JP2017107172A - Image forming apparatus, image forming system, authentication method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an image forming apparatus, an image forming system, an authentication method, and a program that can reduce false recognition of the completion of use of the apparatus.SOLUTION: There is provided an image forming apparatus comprising: a first authentication part that performs first authentication; a second authentication part that performs second authentication; and an apparatus authentication part that permits use of the image forming apparatus to a user who has been authenticated at least in one of the first authentication and second authentication, and when the authentication of the user is cancelled in both the first authentication and second authentication, cancels the permission to the user for the use of the image forming apparatus.SELECTED DRAWING: Figure 5

Description

  The present invention relates to an image forming apparatus, an image forming system, an authentication method, and a program.

  In recent years, as authentication methods for authenticating users, authentication techniques such as face authentication that do not require password input and the like and can prevent spoofing due to loss or theft of an IC card have become widespread. Among them, a security technique for photographing a user's face with a camera, identifying the individual by authenticating the face, and performing login authentication of the image forming apparatus is becoming widespread.

  Patent Document 1 proposes a technique for detecting a person's movement based on a photographed image photographed by a photographing unit and shifting from a normal mode to a sleep mode when the presence of a person is not detected within a detection range. .

  In face authentication using a camera, it is desirable to log out immediately after the end of use in order to prevent being used by impersonating another user after the end of use of the authenticated user. On the other hand, in the method of changing the operation mode or logging out only when a face (person) is not detected as in the technique described in Patent Document 1, there is a high possibility of erroneous recognition of the end of use.

  The present invention has been made in view of the above, and an object of the present invention is to provide an image forming apparatus, an image forming system, an authentication method, and a program that can more appropriately determine the end of use.

  In order to solve the above-described problem and achieve the object, the present invention provides an image forming apparatus, a first authentication unit that performs first authentication, and a second authentication unit that performs second authentication. The user who is authenticated by both the first authentication and the second authentication is allowed to use the image forming apparatus, and the user is allowed to use at least one of the first authentication and the second authentication. And an apparatus authentication unit that cancels permission of the user to use the image forming apparatus when the user authentication is canceled.

  According to the present invention, misrecognition of end of use can be reduced.

FIG. 1 is a diagram illustrating an example of a configuration of an image forming system according to the embodiment. FIG. 2 is a diagram illustrating an example of an imaging range of the camera and a detection range of each sensor according to the embodiment. FIG. 3 is a diagram illustrating an example of a hardware configuration of the image forming apparatus according to the embodiment. FIG. 4 is a diagram illustrating an example of a software configuration of the image forming apparatus according to the embodiment. FIG. 5 is a diagram illustrating an example of a functional configuration of the image forming apparatus according to the embodiment. FIG. 6 is a diagram illustrating an example of user information according to the embodiment. FIG. 7 is a diagram illustrating another example of user information according to the embodiment. FIG. 8 is a diagram illustrating another example of user information according to the embodiment. FIG. 9 is a flowchart illustrating an example of wireless authentication processing of the image forming apparatus according to the embodiment. FIG. 10 is a flowchart illustrating an example of image authentication processing of the image forming apparatus according to the embodiment. FIG. 11 is a diagram for explaining an example of image authentication according to the embodiment. FIG. 12 is a diagram for explaining an example of image authentication according to the embodiment. FIG. 13 is a flowchart illustrating an example of authentication processing of the image forming apparatus according to the embodiment. FIG. 14 is a flowchart illustrating an example of logout processing of the image forming apparatus according to the present embodiment. FIG. 15 is a diagram illustrating an example of authentication states of wireless authentication and image authentication. FIG. 16 is a diagram illustrating an example of authentication states of wireless authentication and image authentication. FIG. 17 is a diagram illustrating an example of authentication states of wireless authentication and image authentication. FIG. 18 is a diagram illustrating an example of authentication states of wireless authentication and image authentication. FIG. 19 is a diagram illustrating an example of authentication states of wireless authentication and image authentication. FIG. 20 is a flowchart illustrating an example of a modification of the authentication process.

  Exemplary embodiments of an image forming apparatus, an image forming system, an authentication method, and a program according to the present invention will be described below in detail with reference to the accompanying drawings.

