JP2006310945A - Image processing apparatus and illegitimate use discrimination program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image processing apparatus with high security capable of detecting an illegitimate use even in a stage after user authentication. <P>SOLUTION: A MFP being an example of the image processing apparatus reads a past job log of a user from an ID and a password entered from the user (S105), and acquires the past operating time zone of the MFP and a present time on the basis of the job log (S107). When the present time is not included in the past operating time zone (NO in S109), it is discriminated that there is a possibility of an illegitimate use, mail of informing of the illegitimate use is transmitted to a preset mail address (S111), and the entry of a transmission destination of image data is accepted from the user (S113). Further, even when the entered address differs from the mail address used in the past and included in the job log (NO in S115), the illegitimate use is notified by mail (S117). <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an image processing apparatus and an unauthorized use determination program, and more particularly to an image processing apparatus and an unauthorized use determination program with high security.

  With the development of networks, office devices such as MFPs (Multi Function Peripherals) are increasingly used in network environments. For this reason, it has become an important issue to prevent unauthorized use such as sending a document on the network by impersonating another person.

  Further, as the memory capacity of the office equipment has increased, more documents are stored. Therefore, management of stored documents has become an important issue.

  To deal with such problems, conventional office devices such as MFPs perform user registration in advance and issue IDs and passwords. Users other than registered users can use part or all of the functions. Restriction and user authentication using IDs and passwords permit use for registered users.

  In addition, by storing and managing the usage history for each registered user, it is possible to check the usage history for accessing stored documents and sending documents for each registered user later. Yes.

  In order to further increase security, various methods have been proposed for detecting whether or not an unauthorized login is made when logging in to an office device.

  For example, Patent Document 1 below proposes a personal authentication method and system for detecting an unauthorized login by comparing the time and operation method related to the input of a user name and password with those of the prior art.

  Further, for example, Patent Document 2 below proposes a user authentication method and a user authentication device that detect an unauthorized login by using a key / button press history that is a password input operation as authentication information.

Further, for example, Patent Document 3 below proposes a data processing device that detects an unauthorized login using the frequency of wrong input of a password.
JP 2001-92783 A JP 2002-182773 A JP 2004-179728 A

  However, once an authentication ID or password is used illegally and user authentication is successful, the use of the above-mentioned technology is permitted without restriction, thus eliminating unauthorized use. There was a problem that could not be done.

  The present invention has been made in view of such a problem, and provides a high-security image processing apparatus and an unauthorized use determination program capable of determining unauthorized use even in a stage after the establishment of user authentication. Objective.

  In order to achieve the above object, according to one aspect of the present invention, an image processing apparatus includes an input unit that inputs a user operation for executing image processing, and an operation related to an operation performed when the user performs past image processing. Operation information storage means for storing information, operation information relating to user operations, comparison means for comparing the user's past operation information stored in the operation information storage means, and unauthorized use according to the comparison result Determination means for determining.

  In addition, the image processing apparatus according to the function selected from the function selection unit that accepts the selection of the function to be used by the user and the operation information stored in the operation information storage unit when the user performed the past image processing. It is preferable to further comprise an extracting means for extracting the operation information.

  Furthermore, the image processing apparatus more preferably includes a setting unit that sets operation information used for comparison according to the function selected by the function selection unit.

  In more detail, the determination means is the comparison means that the comparison result that the operation information related to the user operation does not match the operation information at the time of the past image processing of the user stored in the operation information storage means. When obtained, it is preferable to determine that the unauthorized use.

  Alternatively, in the comparing means, the operation information related to the user operation is not within a predetermined threshold from the operation information stored in the operation information storage means when the user has performed past image processing. It is preferable to determine unauthorized use when a comparison result is obtained.

  The image processing apparatus further includes statistical processing means for performing statistical processing on the operation information at the time of execution of the past image processing of the user stored in the operation information storage means. It is preferable to compare the operation information stored in the statistically processed operation information storage means with the user's past image processing execution time.

  In addition, the image processing apparatus preferably further includes notification means for notifying a predetermined destination when the determination means determines that the unauthorized use has been made.

