JP2014126956A - Authentication system and image forming apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication system and the like capable of changing the degree of authentication according to the presence of a print job, as well as a situation of a user.SOLUTION: An determination means determines whether or not a print job not output yet of a user who logs in to an image forming apparatus 2 is stored in storage means 103, and determines whether or not conditions related to the print job correspond to authentication relaxation conditions stored in the authentication relaxation condition storage means 103. When the determination means determines that the print job not output yet of the user who logs in to the image forming apparatus 2 is stored in the storage means, and determines that the conditions related to the print job correspond to the authentication relaxation conditions, authentication means 107 reduces the degree of authentication before performing authentication of the user.

Description

  The present invention relates to an authentication system and an image forming apparatus for authenticating a user who logs in to an image forming apparatus such as an MFP (Multi Function Peripherals) which is a multifunction digital multi-function peripheral.

  In recent years, an increase in security has led to an increase in image forming apparatuses that require user authentication for use. As such a user authentication method, biometric authentication may be used because of the ease of the authentication operation.

  However, the user's biometric information used for biometric authentication is different from the IC card, etc., for example, due to the influence of the contraction and expansion of blood vessels due to changes in temperature, the placement of fingers on the authentication device, injury, growth, etc. An error occurs every time.

  For this reason, if the threshold value at the time of authentication determination (how much matching is considered as successful authentication) may not be able to be authenticated even by the principal, conversely, if the threshold value is relaxed, misidentification of another person may occur.

  In order to cope with such weak points of biometric authentication, for example, a technique for changing the threshold at the time of authentication determination according to the use of the system has been proposed, such as tightening when misauthentication by others is not allowed, such as bank ATM. (Patent Document 1).

  Further, a technique has been proposed in which a user who has transmitted a print job is preferentially set as an authentication candidate when there is a print job (Patent Document 2).

JP 2003-248661 A JP 2008-5069 A

  By the way, in the image forming apparatus, immediately after the user sends a print job from the terminal device, there is a high possibility that the user performs an authentication operation for printing. In this case, the security strength is lowered and the operability is given priority. There is a request to want. Especially when a user takes a portable terminal device such as a tablet terminal close to the MFP and sends a print job, other users can perform authentication processing before the user operates the MFP. Therefore, there is no problem even if priority is given to operability by lowering the security strength.

  However, the technique described in Patent Document 1 that changes the threshold value at the time of authentication determination according to the application of the system cannot change the threshold value at the time of authentication determination according to the user's situation.

  The technique described in Patent Document 2 is used as an authentication candidate only based on the existence of a print job, and does not change the threshold at the time of authentication determination according to the situation of the user who transmitted the print job. There wasn't.

  The present invention has been made in view of such a technical background, and includes an authentication system and an image forming apparatus that can change an authentication strength depending on a user's situation as well as a print job. The issue is to provide.

