel 200 to give the MFP 100 a start of copying and other instructions, and to confirm the status and settings of the MFP 100. On the operation panel 200, a display 201 with a touch panel and operation keys 203 are arranged. The display 201 includes a display surface including a liquid crystal display that displays operation buttons, messages, and the like, and a sensor that detects a pressed position on the display surface. The detection method of a press position is not specifically limited. Any method such as a resistance film method, a capacitance method, a surface acoustic wave method, and an electromagnetic wave method can be employed. The user can input through the display 201 using his / her finger or the touch pen 202.

  The display 201 displays an operation screen having a button display unit 204, a message display unit 205, and a status display unit 206. A plurality of tabs 208 are prepared in the button display unit 204, and operation buttons corresponding to the tab category are arranged on each tab. The “easy setting” tab has operation buttons used for basic setting. In the example of FIG. 2, operation buttons for setting paper size, copy magnification, density, printing surface, page aggregation, and post-processing are arranged. For example, when the user performs an operation of pressing the “density” button 207, a pop-up screen having selection buttons such as “light”, “normal”, and “dark” for selecting the density is displayed over the operation button. The density is set by the user's selection (pressing). In the example of FIG. 2, in addition to the “easy setting” tab, a “document / paper / finish” tab, a “color / image quality” tab, a “layout / edit” tab, and an “application / others” tab are also provided. The user can switch to the display of these tabs by performing an operation of selecting the tab button 208. While one tab is selected, other tabs and their elements are hidden on the operation screen.

  The message display unit 205 displays a message notifying the user of settings such as whether copying is possible and the number of copies. Note that the MFP 100 according to the present embodiment is configured to perform user authentication processing (login processing) for confirming the user (operator) usage qualification when the MFP 100 is used. FIG. 2 shows a state before the user authentication processing is performed, and a message “Please enter authentication information” requesting input of user authentication information is displayed on the message display unit 205. . Here, the user inputs user authentication information using the numeric keypad 210 or a software keyboard displayed on the touch panel 201 as necessary.

  The status display unit 206 displays device status information as necessary. In this display, detection results of various sensors included in the multifunction peripheral 100 are reflected. The device status information means a message that notifies the user of a warning that prompts the user to respond to an abnormality although the device is in an operable state. For example, the fact that the remaining amount of paper is low, the document platen 103 is dirty, and the facsimile document is stored in the memory when the facsimile memory reception is set is included. Further, the device status information may include out-of-paper, conveyance jam, and the like.

  The operation keys 203 include a main power key 209, a numeric keypad 210, a start key 211, a clear key 212, a LogOut key 213, and the like. For example, the main power key 209 is used to switch the main power supply of the multifunction peripheral 100 on and off. The numeric keypad 210 can be used for specifying the number of copies and setting the copy magnification. When the user makes these settings, the multi-function device 100 displays a message such as “Can be copied (with settings)” on the message display unit 205 to notify the user that the settings have been made. The start key 211 is used for a start instruction for copying or image printing. The user operates the clear key 212 when canceling the setting made by the user. Since whether or not the machine accepts the setting by the user can be determined by the above-described message, the clear key 212 may be operated if the setting becomes unnecessary. Although not particularly limited, in the present embodiment, the operation through the operation panel 200 is prohibited except for the input of information related to the authentication until the user's use qualification is confirmed by the user authentication process described above. . When the authenticated user presses the LogOut key 213 after using the multifunction peripheral, or when the operation of the operation panel 200 and the operation of the image reading unit 120 and the image forming unit 140 are not performed for a predetermined time after the authentication, the multifunction peripheral 100 It is configured to return to the state before the authentication process is performed.

  FIG. 3 is a hardware configuration diagram of a control system in the multifunction machine. The multifunction peripheral 100 according to the present embodiment includes a CPU (Central Processing Unit) 301, a RAM (Random Access Memory) 302, a ROM (Read Only Memory) 303, an HDD (Hard Disk Drive) 304, an original transport device 110, and an image reading unit 120. A driver 305 corresponding to each drive unit in the image forming unit 140 is connected via an internal bus 306. The ROM 303, the HDD 304, and the like store programs, and the CPU 301 controls the multifunction peripheral 100 in accordance with the instructions of the control program. For example, the CPU 301 uses the RAM 302 as a work area, and controls the operation of each driving unit by exchanging data and commands with the driver 305. The HDD 304 is also used to store image data obtained by the image reading unit 120 and image data received from other devices through the network interface 161.

