Control device, image forming apparatus, control method, and control system

The control device and method adjust password entry limits based on password strength to prevent legitimate users from being locked out and deter unauthorized access, enhancing security and usability.

JP2026104168APending Publication Date: 2026-06-25OKI ELECTRIC INDUSTRY CO LTD

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
OKI ELECTRIC INDUSTRY CO LTD
Filing Date
2024-12-13
Publication Date
2026-06-25

Smart Images

  • Figure 2026104168000001_ABST
    Figure 2026104168000001_ABST
Patent Text Reader

Abstract

The present invention provides a control device, an image forming apparatus, a control method, and a control system that reduce situations in which a legitimate user is unintentionally locked out. [Solution] In an authentication system in which a printer and multiple computers can communicate with each other via a network such as a LAN (Local Area Network), the printer, as a control device, includes an operation unit which is an input unit into which identification information and a password can be entered to identify an account, and a control unit which locks out the account identified by the identification information if the number of times the password is entered incorrectly for the entered identification information exceeds a predetermined number of times, and the control unit changes the predetermined number based on the strength of the password associated with the identification information.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present invention relates to a control device, an image forming apparatus, a control method, and a control system.

Background Art

[0002] In a system that logs in using identification information (e.g., user ID) and password registered for each account, it is important to take measures against brute-force attacks that input all possible combinations considered as passwords. Conventionally, there is known a method of locking out (making it unable to log in) an account for which the number of incorrect password entries exceeds a limit (see, for example, Patent Document 1).

Prior Art Documents

Patent Documents

[0003]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0004] However, the conventional method has a problem that even a legitimate user may be likely to enter the password incorrectly when registering a complex password to enhance security, and may be locked out unintentionally.

[0005] The present invention takes the above points into consideration and proposes a control device, an image forming apparatus, a login control system, and a login control method that can reduce the situation where a legitimate user is locked out.

Means for Solving the Problems

[0006] To solve these problems, the control device of the present invention includes an input unit on which an identification information for identifying an account and a password can be entered, and a control unit that locks out the account identified by the identification information when the number of times the password has been incorrectly entered for the input identification information exceeds a predetermined number of times, wherein the control unit changes the predetermined number of times based on the strength of the password associated with the identification information.

[0007] Furthermore, the image forming apparatus of the present invention comprises the control device and printing unit described above. Furthermore, the control system of the present invention comprises the control device described above.

[0008] Furthermore, the control method of the present invention includes the steps of: inputting identification information and a password to identify an account using an input unit; locking out the account identified by the identification information if the number of times the password has been incorrectly entered for the identification information input by the input unit exceeds a predetermined number of times; and changing the predetermined number of times based on the strength of the password associated with the identification information.

[0009] In this way, the present invention makes it possible to increase the number of times a user can enter a password without being locked out, even when the password registered by a legitimate user is complex and strong. [Effects of the Invention]

[0010] Thus, the present invention can realize a control device, an image forming apparatus, a control method, and a control system that can reduce the possibility of a legitimate user being locked out. [Brief explanation of the drawing]

[0011] [Figure 1] This diagram shows the overall configuration of the authentication system. [Figure 2] Block diagram showing the printer hardware configuration. [Figure 3]This is a block diagram showing the functional configuration of the printer. [Figure 4] A block diagram showing the hardware configuration of a computer. [Figure 5] This is a block diagram showing the functional configuration of a computer. [Figure 6] This flowchart shows the account registration process and the password update process. [Figure 7] This is a flowchart showing the login process. [Figure 8] This diagram shows the configuration of the login screen. [Modes for carrying out the invention]

[0012] The embodiments for carrying out the invention (hereinafter referred to as "embodiments") will be described in detail below with reference to the drawings.

[0013] [1. Overall Configuration of the Authentication System] First, the overall configuration of the authentication system St according to this embodiment will be explained using Figure 1. The authentication system St shown in Figure 1 consists of a printer 1 and multiple computers 2. The printer 1 and the multiple computers 2 can communicate with each other via a network 3 such as a LAN (Local Area Network). Each computer 2 is an information processing device used by the user, and is configured as, for example, a personal computer.

[0014] This authentication system St allows users to register their accounts on printer 1. The user ID and password specified by the user are registered as account information on printer 1. An account is a right to use specific services within the authentication system St (details will be explained later). Here, a user who has created an account in the authentication system St (i.e., a user who has registered their user ID and password) is referred to as a legitimate user.

[0015] Furthermore, in the authentication system St, it is possible to log in to the printer 1 by entering the user ID and password into the printer 1. At this time, the printer 1 performs authentication to check whether the combination of the entered user ID and password is registered as account information, and permits login if the combination of the entered user ID and password is registered.

[0016] And in this authentication system St, it is possible to use a specific service by logging in to the printer 1. Specifically, in the authentication system St, it is possible to use authentication printing that becomes printable by logging in, device settings that can be changed by logging in, and the like.