The above problem is solved by the following means.
(1) An image forming apparatus, a job storage unit that is provided inside or outside the image forming apparatus and that stores an unoutput print job, and is provided inside or outside the image forming apparatus. An authentication means for authenticating a user who logs in, and an authentication relaxation that is provided inside or outside the image forming apparatus and stores an authentication relaxation condition for relaxing the authentication strength at the time of authenticating the user who logs in to the image forming apparatus A condition storage unit and a determination unit configured to determine whether an unoutput print job provided in or outside the image forming apparatus is stored in the storage unit, and a condition relating to the print job is stored in the authentication relaxation condition storage unit Determination means for determining whether or not the stored authentication alleviation condition is satisfied, and the output is not output by the determination means If it is determined that the print job is stored in the storage unit, and the condition relating to the print job is determined to correspond to the authentication relaxation condition, the authentication unit lowers the authentication strength and authenticates the user. An authentication system characterized by that.
(2) The authentication relaxation condition is that a time from when a print job is transmitted from the terminal device to when authentication processing by the authentication unit is performed is equal to or less than a predetermined value, the terminal device to which the job is transmitted, and the image forming apparatus The distance to the user is less than or equal to a predetermined value, the attribute of the user who transmitted the print job is a predetermined attribute, and the attribute of the print job is a predetermined attribute. Authentication system.
(3) The user authentication performed by the authentication unit is biometric authentication performed using the biometric information of the user, and the authentication unit lowers the authentication strength by lowering the threshold value of the degree of coincidence of biometric information. 3. The authentication system according to item 1 or 2 above.
(4) The authentication means counts the number of feature points extracted from the biometric image based on the biometric information of the logged-in user that matches the feature points extracted from the biometric image based on the biometric information of the authorized user. 4. The authentication system according to item 3, wherein the counted number with respect to the total number of feature points in the user's biometric image is defined as the degree of coincidence of the biometric information.
(5) The authentication unit calculates a difference area between a specific density region extracted from a biometric image based on biometric information of a regular user and a specific density region extracted from a biometric image based on biometric information of a logged-in user. 4. The authentication system according to item 3, wherein the degree of coincidence of the biometric information is obtained based on the ratio of the area of the difference area to the area of the entire image area of the biometric image of the authorized user.
(6) When there are a plurality of users who have unprinted print jobs, the authentication unit compares each user's normal biometric image among the users, and features common to the users are not used for authentication. The authentication system in any one of -5.
(7) The authentication unit divides the normal biometric image of each user into a plurality of areas, compares the biometric images between the users, and if the biometric image similarity in a specific area is high, 7. The authentication system according to item 6, which is a feature common to all users.
(8) An authentication relaxation condition for storing a job storage means for storing a print job that has not been output, an authentication means for authenticating a logged-in user, and an authentication relaxation condition for relaxing the authentication strength at the time of authentication of the logged-in user Determining whether or not a storage job and an unoutput print job are stored in the storage unit, and whether or not a condition relating to the print job corresponds to the authentication relaxation condition stored in the authentication relaxation condition storage unit Determining means for determining, when it is determined by the determining means that an unoutput print job is stored in the storing means, and the condition relating to the print job is determined to correspond to the authentication relaxation condition The image forming apparatus according to claim 1, wherein the authentication unit authenticates the user by lowering an authentication strength.

  According to the invention described in the preceding item (1), it is determined whether an unoutput print job is stored, and further, it is determined whether a condition relating to the print job corresponds to an authentication relaxation condition. If it is determined that a print job that has not yet been output is stored and the authentication relaxation condition is satisfied, user authentication is performed with the authentication strength lowered. Therefore, when the authentication relaxation conditions are met, user authentication can be improved because it is possible to lower the authentication strength and reduce the possibility of authentication failure due to reading errors and improve operability rather than securing the security strength through authentication. Can be handled easily.

  According to the invention described in (2) above, the time from when the print job is transmitted from the terminal device until the authentication process by the authentication unit is performed is equal to or less than a predetermined value, the terminal device to which the job is transmitted, If the distance from the image forming apparatus is equal to or less than a predetermined value, the attribute of the user who sent the print job is a predetermined attribute, and the attribute of the print job is a predetermined attribute The authentication strength is lowered and authentication is performed.

  According to the invention described in (3) above, when the user authentication is biometric authentication performed using the biometric information of the user, the authentication strength can be lowered by lowering the threshold value of the coincidence degree of the biometric information.

  According to the invention described in (4) above, the total number of feature points extracted from the logged-in user's biometric image with respect to the total number of feature points in the normal user's biometric image is the biometric information. The degree of agreement.

  According to the invention described in (5) above, the degree of coincidence of biometric information is obtained based on the ratio of the area of the difference area to the area of the entire image area of the biometric image of the authorized user.

  According to the invention described in (6) above, when there are a plurality of users having unprinted print jobs, the authentication unit compares each user's normal biometric image among the users, and is common to each user. Since the feature to be used is not used for authentication, the authentication process is simplified.

  According to the invention described in the above item (7), when the biometric image of each regular user is divided into a plurality of regions, the biometric images are compared among the users, and the biometric image similarity in a specific region is high, The area is a feature common to a plurality of users.

  According to the invention described in the preceding paragraph (8), when the authentication relaxation conditions are met, the authentication strength is lowered to reduce the possibility of authentication failure due to a reading error and to improve the operability rather than ensuring the security strength by authentication. And an image forming apparatus capable of performing flexible handling for user authentication.