  The image forming apparatus according to the present embodiment performs authentication (combined authentication processing) in which authentication (first authentication) such as authentication using short-range wireless and face authentication (second authentication) are combined. When the authentication result of face authentication matches the authentication result of short-range wireless, login to the image forming apparatus is permitted. Further, it is determined that the use by the user permitted to log in has been completed on the condition that authentication is not performed by face authentication and wireless authentication is not performed. Thereby, it becomes possible to reduce misrecognition of the end of use.

(System configuration)
FIG. 1 is a diagram illustrating an example of a configuration of an image forming system according to an embodiment. The configuration of the image forming system 100 according to the present embodiment will be described with reference to FIG.

  As shown in FIG. 1, the image forming system 100 includes an image forming apparatus 101 and an RFID (Radio Frequency Identification) tag 104 possessed by a user 105.

  The image forming apparatus 101 is an image forming apparatus such as an MFP (Multi Function Peripheral), a copying machine, a printer, a facsimile apparatus, or a scanner apparatus. Here, the MFP is a multifunction device having at least two functions among a copy function, a printer function, a scanner function, and a facsimile function. The image forming apparatus 101 includes a camera 102, an RFID tag reader 103, and a moving body sensor 106. The RFID tag reader 103 receives predetermined information such as a wireless tag ID from an RFID tag 104 (an example of a wireless tag) within a predetermined range. The camera 102 captures an image. The moving body sensor 106 detects a moving body (such as a user) within a predetermined range. Here, the RFID is a technique for performing short-range wireless communication using electromagnetic waves or radio waves between the RFID tag 104 storing predetermined information such as a wireless tag ID and the RFID tag reader 103. It is an example of radio | wireless communication.

  For example, when the RFID tag 104 is a passive tag, the RFID tag reader 103 radiates a predetermined radio wave to a detection range of the RFID tag reader 103 described later. When the RFID tag 104 receives a radio wave radiated from the RFID tag reader 103, the RFID tag 104 operates using the received radio wave as power, and transmits predetermined information such as a radio tag ID stored in advance to the RFID tag reader 103.

  A passive tag is an RFID tag that operates using radio waves from an RFID tag reader as an energy source, and does not require a battery. The antenna of the passive tag reflects a part of the radio wave from the RFID tag reader and returns information such as the radio tag ID on the reflected wave. Since the intensity of this reflection is very small, a passive tag has a shorter communication distance than an active tag that transmits radio waves with its own power, but is inexpensive and operates almost permanently.

  For example, the camera 102 is an imaging device installed so that a captured image includes a user 105 who uses the image forming apparatus 101.

  FIG. 2 is a diagram illustrating an example of an imaging range of a camera and a detection range of each sensor according to an embodiment. FIG. 2 shows an example of the imaging range 251 of the camera 102, the detection range 252 of the RFID tag reader 103, and the detection range 253 of the mobile sensor 106.

  In FIG. 2, a detection range 252 of the RFID tag reader 103 when viewed from the upper surface of the image forming apparatus 101 is shown. In the example of FIG. 2, the image forming apparatus 101 includes, for example, a patch antenna and the like, and is fan-shaped (for example, an angle of 150 °) on the front surface (downward direction in FIG. 2) of the image forming apparatus 101. A detection range 252 is formed. The RFID tag reader 103 radiates a predetermined radio wave to the detection range 252 when the user 105 is detected by the moving body sensor 106. Thus, for example, when the user 105 having the RFID tag 104 approaches a predetermined distance (for example, within 3 m) from the front surface of the image forming apparatus 101, predetermined information stored in the RFID tag 104 (for example, wireless) Tag ID) is automatically transmitted to the image forming apparatus 101. The camera 102 is activated (operated) when the user 105 is detected by the moving body sensor 106.