  An operation panel 200, a network interface 161, and various sensors 307 are also connected to the internal bus 306. The operation panel 200 receives a user operation and supplies a signal based on the operation to the CPU 301. The display 201 of the operation panel 200 displays the above-described operation screen according to a control signal from the CPU 301. The sensor 307 includes various sensors such as an open / close detection sensor for the platen cover 102, a document detection sensor on the document table 103, a temperature sensor for the fixing device 148, and a detection sensor for the conveyed paper or document.

  The CPU 301 executes, for example, a program stored in the ROM 303 to realize each of the following means (functional blocks) and controls the operation of each means according to signals from these sensors.

  FIG. 4 is a functional block diagram of the MFP according to the present embodiment. As illustrated in FIG. 4, the MFP 100 according to the present embodiment includes an authentication condition holding unit 401, an authentication unit 402, an authentication condition update unit 403, a notification unit 404, an operation control unit 405, and an operation recognition unit 406. In FIG. 4, the multifunction device 100 is connected to the Internet 400 via the network interface 161. An external storage device 411 that stores authentication conditions notified from the multifunction device 100 is connected to the Internet 400. In this example, the external storage device 411 is configured by a server device. The server device can be installed, for example, at a sales office (for example, a head office) of a store of the multifunction peripheral 100 to which a service person belongs.

  The operation recognition unit 406 recognizes that the operation key 203 is pressed and the display 201 is pressed on the operation panel 200 and recognizes the operation content of the user. Although not particularly limited, in the present embodiment, the coordinates of the pressed position detected by the sensor that detects the pressed position of the display 201 are input to the operation recognition unit 406, and the operation recognition unit 406 includes an operation button and the like held by itself. Based on the coordinates of the screen elements and the coordinates of the input pressing position, the user's operation content on the display 201 is recognized. The operation recognized by the operation recognition unit 406 is input to the authentication unit 402 and the operation control unit 405.

  The authentication unit 402 executes user authentication by determining whether an operation on the operation panel 200 satisfies a pre-registered authentication condition. As described above, in this embodiment, the user inputs authentication information to the multifunction peripheral 100 through the operation panel 200. For example, the user inputs user authentication information using the numeric keypad 210 or a software keyboard displayed on the touch panel 201 as necessary. The user authentication information may be any information as long as it can identify the user. In the present embodiment, a user ID uniquely assigned to each user and a password associated with the user ID are used as user authentication information.

  In the present embodiment, the authentication condition holding unit 401 is registered in advance with an authorized user list in which a user ID of a user who is permitted to use the multifunction device 100 and a password associated with the user ID are recorded. If the user ID and password input from operation panel 200 are included in the authorized user list, authentication unit 402 determines that the user authentication condition is satisfied. When the user authentication condition is satisfied, the authentication unit 402 permits the user to use the multifunction peripheral 100 (generation of image data in the image reading unit 120, printing of image data in the image forming unit 140, etc.), and user authentication. When the condition is not satisfied, the use of the multifunction device 100 by the user is prohibited. Although not particularly limited, in the present embodiment, the HDD 304 functions as the authentication condition holding unit 401. In the present embodiment, the various processes in the MFP 100 are configured to be executed by the operation control unit 405 based on a user instruction recognized by the operation recognition unit 406, and the authentication unit 402 is configured to operate the operation control unit 405. Various processes are realized by removing the operation restrictions.

  The authentication unit 402 also executes user authentication using an authentication condition for shifting to the maintenance mode (hereinafter referred to as a maintenance authentication condition). When the authentication information input from the operation panel 200 matches the maintenance authentication condition (registration operation content) held in the authentication condition holding unit 401, the authentication unit 402 determines that the maintenance authentication condition is satisfied. The authentication unit 402 permits the transition to the maintenance mode when the maintenance authentication condition is satisfied. In this embodiment, a series of operations for the operation panel 200 are registered in the authentication condition holding unit 401 as maintenance authentication conditions. The operation on the operation panel 200 includes arbitrary operations such as pressing the operation key 203, pressing a specific operation button for a long time, simultaneously pressing a specific plurality of operation buttons, pressing one or more specific areas on the display 201, etc. Operations are included. Here, it is assumed that an operation for continuously pressing four specific operation keys 203 is registered as a maintenance authentication condition.