[0017] In addition, in the authentication system St, account registration and login can be performed on the printer 1, or can be performed on the computer 2 by accessing the printer 1 from the computer 2.

[0018] [2. Configuration of Printer] Next, the configuration of the printer 1 will be described using FIGS. 2 and 3. FIG. 2 is a diagram showing the hardware configuration of the printer 1, and FIG. 3 is a diagram showing the functional configuration of the printer 1.

[0019] As shown in FIG. 2, the hardware configuration of the printer 1 is centered on the control unit 11, and the storage unit 12, communication unit 13, display unit 14, operation unit 15, and printing unit 16 are connected to the control unit 11.

[0020] The storage unit 12 is composed of a non-volatile storage medium and stores various programs and various information. The communication unit 13 has an interface such as a wired LAN or a telephone line, and can be connected to the network 3 through the interface. This communication unit 13 communicates with each computer 2 through the network 3 to receive operation instructions and print data from each computer 2, and notify each computer 2 of various information.

[0021] The display unit 14 is composed of a display device such as a liquid crystal panel and displays various screens and information based on the control of the control unit 11. The display unit 14 displays, for example, an account registration screen for registering an account, a password change screen for changing a registered password, and a login screen for logging in by entering a user ID and password.

[0022] The operation unit 15 is composed of, for example, multiple operation buttons or touch panel operation input devices. When a user operates an operation input device, it receives this as an operation instruction and notifies the control unit 11. The printing unit 16 performs printing based on the print data received from each computer 2 via the communication unit 13.

[0023] The control unit 11 has a CPU 11A, ROM 11B, and RAM 11C inside. The control unit 11 implements various functions by having the CPU 11A read programs from the storage unit 12 and ROM 11B into the RAM 11C and execute them in accordance with operation instructions notified from the operation unit 15.

[0024] Specifically, the control unit 11, by executing a program, functions as an authentication unit 21, a password strength determination unit 22, a lockout determination unit 23, an account information storage area 24, and a lockout information storage area 25, as shown in Figure 3.

[0025] The authentication unit 21 authenticates the account by operating the operation unit 15 and comparing the combination of user ID and password entered on the login screen with the combination of user ID and password stored as account information in the account information storage area 24. If the authentication unit 21 succeeds in authenticating the account, it allows the account to log in; if it fails, it rejects the account's login.

[0026] The password strength determination unit 22 determines the strength of the password based on the number of digits and complexity of the password stored as account information.

[0027] The lockout determination unit 23 locks out an account for a predetermined period of time if the authentication unit 21 fails to authenticate the account more than a predetermined number of times (i.e., if the password is entered incorrectly). The lockout determination unit 23 counts the number of incorrect password entries for each user ID entered on the login screen. For example, if a user enters the wrong password a predetermined number of times consecutively when entering their user ID and password on the login screen, the account identified by that user ID will be locked out.

[0028] The account information storage area 24 stores account information such as user ID, password, password strength, number of incorrect password attempts, lockout status, and contact information (e.g., email address). The user ID is identification information used to identify an account and is unique to each account. In other words, the account information is information that links the user ID with the password, password strength, number of incorrect password attempts, lockout status, and contact information (e.g., email address).

[0029] The lockout information storage area 25 stores lockout information used to determine whether a lockout has occurred, such as the minimum password strength, the minimum number of allowed password attempts, and the maximum number of allowed password attempts. While this lockout information will be explained in more detail later, in short, the minimum password strength is the minimum strength of a password that can be registered in the authentication system St. In other words, the authentication system St only allows the registration of passwords that are stronger than or equal to this minimum password strength. The minimum and maximum number of allowed password attempts are the minimum and maximum values ​​of the number of password attempts allowed for a given user ID entered on the login screen, indicating the number of times a password can be entered without being locked out. For example, if the minimum number of allowed password attempts is 3, it means that a password can be entered at least 3 times for the same user ID without being locked out. Similarly, if the maximum number of allowed password attempts is 8, it means that a password can be entered up to 8 times for the same user ID without being locked out. These lockout values ​​may be pre-set fixed values, or they may be variable values ​​that can be changed, for example, by a user with an administrator account.

[0030] [3. Computer Configuration] Next, the configuration of computer 2 will be explained using Figures 4 and 5. Since the multiple computers 2 included in the authentication system St have the same configuration, the configuration of one of these computers 2 will be explained here. Figure 4 shows the hardware configuration of computer 2, and Figure 5 shows the functional configuration of computer 2.

[0031] As shown in Figure 4, the hardware configuration of computer 2 is centered around a control unit 31, to which a storage unit 32, a communication unit 33, a display unit 34, and an operation unit 35 are connected.

[0032] The memory unit 32 is made of a non-volatile storage medium and stores various programs and information. The communication unit 33 has an interface such as a wired LAN or telephone line, and can connect to the network 3 through this interface. The communication unit 33 communicates with the printer 1 via the network 3 to send operation instructions to the printer 1 and notify the printer 1 of various information.

