Patent Application
20120167181
Embodiments described herein relate generally to an image forming apparatus, an image forming method and an image forming system.
Currently, IT managers in companies are managing the use and operation of IT equipment which is used in the company in order to increase security or maintain security. Due to this, an improvement in corporate governance is being achieved.
User authentication using an ID and password is used at many companies as the basis of maintaining security. There are prohibited characters, a minimum number of letters, and the like as password rules. There is also IT equipment which supports these rules, but currently, the level of support differs depending on the equipment.
The users of IT equipment tend to use simple passwords or passwords which relate to personal information. For example, it is typical that users use passwords which are obvious to the user and are not likely to be forgotten such as passwords which are a simple string of numbers, an English word which is easy to use on a PC (Personal Computer), or their own name, employee ID number, mail address or the like which relate to personal information. However, simple passwords or passwords which relate to personal information such as these are easily identified by other individuals and may also become the cause of information leaks.
On the other hand, IT managers manage passwords and the like according to company policy while operating peripheral devices such as an image forming apparatus. As a result, after the introduction of IT equipment and in the stage of operation, passwords are made stricter in compliance with company policy or the policy is set with regard to equipment to which it has not been applied. Accordingly, there is a demand to be able to flexibly support changes in passwords in IT equipment.
In general, according to one embodiment, an image forming apparatus which is connected to a server via a communication line includes a control section which obtains a user ID and a password for user authentication, receives a restriction condition which regulates a character string and a form thereof for which use as the password is prohibited from the server, determines whether or not the password input meets the restriction condition, and displays a screen which prompts a change in the password when the restriction condition is not met.
An image forming system 1 is provided with at least one MFP 2, a client terminal 3, and a data server 4, and these are connected via a communication line 5.
The MFP 2 which is an image forming apparatus is a digital multifunction machine and is an apparatus which is provided with a plurality of functions such as a copier, a scanner, a facsimile machine, an image data recording device (BOX device), and the like in one unit. A control panel 2a and a communication device are provided in the MFP 2. A user inputs an instruction to the MFP 2 via various input keys and a display device which are provided in the control panel 2a. The communication device functions as an interface for performing reception and transmission of information via the communication line 5.
The client terminal 3 is an information processing terminal such as a PC which the user possesses. The client terminal 3 instructs various operations with regard to the MFP 2, for example, the execution of a printing job. In addition, the client terminal 3 instructs updating of data with regard to the data server 4. The client terminal 3 is provided with a control section 3a and a display section 3b. The control section 3a controls comprehensively the operation of the client terminal 3. The display section 3b displays information which is received and transmitted with the control section 3a.
The data server 4 holds information related to the user who uses the MFP 2 (user information) and control information which restricts use of passwords (security information). An IT manager is able to change the security information on the data server 4 from a predetermined client terminal 3. Here, it is possible to use an LDAP (Lightweight Directory Access Protocol) server as the data server.
The communication line 5 is not limited to communication which uses wiring such as conductive wiring, optical fibers, or the like but also includes wireless communication which uses light, sound waves, or electrical waves, or the like as a route which is widely used in the reception and transmission of information.
The MFP 2 has a control section 21 and a storage device 22. The control section 21 controls comprehensively the operation of the MFP 2. The storage device 22 is a storage medium which is disposed in an inner portion of the MFP 2. User authentication information, information on various setting values, and the like are stored in the storage device 22.
Then, a control panel control section 21a, a communication control section 21b, and a processing section 21c are provided in the control section 21. The control panel control section 21a controls the information reception and transmission operation with the control panel 2a. The communication control section 21b controls the reception and transmission of information between the client terminal 3 and the data server 4 via the communication line 5. The processing section 21c processes the operation of the MFP 2 and executes a process (which will be described later) which supports a security policy which is set by the IT manager.
The client terminal 3 has a control section 31 and a storage device 32. The control section 31 controls comprehensively the operation of the client terminal 3. The storage device 32 is a storage medium which is disposed in an inner portion of the client terminal 3. Information related to the user, an image file, and the like are stored in the storage device 32.
The data server 4 is provided with a control section 41 and a storage device 42. The control section 41 controls comprehensively the operation of the data server 4. The storage device 42 is a storage medium which is disposed in an inner portion of the data server 4. User information 44a, security information 44b, and the like are stored in the storage device 42 as a user DB (Data Base).