  The image processing apparatus further includes user authentication means for performing user authentication based on the input user information, and the predetermined destination is preferably a destination corresponding to the user authenticated by the user.

  The image processing apparatus preferably further includes user authentication means for performing user authentication based on the input user information, and the comparison means preferably performs user authentication and performs the above-described comparison regarding user operations after login.

  According to another aspect of the present invention, the unauthorized use determination program executes an input step for inputting a user operation for executing image processing, operation information relating to the user operation, and execution of past image processing of the user stored therein. A comparison step for comparing the operation information at the time and a determination step for determining unauthorized use according to the comparison result are executed.

  In addition, the unauthorized use determination program obtains operation information corresponding to the selected function from the function selection step of accepting selection of the function to be used by the user and the stored operation information of the user in the past image processing execution. It is preferable to further execute an extraction step of extracting.

  Furthermore, it is more preferable that the unauthorized use determination program executes a setting step for setting operation information used for comparison according to the function selected in the function selection step.

  Specifically, in the determination step, in the comparison step, a comparison result is obtained that the operation information related to the user operation does not match the stored operation information of the user in the past image processing execution. It is preferable to determine that it is illegal use.

  Alternatively, in the determination step, in the comparison step, a comparison result that the operation information related to the user operation is not within a predetermined threshold is obtained from the stored operation information of the user at the time of the past image processing execution. If it is, it is preferable to determine that it is unauthorized use.

  Further, the unauthorized use determination program further executes a statistical processing step for performing statistical processing on the stored operation information of the user at the time of the past image processing execution. It is preferable to compare the statistically processed stored operation information of the user when the past image processing is executed.

  Further, it is preferable that the unauthorized use determination program further executes a notification step of notifying a predetermined destination when it is determined that the unauthorized use is made in the determination step.

  The unauthorized use determination program further executes a user authentication step for performing user authentication based on the input user information, and the predetermined destination is a destination corresponding to the user authenticated in the user authentication step. Is preferred.

  The unauthorized use determination program further executes a user authentication step for performing user authentication based on the input user information. In the comparison step, the user authentication is performed in the user authentication step, and the user operation after login is described above. It is preferable to make a comparison.

  According to still another aspect of the present invention, the recording medium is a computer-readable recording medium, and records the above-described unauthorized use determination program.

  Since the image processing apparatus and the unauthorized use determination program according to the present invention have the above-described configuration, in the image processing apparatus that permits the user to use the function based on the user authentication, It is possible to determine that the user is an unauthorized user and to determine unauthorized use.

  Embodiments of the present invention will be described below with reference to the drawings. In the following description, the same parts and components are denoted by the same reference numerals. Their names and functions are also the same. Therefore, detailed description thereof will not be repeated.

  FIG. 1 is a diagram showing a specific example of the system configuration of an MFP (Multi Function Peripherals) 1 which is an example of an image processing apparatus according to the present invention.

  Referring to FIG. 1, an MFP 1 according to the present embodiment includes a CPU (Central Processing Unit) 1a that controls the whole, a ROM (Read Only Memory) 1b that stores job data, a program executed by the CPU 1a, and the like. A RAM (Random Access Memory) 1c, a hard disk 1d, an image reading unit 1e that reads image data from a document, a printing unit 1f that prints an image on paper, and the MFP 1 are connected to a network or a telephone line, or a short distance. A communication unit 1g for communicating with other devices using the wireless communication, a display unit 1h such as a display for displaying various information, and an input unit 1k such as a touch panel and buttons for inputting instructions. And a control circuit 1j for the CPU 1a to execute the program and control the units. It is.

  FIG. 2 is a functional block diagram showing a specific example of a function for performing unauthorized use detection processing in MFP 1 according to the present embodiment. Each function shown in FIG. 2 is a function exhibited by the CPU 1a shown in FIG. 1 reading and executing a program stored in the ROM 1b or the like.