[0033] The display unit 34 is composed of a display device such as a liquid crystal panel and displays various screens and information based on the control of the control unit 31. The display unit 34 displays, for example, the browser screen of a web browser.

[0034] The operation unit 35 is composed of, for example, multiple operation keys or an operation input device such as a touch panel. When the user operates an operation input device, it receives this as an operation instruction and notifies the control unit 31.

[0035] The control unit 31 has a CPU 31A, ROM 31B, and RAM 31C inside. The control unit 31 implements various functions by having the CPU 31A read programs from the storage unit 32 and ROM 31B into the RAM 31C and execute them in accordance with operation instructions notified from the operation unit 35.

[0036] Specifically, the control unit 31 functions as a web browser 41 and a printer driver 42 by executing a program, as shown in Figure 5.

[0037] The web browser 41 accesses the printer 1 via the network 3 and displays the account creation screen, password change screen, login screen, etc., provided as web pages from the printer 1 on the display unit 34. The web browser 41 also sends operation instructions for the account registration screen, password change screen, login screen, etc., displayed on the display unit 34 to the printer 1. In this way, the computer 2 can operate the account creation screen, password change screen, login screen, etc., displayed on the display unit 34 in the same way as if it were operating on the printer 1.

[0038] The printer driver 42 is software for controlling printer 1, and for example, it converts various application data into print data in a format that can be printed by printer 1 and sends it to printer 1.

[0039] [4. Account registration and password update process] Next, we will explain the processes to be performed on printer 1, namely the account registration process, which registers an account, and the password update process, which updates the password, using the flowchart shown in Figure 6.

[0040] In the first step SP11, the control unit 11 of the printer 1 displays a selection screen on the display unit 14 for the user to choose whether to register an account or update their password.

[0041] If the user selects to register an account through the operation of the control unit 15, the control unit 11 starts the account creation process and moves from step SP11 to step SP12. In step SP12, the control unit 11 displays the account registration screen on the display unit 14.

[0042] This account registration screen includes, for example, a user ID input field, a password input field, a contact information input field, and a registration button. Here, the user operates the control panel 15 of printer 1 to enter their user ID and password in the user ID input field and password input field, respectively. The user also operates the control panel 15 to enter, for example, their email address as their contact information in the contact information input field. Note that entering contact information is optional and does not have to be done. After entering the user ID, password, and contact information in this way, the user presses the registration button.

[0043] In the following step SP13, the control unit 11 waits until the registration button on the account creation screen is pressed. Once the registration button is pressed, it obtains a positive result and proceeds to step SP14. In step SP14, the control unit 11 determines whether the user ID entered in the user ID input field is registered in the account information storage area 24.

[0044] If the user ID entered in the user ID input field is already registered in the account information storage area 24, this means that the account identified by the entered user ID is already registered and therefore cannot be registered as a new account. In this case, the control unit 11 obtains a positive result in step SP14 and, for example, displays a message on the display unit 14 prompting the user to enter a different user ID because the entered user ID is already registered and cannot be registered as a new account, and then returns to step SP12.

[0045] In contrast, if the user ID entered in the user ID input field is not stored in the account information storage area 24, the control unit 11 obtains a negative result in step SP14 and proceeds to step SP15.

[0046] In step SP15, the control unit 11 associates the user ID entered in the user ID input field with the password entered in the password input field and the contact information entered in the contact information input field, and stores this as account information in the account information storage area 24. This registers a new account to the printer 1.

[0047] In the following step SP16, the control unit 11 uses the password strength determination unit 22 to determine the strength of the password registered in step SP15. Specifically, the password strength determination unit 22 uses an algorithm that determines the password strength based on the number of characters in the password, and the more diverse and complex the types of characters used in the password (uppercase and lowercase letters, numbers, and symbols), the stronger the password. The password strength is expressed as a numerical value, and a higher value indicates a stronger password.

[0048] In the following step SP17, the control unit 11 stores the password strength determined by the password strength determination unit 22 in the account information storage area 24, linked with the account information (user ID and password) registered in step SP15, and then terminates the series of account registration processes. In this way, the account registration process links the user ID and password entered by the user with the password strength determined by the password strength determination unit 22 and stores them as account information in the account information storage area 24.

[0049] As mentioned above, the authentication system St requires that passwords have a strength at least equal to the minimum password strength to be registered. Therefore, although it is omitted in the flow chart of Figure 6, if the password strength determined in step SP17 is less than the minimum password strength, the control unit 11 displays a message on the display unit 14 prompting the user to re-enter a stronger password, then returns to step SP12 and prompts the user to re-enter the password in the password input field.

[0050] On the other hand, if the user selects to update the password by operating the operation unit 15 on the selection screen displayed in step SP11, the control unit 11 starts the password update process and moves from step SP11 to step SP18. In step SP18, the control unit 11 displays the password update screen on the display unit 14.