  The authentication condition update unit 403 registers a newly generated new maintenance authentication condition in the authentication condition holding unit 401 instead of the maintenance authentication condition previously held at a timing designated in advance. In the present embodiment, the transition from the maintenance mode to the normal mode is set in the authentication condition update unit 403 as the timing designated in advance. That is, the authentication condition update unit 403 updates the maintenance authentication condition of the authentication condition holding unit 401 every time the maintenance mode is changed to the normal mode.

  The notification unit 404 notifies the new maintenance authentication condition generated by the authentication condition update unit 403 together with an identifier that uniquely identifies the multifunction peripheral 100. Although not particularly limited, here, a device ID (for example, a serial number) uniquely assigned to the multifunction device 100 is used as the identifier. In this embodiment, the notification unit 404 displays information including a new maintenance authentication condition generated by the authentication condition update unit 403 and an identifier for uniquely identifying the multifunction peripheral 100 on the display 201 of the operation panel 200. Although not particularly limited, here, the notification unit 404 displays the information as a two-dimensional code exemplified by a QR code (registered trademark) as information including a new maintenance authentication condition and the device ID of the multifunction peripheral 100. To display. Note that this two-dimensional code is acquired by the mobile communication terminal 421 possessed by the user by the user (here, a serviceman) who has performed the operation for shifting to the maintenance mode. Then, the mobile communication terminal 421 registers the acquired new maintenance authentication condition and the device ID of the multifunction device 100 in the external storage device 411 via the Internet 400. The acquisition of the two-dimensional code by the mobile communication terminal 421 can be performed, for example, by imaging with a camera provided in the mobile communication terminal 421. In the communication between the portable communication terminal 421 and the external storage device 411, for example, information for connecting to the external storage device 411 represented by an IP address or URL (Uniform Resource Locator) is included in the two-dimensional code. Can be easily realized. Note that the acquisition of information using a two-dimensional code and the establishment of a communication connection using the two-dimensional code are well-known techniques, and thus detailed description thereof is omitted here.

  Although not particularly limited, in this embodiment, the authentication condition update unit 403 receives a notification indicating that registration of a new maintenance authentication condition and a device ID has been completed from the external storage device 411 via the network interface 161. Then, the newly generated maintenance authentication condition is registered in the authentication condition holding unit 401 instead of the maintenance authentication condition previously held. Such information reception can be realized, for example, by configuring the authentication condition updating unit 403 to have an email receiving function and the external storage device 411 to have an email sending function. The address that is the destination for the e-mail to reach the authentication condition update unit 403 (multifunction device 100) is recorded as information in the above-described two-dimensional code and transmitted to the external storage device 411 together with the maintenance authentication condition and the device ID. Alternatively, it may be registered in advance in the external storage device 411 in association with the device ID. In this configuration, when the registration of the maintenance authentication condition and the device ID is completed, the external storage device 411 transmits an e-mail to that effect to the MFP 100 (authentication condition update unit 403). The notification only needs to be included in the e-mail in a state that can be recognized by the authentication condition update unit 403, and may be included in any of header information such as a title, body text, and attached file. The arrival of the e-mail itself may be a notification to that effect.

  FIG. 5 is a flowchart illustrating an example of an authentication condition update procedure performed by the multifunction peripheral 100. Here, a description will be given based on a case where the updated authentication condition is the above-described maintenance authentication condition.

  When the user authentication process is not performed, as described above, the MFP 100 is allowed to input only information related to authentication as an operation through the operation panel 200 (No in step S501). In this situation, the procedure proceeds with a trigger that the service person inputs the authentication information for shifting to the maintenance mode through the operation panel 200 (Yes in step S501).