The user DB 44 includes the user information 44a and the security information 44b for each user. The user information 44a is attribute information which relates to the user. A plurality of attributes are included in the user information 44a such as “name”, “date of birth”, “employee number”, “division and department”, “mail address”, “telephone number”, and the like in addition to “user ID” and “password” which are keywords for searching. The security information 44b is control information for restricting the use of the user information 44a as the password. The security information 44b is set by the IT manager. Here, details of the security information 44b will be described later.
Next, a security securing method in the image forming system of the embodiment will be described.
The password characters, for which inputting in the MFP 2 is prohibited, are set in advance and are stored in the storage device 22 of the MFP 2. For example, it is not possible to use % _ [ ] \ / , : ; * ? < > | ‘ “ # and the like which are set as prohibited characters. In addition, it is possible to also set a minimum number of input characters for the password.
In the embodiment, in addition to the prohibited characters which are registered in advance in the MFP 2 as the password, attribute information out of the user information 44a which is specified by the IT manager is configured so as not to be included in the password. The attribute information which is specified by the IT manager is referred to as restriction information (characters).
In ACT 01, the IT manager displays a security information setting screen 34 in the display section 3b of the client terminal 3.
In the security information setting screen 34, a server location input column 34a, a user information setting column 34b, a cancel button 34d, and an OK button 34e are provided.
An IP address (Internet Protocol address) or a FQDN (Fully Qualified Domain Name) is input as location information of the data server 4 on the network in the server location inputting column 34a.
In the user information setting column 34b, it is possible to set and input control information for each item of the user information 44a shown in
For example, assume that the employee number is specified as a restriction target and the employee number of the user is 01234. In this case, when the matching method is set as the prefix search, the suffix search, or searching for the entirety thereof, for example, the passwords of 01234AAAXYZ, XYZAAA01234, 01234 are respectively prohibited.
A group number which classifies the items of the user information 44a is input in the “classification” column. For example, a group number (=1) is classification information as the user information 44a which is not often changed (employee number, date of birth, name, and the like). A group number (=2) is classification information as the user information 44a which is often changed (title, telephone number, department, division, and the like). A method which uses this “classification” will be described later.
When the cancel button 34d is pressed, the security information setting screen 34 is terminated without processing been performed. When the OK button 34e is pressed, the set information is transmitted to the MFP 2 and the data server 4.
In ACT 02 in
Then, when the IT manager presses the OK button 34e, in ACT 04, the control section 31 of the client terminal 3 transmits the control information of the set user information 44a to the data server 4 which is specified in the location information. The data server 4 stores the received control information in security information 44b of the user DB 44.
In ACT 05, the control section 31 transmits the location information of the data server 4 on the network to all of the MFPs 2. The MFPs 2 store the location information of the data server 4 which was transmitted in the storage device 22.
In addition, the IT manager sets a skip condition using the client terminal 3. The skip condition is a condition for giving a time delay when the user changes a password. The IT manager sets the delay period or date, or the number of skips for the change in password as the skip condition. When the password which is being used by a user does not meet the password policy which is set by the IT manager, it is necessary that the user changes the password within the scope (within the period) of the skip condition which is set by the IT manager.
The IT manager displays a skip condition setting screen 36 in the display section 3b of the client terminal 3.
By a number of skips being selected using a radio button and a number N being set in the input column, it is possible that a change in password is not requested until N times. By a skip period being selected using a radio button and a period being set in the input column, it is possible that a change in password is not requested until the period has passed. It is possible that the period is selected with days, weeks, or months as a unit. By a skip date being selected using a radio button and a date being set in the input column, it is possible that a change in password is not requested until the date has passed.
When the IT manager sets the skip condition and presses the OK button, the set content is transmitted to the data server 4. The data server 4 stores the received skip condition to the security information 44b of the user DB 44.
The security information 44b includes “control information”, “skip condition”, “skip setting value”, “count value”, “incomplete flag”, and “initial flag” for each user ID. The “control information” is information which is set by the IT manager and is transmitted from the client terminal 3. The “skip condition” is a value which indicates whether or not the IT manager has provided a delay (number of times, period, or the like) in the change of password, and for example, number of times (=1), period (=2), or date (=3) is stored. The “skip setting value” is a value which represents the content of the delay described above, and the number of times or date which is set is stored. At this time, when the “skip condition” is period, a date which is calculated from the set period is stored in the “skip setting value”. The “count value” is an actual value which indicates how many times the user has logged in up until now when the delay described above is number of times. The “incomplete flag” is a value which represents whether or not a password updated by the IT manager is adopted. The “initial flag” is a flag for determining whether it is a first login after a predetermined event (for example, after the password is updated by the IT manager).