[0051] This password update screen includes, for example, a user ID input field, a pre-update password input field for entering the current password, a post-update password input field for entering the new password, and an update button. Here, the user operates the control panel 15 of the printer 1 to enter the user ID, current password, and new password in the user ID input field, pre-update password input field, and post-update password input field, respectively, and then presses the update button.

[0052] In the following step SP19, the control unit 11 waits until the update button on the password update screen is pressed. Once the update button is pressed, it obtains a positive result and proceeds to step SP20. In step SP20, the control unit 11 determines whether or not account information containing the user ID entered in the user ID input field and the password entered in the password before update input field is stored in the account information storage area 24.

[0053] If, at this point, account information having the User ID entered in the User ID input field and the password entered in the Password Before Update input field is not stored in the account information storage area 24, this means that no account having the User ID entered in the User ID input field and the password entered in the Password Before Update input field is registered. In this case, the control unit 11 obtains a negative result in step SP20 and, for example, displays a message on the display unit 14 notifying the user that the User ID entered in the User ID input field or the password entered in the Password Before Update input field is incorrect, and then returns to step SP18.

[0054] In contrast, if account information containing the user ID entered in the user ID input field and the password entered in the password before update input field is stored in the account information storage area 24, the control unit 11 obtains a positive result in step SP20 and proceeds to step SP21.

[0055] In step SP21, the control unit 11 updates the password of the account information stored in the account information storage area 24, which has the user ID entered in the user ID input field and the password entered in the password before update input field, to the new password entered in the password after update input field. This updates the password of the registered account.

[0056] In the following step SP22, the control unit 11 uses the password strength determination unit 22 to determine the strength of the password updated in step SP21. The determination method at this time is the same as in step SP15 described above.

[0057] Although not shown in the flow chart in Figure 6, if the password strength determined in step SP22 is less than the minimum password strength, the control unit 11 displays a message on the display unit 14 prompting the user to re-enter a stronger password, then returns to step SP18, prompting the user to re-enter the updated password in the password input field.

[0058] In the following step SP23, the control unit 11 stores the password strength determined by the password strength determination unit 22 in the account information storage area 24, linked to the account information updated in step SP21, and then terminates the series of password update processes. In this way, the password update process updates both the password included in the account information and the strength of that password.

[0059] The account registration and password update processes are as described above. While this explanation describes the case where the account registration and password update screens are displayed on printer 1 and operated from printer 1, it is also possible to display the account registration and password update screens on computer 2 and operate from computer 2.

[0060] Although not explained here, Printer 1 is configured to perform a contact update process in response to user instructions. Through this contact update process, Printer 1 can register contacts in account information and update registered contacts.

[0061] [5. Login Process] Next, we will explain the login process, which is performed on printer 1, using the flowchart shown in Figure 7.

[0062] In the first step SP31, the control unit 11 of the printer 1 displays the login screen Sc1 shown in Figure 8 on the display unit 14.

[0063] This login screen Sc1 includes, for example, a user ID input field Ar1, a password input field Ar2, and a login button Bt1. The user then operates the printer 1's control panel 15 to enter their user ID and password into the user ID input field Ar1 and password input field Ar2, respectively, and then presses the login button Bt1.

[0064] In the following step SP32 (Figure 7), the control unit 11 waits until the login button Bt1 on the login screen Sc1 is pressed. Once the login button Bt1 is pressed, it obtains a positive result and proceeds to step SP33. In step SP33, the control unit 11 determines whether the account identified by the user ID entered in the user ID input field Ar1 is locked out. For the sake of simplicity, it is assumed here that the user ID entered in the user ID input field Ar1 is registered as account information in the account information storage area 24.

[0065] Specifically, the control unit 11 reads account information containing the user ID entered in the user ID input field Ar1 from the account information storage area 24 and refers to the lockout status (i.e., the lockout status associated with the user ID entered in the user ID input field Ar1) contained in the account information. If this lockout status indicates that the account is locked out, it means that the account is locked out and login is not possible. On the other hand, if this lockout status indicates that the account is not locked out, it means that the account is not locked out and login is possible.

[0066] In other words, the control unit 11 determines whether or not the account identified by the user ID entered in the user ID input field Ar1 is locked out, based on whether or not the account is locked out.

[0067] Here, if the control unit 11 determines that the account identified by the user ID entered in the user ID input field Ar1 is locked out, it obtains a positive result in step SP33 and proceeds to step SP34. On the other hand, if the control unit 11 determines that the account identified by the user ID entered in the user ID input field Ar1 is not locked out, it obtains a negative result in step SP33 and proceeds to step SP36.

[0068] In step SP34, which is performed when the account identified by the user ID entered in the user ID input field Ar1 is locked out, the control unit 11 determines whether or not a registration destination is registered to the account information read in step SP33 (i.e., the account information having the user ID entered in the user ID input field Ar1) (i.e., whether or not a registration destination is associated with the user ID entered in the user ID input field Ar1).

[0069] Here, if the contact information is not registered, the control unit 11 obtains a negative result in step SP34 and returns to step SP31. On the other hand, if the contact information is registered, the control unit 11 obtains a positive result in step SP34 and moves to step SP35.