  As described above, in the present embodiment, the maintenance authentication condition (in this case, the operation of continuously pressing the four specific operation keys 203) held in the authentication condition holding unit 401 is the same as that of the MFP 100. It is stored in the external storage device 411 in a state associated with the device ID. Therefore, when the multifunction peripheral 100 is shifted to the maintenance mode, the service person first acquires the maintenance authentication condition stored in the external storage device 411. Acquisition of such maintenance authentication conditions can be performed using, for example, a portable communication terminal 421 that can be connected to the external storage device 411. In this case, in communication through the mobile communication terminal 421, the service person proves his / her identity with a password or the like, and transmits the apparatus ID of the MFP 100 to be maintained. In response to this, the external storage device 411 transmits to the portable communication terminal 421 the maintenance authentication condition of the multifunction peripheral 100 (in this case, an operation of continuously pressing the four specific operation keys 203). The service person inputs the maintenance authentication condition acquired in this way to the multifunction peripheral 100 through the operation panel 200 as authentication information. As a result, the multifunction peripheral 100 shifts to the maintenance mode.

  At this time, the authentication unit 402 notifies the authentication condition update unit 403 that the maintenance authentication condition is satisfied. In response to the notification, the authentication condition update unit 403 generates a new maintenance authentication condition (step S502). Here, the authentication condition update unit 403 randomly generates a maintenance authentication condition (step S502). In the present embodiment, the step of continuous operation (for example, the number of operation keys 203 to be continuously pressed), the operation method (for example, long press or simultaneous press of a plurality of keys), the operation target (for example, the operation panel 200) A new maintenance authentication condition is generated by randomly combining operation keys 203 and operation buttons or operation areas displayed on the display 201. Here, it is assumed that an operation for successively pressing five specific operation keys 203 is generated as a new maintenance authentication condition.

  The authentication condition update unit 403 that has generated a new maintenance authentication condition inputs the maintenance authentication condition to the notification unit 404. At this time, the notification unit 404 generates a two-dimensional code including the input maintenance authentication condition, the device ID of the multifunction device 100, the address of the external storage device 411, and the address of the multifunction device 100. Then, at the preset timing, the two-dimensional code is displayed on the display 201 of the operation panel 200, and the fact is notified to the authentication condition update unit 403 (step S503). In this embodiment, when the service person completes the maintenance work and performs an operation for shifting from the maintenance mode to the normal mode (for example, pressing the LogOut key 213), the notification unit 404 displays a two-dimensional code on the display 201. It is configured to display.

  Upon receiving the notification from the notification unit 404, the authentication condition update unit 403 waits for reception of the registration completion notification from the external storage device 411 (No in steps S504 and S505). As described above, the two-dimensional code displayed on the display 201 is acquired by the mobile communication terminal 421 by the service person, and the new maintenance authentication condition and the device ID of the multifunction peripheral 100 are transmitted through the mobile communication terminal 421 to the external storage device. 411 is registered. In this case, a registration completion notification is transmitted from the external storage device 411 to the multifunction device 100 and is received by the multifunction device 100 through the network interface 161 (steps S504 No, S505 Yes).

  The authentication condition update unit 403 that has detected the reception of the registration completion notification from the external storage device 411 registers the new maintenance authentication condition in the authentication condition holding unit 401 in place of the maintenance authentication condition previously held (step S506). ). In addition, the transition from the maintenance mode to the normal mode is completed. In this case, since the operation for continuously pressing the five specific operation keys 203 is registered as the maintenance authentication condition in the authentication condition holding unit 401, the four specific operation keys 203 which are the previous maintenance authentication conditions are registered. If the operation is continuously pressed, the maintenance mode cannot be entered.

  On the other hand, if the registration completion notification is not received from the external storage device 411 within a predetermined time, the authentication condition update unit 403 does not register the generated new maintenance authentication condition in the authentication condition holding unit 401. The process ends (steps S504 Yes, S507). In this case, the maintenance authentication condition held in the authentication condition holding unit 401 is not updated, and the transition from the maintenance mode to the normal mode is completed. Therefore, the multi-function device 100 is in a state of shifting to the maintenance mode by an operation of continuously pressing the four specific operation keys 203, which is the previous maintenance authentication condition. In this situation, when attempting to re-update the maintenance authentication condition, the service person enters the maintenance mode by continuously pressing the four specific operation keys 203 that are the previous maintenance authentication conditions. Thereafter, an operation for shifting from the maintenance mode to the normal mode may be executed.