The control section 41 of the data server 4 stores the control information and the skip condition received from the client terminal 3 in the security information 44b with regard to all user IDs. Then, the control section 41 resets the “count value” to an initial value and sets the “incomplete flag” and the “initial flag” (=1).
Next, an operation where the MFP 2 changes the password after the IT manager updates the security information 44b will be described.
When using the MFP 2, the user starts a login operation from the control panel 2a. In ACT 11, the processing section 21c displays an authentication input screen 35 shown in
In ACT 12, the processing section 21c performs a check whether or not prohibited characteristics are included in the password input when the user logs in. The prohibited characters are registered in advance as described above and are stored in the storage device 22.
When the password input includes the prohibited characters (No in ACT 12), the inputting of the user name and the password again is requested by returning to ACT 11. When the password input does not include the prohibited characters (Yes in ACT 12), the user DB 44 of the data server 4 is searched in ACT 13 on the basis of the user ID. Then, the item of the user information 44a which is specified by the “restriction target” in the security information 44b and the “matching method” of the security information 44b are obtained.
In ACT 14, it is investigated whether or not the item of the user information 44a which is specified by the “restriction target” is included in the password input in the form which is specified in the “matching method”. When the password input meets the policy which is set by the IT manager (No in ACT 14), authentication is OK in ACT 15. That is, the password input is stored in the storage device 22 of the MFP 2. In addition, the password input is stored as the “password” of the user ID which is in the user information 44a of the data server 4 and the “incomplete flag” and the “initial flag” of the security information 44b are reset (=0).
When the password input does not meet the policy which is set by the IT manager (Yes in ACT 14), in ACT 16, the processing section 21c displays a message shown in
When the user changes and inputs the password and presses a resetting button (Yes in ACT 17), a process from ACT 11 and beyond is executed again based on the changed password.
When the user presses a setting skip button (No in ACT 17), in ACT 18, the processing section 21c references the security information 44b of the data server 4 and investigates whether or not a skip is to be allowed. For example, when the number of times, the period, or the date which was set is not yet been exceeded, it is within the delay period and the skip is allowed.
When the skip is not allowed, this is displayed on the authentication input screen 35, and when the user changes and inputs the password and presses a resetting button (No in ACT 18), a process from ACT 11 and beyond is executed again based on the changed password.
When the skip is allowed (Yes in ACT 18), the data in the server is updated in ACT 19. That is, one is added to the “count value” in the security information 44b and the “initial flag” is reset (=0). In addition, at this time, the set skip condition (number of time, date, or the like which is the delay) is displayed in the authentication input screen 35 and the user is made aware of this.
Since the processes of ACTs 21 to 23 are the same as the processes of ACTs 11 to 13 in
In ACT 24, it is investigated whether the item of the user information 44a specified in the “restriction target” is included in the password input in the form specified in the “matching method”. When the password input meets the policy (Yes in ACT 24), authentication is OK in ACT 25.
When the password input does not meet the policy which is set by the IT manager (No in ACT 24), authentication is OK in ACT 31. In ACT 32, whether or not the count value has exceeded the skip setting value is investigated. When the count value does not exceed the skip setting value (No in ACT 32), in ACT 33, an input screen which prompts a change of password is displayed in the control panel 2a. The input screen is the same as the authentication input screen 35 shown in
When the user presses the setting skip button (No in ACT 34), in ACT 35, the processing section 21c adds one to the count value and counts up and executes the following processes. Here, when the setting skip button is pressed, a message of “please change your password before having logged in X times” is displayed on the screen.
When the user presses the resetting button (Yes in ACT 34), a process for changing the password is executed in ACT 37. Here, since the process for changing the password is described in
When the count value exceeds the skip setting value (Yes in ACT 32), an input screen which prompts a change of password is displayed in the control panel 2a in ACT 36. The input screen is provided with a resetting button in the authentication input screen 35 shown in
Since the processes of ACTs 41 to 45 are the same as the processes of ACTs 21 to 25 in
When the password input does not meet the policy which was set by the IT manager (No in ACT 44), authentication is OK in ACT 51. In ACT 52, whether or not the current month and day exceed the month and day which is the skip setting value is investigated. When the current month and day do not exceed the month and day which is the skip setting value (No in ACT 52), in ACT 53, an input screen which prompts a change of password is displayed in the control panel 2a. The input screen is the same as the authentication input screen 35 shown in
When the user presses the setting skip button (No in ACT 54), the following processes are executed. Here, when the setting skip button is pressed, a message of “please change your password within X days, within X months, or by X month and X day” is displayed on the screen.