  In the present embodiment, the image forming apparatus 101 stores information indicating a user registered in advance, and is registered in advance in a wireless tag ID received from the RFID tag 104 and a storage unit of the image forming apparatus 101 described later. The RFID tag 104 is authenticated (hereinafter also referred to as “wireless authentication”) (first authentication) based on the information indicating the user. The image forming apparatus 101 also includes, for example, a face image of the user 105 included in an image captured by the camera 102 and user face feature information registered in advance in a storage unit of the image forming apparatus 101 described later. Based on this, the user 105 captured in the image is authenticated (hereinafter also referred to as “image authentication”) (second authentication). Further, when wireless authentication and image authentication are permitted, the image forming apparatus 101 includes information indicating a user corresponding to the RFID tag 104 permitted for wireless authentication, and information indicating a user permitted for image authentication. Based on the above, login authentication for the user 105 to use the image forming apparatus 101 (hereinafter also referred to as “apparatus authentication”) is performed. For example, when the user of the RFID tag 104 permitted for wireless authentication and the user permitted for image authentication are the same user, the image forming apparatus 101 logs in the user to the image forming apparatus 101. To give permission.

  As described above, the image forming apparatus 101 is permitted to perform both the wireless authentication using the RFID tag 104 and the image authentication using the image captured by the camera 102, and the RFID tag 104 that is permitted to perform the wireless authentication. If the user and the user authorized for image authentication are the same user, login of the user is permitted. As a result, according to the image forming apparatus 101 according to the present embodiment, the user 105 of the image forming apparatus 101 only has the RFID tag 104 and can authenticate an authentication method using a captured image such as image authentication. It becomes possible to improve the accuracy.

  FIG. 1 shows that when the user 105 approaches the image forming apparatus 101 and is authenticated by both wireless authentication and face authentication, login is permitted. In this embodiment, for example, when the user 105 is away from the image forming apparatus 101 and is no longer authenticated by both wireless authentication and face authentication, it is determined that the user 105 has ended the use and Log the person out.

  The moving body sensor 106 is used to return the image forming apparatus 101 from the power saving state to the normal state when, for example, the user 105 enters the detection range 253. The normal state is an example of a state in which information processing is executed according to an operation performed by the user. When the image forming apparatus 101 operates in a normal state, power required for executing information processing is supplied to each unit of the image forming apparatus 101. The power saving state is an example of a state in which at least part of the operation of the image forming apparatus 101 is temporarily stopped. When the image forming apparatus 101 operates in the power saving state, power supply to at least a part of the image forming apparatus 101 is stopped, and the power consumption of the image forming apparatus 101 is less than that in the normal state. However, even when the image forming apparatus 101 operates in the power saving state, power is supplied to the moving body sensor 106 so that these units can operate in the power saving state.

  The sizes of the imaging range 251, the detection range 252, and the detection range 253 are arbitrary, but may be 0.6 m, 1 m, and 2 m, for example. Thus, if the detection range 253 is made larger than the other ranges, for example, the user 105 can supply power to the RFID tag reader 103 and the camera 102 and operate them until the user 105 enters the imaging range 251 or the detection range 252. .

  In the case of a configuration without a power saving state, or a configuration in which power is supplied to the RFID tag reader 103 and the camera 102 even in the power saving state, the mobile body sensor 106 may not be provided.

  Note that the system configuration in FIG. 1 is merely an example. For example, instead of the image forming apparatus 101, an information processing apparatus such as a PC (Personal Computer), a tablet terminal, a smartphone, a game machine, or a video conference apparatus having an authentication function for a user similar to the image forming apparatus 101 may be used. Good.

  In addition, the camera 102 or the RFID tag reader 103 may be externally attached.

  The RFID tag 104 may be an RFID active tag or a semi-active tag. The RFID tag 104 is an example of a wireless tag. The wireless tag may be a wireless terminal that performs communication using a short-range wireless method (for example, Bluetooth (registered trademark) Low Energy (hereinafter referred to as “BLE”) or NFC (Near Field Communication)) different from RFID. Good. Further, instead of the wireless tag, a mobile terminal equipped with a wireless tag or the like may be used. As described above, the authentication (wireless authentication) using the RFID tag 104 is an example, and may be replaced with another authentication method using an object storing authentication information associated with the user.

  An authentication method combined with wireless authentication is not limited to an authentication method using an image obtained by capturing a user. For example, various authentication methods for authenticating a user using feature information indicating the characteristics of the user's biological body may be used. Such authentication methods include, for example, authentication based on the user's walking pattern, authentication based on the speed and timing of the user's key input, voice authentication, fingerprint authentication, iris authentication, and vein authentication.

(Hardware configuration)
FIG. 3 is a diagram illustrating an example of a hardware configuration of the image forming apparatus according to the present embodiment. A hardware configuration of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG.