It is a block diagram of the authentication system which concerns on one Embodiment of this invention. It is a block diagram which shows the structure of a server. 1 is a block diagram illustrating a configuration of an image forming apparatus. It is a block diagram which shows the structure of a terminal device. It is a flowchart which shows the user authentication operation | movement by a server. It is explanatory drawing about the coincidence degree of the biometric information in the case of fingerprint authentication. It is explanatory drawing about face authentication. It is explanatory drawing about the coincidence degree of the biometric information in the case of face authentication. It is explanatory drawing about vein authentication. It is explanatory drawing about the coincidence degree of the biometric information in the case of vein authentication. 10 is a flowchart showing a user authentication operation by a server according to another embodiment of the present invention. FIG. 10 is an explanatory diagram of a method in which when a plurality of users who have transmitted unprinted print jobs are a plurality, a portion excluding a similar portion between biometric information registered by the plurality of users is used as an area for authentication.

  Embodiments of the present invention will be described below with reference to the drawings.

  FIG. 1 is a configuration diagram of an authentication system according to an embodiment of the present invention.

  This authentication system includes a server 1, an MFP 2 that is a multifunction digital multifunction peripheral, and a terminal device 3, which are connected to each other via a network 4.

  FIG. 2 is a block diagram showing the configuration of the server 1. As shown in FIG. 2, the server 1 is a personal computer. As shown in FIG. 2, the CPU 101, RAM 102, storage unit 103, display unit 104, input unit 105, network interface (network I / F) unit 106, authentication unit 107, job additional information acquisition Unit 108, elapsed time determination unit 109, authentication target area setting unit 110, authentication target restriction unit 111, and authentication threshold value changing unit 112.

  The CPU 101 performs overall control of the entire server 101 by executing a program stored in the storage unit 103 or the like.

  The ROM 102 is a memory that provides a work area when the CPU 101 operates according to the operation program.

  The storage unit 103 includes a storage medium such as a hard disk, and print job transmitted from the terminal device 3, biometric image data as biometric information of each user used at the time of authentication, user ID, user information such as a user's job title, and the like. In addition, the location information of the MFP 2 and other various application programs and data are stored. In this embodiment, authentication relaxation conditions described later are also stored.

  The display unit 104 includes a CRT, a liquid crystal display device, and the like, and displays various messages and an input reception screen, a selection screen, and the like for the user.

  The input unit 106 is used for an input operation by a user, and includes a keyboard, a mouse, a touch panel, or the like.

  The network interface unit 106 functions as a communication unit that transmits and receives data to and from the MFP 2 and the terminal device 3 via the network 4.

  The authentication unit 107 authenticates a user who logs in to the MFP 2. In this embodiment, biometric authentication such as fingerprint authentication for determining the identity of a fingerprint, vein authentication for determining the identity of a finger or hand vein, and face authentication for determining the identity from a characteristic of feeling is performed. Yes. Specifically, image data obtained by reading biometric information such as the fingerprint of a specific user's specific finger, finger, hand vein, face, etc. is registered and stored in advance in the storage unit 103 as a biometric image. Then, it is determined whether or not it matches with the biometric image of the logged-in user transmitted from the MFP 2, and based on the result, it is determined whether or not the login is permitted.

  The job additional information acquisition unit 108 acquires user information added to a print job transmitted from the terminal device 3 to the server 1 by the user, position information of the terminal device 3, and the like.

  The elapsed time determination unit 109 measures the time after the print job is received until the authentication unit 107 performs authentication processing, and determines whether the time is equal to or less than a predetermined value.

  When there are a plurality of users of print jobs that have not been output, the authentication target area setting unit 110 compares the biometric images of these users registered and stored in the storage unit 103, and removes a portion excluding similar parts between the biometric images. Then, an operation for setting the area used for authentication is performed.

  The authentication target restriction unit 111 performs an operation of limiting the authentication target to a print job transmission user when a user who wants to log in to the MFP 2 selects “print” with the menu button.