[0070] In step SP35, the control unit 11, via the communication unit 13, notifies the contact (e.g., email address) associated with the user ID entered in the user ID input field Ar1 that the account identified by that user ID is locked out, and then returns to step SP31.

[0071] Thus, in the login process, if an account identified by the user ID entered on the login screen Sc1 is locked out, the system does not display a notification that the account is locked out on the login screen Sc1, which is visible to everyone. Instead, it notifies the legitimate user's contact information registered in the account information of that account.

[0072] On the other hand, in step SP36, which proceeds when the account identified by the user ID entered in the user ID input field Ar1 is not locked out, the control unit 11 authenticates the account by having the authentication unit 21 compare the combination of user ID and password entered on the login screen Sc1 with the combination of user ID and password stored as account information in the account information storage area 24.

[0073] In the following step SP37, the control unit 11 determines whether authentication by the authentication unit 21 was successful or not. If authentication fails, the control unit 11 obtains a negative result in step SP37 and displays a message on the display unit 14 (i.e., the login screen Sc1) informing the user that the entered user ID or password is incorrect, and then proceeds to step SP38. On the other hand, if authentication is successful, the control unit 11 obtains a positive result in step SP37 and proceeds to step SP42.

[0074] As mentioned above, for the sake of simplicity, we assume that the user ID entered in the user ID input field Ar1 is registered as account information in the account information storage area 24. Therefore, if the password entered in the password input field Ar2 is incorrect for the user ID entered in the user ID input field Ar1, authentication in step SP36 will fail. On the other hand, if the user ID entered in the user ID input field Ar1 is not registered in the account information storage area 24, authentication in step SP36 will also fail, but in this case, the process should return to step SP31.

[0075] In step SP38, which is performed when authentication fails (i.e., the password is incorrect), the control unit 11 uses the lockout determination unit 23 to increment (+1) the number of incorrect password entries included in the account information associated with the user ID entered in the user ID input field Ar1 (i.e., the number of incorrect password entries associated with the user ID entered in the user ID input field Ar1).

[0076] In the following step SP39, the control unit 11 calculates the number of allowed password inputs for a given user ID based on the password strength included in the account information having the user ID entered in the user ID input field Ar1 (i.e., the password strength associated with the user ID entered in the user ID input field Ar1), using the lockout determination unit 23.

[0077] Specifically, the lockout determination unit 23 first determines whether the password strength associated with the user ID is equal to the minimum password strength stored in the lockout information storage area 25.

[0078] The lockout determination unit 23 then determines that if the password strength associated with the user ID is equal to the minimum password strength, it sets the number of allowed password inputs to the same number as the minimum number of allowed password inputs stored in the lockout information storage area 25 (for example, 3 times).

[0079] Thus, the lockout determination unit 23 determines that if the strength of the password associated with the user ID is as low as the minimum password strength, and the number of allowed password inputs is large, there is a risk that the password could be identified by a brute-force attack. Therefore, the lockout determination unit 23 sets the number of allowed password inputs to the same as the minimum number of allowed password inputs.

[0080] On the other hand, if the lockout determination unit 23 determines that the password strength associated with the user ID exceeds the minimum password strength, it sets the number of allowed password inputs to more than the minimum number of allowed password inputs, based on the difference between the password strength associated with the user ID and the minimum password strength.

[0081] For example, if the difference between the password strength associated with a user ID and the minimum password strength is "2", the number of allowed password attempts will be set to the minimum number of allowed attempts (e.g., 3) + 2, which equals 5 attempts.

[0082] Thus, the lockout determination unit 23 determines that if the strength of the password associated with the user ID is higher than the minimum password strength, and the number of allowed password inputs is low, there is a high possibility that a legitimate user may enter the wrong password and be unintentionally locked out. Therefore, the lockout determination unit 23 sets the number of allowed password inputs to be higher than the minimum number of allowed password inputs.

[0083] Furthermore, the number of allowed password attempts is limited by the maximum number of allowed password attempts (for example, 8) stored in the lockout information storage area 25. For this reason, if the number of allowed password attempts calculated by the lockout determination unit 23 based on the difference between the password strength associated with the user ID and the minimum password strength exceeds the maximum number of allowed password attempts, the lockout determination unit 23 sets the number of allowed password attempts to the same as the maximum number of allowed password attempts. In this way, the lockout determination unit 23 can prevent the number of allowed password attempts from becoming too high.

[0084] Here are some specific examples of passwords associated with a user ID (i.e., passwords registered by legitimate users) and the number of allowed password attempts, which has been changed based on the strength of that password. For example, if the password is a 4-digit number "3518", the number of allowed password attempts will be "3", the same as the minimum number of allowed password attempts. For example, if the password is a 4-digit number and lowercase letters "ax25", the number of allowed password attempts will be "4". For example, if the password is an 8-digit number and lowercase letters "agti7259", the number of allowed password attempts will be "6". For example, if the password is an 8-digit number and lowercase letters and numbers "GtHk2837", the number of allowed password attempts will be "7".

