1. Field of the Invention
An embodiment of the present general inventive concept relates to an image forming apparatus and a method of authenticating a user thereof, and more particularly, to an image forming apparatus that authenticates an access to the image forming apparatus by using a one-time password (OTP) generated according to a request of a user to enhance security of the image forming apparatus, and a method of authenticating the user thereof.
2. Description of the Related Art
Image forming apparatuses that have been recently released provide embedded web services to allow users or managers to conveniently set or manage output devices.
An embedded web service refers to a service that displays a webpage that may set or manage an image forming apparatus if a host apparatus connected to the image forming apparatus obtains an Internet Protocol (IP) access to the image forming apparatus through a network.
FIG. 1 is a view illustrating a conventional window for an embedded web service.
A manager or a user may use an embedded web service provided by an image forming apparatus to check a state of the image forming apparatus, set a product (a whole system, printer, copy, fax, scan, an-email function, etc.), set a network (Transmission Control Protocol (TCP), Web Services for Devices (WSD), Service Location Protocol (SLP), Universal Plug ad Play (UPnP), multicast Domain Name System (mDNS), Simple Network Management Protocol (SNMP), Hypertext Transfer Protocol (HTTP), or Simple Mail Transfer Protocol (SMTP)), set system security (function management, information hiding, product re-booting, etc.), and manage network security (authentication, authority, account, or user profile), system log, system backup/restoration, firmware, etc.
Therefore, if a setting authority to an output device is provided to an unauthorized user, a serious problem may occur in terms of security.
FIGS. 2 through 4 are views illustrating conventional windows used to access embedded web services.
FIGS. 2 and 3 illustrating conventional windows used to input an IP address of an image forming apparatus into a domain address space and for a user or manager to input an ID and a password into a pop-up window in order to access an embedded web service. FIG. 4 illustrates a conventional window to access an embedded web service by using a pre-issued security card.
However, in these methods, an unauthorized malicious user may steal an ID and a password or a security card of a manager to try to access to an embedded web service, and attempt a spinning attack at tapping data transmitted through a network, attempt an attack method through social engineering hacking, attempt an attack method through a password supposition, and/or attempt to gain access based on an initial factory setting value.
Therefore, if a user neglects to manage information about the image forming apparatus, information about the image forming apparatus may be exposed to access by an unauthorized user anytime.
As a result, there is a need for a method of authenticating an embedded web service manager of an image forming apparatus and a method of improving a system to prevent a hacking accident as described above.