  The authentication threshold value changing unit 112 changes the authentication strength threshold value when it is determined that the condition regarding the unoutput print job corresponds to the authentication relaxation condition. Here, in this embodiment, as the authentication relaxation condition, the time from when the print job is transmitted from the terminal device 3 to when the authentication process by the authentication unit 107 is performed is equal to or less than a predetermined value, and the print job is transmitted. It is set that the distance between the terminal device 3 and the MFP 2 is equal to or less than a predetermined value, but the attribute of the user who transmitted the print job is a predetermined attribute, for example, a predetermined position such as a managerial position, May be set as a predetermined attribute, for example, a print job in the security mode. Further, at least one authentication relaxation condition may be set, but two or more conditions may be set as conditions. Further, the threshold of the authentication strength may be gradually reduced according to the time from the print job transmission until the authentication processing is performed and the distance between the terminal device 3 to which the job is transmitted and the MFP 2. These authentication relaxation conditions are set in advance and stored in the storage unit 103.

  On the other hand, as shown in FIG. 3, the MFP 2 includes a CPU 201, ROM 202, RAM 203, storage unit 204, scanner unit 205, printer unit 206, operation panel 207, network controller 208, biometric information reading unit 209. Etc.

  The CPU 201 controls the entire MFP 2 and controls basic functions such as a copy function, a printer function, a scan function, and a facsimile function. In addition, a biometric image representing biometric information such as a fingerprint of a user who wants to log in to the MFP 2 read by the biometric information reading unit 209, a hand or finger vein, and a face is transmitted to the server 1 via the network controller 208.

  The ROM 202 is a memory that stores an operation program of the CPU 21 and the like.

  The RAM 203 is a memory that provides a work area when the CPU 21 operates based on an operation program.

  The storage unit 204 is configured by a non-volatile storage device such as a hard disk drive (HDD), for example, and stores image data of a document read by the scanner unit 24.

  A scanner unit 205 is a reading unit that reads an image of a document placed on a document table (not shown) and outputs image data.

  The printer unit 206 prints the print job transmitted from the terminal device 3, the image data of the original read by the scanner unit 205, and the like according to the instructed mode.

  The operation panel 207 is used for various input operations and the like, and includes a display unit 207a composed of a touch panel type liquid crystal for displaying a message, an operation screen, and the like, and a key provided with a numeric keypad, a start key, a stop key, and the like. An input unit 207b is provided.

  The network controller 208 transmits and receives data by controlling communication with the server 1 and the terminal device 3 on the network.

  The biometric information reading unit 209 reads biometric information such as a user's fingerprint, palm vein, and face and converts it into biometric image data.

  FIG. 4 is a block diagram showing the configuration of the terminal device 3. In this embodiment, the terminal device 3 may be composed of a personal computer, or may be a mobile terminal device such as a smartphone, a tablet terminal, or electronic paper.

  The terminal device 3 includes a job creation unit 301, a job transmission unit 302, a position information acquisition unit 303, and a job transmission time acquisition unit 304.

  The job creation unit 301 creates a print job to be printed by the MFP 2 using a predetermined application.

  The job transmission unit 302 transmits the job created by the job creation unit 301 to the server 1.

  The position information acquisition unit 303 acquires the position information of the terminal device 3 by the GPS function, and the job transmission time acquisition unit 304 acquires the time at the time of print job transmission. The position information acquired by the position information acquisition unit 303 and the time information acquired by the job transmission time acquisition unit 304 are added to the print job together with user information such as a user ID and attribute information of a print job such as security printing. Then, it is transmitted to the server 1 by the job transmission unit 302.

  A user who has transmitted a print job from the terminal device 3 to the MFP 2 goes to the MFP 2 to perform an operation in order to perform printing.

  FIG. 5 is a flowchart showing a user authentication operation by the server.

  The user creates a print job at the terminal device 3, adds the user ID, position information, time information, print job attribute information, and the like, and transmits the print job to the server 1.

  When the user goes to the MFP 2 to perform printing and causes the biometric information reading unit 209 of the MFP 2 to read the biometric information, the read biometric information is transmitted to the server 1.

  In step S01, the server 1 checks whether an unoutput print job is stored in the storage unit 103. If it is not stored (NO in step S01), the process proceeds to step S04, and the server 1 performs normal authentication for identifying the users whose biometric information matches among the biometric information of all users.

  If an unoutput print job is stored in step S01 (YES in step S01), in step S02, the user selects the “print” button or other buttons on the operation panel 207 of the MFP 2. .