  Referring to FIG. 2, MFP 1 includes ID / password confirmation unit 101, job log reading unit 103, operation information extraction unit 105, engine communication unit 109 for communicating with the engine of print unit 1f, communication unit 1g, and the like. An external interface (I / F) communication unit 111 for communicating with an external device, a display unit 115 such as a display unit 1h, an input receiving unit 117 such as a panel type input unit 1k, a display unit 115, and an input receiving unit This is a predetermined area such as a panel control unit 113 that controls display at 117, a statistical processing unit 119, a use permission determination unit 121, a hardware control unit 123 for controlling hardware such as the image reading unit 1e, and a hard disk 1d. Unauthorized use that is a predetermined area such as the job log storage unit 125 and the hard disk 1d Configured to include a Chisaki storage unit 127. Further, the operation information extraction unit 105 includes a usage time extraction unit 1051 and a mail address extraction unit 1053.

  The input receiving unit 117 receives a user operation input from the input unit 1k or the like. When the user's operation input is input of login information, the input login information is input to the ID / password confirmation unit 101. In the case of various operation inputs, an operation signal based on the operation input is input to the hardware control unit 123. Further, in any case of input of login information and various operation inputs, an operation signal based on the operation input is input to the use permission determining unit 121 and the operation information extracting unit 105.

  The ID / password confirmation unit 101 uses the ID and password included in the login information input from the input reception unit 117, and performs user authentication with reference to user information stored in the hard disk 1d or the like. The authentication result is input to the job log reading unit 103 and the hardware control unit 123.

  The hardware control unit 123 controls hardware such as the image reading unit 1 e based on the authentication result input from the ID / password confirmation unit 101.

  Based on the authentication result input from the ID / password confirmation unit 101, the job log reading unit 103 reads the job log that is the operation history of the user from the job log storage unit 125 and inputs the job log to the operation information extraction unit 105.

  The operation information extraction unit 105 includes a job log of the user input from the job log reading unit 103 based on an operation signal input from the input reception unit 117 in the included usage time extraction unit 1051 or mail address extraction unit 1053. From this, information relating to usage time and information relating to e-mail addresses, which are necessary past operation information, are extracted and input to the usage permission determination unit 121.

  The statistical processing unit 119 acquires the operation information extracted from the operation information extraction unit 105 as necessary, executes statistical processing, and inputs the processing result to the use permission determination unit 121.

  The use permission determination unit 121 receives the operation signal input from the input reception unit 117 and the past operation information of the user input from the operation information extraction unit 105 (and / or the statistical processing unit 119 as necessary). Based on the processing result), it is determined whether or not the user currently using the MFP 1 is a legitimate user registered with the login information, and unauthorized use is detected.

  In the unauthorized use notification destination storage unit 127, a destination to be notified when unauthorized use is detected is registered in advance. The partner to be notified when the unauthorized use is detected may be registered corresponding to the login information that has been illegally used (for example, a legitimate user of the login information that has been illegally used) or the MFP 1. In the case where unauthorized use is detected, a predetermined destination may be registered as a notification to the same destination, such as an administrator.

  The use permission determination unit 121 reads out notification data stored in a predetermined notification destination, a predetermined area of the hard disk 1d, and the like from the unauthorized use notification destination storage unit 127 according to the determination result, and notifies the unauthorized use.

  FIG. 3 is a flowchart showing a flow of processing including unauthorized use detection processing executed in the MFP 1 according to the present embodiment. The processing shown in the flowchart of FIG. 3 is realized by the CPU 1a of FIG. 1 reading out a program stored in the ROM 1b and controlling the functions shown in FIG.

  Referring to FIG. 3, first, when the user performs a login operation with input unit 1 k, input input unit 117 accepts input of login information from the user (step S 10), and job log reading unit 103 performs the step Based on the login information input in S10, the job log of the user is read from the job log storage unit 125 (step S20).

  Subsequently, when the user performs an operation of selecting a function such as a print function or a scan function using the input unit 1k, the input reception unit 117 receives the function selection (step S30).