  As shown in FIG. 3, the image forming apparatus 101 includes a main body 310 having an image forming engine that realizes various image forming functions such as a copy function, a scanner function, a fax function, and a printer function, and each image forming engine. And an operation unit 330 that receives a user operation on the controller or the like. Here, accepting the user's operation is a concept including accepting information (including a signal indicating a coordinate value of the screen) input according to the user's operation.

  The main body 310 and the operation unit 330 are connected to each other via a dedicated communication path 350 so that they can communicate with each other. The communication path 350 may be, for example, a USB (Universal Serial Bus) standard, but is not limited thereto, and may be of any standard regardless of wired or wireless. The main body 310 performs an operation according to the operation received by the operation unit 330. The main body 310 can also communicate with an external device such as a client PC, and can also perform an operation according to an instruction received from the external device.

<Hardware configuration of main unit>
As shown in FIG. 3, the main body 310 includes a CPU (Central Processing Unit) 311, a ROM (Read Only Memory) 312, a RAM (Random Access Memory) 313, a storage 314, and a communication I / F (Interface) 315. A connection I / F 316, an engine 317, a moving body sensor 318, and a system bus 319.

  The CPU 311 comprehensively controls the operation of the main body 310. The CPU 311 controls the overall operation of the main body 310 by executing a program stored in the ROM 312 or the storage 314 using the RAM 313 as a work area (working area). For example, the CPU 311 realizes various functions such as the copy function, the scanner function, the fax function, and the printer function described above.

  The ROM 312 is a non-volatile memory that stores, for example, a basic input / output system (BIOS) executed when the main body 310 is activated, and various settings. The RAM 313 is a volatile memory used as a work area for the CPU 311. The storage 314 is, for example, a non-volatile storage device that stores an OS (Operating System), application programs, various data, and the like. The storage 314 includes, for example, an HDD (Hard Disk Drive) or an SSD (Solid State Drive).

  The communication I / F 315 is a network interface for connecting the main body 310 to the network 360 and communicating with an external device connected to the network 360. The connection I / F 316 is an interface for communicating with the operation unit 330 via the communication path 350.

  The engine 317 is hardware that performs processing other than general-purpose information processing and communication for realizing functions such as a copy function, a scanner function, a fax function, and a printer function. The engine 317 includes, for example, a scanner that scans and reads an image of a document, a plotter that performs printing on a sheet material such as paper, and a fax unit that performs fax communication. The engine 317 may include a specific option such as a finisher that sorts printed sheet materials or an ADF (Auto Document Feeder) that automatically feeds a document.

  The moving body sensor 318 is a sensor that detects a moving body (such as a user) within the detection range around the image forming apparatus 101. The moving body sensor 318 is composed of, for example, a pyroelectric sensor. The moving body sensor 318 corresponds to the moving body sensor 106 shown in FIG.

  A system bus 319 is a transmission path that connects the above-described components to each other and transmits an address signal, a data signal, various control signals, and the like.

<Hardware configuration of operation unit>
As shown in FIG. 3, the operation unit 330 includes a CPU 331, a ROM 332, a RAM 333, a flash memory 334, a communication I / F 335, an operation panel 336, a connection I / F 337, an external connection I / F 338, A short-range wireless communication device 339, a camera 340 (imaging device), and a system bus 341 are included.

  The CPU 331 comprehensively controls the operation of the operation unit 330. The CPU 331 controls the operation of the entire operation unit 330 by executing a program stored in the ROM 332, the flash memory 334, or the like using the RAM 333 as a work area (working area). For example, the CPU 331 realizes various functions such as displaying information (image) in accordance with the input received from the user on the operation panel 336.

  The ROM 332 is a non-volatile memory that stores, for example, a BIOS executed when the operation unit 330 is activated, and various settings. The RAM 333 is a volatile memory used as a work area for the CPU 331. The flash memory 334 is a non-volatile storage device that stores an OS, application programs, various data, and the like, for example.

  The communication I / F 335 is a network interface for connecting the operation unit 330 to the network 360 and performing communication with an external device connected to the network 360.