  As described above, in this multifunction peripheral 100, the maintenance authentication condition can be updated to a new maintenance authentication condition every time the user logs out from the maintenance mode. Since the maintenance authentication condition is uniquely generated by the authentication condition update unit 403, as a result, the maintenance authentication condition can be made different for each apparatus. Therefore, even when the maintenance authentication condition leaks for a specific multifunction device, it is possible to reliably avoid the occurrence of a situation in which the transition to the maintenance mode becomes possible in another multifunction device. In addition, it is possible to avoid occurrence of a situation in which the machine itself can shift to the maintenance mode due to the leaked maintenance authentication condition.

  Further, the MFP 100 has a configuration in which the new maintenance authentication condition is stored in the external storage device 411 together with the device ID. Therefore, if the service person accesses the external storage device 411 when shifting to the maintenance mode, the MFP 100 to be maintained is maintained. The maintenance authentication condition associated with can be acquired. Therefore, it is possible to reliably prevent the occurrence of an unauthenticated state due to forgotten maintenance authentication conditions. In addition, it is possible to realize authentication for unspecified service personnel while ensuring high security.

  Further, the MFP 100 is configured to update the maintenance authentication condition when the authentication condition update unit 403 receives a registration completion notification from the external storage device 411. Therefore, it is possible to prevent the maintenance authentication condition from being updated under a situation where a new maintenance authentication condition is not stored in the external storage device 411 due to some trouble.

  In the above-described embodiment, when the mobile communication terminal 421 acquires a new maintenance authentication condition, a configuration may be adopted in which the content is displayed to the service person. In this case, for example, when it is necessary to move the multifunction peripheral 100 to the maintenance mode again due to a work mistake or the like, the service person can recognize a new maintenance authentication condition without accessing the external storage device 411. Become.

  In the above embodiment, as a particularly preferable mode, the registration completion notification is received from the external storage device 411. However, this configuration is not an essential element of the present invention. For example, when the registration is completed without abnormality during registration processing in the external storage device 411 by the mobile communication terminal 421, the service person causes the authentication condition update unit 403 to update the authentication condition holding unit 401. Even if it exists, the same effect can be acquired. Also, with this configuration, even when the multifunction peripheral 100 cannot communicate directly with the external storage device 411, it is possible to store new maintenance authentication conditions and device IDs in the external storage device 411.

  In the above-described embodiment, the configuration is such that a new maintenance authentication condition is generated when the mode is changed to the maintenance mode. However, the generation of a new maintenance authentication condition is optional until the notification by the notification unit 404 is generated. It can be generated at the timing. That is, even if it is generated before the transition to the maintenance mode (for example, immediately after the maintenance authentication condition is first updated), the same effect can be obtained. In addition, the update of the maintenance authentication condition for the authentication condition holding unit 401 by the authentication condition update unit 403 is not limited to the transition from the maintenance mode to the normal mode, and can be executed at any timing after the transition to the maintenance mode. Also good. For example, it is also possible to adopt a configuration that is executed immediately after shifting to the maintenance mode and that allows maintenance operations on the multifunction peripheral 100 after the maintenance authentication condition is updated.

  In addition, in the above, as a particularly preferable form, the configuration is such that the maintenance authentication condition is updated each time the maintenance mode is entered, but the update is performed every time the maintenance mode is entered a plurality of times (for example, every 3 times the migration is made). It may be configured to be updated. In this case, for example, on the operation screen in the maintenance mode, an operation button for forcibly updating the maintenance authentication condition is arranged, and when the operation button is selected, the above-described maintenance authentication condition update process is performed. Can be used in combination. Thereby, the service person can also update the maintenance authentication condition at a desired timing.

  Furthermore, in the above description, the configuration in which the mobile communication terminal acquires the two-dimensional code displayed by the notification unit 404 by imaging is illustrated, but any method can be adopted for the information transmission. For example, the notification unit 404 may notify the mobile communication terminal 421 by one-to-one communication such as infrared communication or USB connection. From the viewpoint of preventing information leakage, it is preferable to transmit information by a method in which the information does not remain other than the external storage device 411. For example, it is preferable to avoid an information transmission system that records and outputs information on a paper medium because the paper medium can be an information leakage source.