  The use permission determination unit 121 performs an unauthorized use determination process for detecting unauthorized use based on the login operation accepted in step S10, the function selection operation accepted in step S30, and the job log read in step S20. If it is executed (step S40) and an unauthorized use is detected (YES in step S50), an unauthorized use notification process for notifying a predetermined notification destination of unauthorized use is executed (step S60). Then, processing (copy processing, scanning processing, facsimile transmission processing, etc.) by the function selected in step S30 is executed (step S70).

  FIG. 4 is a flowchart specifically showing the flow of processing when the user logs in to the MFP 1 according to the present embodiment and sends a scanned image by e-mail.

  Referring to FIG. 4, first, the user logs in to MFP 1 by entering an ID and password in input unit 1k of MFP 1 or an application of a terminal device connected via a network (step S101).

  In the MFP 1, it is determined whether or not the login information input in step S 101 is correct in the ID / password confirmation unit 101. If the login information is correct, login is permitted and the process proceeds to the subsequent processing (YES in step S 103). The selection of the desired function is accepted from Here, the “SCAN TO MAIL” function for sending a scanned image by mail is selected.

  If the ID and password input in step S101 are not correct and user authentication fails (NO in step S103), re-input of the ID and password is requested.

  When login is successful in step S103 (YES in step S103), the job log reading unit 103 reads the job log of the user from the job log storage unit 125, and the operation information extraction unit 105 extracts past operation information necessary for the user. (Step S105). In step S105, necessary operation information corresponding to the function selected by the user is extracted from the read job log of the user. More specifically, the processing in step S105 is shown in the subroutine of FIG. 5, and when the scan function (“SCAN TO MAIL” function) is selected (YES in step S201), the usage time extraction unit In 1051, information related to the transmission time of the past mail is acquired from the job log (step S203), and when the copy function is selected (YES in step S205), the usage time extraction unit 1051 determines from the job log. Information regarding the past operation time of the copy function is acquired (step S207). Thereafter, similarly, according to the selected function, the usage time extraction unit 1051 acquires information on the past operation time of the function from the job log.

  The use permission determination unit 121 of the MFP 1 obtains information (Ta) on the past use time zone of the “SCAN TO MAIL” function extracted in step S105 and the current time (Tc) from an internal timing device (not shown). In step S107, it is determined whether or not the user currently using the MFP 1 is a legitimate user registered with the login information, that is, whether or not the user is unauthorized. Step S109). Specifically, it is determined whether or not unauthorized use is made based on whether or not the current time (Tc) is included in the past use time zone (Ta) of the function.

  When the current time (Tc) is not included in the past use time zone (Ta) of the function (NO in step S109), the use permission determination unit 121 determines that there is a possibility of unauthorized use, and the predetermined time of the hard disk 1d is determined. After reading predetermined mail data stored in the area or the like and sending a mail indicating that there is a possibility of unauthorized use to the mail address registered in the unauthorized use notification destination storage unit 127 (step S111) The hardware control unit 123 permits the next operation.

  When the current time (Tc) is included in the past use time zone (Ta) of the function (YES in step S109), the processing of step S111 is skipped, and the hardware control unit 123 performs the next operation. to approve.

  Next, the user inputs an e-mail address to which the scan data is to be sent, using the input unit 1k of the MFP 1 or the application of the terminal device connected via the network (step S113).

  In the MFP 1, the mail address extracting unit 1053 obtains information related to the mail address transmitted in the past from the job log read in step S105, and the use permission determination unit 121 transmits the mail address input in step S113 in the past. It is determined whether it is an unauthorized use by determining whether or not it is an e-mail address (step S115).

  If the e-mail address input in step S113 is not a previously sent e-mail address (NO in step S115), the use permission determination unit 121 determines that there is a possibility of unauthorized use and stores it in a predetermined area or the like of the hard disk 1d. The predetermined mail data is read and a mail indicating that there is a possibility of unauthorized use is transmitted to the mail address registered in the unauthorized use notification destination storage unit 127 (step S117), and then the hardware control unit 123 permits the next operation.

  When the mail address input in step S113 is a mail address transmitted in the past (YES in step S115), the process of step S117 is skipped, and the hardware control unit 123 permits the next operation.

