1. Field of the Invention
The present disclosure relates to an information processing device which performs user authentication using a one-time password (OTP).
2. Description of the Related Art
Conventionally, in order to restrict use of a target device, such as an MFP (multi-function peripheral) or an LP (laser printer), user authentication is performed before using the target device. A well-known method of authenticating such a user is to prompt the user to perform a manual input operation to directly input a user name (user ID) and a password or insert a card medium in which a user name (user ID) and a password are stored.
The user authentication is aimed for preventing unauthorized use of target devices. In many cases, a one-time password (OTP) is used for authentication of a temporary user. The one-time password is a password which changes, each time the password is used, unlike a normal password which is changeless and fixed at all times. The OTP automatically changes for each time or at each of intervals of a fixed time. Accordingly, prediction of the OTP is difficult and a high level of security is provided.
FIG. 1 is a diagram showing an example of hardware and software modules according to the related art needed for generation of a one-time password. A one-time password generation/display device, called a hardware token, is shown in FIGS. 1 (a) and (b). Specifically, a card type token is shown in FIG. 1 (a) and a USB (universal serial bus) type token is shown in FIG. 1 (b).
Each of these tokens includes a display unit, and a one-time password present in the display unit is used when using a target device. The hardware token of this kind contains an internal clock, and a one-time password is generated by performing predetermined computations based on a current time output from the clock.
An example of a screen displayed by a software module of a software token executed on a PC (personal computer) is shown in FIG. 1 (c). A user views a one-time password (OTP) present in the screen and may perform a manual input operation. Alternatively, the user may press a “Copy” button in the screen to copy the OTP to a clipboard, and subsequently paste the same to a password input column in a screen provided by a printer driver.
Further, examples of screens displayed by a web service module (which is called a matrix authentication) using a challenge and response system and executed on a PC are shown in FIG. 1 (d). If a user inputs a user ID and a normal password in a left-hand screen of FIG. 1 (d), a primary authentication is performed by a server. After the primary authentication is performed, the data (a challenge) from the server is received at the PC and a central screen of FIG. 1 (d) in which a matrix of numbers is arranged is displayed. If the user selects a set of numbers on the central screen in accordance with a pattern registered beforehand in the server, the content (one-time password) is transmitted to the server as a response, so that final user authentication is performed at the server by comparing the transmitted response with a collating response generated on the server.
Thus, the generation of a one-time password according to the related art requires preparation of a dedicated hardware, software or web service module.
FIG. 2A and FIG. 2B are diagrams for explaining an example of an input operation to input a user name and a password in a printer driver according to the related art. If a printing request from an application program, such as a word-processing program, is output and a property setting of an MFP or a printer is selected, a print setting screen 121 shown in FIG. 2A is displayed. If a user presses a “detail of printing method” button 122 in the print setting screen 121, a user authentication screen 123 shown in FIG. 2B is displayed.
In the user authentication screen 123, a user name is input to a login user name input column 124, a one-time password, acquired by any of the above-described methods shown in FIG. 1, is input to a login password input column 125, and a “OK” button 126 is pressed, so that a user authentication is performed.
As described above, according to the related art, in order to generate a one-time password, a dedicated hardware, software or web service module has to be prepared separately, and there is a problem that the distribution and management of such a module is complicated. Conventionally, a one-time password is prepared for a temporary user and use of the one-time password is limited to a restrictive use.
On the other hand, Japanese Laid-Open Patent Publication No. 2008-155374 discloses an image forming device adapted for preventing a third party from acquiring authentication information, such as a password, by an unauthorized access to a computer. In this image forming device, a password generated by a password generation part of the image forming device is transmitted to a computer, and a user inputs the password to the image forming device. Even when the image forming device is in an idle state, unauthorized acquisition of the password by a third party is prevented and the security of printing in the image forming device is improved.
Japanese Laid-Open Patent Publication No. 2006-235757 discloses a data processing device having a user authentication function. This user authentication function is used to authenticate a first user which has a use authority of the device. The user authentication function is used to display a setting screen of a temporary use authority to be applied to a second user which has no use authority of the device when the user logs in. Through the setting screen which is set by the first user, the temporary use authority is applied to the second user in an extent permitted by the first user.
However, in each of the devices according to and Japanese Laid-Open Patent Publication Nos. 2008-155374 and 2006-235757, to use the device, the user must acquire a one-time password generated by a dedicated software module which is separately prepared. There is a problem that the distribution and management of the separately prepared module is complicated.