When the user presses the resetting button (Yes in ACT 54), a process for changing the password is executed in ACT 57. Here, since the process for changing the password is described in
When the current month and day have exceeded the skip setting value (Yes in ACT 52), an input screen which prompts a change of password is displayed in the control panel 2a in ACT 56. The input screen is provided with a resetting button in the authentication input screen 35 shown in
Above, the first embodiment is described, but it is possible to configure the MFP 2 in a variation form which appropriately modifies the content which was described in the embodiment described above.
In the embodiment described above, the function described below was described.
(1) Checking whether or not the password input satisfies the restriction condition which is set by the IT manager is performed when the user logs in and a change of password is prompted when the restriction condition is not met.
(2) When the IT manager changes the attributes which are restricted, checking of passwords is performed when each user performs a first login after the change and a change of password is prompted when the restriction, condition is not met.
The following variation in function may be provided with regard to the form.
(3) The manager sets an arbitrary period of time, checking of passwords is performed when each user performs a first login after the set period of time is passed, and a change of password is prompted when the restriction condition is not met. It is possible for this process to be realized with a configuration using the “initial flag” of the security information 44b.
(4) The user information 44a which is managed by the data server is divided into attribute information which do not often changes (employee number, date of birth, name, and the like) and attribute information which often changes (title, phone number, department, division, and the like). When there is a change of restriction in the attribute of the attribute group which often changes, checking of passwords is performed when each user performs a first login for each user after the change, and a change of password is prompted when the restriction condition is not met. It is possible for this process to be realized with a configuration using the “classification” in the “control information” and the “initial flag” of the security information 44b.
Then, it may be the case that checking of passwords is performed when each user performs a first login for each user using a condition where (2) and (3) are combined and a condition where (2) and (4) are combined and a change of password is prompted when the restriction condition is not met.
When the IT manager changes the restriction condition, the changed content may be displayed in the control panel 2a of the MFP 2. Alternatively, the user which uses the MFP 2 may be notified of the content of the restriction changed using a mail from the MFP 2 or the data server 4. Due to this, it is possible to provide a period where the user prepares a password which is changed.
After the IT manager changes the restriction condition, whether or not it is a first login after the change is checked when the user logs in. If it is the first login of the user, whether the password of the user meets the restriction condition is confirmed, and when it is met, authentication is OK and it is possible to log in.
After this, when the restriction is not changed, checking whether the password meets the restriction condition is not performed even if the user logs in. In addition, if the password is changed and the restriction condition is met, after this, when the restriction condition is not changed, checking whether the password meets the restriction condition is not performed, even if the user logs in.
Due to this, it is sufficient if a password check is not performed each time and it is possible to perform efficient password checking.
Here, in each of the embodiments described above, there is a configuration where it is possible to support a case where the user uses a plurality of MFPs 2 by the security information 44b for management being held on the data server 4. However, the security information 44b may be held in the MFP 2 depending on the relationship between the user and the MFP 2 which is being used.
According to each of the embodiments described above, it is possible for the image forming apparatus to follow the security policy which is conceived by the IT manager (company) in a timely manner. Accordingly, it is possible to flexibly and reliably operate the security policy.
Here, each of the functions described in the embodiments described above may be configured using hardware or may be realized by a program which has each of the functions being read out by a computer using software. In addition, each of the functions may have a configuration where either software or hardware is appropriately selected. Furthermore, it is possible to realize each of the functions by a program which is stored on a recording medium which is not shown being read out by a computer.
While certain embodiments have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the inventions. Indeed, the novel embodiments described herein may be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the embodiments described herein may be made without departing from the spirit of the inventions. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the inventions.
This application is based upon and claims the benefit of U.S. Provisional Application No. 61/426,007, filed on Dec. 22, 2010.
| Number | Date | Country | |
|---|---|---|---|
| 61426007 | Dec 2010 | US |