[0085] In the following step SP40, the lockout determination unit 23 determines whether the number of incorrect password entries incremented in step SP38 is equal to or greater than the number of allowed password entries calculated in step SP39.

[0086] Here, if the number of incorrect password entries is less than the allowed number of password entries, the control unit 11 obtains a negative result in step SP40 and returns to step SP31. In this case, since the number of incorrect password entries has not reached the allowed number of password entries, it becomes possible to re-enter the password on the login screen Sc1.

[0087] On the other hand, if the number of incorrect password entries is greater than or equal to the allowed number of password entries, the control unit 11 obtains a positive result in step SP40 and proceeds to step SP41. In step SP41, the control unit 11 updates the lockout status in the account information associated with the user ID entered in the user ID input field Ar1 to "lockout enabled," thereby locking out the account identified by that user ID. After locking the account in this way, the control unit 11 returns to step SP31.

[0088] On the other hand, in step SP42, which is the step to which authentication in step SP36 is successful, the control unit 11 uses the lockout determination unit 23 to reset (i.e., set to 0) the number of incorrect password entries included in the account information having the user ID entered in the user ID input field Ar1 (i.e., the number of incorrect password entries associated with the user ID entered in the user ID input field Ar1).

[0089] In the following step SP43, the control unit 11 logs in the account identified by the user ID entered in the user ID input field Ar1 via the authentication unit 21, and then terminates the series of login processes. In this way, the login process changes the number of password inputs allowed before lockout based on the strength of the password associated with the user ID entered in the login screen Sc1.

[0090] The login process is as described above. Note that this explanation describes the case where the login screen Sc1 is displayed on printer 1 and operated from printer 1. However, it is also possible to display the login screen Sc1 on computer 2 and operate from computer 2.

[0091] Although not explained here, the control unit 11 of printer 1 stores and manages the time when an account was locked out for each account (i.e., for each user ID), and for accounts that have been locked out for a predetermined amount of time, it releases the lockout (i.e., changes the lockout status in the account information from locked out to locked out).

[0092] Furthermore, the control unit 11 of printer 1 stores and manages the time when the number of incorrect password entries was incremented (+1) for each account (i.e., each user ID), and resets the number of incorrect password entries (sets to 0) for accounts where a predetermined time has elapsed since the last time the number of incorrect password entries was incremented.

[0093] [6. Summary and Effects] As described above, in this embodiment, the authentication system St, which is an example of a control system for controlling account login, is equipped with a printer 1, which is an example of an image forming apparatus, and a printer 16, which is equipped with a control device for controlling login and a printing unit 16, and a computer 2, which is an example of an information processing apparatus that can communicate with the printer 1 via a network 3.

[0094] Furthermore, the printer 1 is equipped with a control device consisting of a display unit 14, an operation unit 15 which is an example of an input unit where a user ID and password, which are examples of identification information for identifying an account, can be entered based on the display of the display unit 14, and a control unit 11 which locks out the account identified by the user ID when the number of times the password has been incorrectly entered for the user ID (number of incorrect password entries) exceeds a predetermined number, which is an example of a allowed number of password entries.

[0095] The control unit 11 then changes the number of allowed password entries based on the strength of the password associated with the user ID.

[0096] In other words, if the strength of the password associated with the user ID is higher than the standard strength (i.e., minimum password strength) set for printer 1, the control unit 11 sets the number of allowed password inputs for that user ID to be greater than the minimum number of allowed password inputs set for printer 1.

[0097] Thus, in printer 1, if the password registered by a legitimate user is complex and strong, the number of password input attempts allowed (the number of times the password can be entered without being locked out) can be increased, thereby reducing the possibility of a legitimate user being unintentionally locked out due to incorrect password entry.

[0098] On the other hand, if the strength of the password associated with the user ID is as low as the minimum password strength set for printer 1, the control unit 11 sets the number of allowed password inputs for that user ID to the same number as the minimum number of allowed password inputs set for printer 1.

[0099] Thus, in printer 1, if the password registered by a legitimate user is weak, the possibility of the password being identified through a brute-force attack can be reduced by decreasing the number of allowed password input attempts.

[0100] Furthermore, in this embodiment, the printer 1 is provided with an account information storage area 24, which is an example of a storage unit for storing account information, and it is possible to register, for example, an email address that serves as a contact for the user in the account information.

[0101] Furthermore, the control unit 11 of printer 1, via the communication unit 13, is configured to notify the contact person registered in the account information of the account that the account has been locked out if the account is locked out.

[0102] In this way, when an account is locked out, printer 1 does not display that the account has been locked out on the display unit 14 (i.e., it does not display that the account has been locked out on the login screen Sc1, which is an example of an input screen), and instead notifies the legitimate user's contacts that the account has been locked out. This prevents, for example, an unauthorized user viewing the login screen Sc1 from realizing that the account has been locked out.