  Next, the user presses a scan button for instructing start of a scan operation in the input unit 1k of the MFP 1 or an application of a terminal device connected via a network (step S119).

  The MFP 1 scans the original in the image reading unit 1e, and transmits the scan data by attaching it to an e-mail to the destination designated by the communication unit 1g.

  By executing processing including the unauthorized use detection processing in the MFP 1 according to the present embodiment, unauthorized use can be detected by comparing the current user operation with a past job log. For this reason, even when login information such as IDs and passwords used for user authentication is used illegally due to theft, etc., unauthorized use can be managed in real time by monitoring the user's operation details and parameter settings. A person can be notified, and an appropriate response can be promoted.

  In the above specific example, when the unauthorized use is determined by the use permission determination unit 121, the usage time of the “SCAN TO MAIL” function and the mail address that is the transmission destination of the scan data are used as parameters. Other parameters such as the number of copies may be used.

  The use permission determination unit 121 may accept the setting of which parameter is used to determine unauthorized use from the input unit 1k of the MFP 1 or an application of a terminal device connected via a network. Such parameters are preferably set for each of the functions (copy, scan, facsimile, etc.) provided in the MFP 1, and in the application of the input unit 1k of the MFP 1 or a terminal device connected via the network, It is preferable to accept each function in a guidance format (wizard format).

  For example, when the email transmission function is selected, an email address is used as a parameter for determining unauthorized use. If an email address that has never been sent is entered, the possibility of unauthorized use is assumed. It may be determined that there is.

  The parameters used for the determination of unauthorized use for each function received in this way are stored in a predetermined area or the like of the hard disk 1d in association with the function. This parameter is referred to in step S40, and operation information corresponding to the parameter corresponding to the selected function is extracted from the job log read in step S20 by the operation information extraction unit 105. Further, the use permission determination unit 121 detects unauthorized use by using such parameters.

  Further, the setting of the threshold value of the parameter used when the use permission determining unit 121 determines unauthorized use may be received from the input unit 1k of the MFP 1 or the application of the terminal device connected via the network. Good. The parameter threshold indicates a difference from past operation information extracted from the job log that is allowed without being illegally used. More specifically, when the parameter is an e-mail address, a threshold value may be set such that an e-mail address having the same domain as the e-mail address that has been transmitted in the past may be set. When it is from 9:00 to 20:00, 1 hour before and after that time zone may be set as the threshold value.

  Such a threshold value is preferably set for each of the functions in the same manner as the above parameters. In the application of the input unit 1k of the MFP 1 or the terminal device connected via the network, a guidance format (wizard format) is used. It is preferable to accept each function.

  In addition, such parameter setting and parameter threshold setting may be permitted only to a predetermined user (for example, an administrator). It is preferable that the setting screen is controlled to be displayed on the display unit 115 only for authorized users based on the authentication result in the password confirmation unit 101.

[Modification]
As a modified example, a case where unauthorized use detection processing including statistical processing is executed in the MFP 1 will be described.

  FIG. 6 is a flowchart specifically showing the flow of processing according to the modification when the user logs in to the MFP 1 according to the present embodiment and sends a scanned image by e-mail.

  Referring to FIG. 6, first, the user logs in to MFP 1 by inputting an ID and a password in input unit 1k of MFP 1 or an application of a terminal device connected via a network (step S101).

  In the MFP 1, it is determined whether or not the login information input in step S 101 is correct in the ID / password confirmation unit 101. If the login information is correct, login is permitted and the process proceeds to the subsequent processing (YES in step S 103). The selection of the desired function is accepted from If the ID and password input in step S101 are not correct and the user authentication fails (NO in step S103), re-input of the ID and password is requested.

  If the login is successful in step S103 (YES in step S103), the job log reading unit 103 reads the user's job log from the job log storage unit 125, and the usage time extraction unit 1051 operates the function in the past. Information about time is extracted (step S105).

  Here, in the unauthorized use detection process according to the modification, a statistical process is executed (step S106). That is, in step S106, the statistical processing unit 119 uses a maximum value (latest time: Tmax) and a minimum value (earliest time: Tmin) based on information regarding the time when the function has been operated in the past extracted in step S105. And the usable time zone (Ta = [Tmin-1, Tmax + 1]) with a width of 1 hour before and after this time zone is calculated.