  In step S03, it is determined based on information from the MFP 2 whether or not the user has selected “print”. If anything other than “print” is selected (NO in step S03), the process proceeds to step S04 and normal authentication is performed. Execute.

  When “print” is selected by the user (YES in step S03), in step S05, the server 1 limits the authentication target to the print job transmission user. Note that selecting “print” means that the printing process starts immediately after successful authentication.

  Next, in step S06, the position information of the terminal device 3 added to the print job and the print job transmission time information are acquired. In step S07, the elapsed time from the print job transmission time to the current time is a predetermined value. Determine whether: When there are a plurality of unoutput print jobs, it is desirable to determine whether or not the elapsed time from the transmission time to the current time is less than or equal to a predetermined value for all print jobs.

  If it is equal to or less than the predetermined value (YES in step S07), in step S08, the distance to the MFP 2 is obtained based on the position information, and the threshold value of the degree of coincidence of the biological information (biological image) is reduced to a threshold value corresponding to the distance. Let

  In step S09, authentication is performed using the changed threshold value.

  On the other hand, if the elapsed time from the print job transmission time to the current time is not less than or equal to the predetermined value in step S07 (NO in step S07), authentication is performed in step S10 without changing the threshold used for authentication.

  If the authentication result performed by the server 1 is successful, the server 1 transmits a print job of the user corresponding to the authentication success notification to the MFP. Based on this, the MFP 1 permits the user to log in, and the user can print the print job.

  If the authentication fails, the server 1 notifies the MFP 1 to that effect, and the MFP 1 displays on the display unit 207a of the operation panel 207 that login cannot be performed due to the authentication failure.

  As described above, in this embodiment, when an unoutput print job is stored and it is determined that the condition regarding the print job corresponds to the authentication relaxation condition, the user authentication is performed with the authentication strength lowered. When the authentication relaxation conditions are met, it is possible to improve the operability by lowering the authentication strength and reducing the possibility of authentication failure due to reading error rather than ensuring the security strength by authentication, and handling the user authentication flexibly. It can be performed.

  Next, the degree of coincidence of biometric information in authentication determination will be described.

  For example, when the biometric authentication is fingerprint authentication, the feature points included in the fingerprint and the type of the feature are usually stored as biometric information, and the number of coincidence of the feature points is defined as the coincidence degree of biometric information. judge. Examples of the feature points include a line end point 301 on a fingerprint as shown by a black circle in FIG. 6 and a branch point 302 as shown by a white circle.

  For example, 100 feature points from the fingerprint are stored as authentication information, and if 90% (90) of them match, the matching degree becomes 90%. If the authentication is successful when the degree of matching is 90% or more, the threshold value of the degree of matching is changed to a value less than 90% if there is an unoutput print job and the authentication relaxation condition is met.

  In addition, in order to determine whether or not they coincide with each other, processing such as enlargement, reduction, parallel movement, and rotation may be added to the biological image representing the biological information.

  Similarly, when biometric authentication is face authentication, feature points are extracted from the face template shown in FIG. 7A (face image of a regular user) and the face image of the user to be authenticated shown in FIG. Then, whether or not authentication is possible is determined using the number of matching feature points as the degree of coincidence.

  For example, the feature point indicated by the black circle of the stored user A shown in FIG. 8A is compared with the feature point indicated by the black circle of the user to be authenticated shown in FIG. 8B, and in FIG. Since the feature points surrounded by the broken-line circles coincide with the feature points of the user A, the degree of coincidence with the user A is determined to be 80%. If it is determined that the authentication is successful when the degree of matching is 80% or more, the threshold value of the degree of matching is changed to a value less than 80% if there is an unoutput print job and the authentication relaxation condition is met.

  When biometric authentication is vein authentication, a near-infrared image is obtained by irradiating the hand (or finger) shown in FIG. 9A with a near-infrared image, and a vein image is created as shown in FIG. To do.

  Then, the stored vein image (binary image) of user A shown in FIG. 10A is compared with the vein image (binary image) of the user to be authenticated shown in FIG. As shown in (C), the difference 303 between the two images is extracted. The smaller the difference, the more likely the two images are the same. Therefore, the ratio of the area of the difference area to the total image area of the arterial image of the regular user is defined as the “difference rate” of the two images ( 1- “difference rate”) is the degree of coincidence. For example, when the degree of coincidence is 0.9 or more (the “difference rate” is less than 0.1), the authentication is successful. If there is a print job that has not been output and the authentication relaxation condition is met, the threshold value of coincidence is changed to a value less than 0.9.