[0103] In other words, when an account is locked out, printer 1 displays the login screen Sc1 in a manner that makes it impossible to confirm whether the account identified by the entered user ID is locked out or not. It also notifies the legitimate user's contacts that the account has been locked out, thus preventing unauthorized users viewing the login screen Sc1 from realizing that the account has been locked out.

[0104] This prevents unauthorized users from inferring the strength of a legitimate user's password by counting the number of times they enter the wrong password before being locked out on the login screen Sc1. It also prevents legitimate users from unnecessarily entering their passwords even when locked out.

[0105] In this embodiment, the control unit 11 of the printer 1 notifies the contact person for the account when the account is locked out, without displaying a message on the display unit 14. However, the control unit 11 is not limited to this, and for example, if the number of allowed password attempts is the same as the maximum number of allowed password attempts, and the number of incorrect password attempts reaches the maximum number of allowed password attempts, the control unit 11 may display a message on the display unit 14 (for example, the login screen Sc1) indicating that the account is locked out.

[0106] In printer 1, if the password strength exceeds a predetermined level, the number of allowed password inputs is fixed to the maximum allowed number of password inputs, regardless of the password strength. Therefore, if the number of allowed password inputs is fixed to the maximum allowed number of password inputs, even if the display unit 14 displays a message indicating that the user is locked out, it is not possible to estimate the strength of the legitimate user's password from the number of incorrect password entries made before being locked out.

[0107] Furthermore, by displaying a lockout status on the display unit 14, it is possible to stop, for example, an unauthorized user from attempting a brute-force password attack, thereby reducing the load on printer 1 or reducing network traffic on network 3 when computer 2 is accessing printer 1.

[0108] [7. Other Embodiments] [7-1. Other Embodiments 1] In the embodiment described above, in the login process shown in Figure 7, the control unit 11 locks out the account in step SP41, then returns to step SP31 and displays the login screen Sc1 again (i.e., continues to display the login screen Sc1). However, the control unit 11 may also, after locking out the account in step SP41, move to step SP34, return to step SP31 if no contact is registered to the locked-out account, or move to step SP35 if a contact is registered to notify the contact that the account has been locked out.

[0109] [7-2. Other Embodiments 2] Furthermore, in the embodiment described above, the control unit 11 (lockout determination unit 23) changes the number of allowed password entries before lockout based on the strength of the password registered as account information. However, it is not limited to this; for example, if contact information is registered as account information, the number of allowed password entries before lockout may be changed based on the strength of the password, and if contact information is not registered as account information, the number of allowed password entries may be set to a fixed value (e.g., the minimum number of allowed password entries) regardless of the strength of the password.

[0110] [7-3. Other Embodiments 3] Furthermore, in the embodiment described above, in the login process shown in Figure 7, if the password entered along with the user ID on the login screen Sc1 is incorrect, the number of incorrect password entries is incremented, and then the number of allowed password entries is calculated based on the password strength associated with that user ID.

[0111] This is not the only option; for example, in the account registration process and password update process shown in Figure 6, after determining the password strength, the number of allowed password attempts may be calculated based on that password strength. In this case, the calculated number of allowed password attempts can be stored in the account information storage area 24 in association with the user ID, and retrieved from the account information storage area 24 during the login process.

[0112] [7-4. Other Embodiments 4] Furthermore, in the embodiment described above, in the account registration process shown in Figure 6, the control unit 11 stores the user ID and password as account information in the account information storage area 24 in step SP15, and then determines the strength of the password in step SP16. However, it is not limited to this, and the password strength may be determined first, and if the strength is equal to or greater than the minimum password strength, the user ID and the password may be stored as account information in the account information storage area 24. Similarly, in the password update procedure, the password strength may be determined first, and if the strength is equal to or greater than the minimum password strength, the user ID and the password may be stored as account information in the account information storage area 24.

[0113] [7-5. Other Embodiments 5] Furthermore, in the embodiment described above, each computer 2 accesses the printer 1 via the network 3 using a web browser 41, and displays the account creation screen, password change screen, login screen, etc., provided as a web page from the printer 1 on the display unit 34. However, the invention is not limited to this, and each computer 2 may also access the printer 1 via the network 3 using utility software, and display the account creation screen, password change screen, login screen, etc., provided as predetermined data from the printer 1 on the display unit 34.

[0114] [7-6. Other Embodiments 6] Furthermore, in the embodiment described above, the password strength determination unit 22 determines the password strength based on the number of characters in the password and the types of characters used in the password. However, it is not limited to this, and the password strength may be determined based on either the number of characters in the password or the types of characters used in the password. Moreover, the password strength may be determined using various existing algorithms.

[0115] [7-7. Other Embodiments 7] Furthermore, in the embodiment described above, the lockout determination unit 23 calculates the number of allowed password inputs based on the difference between the strength of the password associated with the user ID and the minimum password strength. However, it is not limited to this, and for example, a table associating password strength with the number of allowed password inputs may be stored in the storage unit 12 of the printer 1, and the lockout determination unit 23 may obtain the number of allowed password inputs corresponding to the strength of the password associated with the user ID from this table.