  For example, when Tmin = 8: 45 and Tmax = 21: 38 are extracted from the job log, 7:45 to 22:38 is calculated as the usable time zone Ta in step S106.

Thereafter, processing is executed in the same manner as the above processing that does not include statistical processing.
As another statistical process in the statistical processing unit 119, when the selected function is a copy function, the past copy number may be extracted from the job log, and the maximum copy number may be calculated, or the average number of copies may be calculated. May be calculated, and the number of copyable copies having a predetermined width may be calculated.

  In this case, for example, when the maximum number of copies in the past is 10 and an operation for designating 11 copies as the number of copies is received from the user, there is a possibility of unauthorized use in the use permission determination unit 121. To be judged.

  In addition, the statistical processing unit 119 performs sampling for the user's job log during a certain period (for example, one month from the beginning of MFP installation) as a sampling period, and is used as a parameter for determining unauthorized use. May be. Specifically, the statistical processing unit 119 obtains the maximum number of copy copies during the period by sampling the number of copies of the job log for a predetermined period, and if the copy function is selected after the sampling period ends, the value Is used as a parameter used for determination of unauthorized use in the use permission determination unit 121.

  The method of notifying unauthorized use is not limited to notification by e-mail, and may be, for example, a method of notifying a set device by transmitting a facsimile indicating that fact or a predetermined device. Alternatively, a method may be used in which a control signal is output and notified by voice or light emission. Such a notification method and notification destination are also preferably set in the same manner as the parameters used in the determination of unauthorized use. Information regarding the set notification method and notification destination is stored in the unauthorized use notification destination storage unit 127 and the like. When the unauthorized use is notified in step S60, the set notification method and notification destination are the use permission determination unit 121. And is notified to the notification destination by the set notification method.

  In the present embodiment, when the unauthorized use is detected by the use permission determination unit 121, notification is made to the set destination. However, the function is limited instead of or together with the notification. Also good. That is, the determination result in the use permission determination unit 121 may be input to the hardware control unit 123, and the hardware control unit 123 may restrict the use of hardware based on the determination result.

  A method for determining and detecting unauthorized use executed by the MFP 1 can be provided as a program. Such a program is recorded on a computer-readable recording medium such as a flexible disk attached to the computer, a CD-ROM (Compact Disc-Read Only Memory), a ROM, a RAM, and a memory card, and provided as a program product. You can also. Alternatively, the program can be provided by being recorded on a recording medium such as a hard disk built in the computer. A program can also be provided by downloading via a network. Further, it may be incorporated in a program for controlling each function of the image processing apparatus.

  The provided program product is installed in a program storage unit such as a hard disk and executed. The program product includes the program itself and a recording medium on which the program is recorded.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

2 is a diagram illustrating a specific example of a system configuration of the MFP 1. FIG. 3 is a functional block diagram showing a specific example of a function for performing unauthorized use detection processing in MFP 1. FIG. 4 is a flowchart showing a flow of processing including unauthorized use detection processing executed in MFP 1. 6 is a flowchart illustrating a processing flow when a user logs in to the MFP 1 and transmits a scanned image by e-mail. It is a flowchart which shows the process of step S105. 10 is a flowchart showing a flow of processing according to a modification when a user logs in to MFP 1 and sends a scanned image by e-mail.

Explanation of symbols

  1 MFP 1a CPU 1b ROM 1c RAM 1d hard disk 1e image reading unit 1f printing unit 1g communication unit 1h display unit 1j control circuit 1k input unit 101 ID / password confirmation unit 103 Blog reading unit, 105 operation information extraction unit, 109 engine communication unit, 111 external interface communication unit, 113 panel control unit, 115 display unit, 117 input reception unit, 119 statistical processing unit, 121 use permission determination unit, 123 hardware control , 125 Job log storage unit, 127 Unauthorized use notification destination storage unit, 1051 Usage time extraction unit, 1053 Email address extraction unit.

Claims (19)

An input means for inputting a user operation for executing image processing;
Operation information storage means for storing operation information related to operations performed by the user in the past in the image processing;
Comparison means for comparing the operation information related to the user operation with the past operation information of the user stored in the operation information storage means;
An image processing apparatus comprising: a determination unit that determines unauthorized use according to a result of the comparison. Function selection means for accepting selection of a function to be used by the user;
The image processing according to claim 1, further comprising: extraction means for extracting operation information corresponding to the function from operation information at the time of execution of the image processing performed by the user in the past stored in the operation information storage means. apparatus.   The image processing apparatus according to claim 2, further comprising a setting unit configured to set operation information used for the comparison according to a function selected by the function selection unit.   The determination unit obtains a comparison result in the comparison unit that the operation information related to the user operation does not match the previous operation information of the user stored in the operation information storage unit. The image processing apparatus according to claim 1, wherein the image processing apparatus determines that the use is illegal when it is performed.   In the comparing means, the operation information related to the user operation is not within a predetermined threshold value from the previous operation information stored in the operation information storage means when the user performed the image processing. The image processing apparatus according to claim 1, wherein the image processing apparatus determines that the unauthorized use is made when a comparison result is obtained. Statistical processing means for performing statistical processing on the operation information at the time of execution of the past image processing of the user stored in the operation information storage means,
2. The comparison unit according to claim 1, wherein the comparison unit compares the operation information related to the user operation with the operation information at the time of execution of the image processing of the user stored in the statistically processed operation information storage unit. The image processing apparatus described.   The image processing apparatus according to claim 1, further comprising a notification unit configured to notify a predetermined destination when the determination unit determines that the unauthorized use. A user authentication means for performing user authentication based on the input user information;
The image processing apparatus according to claim 7, wherein the predetermined destination is a destination corresponding to the user authenticated by the user. A user authentication means for performing user authentication based on the input user information;
The image processing apparatus according to claim 1, wherein the comparison unit performs the user authentication and performs the comparison regarding the user operation after login. An input step for inputting a user operation for executing image processing;
A comparison step of comparing the operation information related to the user operation and the stored operation information of the user in the past when the image processing is executed;
An unauthorized use determination program for executing a determination step of determining unauthorized use according to the result of the comparison. A function selection step for accepting selection of a function to be used from the user;
The unauthorized use determination program according to claim 10, further executing an extraction step of extracting operation information corresponding to the function from the stored operation information of the user when the image processing was performed in the past.   The unauthorized use determination program according to claim 11, further causing a setting step of setting operation information used for the comparison according to a function selected in the function selection step.   In the determination step, when a comparison result is obtained in the comparison step that the operation information related to the user operation does not match the stored operation information of the user in the past when the image processing is executed. The unauthorized use determination program according to claim 10, wherein the unauthorized use is determined to be unauthorized use.   In the determination step, in the comparison step, the comparison result that the operation information related to the user operation is not within a predetermined threshold value from the stored operation information of the user in the past when the image processing is executed. The unauthorized use determination program according to claim 10, wherein the unauthorized use is determined when the above is obtained. Further executing a statistical processing step for performing statistical processing on the stored operation information of the user in the past when the image processing is executed,
The unauthorized use according to claim 10, wherein in the comparison step, the operation information related to the user operation is compared with the stored operation information of the user that has been subjected to the statistical processing in the past when the image processing is executed. Judgment program.   The unauthorized use determination program according to claim 10, further executing a notification step of notifying a predetermined destination when it is determined that the unauthorized use is made in the determination step. Further executing a user authentication step for performing user authentication based on the input user information,
The unauthorized use determination program according to claim 16, wherein the predetermined destination is a destination corresponding to the user authenticated by the user in the user authentication step. Further executing a user authentication step for performing user authentication based on the input user information,
The unauthorized use determination program according to claim 10, wherein in the comparison step, the user authentication is performed in the user authentication step and the comparison is performed with respect to the user operation after login.   A computer-readable recording medium for recording the unauthorized use determination program according to claim 10.

Images