  FIG. 11 shows another embodiment of the present invention and is a flowchart showing a user authentication operation by a server.

  In this embodiment, when there are a plurality of users having print jobs that have not been output, the authentication unit 107 compares the normal biometric images of each user of the print job between the users, and a feature common to each user is authentication. The configuration is not used for the above.

  The user creates a print job with the terminal device 3, adds user information, position information, time information, print job attribute information, and the like, and transmits the print job to the server 1.

  When the user goes to the MFP 2 to perform printing and causes the biometric information reading unit 209 of the MFP 2 to read the biometric information, the read biometric information is transmitted to the server 1.

  In step S <b> 21, the server 1 checks whether an unoutput print job is stored in the storage unit 103. If it is not stored (NO in step S21), the process proceeds to step S24, and the server 1 performs normal authentication that identifies the users whose biometric information matches among the biometric information of all users.

  If an unoutput print job is stored in step S21 (YES in step S21), in step S22, the user selects the “print” button or other buttons on the operation panel 207 of the MFP 2. .

  In step S23, it is determined based on information from the MFP 2 whether or not the user has selected “print”. If anything other than “print” is selected (NO in step S23), the process proceeds to step S24 and normal authentication is performed. Execute.

  If “print” is selected by the user (YES in step S23), in step S25, the server 1 limits the authentication target to the print job transmission user.

  Next, after acquiring the position information of the terminal device 3 and the transmission time information of the print job added to the print job in step S26, the elapsed time from the print job transmission time to the current time is a predetermined value in step S27. Determine whether:

  If it is equal to or less than the predetermined value (YES in step S27), in step S28, the distance to the MFP 2 is obtained based on the position information, and the threshold value of the degree of coincidence of the biological information (biological image) is reduced to a threshold value corresponding to the distance. Let

  Next, in step S29, it is determined whether there are a plurality of users who have transmitted unprinted print jobs. If there are a plurality (YES in step S29), in step S30, the biometric information registered by the plurality of users is compared, and a portion excluding a similar portion between the biometric information is set as an area used for authentication. Proceed to step S31. If it is determined in step S29 that there are not a plurality of users who have transmitted unprinted print jobs (NO in step S29), the process directly proceeds to step S31.

  In step S31, an authentication process is executed based on the set authentication target area.

  On the other hand, if the elapsed time from the print job transmission time to the current time is not less than or equal to the predetermined value in step S27 (NO in step S27), authentication is performed in step S32 without changing the threshold used for authentication.

  If the authentication result performed by the server 1 is successful, the server 1 transmits a print job of the user corresponding to the authentication success notification to the MFP. Based on this, the MFP 1 permits the user to log in, and the user can print the print job.

  If the authentication fails, the server 1 notifies the MFP 1 to that effect, and the MFP 1 displays on the display unit 207a of the operation panel 207 that login cannot be performed due to the authentication failure.

  FIG. 12 shows an area where, when there are a plurality of users who have sent unprinted print jobs, biometric information registered by the plurality of users is compared, and a portion excluding a similar portion between the biometric information is used for authentication. It is explanatory drawing of the method to do.

  For example, when user A and user B are users who have transmitted unprinted print jobs, the biometric information of user A shown in FIG. 12A and the biometric information of user B shown in FIG. Each region is divided into a plurality of regions, and feature points are compared for each region. If there are areas having similar feature points, the remaining areas excluding those areas are set as authentication targets. In the example of FIG. 12, three regions surrounded by a thick line are excluded, and the remaining feature points are set as determination targets. For example, if 70% or more match, the user is determined.

  When user A and user B are sending print jobs, the distinction between these users A and B needs to be clarified. Therefore, the reliability of authentication can be improved by excluding areas with similar features. The authentication process is simplified while maintaining the above.

  Similarly, when there are 3 or more users who are sending print jobs, if there are similar feature point areas between the two users, that area will be excluded and the remaining feature points will be judged For example, if 70% or more matches, the user is determined.