  The operation panel 336 accepts various inputs according to user operations and displays various types of information (for example, information according to the accepted operations, information indicating the operation status of the image forming apparatus 101, setting information, and the like). The device has an input function and a display function. The operation panel 336 is configured by, for example, a liquid crystal display device (LCD: Liquid Crystal Display) equipped with a touch panel function. Note that the operation panel 336 is not limited to a liquid crystal display device, and may be configured by, for example, an organic EL (Electro-Luminescence) display device equipped with a touch panel function. The operation panel 336 can include an operation unit such as a hardware key or a display unit such as a lamp in addition to or instead of the touch panel function.

  The connection I / F 337 is an interface for communicating with the main body 310 via the communication path 350. The external connection I / F 338 is an interface such as a USB for connecting an external device.

  The short-range wireless communication device 339 is a short-range wireless device for communicating with a wireless tag within a predetermined range by short-range wireless communication. The short-range wireless communication device 339 includes, for example, the RFID tag reader 103 shown in FIG. 1 and the like, and transmits a radio wave from an RFID passive tag that returns a response to a radio wave transmitted from the short-range wireless communication device 339 or from its own device. Predetermined information is received from an RFID active tag or the like. Note that the short-range wireless communication device 339 may be a short-range wireless device that performs short-range wireless communication such as BLE or NFC described above.

  The camera 340 is an imaging device that captures an image within a predetermined imaging range. The camera 340 corresponds to the camera 102 shown in FIG.

  The system bus 341 is a transmission path that connects the above-described components to each other and transmits an address signal, a data signal, various control signals, and the like.

(Software configuration)
FIG. 4 is a diagram illustrating an example of a software configuration of the image forming apparatus according to the present embodiment. The software configuration of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG.

  As shown in FIG. 4, the main body 310 of the image forming apparatus 101 includes an application layer 411, a service layer 412, and an OS layer 413. The entities of the application layer 411, the service layer 412, and the OS layer 413 are various software stored in the ROM 312 or the storage 314. When the CPU 311 executes these software (programs), various functions of the main body 310 are provided.

  The application layer 411 is application software (hereinafter, simply referred to as “application” in some cases) for operating hardware resources and providing a predetermined function. Examples of the application include a copy application for providing a copy function, a scanner application for providing a scanner function, a fax application for providing a fax function, and a printer application for providing a printer function.

  The service layer 412 is software that is interposed between the application layer 411 and the OS layer 413 and provides an interface for using hardware resources of the main body 310 for the application of the application layer 411. Specifically, the service layer 412 provides a function of accepting operation requests for hardware resources and arbitrating operation requests. The operation request received by the service layer 412 includes a request for reading by a scanner and printing by a plotter. Note that the interface function by the service layer 412 is provided not only to the application layer 411 of the main body 310 but also to the application layer 431 of the operation unit 330. The Web API interface function of the service layer 412 is provided by, for example, the Web API. That is, the application layer 431 of the operation unit 330 can also realize a function using hardware resources (for example, the engine 317) of the main body 310 via the Web API interface function of the service layer 412 of the main body 310.

  The OS layer 413 is basic software (operating system) for providing a basic function for controlling hardware included in the main body 310. The service layer 412 converts a hardware resource use request from various applications into a command interpretable by the OS layer 413 and passes it to the OS layer 413. Then, when the command is executed by the OS layer 413, the hardware resource performs an operation in accordance with the request of the application.

  As illustrated in FIG. 4, the operation unit 330 of the image forming apparatus 101 includes an application layer 431, a service layer 432, and an OS layer 433. The application layer 431, the service layer 432, and the OS layer 433 included in the operation unit 330 have the same hierarchical structure as that of the main body 310. However, the functions provided by the applications in the application layer 431 and the types of operation requests that can be accepted by the service layer 432 are different from those on the main body 310 side.

  The application of the application layer 431 may be software for operating a hardware resource included in the operation unit 330 to provide a predetermined function, but is mainly a UI for performing an operation and display related to the function included in the main body 310. (User Interface) functions are provided. The application of the application layer 431 provides an authentication function using the short-range wireless communication device 339 provided in the operation unit 330, the camera 340, and the like.

  In the present embodiment, the software of the OS layer 413 on the main body 310 side is different from the software of the OS layer 433 on the operation unit 330 side in order to maintain the independence of functions. That is, the main body 310 and the operation unit 330 operate independently of each other by different operating systems. For example, it is possible to use Linux (registered trademark) as the software of the OS layer 413 on the main body 310 side and Android (registered trademark) as the software of the OS layer 433 on the operation unit 330 side.

  As described above, in the image forming apparatus 101 according to the present embodiment, the main body 310 and the operation unit 330 operate with different operating systems, and therefore communication between the main body 310 and the operation unit 330 is performed in a common apparatus. This is not communication between processes but communication between different devices. The operation (command communication) for transmitting information (operation instruction content from the user) received by the operation unit 330 to the main unit 310, the operation for transmitting information to the operation unit 330, and the like correspond to this. Here, the function of the main body 310 can be used when the operation unit 330 performs command communication to the main body 310. The information transmitted from the main body 310 to the operation unit 330 includes, for example, the execution status of the operation in the main body 310 and the contents set on the main body 310 side. In the present embodiment, since the power supply to the operation unit 330 is performed from the main body 310 via the communication path 350, the power control of the operation unit 330 is performed separately from the power control of the main body 310 (independently). Can do).

(Functional configuration)
FIG. 5 is a diagram illustrating an example of a functional configuration of the image forming apparatus according to the present embodiment. The functional configuration of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG.

<Functional configuration of main unit>
As illustrated in FIG. 5, the main body 310 of the image forming apparatus 101 includes a moving body detection unit 501, a power state control unit 502, an image forming unit 503, a storage unit 504, and a communication unit 505.

  The moving body detection unit 501 is a functional unit that detects a moving body (for example, a person) within the detection range around the image forming apparatus 101 using the moving body sensor 318. The moving body detection unit 501 is realized by, for example, a program that operates on the CPU 311 illustrated in FIG. When the moving object detection unit 501 detects a moving object within the detection range, the moving object detection unit 501 notifies the power state control unit 502 that the moving object has been detected.

  The power state control unit 502 is a functional unit that controls the power states of the main body 310 and the operation unit 330. The power state control unit 502 is realized by, for example, a program that operates on the CPU 311 illustrated in FIG. The power state control unit 502 puts the image forming apparatus 101 into a power saving state that consumes less power than the normal state in which the image forming process can be performed when the image forming apparatus 101 is not used for a preset time. Transition. In the power saving state, power consumption can be reduced by, for example, stopping the functions of the operation unit 330 and the engine 317 and storage 314 of the main body 310. When the power state control unit 502 receives a notification from the moving body detection unit 501 indicating that the moving body has been detected while the image forming apparatus 101 is in the power saving state, the power state control unit 502 moves the operation unit 330 from the power saving state to the normal state. It returns to the normal state that can operate. The power state control unit 502 notifies the operation unit 330 of a return command via the communication path 350 to return the operation unit 330 from the power saving state to the normal state. Further, the power state control unit 502 may shift from the normal state to the power saving state when the user is logged out by the device authentication unit 516.

  In the normal state, power is supplied to the function units related to image authentication (camera 340, image receiving unit 513, etc.) and the function units related to wireless authentication (short-range wireless communication device 339, wireless communication unit 511). Note that the state may be changed to a state other than the normal state as long as power is supplied to at least the functional units related to image authentication and wireless authentication. The power state control unit 502 notifies each unit (the image reception unit 513, the wireless communication unit 511, the device authentication unit 516, etc.) in the operation unit 330 that the normal state has been restored (power on).

  The power state control unit 502 may be configured to activate the camera 102 when the moving object ((user 105)) is detected by the moving object detection unit 501 (the moving object sensor 106). A function of activating the camera 102 when it is detected may be provided in the operation unit 330.

  The image forming unit 503 is a functional unit that executes various image forming functions (for example, a printer function, a copy function, a scanner function, and a fax function) provided in the image forming apparatus 101. The image forming unit 503 is realized by, for example, a program that operates on the engine 317 illustrated in FIG. 3 and the CPU 311 illustrated in FIG.

  The storage unit 504 is a functional unit that stores various pieces of information such as user information A 506 including information indicating the user of the image forming apparatus 101 registered in advance. The storage unit 504 is realized by, for example, the RAM 313 and the storage 314 illustrated in FIG. 3 and a program that operates on the CPU 311 illustrated in FIG.