[0116] [7-8. Other Embodiments 8] Furthermore, in the embodiment described above, if the account is locked out because the number of incorrect password entries on the login screen Sc1 reaches the allowed number of password entries, the login screen Sc1 does not display a message indicating that the account is locked out. On the other hand, if the number of incorrect password entries has not yet reached the allowed number of password entries when the password is entered incorrectly, the login screen Sc1 displays a message to inform the user that the entered user ID or password is incorrect.

[0117] In this case, there is a risk that whether or not a user is locked out could be determined by whether or not a message informing the user that the entered user ID or password is incorrect is displayed on the login screen Sc1. Therefore, even if the account is locked out, after the login button Bt1 is pressed, a message informing the user that the entered user ID or password is incorrect may be displayed, just as it would be if the account were not locked out.

[0118] [7-9. Other Embodiments 9] Furthermore, although the present invention was applied to a printer 1 equipped with a login function in the above-described embodiment, it is not limited to this and may be applied to various devices (control devices and image forming apparatuses) equipped with a login function.

[0119] Furthermore, in the above-described embodiment, the present invention was applied to an authentication system St consisting of a printer 1 and a computer 2 connected to a network 3. However, the present invention is not limited to this and may be applied to various systems equipped with a login function. For example, the present invention may be applied to an authentication system consisting of a server and a client terminal connected to a network. In this case, the server operates as a control device that controls account login, and when the client terminal accesses the server, an account creation screen, password change screen, login screen, etc., provided as predetermined data from the server are displayed on the display unit and operated by the operation unit.

[0120] [7-10. Other Embodiments 10] Furthermore, the present invention is not limited to the embodiments described above. That is, the scope of application of the present invention extends to embodiments that arbitrarily combine some or all of the embodiments described above, or embodiments that extract some of them. [Industrial applicability]

[0121] This invention can be widely used in systems equipped with login functionality, etc. [Explanation of Symbols]

[0122] 1...Printer, 2...Computer, 3...Network, 11...Control Unit, 12...Storage Unit, 13...Communication Unit, 14...Display Unit, 15...Operation Unit, 16...Printing Unit, 21...Authentication Unit, 22...Password Strength Determination Unit, 23...Lockout Determination Unit, 24...Account Information Storage Area, 25...Lockout Information Storage Area, 31...Control Unit, 32...Storage Unit, 33...Communication Unit, 34...Display Unit, 35...Operation Unit, 41...Web Browser, 42...Printer Driver, Ar1...User ID Input Field, Ar2...Password Input Field, Bt1...Login Button, Sc1...Login Screen, St...Authentication System.

Claims

1. An input section where you can enter identification information and a password to identify the account, A control unit that locks out the account identified by the identification information if the number of times the password is entered incorrectly for the input identification information exceeds a predetermined number of times. Equipped with, The control unit, The predetermined number of times to change based on the strength of the password associated with the identification information. A control device characterized by the following features.

2. Equipped with a display unit, The aforementioned display unit is An input screen can be displayed in which the aforementioned identification information and the aforementioned password can be entered. The control unit, If the number of times the password is entered incorrectly for the identification information entered on the input screen exceeds a predetermined number, and the account identified by the identification information is locked out, the input screen will be displayed on the display unit in a manner that makes it impossible to confirm whether or not it is locked out. The control device according to feature 1.

3. The system further comprises a storage unit that stores account information for each account, The aforementioned account information allows for the registration of contact information for the user. The control unit, If the aforementioned account is locked out, the aforementioned contact person registered in the account information of that account will be notified that the account has been locked out. The control device according to claim 1 or 2.

4. The system further includes a password strength determination unit that determines the strength of the aforementioned password, The password strength determination unit, The strength of the password is determined based on at least one of the number of digits in the password and the types of characters contained in the password. The control device according to feature 1.

5. The aforementioned predetermined number of times is subject to an upper limit. The control unit, If the number of incorrect password entries for the entered identification information reaches the predetermined upper limit, and the account identified by the identification information is locked out, the display unit will indicate that the account has been locked out. The control device according to claim 2.

6. The control unit, For accounts in which the aforementioned contact information is registered, the predetermined number of attempts will be changed based on the strength of the password associated with the identification information of the account entered; for accounts in which the aforementioned contact information is not registered, the predetermined number of attempts will be fixed. The control device according to claim 3.

7. The control device according to claim 1, Printing Department and Equipped with An image forming apparatus characterized by the following features.

8. The steps include entering identification information and a password to identify the account via the input section, If the number of times the password is entered incorrectly for the identification information entered by the input unit exceeds a predetermined number of times, the control unit locks out the account identified by the identification information. The control unit performs the steps of changing the predetermined number of times based on the strength of the password associated with the identification information. has A control method characterized by the following:

9. Having the control device described in claim 1 A control system characterized by the following: