1. Field of the Invention
The present invention relates to an image forming apparatus with a security function, a control method therefor, and a storage medium storing a control program therefor.
2. Description of the Related Art
There is a known conventional image forming apparatus equipped with an inherent user interface (hereinafter referred to as an “LUI (Local User Interface)”) (for example, see Japanese Laid-Open Patent Publication (Kokai) No. 2005-267201 (JP 2005-267201A)). A user inputs a user account that consists of an ID and a password into the image forming apparatus through the LUI, receives user authentication on the basis of the input user account, and uses the image forming apparatus concerned. There are two kinds of user authentication including general authentication and simple authentication. The general authentication requires an ID and a password at the time of authentication. The simple authentication omits to input a password and requires to input a user account that consists of a user ID only, or requires to touch a user's own icon displayed on a user interface, for example, in order to give a priority to user's convenience. Since the simple authentication does not require a password at the time of authentication, security deteriorates as compared with the general authentication.
Moreover, when a user instructs an image forming apparatus to execute printing from a PC that is connected to the image forming apparatus through a network, the user inputs a user account through a user interface (hereinafter referred to as an “RUI (Remote User Interface)”) of the PC, receives user authentication on the basis of the input user account, and uses the image forming apparatus. Unlike the LUI, since the RUI is provided on the PC as an external apparatus that is connected to the image forming apparatus and is easily accessible by a third party, the image forming apparatus needs to ensure high security at the time of user authentication through the RUI.
However, when the image forming apparatus performs the simple authentication through the RUI in order to give priority to user's convenience, high security cannot be ensured, which causes a problem of generating a security hole.
The present invention provides an image forming apparatus, a control method therefor, and a storage medium storing a control program therefor, which are capable of preventing occurrence of a security hole.
Accordingly, a first aspect of the present invention provides an image forming apparatus comprising a first receiving unit configured to receive user information selected from a screen that is displayed by an operation unit of the image forming apparatus, a second receiving unit configured to receive user information from an external apparatus via a network, an execution unit configured to execute a login process based on user information received by one of the first receiving unit and second receiving unit, a determination unit configured to determine whether a password is set in the user information, and a control unit configured to restrict the login process based on the user information that is received by the second receiving unit and is determined that a password is not set.
Accordingly, a second aspect of the present invention provides a control method for an image forming apparatus comprising a first receiving step of receiving user information selected from a screen that is displayed by an operation unit of the image forming apparatus, a second receiving step of receiving user information from an external apparatus via a network, an execution step of executing a login process based on user information received in one of the first receiving step and the second receiving step, a determination step of determining whether a password is set in the user information, and a control step of restricting the login process based on the user information that is received by the second receiving unit and is determined that a password is not set.
Accordingly, a third aspect of the present invention provides a non-transitory computer-readable storage medium storing a control program causing a computer to execute the control method of the second aspect.
According to the present invention, occurrence of a security hole can be prevented.
Further features of the present invention will become apparent from the following description of exemplary embodiments with reference to the attached drawings.
Hereafter, embodiments according to the present invention will be described in detail with reference to the drawings.
The image forming system 100 in
As shown in
The operation unit 202 functions as an LUI (Local User Interface) of the image forming apparatus 101. Moreover, the operation unit 202 is provided with hard keys, an operation panel, etc. A user inputs an instruction and information into the image forming apparatus 101 through the hard keys and the operation panel. It should be noted that the operation panel has a liquid crystal display monitor that displays information about the image forming apparatus 101. The printer 203 prints image data obtained by the scanner 204 onto a recording sheet, for example. The scanner 204 reads an original, and generates image data. The CPU 205 runs programs stored in the ROM 302 to execute various control processes. The RAM 207 is a work memory for the CPU 205. The HDD 208 stores image data and various programs.
The software 300 is provided with an LUI control module 301, an RUI control module 302, a user identification processing module 303, a user authentication processing module 304, an authentication setting management module 305, a user information management module 306, an authentication setting storing module 307, and a user information storing module 308.
The LUI control module 301 controls the operation unit 202, and transmits the information that the user inputs through the operation unit 202 to the modules, such as the user authentication processing module 304 and the user information management module 306. Moreover, the LUI control module 301 displays the information received from the modules on the operation unit 202.
The RUI control module 302 displays a web page on the operation-display unit 106 of the PC 102. The RUI control module 302 transmits the information that the user input through the web page to the user identification processing module 303 and the user authentication processing module 304. Moreover, the RUI control module 302 displays the information received from the modules on a web page.
The user identification processing module 303 identifies the user who uses the image forming apparatus 101. The user authentication processing module 304 executes user authentication on the basis of the authentication information that the user inputs through the LUI or the RUI and the authentication information stored in the user information storing module 308.
The authentication setting management module 305 manages the setup information about the user authentication stored in the authentication setting storing module 307, which is a part of the HDD 208. The setup information about the user authentication is set in an authentication setting screen 400.
The authentication setting screen 400 has setting items 401 through 404 according to information about various settings, a cancel button 405, an OK button 406, and a logout button 407. An authentication method by which the image forming apparatus 101 receives the user authentication through the LUI is set in the setting item 401. There are two kinds of authentication methods including button login and ID-password login. One of them that is selected by the user is set as the authentication method.
Here, the button login is an authentication method by which user authentication is received when a user touches a user's own icon displayed on the LUI. It is one of simple authentications that do not require a password at the time of user authentication. The ID-password login is an authentication method by which user authentication is received when a user inputs an ID and a password. It is one of general authentications that require a password at the time of user authentication.
Information about whether an addition (registration) of a general user (mentioned below) is allowed as a user who uses the image forming apparatus 101 is set in the setting item 402. Password policies that a password used at the time of user authentication should satisfy are set to the setting items 403 and 404. In detail, the minimum character number of a password used at the time of user authentication is set to the setting item 403. Information about whether continuation of the same character in a password used at the time of user authentication is prohibited is set to the setting item 404.
The cancel button 405 is pressed when a user cancels the settings in the setting items 401 through 404. The OK button 406 is pressed when a user fixes the settings in the setting items 401 through 404. The logout button 407 is pressed when a user who operates the authentication setting screen 400 finishes the operation and logs out.
When the cancel button 405 or the OK button 406 is pressed, an application selection screen 500 (
When the copy button 501, the reservation printing button 502, or the scan button 503 is pressed, an application screen (not shown) corresponding to the pressed button is displayed. For example, when the copy button 501 is pressed, the user operates the displayed application screen to print image data read with the scanner 204 on a recording sheet with the printer 203. Moreover, when the reservation printing button 502 is pressed, the image forming apparatus 101 stores print data received from the PC 102 in the HDD 208, and prints the stored print data in response to a user's operation on the operation unit 202. Furthermore, when the scan button 503 is pressed, the characters etc. on an original are read and image data is generated.
When the authentication setting button 504 is pressed, the authentication setting screen 400 is displayed on the operation unit 202. The logout button 505 is pressed when the user who operates the application selection screen 500 finishes the operation and logs out.
Referring back to
A general user does not have a permission to set up the setting information about the user authentication, for example. Moreover, although a general user is allowed to use the image forming apparatus 101, the usable functions of the image forming apparatus 101 may be restricted by an administrator. An administrator has the permission to set up the setting information about the user authentication, for example, and can restrict the functions of the image forming apparatus 101 that a general user can use. Accordingly, a security level of the image forming apparatus 101 needed for a general user is lower than a security level of the image forming apparatus 101 needed for an administrator.
The button login screen 600 has user buttons 601 through 603 and a user registration button 604. Each of the user buttons 601 through 603 is associated with user's authentication information stored in the user information storing module 308. For example, when a certain user presses the user button 601 (login request), the certain user receives user authentication on the basis of user's authentication information associated with the user button 601 (response to the login request). The user registration button 604 is pressed when a user different from the users associated with the user buttons 601 through 603 receives authentication from the image forming apparatus 101. When the user registration button 604 is pressed, a user registration screen 700 (
The user registration screen 700 in
A user name used in the user authentication is entered in the input column 701, and a password used in the user authentication is entered in the input column 702. When the button login is selected in the setting item 401 at this time, it is not necessary to input anything into the input column 702 (input of a null character string). The cancel button 703 is pressed when the user cancels the addition (registration) of a user. The OK button 704 is pressed when the user adds (registers) a user with the user name and password that are entered in the input columns 701 and 702.
When the ID-password login is set up in the setting item 401, it becomes indispensable to enter a password that consists of a character string to the input column 702. Furthermore, when the password policy is set up in at least one of the setting items 403 and 404, the password entered into the input column 702 is required to satisfy the password policy (policies).
As shown in
As a result of the determination in the step S804, when the cancel button 703 is pressed, this process finishes. On the other hand, when the OK button 704 is pressed, the settings in the setting items 401 through 404 are obtained (step S805), and it is determined whether the button login is selected with reference to the setting in the setting item 401 (step S806). As a result of the determination in the step S806, when the button login is not selected, it is determined whether a password that consists of a character string is entered in the input column 702 (step S812). As a result of the determination in the step S812, the password is entered, it is determined whether at least one password policy is set up with reference to the settings in the setting items 403 and 404 (step S807).
As a result of the determination in the step S807, when no password policy is set up, the user is added (step S811) and this process finishes. On the other hand, when at least one password policy is set up, it is determined whether the password entered in the input column 702 satisfies the password policies/policy set up in the setting items 403 and/or 404 (step S808). As a result of the determination in the step S808, when the password policies/policy are/is satisfied, the user is added (step S811) and this process finishes. When a password is not entered as a result of the determination in the step S812, or when the password does not satisfy the password policies/policy as a result of the determination in the step S808, an error handling is executed without adding a user (step S809) and the process returns to the step S803.
As a result of the determination in the step S806, when the button login is selected, it is determined whether the addition of a general user is allowed on the basis of the setting item 402 (step S810). As a result of the determination in the step S810, when the addition of a general user is allowed, the user is added (step S811) and this process finishes. When the addition of a general user is not allowed (i.e., when the addition of an administrator is only allowed), the process proceeds to the step S812. The process after the step S812 is as mentioned above.
According to the process in
The RUI authentication screen 900 in
When the input information entered in the input columns 901 and 902 (information identifying a user) at the time of pressing the login button 903 is coincident with the authentication information stored in the user information storing module 308, the user receives the user authentication of the image forming apparatus 101. If the input information entered into the input columns 901 and 902 is not coincident with the authentication information stored in the user information storing module 308, an error screen 1000 (
The LUI authentication screen 1100 in
When the input information entered in the input columns 1101 and 1102 at the time of pressing the login button 1103 is coincident with the authentication information stored in the user information storing module 308, the user receives the user authentication of the image forming apparatus 101. If the input information entered into the input columns 1101 and 1102 is not coincident with the authentication information stored in the user information storing module 308, an error screen 1200 (
In
As a result of the determination in the step S1303, when the input information is not coincident with the authentication information, the error screen 1000 is displayed on the RUI (step S1304) and the process returns to the step S1301. When the input information is coincident with the authentication information, the settings in the setting items 401 through 404 are obtained (step S1305), and it is determined whether the button login is selected with reference to the setting in the setting item 401 (step S1306).
As a result of the determination in the step S1306, when the button login is selected, it is determined whether the password entered in the input column 902 is a null character string (step S1307). As a result of the determination in the step S1307, when the password entered in the input column 902 is a null character string, the error screen 1000 is displayed on the RUI (step S1304) and the process returns to the step S1301. When the password entered in the input column 902 is not a null character string (NO in the step S1307), the user authentication is executed (step S1309), and this process finishes.
As a result of the determination in the step S1306, when the button login is not selected, it is determined whether an addition of a general user is allowed with reference to the setting in the setting item 402 (step S1308). As a result of the determination in the step S1308, when an addition of a general user is allowed, the process proceeds to the step S1307. The process after the step S1307 is as mentioned above. On the other hand, when an addition of a general user is not allowed, the user authentication is executed (step S1309) and this process finishes. It should be noted that the application selection screen 500 is displayed on the RUI when the user authentication is executed in the step S1309.
According to the process in
Moreover, when the button login is not selected (NO in the step S1306), when an addition of a general user is allowed (YES in the step S1308), and when the password entered in the input column 902 is a null character string (YES in the step S1307), the error screen 1000 is displayed on the RUI (the step S1304) without executing the user authentication. Accordingly, the general authentication is not executed to the general user whose password is a null character string. This prevents execution of the general authentication to a user with a low security level (a general user whose password is a null character string).
It should be noted that
As shown in
As a result of the determination in the step S1403, when the user name corresponding to the pressed user button is stored in the user information storing module 308, the user authentication is executed (step S1404) and this process finishes. When the user name corresponding to the pressed user button is not stored in the user information storing module 308, the error screen 1200 is displayed (step S1405) and this process finishes. It should be noted that the application selection screen 500 is displayed on the LUI when the user authentication is executed in the step S1404.
According to the process in
Embodiment(s) of the present invention can also be realized by a computer of a system or apparatus that reads out and executes computer executable instructions (e.g., one or more programs) recorded on a storage medium (which may also be referred to more fully as a ‘non-transitory computer-readable storage medium’) to perform the functions of one or more of the above-described embodiment(s) and/or that includes one or more circuits (e.g., application specific integrated circuit (ASIC)) for performing the functions of one or more of the above-described embodiment(s), and by a method performed by the computer of the system or apparatus by, for example, reading out and executing the computer executable instructions from the storage medium to perform the functions of one or more of the above-described embodiment(s) and/or controlling the one or more circuits to perform the functions of one or more of the above-described embodiment(s). The computer may comprise one or more processors (e.g., central processing unit (CPU), micro processing unit (MPU)) and may include a network of separate computers or separate processors to read out and execute the computer executable instructions. The computer executable instructions may be provided to the computer, for example, from a network or the storage medium. The storage medium may include, for example, one or more of a hard disk, a random-access memory (RAM), a read only memory (ROM), a storage of distributed computing systems, an optical disk (such as a compact disc (CD), digital versatile disc (DVD), or Blu-ray Disc (BD)™), a flash memory device, a memory card, and the like.
While the present invention has been described with reference to exemplary embodiments, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all such modifications and equivalent structures and functions.
This application claims the benefit of Japanese Patent Application No. 2014-206595, filed Oct. 7, 2014, which is hereby incorporated by reference herein in its entirety.
Number | Date | Country | Kind |
---|---|---|---|
2014-206595 | Oct 2014 | JP | national |