  Although one embodiment of the present invention has been described above, the present invention is not limited to the above embodiment.

  For example, the server 1 performs authentication processing including reception and storage of a print job, storage of authentication relaxation conditions, determination of whether a user-related condition corresponds to the authentication relaxation conditions, and change of the threshold value of authentication strength. However, some or all of these may be performed by the MFP 1.

  Moreover, although the case where authentication was biometric authentication was demonstrated, you may apply to the authentication by the input of user information, such as user ID.

DESCRIPTION OF SYMBOLS 1 Server 2 Image forming apparatus 3 Terminal device 101 CPU
DESCRIPTION OF SYMBOLS 103 Memory | storage part 107 Authentication part 108 Job additional information acquisition part 109 Elapsed time determination part 110 Authentication object area | region setting part 111 Authentication symmetry restriction part 112 Authentication threshold value change part 201 CPU
204 Storage unit

Claims (8)

An image forming apparatus;
A job storage unit that is provided inside or outside the image forming apparatus and stores an unoutput print job;
An authentication unit provided inside or outside the image forming apparatus, for authenticating a user who logs in to the image forming apparatus;
An authentication relaxation condition storage unit that is provided inside or outside the image forming apparatus and stores authentication relaxation conditions for relaxing the authentication strength at the time of authentication of a user who logs in to the image forming apparatus;
The authentication is provided inside or outside the image forming apparatus and determines whether or not an unoutput print job is stored in the storage unit, and the condition relating to the print job is stored in the authentication relaxation condition storage unit A means of determining whether the mitigation conditions are met,
With
If it is determined by the determination means that an unoutput print job is stored in the storage means, and the condition regarding the print job is determined to correspond to the authentication relaxation condition, the authentication means sets the authentication strength. An authentication system, wherein the authentication is performed by lowering the user.   The authentication relaxation condition is that a time from when a print job is transmitted from a terminal device to when authentication processing by an authentication unit is performed is equal to or less than a predetermined value, and a distance between the terminal device to which the job is transmitted and the image forming apparatus 2. The authentication system according to claim 1, wherein the authentication system is at least one of a predetermined value, an attribute of a user who has transmitted the print job is a predetermined attribute, and an attribute of the print job is a predetermined attribute. .   The user authentication performed by the authentication unit is biometric authentication performed using the biometric information of the user, and the authentication unit lowers the authentication strength by lowering a threshold value of the degree of coincidence of biometric information. Item 3. The authentication system according to Item 1 or 2.   The authentication means counts the number of feature points extracted from the biometric image based on the biometric information of the logged-in user that matches the feature points extracted from the biometric image based on the biometric information of the authorized user, and The authentication system according to claim 3, wherein the counted number with respect to the total number of feature points in the image is used as the degree of coincidence of the biological information.   The authentication unit obtains a difference area between a specific density area extracted from a biometric image based on biometric information of a regular user and a specific density area extracted from a biometric image based on biometric information of a logged-in user. The authentication system according to claim 3, wherein the degree of coincidence of the biological information is obtained based on a ratio of the area of the difference region to the area of the entire image region of the user's biological image.   6. When there are a plurality of users who have unprinted print jobs, the authentication unit compares each user's normal biometric image between the users, and features common to each user are not used for authentication. The authentication system in any one of.   The authentication means divides each user's normal biometric image into a plurality of areas, compares the biometric images between the users, and if the similarity of the biometric images in a specific area is high, the area is divided into a plurality of users. The authentication system according to claim 6, which is a common feature. Job storage means for storing unprinted print jobs;
An authentication means for authenticating the logged-in user;
An authentication relaxation condition storage means for storing an authentication relaxation condition for relaxing an authentication strength at the time of authentication of a logged-in user;
Judgment means for judging whether or not an unprinted print job is saved in the saving means, and for judging whether a condition relating to the print job corresponds to the authentication relaxation condition stored in the authentication relaxation condition storage means When,
With
If it is determined by the determination means that an unoutput print job is stored in the storage means, and the condition regarding the print job is determined to correspond to the authentication relaxation condition, the authentication means sets the authentication strength. An image forming apparatus, wherein the authentication is performed by lowering the user.

Images