  Further, in the above description, the information notified by the notification unit 404 is registered in the external storage device 411 via the mobile communication terminal 421. However, the notification unit 404 receives a new maintenance authentication condition via the network interface 161. Alternatively, a configuration may be employed in which the device ID is notified to the external storage device 411 and registered.

  In the above-described embodiment, a new maintenance authentication condition and device ID are registered in the external storage device 411 via the Internet 400. However, the registration can be performed using other communication lines such as a telephone line. is there.

  As described above, according to the present invention, high security can be ensured. It is also possible to reliably prevent the occurrence of an unauthenticated state due to the forgotten registration operation content.

  The above-described embodiments do not limit the technical scope of the present invention, and various modifications and applications other than those already described are possible within the scope of the present invention. For example, in the above-described embodiment, the configuration including one authentication unit that performs both user authentication and maintenance authentication has been described. However, the configuration includes a user authentication authentication unit and a maintenance authentication authentication unit separately. Also good. Further, in the above-described embodiment, a case where the serviceman applied to authentication for shifting to the maintenance mode has been described as a preferable aspect. However, the present invention allows authentication while allowing a plurality of users to recognize the authentication condition. It can be applied to any mode in which leakage of conditions should be prevented.

  Further, in the above description, the present invention is embodied as a digital multi-function peripheral. However, the present invention is not limited to a digital multi-function peripheral, but can be applied to any image processing apparatus such as a printer or a copier. In addition, in the above description, the MFP as the image processing apparatus has been configured to include the operation unit, the authentication condition holding unit, the authentication unit, the authentication condition update unit, and the notification unit. An apparatus can also be provided.

  According to the present invention, high security can be ensured, and it is also possible to reliably prevent an unauthenticated state due to a forgotten registration operation content, which is useful as an image processing apparatus and an authentication apparatus.

100 MFP 161 Network interface (external interface)
200 Operation panel (operation unit)
201 Display (display unit)
401 Authentication Condition Holding Unit 402 Authentication Unit 403 Authentication Condition Update Unit 404 Notification Unit 405 Operation Control Unit 406 Operation Recognition Unit 411 External Storage Device 421 Portable Communication Terminal

Claims (6)

An image processing apparatus having an authentication function,
An operation unit used to input authentication information;
An authentication condition holding unit for holding the authentication condition;
An authentication unit that determines whether authentication information input from the operation unit satisfies an authentication condition held in the authentication condition holding unit;
An authentication condition update unit for registering a new authentication condition uniquely generated in the authentication condition holding unit in place of the authentication condition previously held at a timing specified in advance;
A notification unit that notifies the new authentication condition generated by the authentication condition update unit together with an identifier that uniquely identifies the image processing apparatus;
An image processing apparatus comprising:   The image processing apparatus includes a normal mode for performing image processing and a maintenance mode for apparatus maintenance, and the authentication condition is used for authentication for shifting from the normal mode to the maintenance mode. The image processing apparatus according to 1. The operation unit includes a display unit, and the notification unit displays information including a new authentication condition generated by the authentication condition update unit and an identifier for uniquely identifying the image processing apparatus on the display unit,
The image processing apparatus according to claim 1, wherein the new authentication condition and the identifier are registered in an external storage device provided independently of the image processing apparatus through the mobile communication terminal that has acquired the information. An external interface for transmitting data to an external storage device provided independently of the image processing device;
The image processing device according to claim 1, wherein the notification unit notifies the external storage device of a new authentication condition generated by the authentication condition update unit via the external interface together with the identifier. An external interface for receiving data from the external storage device;
The authentication condition update unit holds the newly generated authentication condition first when a notification indicating that the registration of the new authentication condition and the identifier has been completed is received from the external storage device through the external interface. The image processing apparatus according to claim 3, wherein the image processing apparatus is registered in the authentication condition holding unit instead of the authentication condition that has been set. An operation unit used to input authentication information;
An authentication condition holding unit for holding the authentication condition;
An authentication unit that determines whether authentication information input from the operation unit satisfies an authentication condition held in the authentication condition holding unit;
An authentication condition update unit for registering a new authentication condition uniquely generated in the authentication condition holding unit in place of the authentication condition previously held at a timing specified in advance;
A notification unit that notifies the new authentication condition generated by the authentication condition update unit together with an identifier that uniquely identifies the image processing apparatus;
An authentication device comprising:

Images