  The communication unit 505 is a functional unit that connects the main body 310 to the network 360 and communicates with an external device connected to the network 360. The communication unit 505 is realized by, for example, a communication I / F 315 illustrated in FIG. 3 and a program that operates on the CPU 311 illustrated in FIG.

  Note that the moving body detection unit 501, the power state control unit 502, the image forming unit 503, the storage unit 504, and the communication unit 505 of the main body 310 shown in FIG. The configuration is not limited. For example, a plurality of functional units illustrated as independent functional units in the main body 310 illustrated in FIG. 5 may be configured as one functional unit. On the other hand, in the main body 310 illustrated in FIG. 5, the functions of one function unit may be divided into a plurality of functions and configured as a plurality of function units.

  In addition, some or all of the moving body detection unit 501, the power state control unit 502, and the image forming unit 503 of the main body 310 are not software programs, but are an FPGA (Field-Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). ) Or the like.

<Functional configuration of operation unit>
As shown in FIG. 5, the operation unit 330 of the image forming apparatus 101 includes a wireless communication unit 511, a wireless authentication unit 512 (first authentication unit), an image reception unit 513, and a face detection unit 514 (detection unit). An image authentication unit 515 (second authentication unit), a device authentication unit 516, a user information management unit 517, a storage unit 518, and a communication unit 519.

  The wireless communication unit 511 is a functional unit that receives predetermined information (such as a wireless tag ID) from a wireless tag within a predetermined range by short-range wireless communication using the short-range wireless communication device 339. The wireless communication unit 511 is realized by, for example, a program that operates in the short-range wireless communication device 339 illustrated in FIG. 3 and the CPU 331 illustrated in FIG. The wireless communication unit 511 receives predetermined information such as a wireless tag ID from the RFID tag 104 within the detection range 252 of the RFID tag reader 103 illustrated in FIG.

  The wireless authentication unit 512 is a functional unit that authenticates a wireless tag that has transmitted predetermined information based on predetermined information received by the wireless communication unit 511 and user information registered in advance. The wireless authentication unit 512 is realized by, for example, a program that operates on the CPU 331 illustrated in FIG. The wireless authentication unit 512 is based on the wireless tag ID of the RFID tag 104 received by the wireless communication unit 511 and user information registered in advance (for example, user information a520 and user information A506 described later). The RFID tag 104 is authenticated (wireless authentication). The wireless authentication unit 512 permits authentication of the RFID tag 104 when the wireless tag ID of the RFID tag 104 received by the wireless communication unit 511 is included in the previously registered user information.

  The wireless authentication unit 512 sends the wireless tag ID received from the wireless communication unit 511 to the user information management unit 517, for example. The wireless authentication unit 512 receives the result received from the user information management unit 517 (presence / absence of corresponding user, user number if the corresponding user exists). If the user is present in the user information, short-range wireless authentication is possible, and if not, short-range wireless authentication is not possible. The wireless authentication unit 512 sends an authentication result to the device authentication unit 516. In addition, the wireless authentication unit 512 outputs information indicating the user of the RFID tag 104 permitted to be authenticated to the device authentication unit 516. Note that the wireless authentication unit 512 may output and store the information indicating the user of the RFID tag 104 permitted to be authenticated in the storage unit 518.

  The image receiving unit 513 receives an image from the camera 340. The image receiving unit 513 is realized by, for example, a program that operates on the CPU 331 illustrated in FIG. The image receiving unit 513 causes the camera 340 to capture an image in front of the image forming apparatus 101 and receives an image of the user 105 in front of the image forming apparatus 101 from the camera 340.

  The face detection unit 514 is an example of a detection unit that detects user authentication information. For example, the face detection unit 514 authenticates a user's face image, feature information extracted from the user's face image (an example of feature information indicating a biometric feature), and the like from the received image. Detect as information. When performing authentication other than face authentication, authentication information used for other authentication may be detected instead of a face image or the like. For example, a walking pattern, key input speed, key input timing, voice characteristics, fingerprint characteristics, vein characteristics, and the like may be detected as authentication information. The face detection unit 514 is realized by, for example, a program that operates on the CPU 331 illustrated in FIG. Note that the feature information of the face image includes information such as the shape and relative position of each part such as the face outline, eyes, nose, chin, and cheekbone.

  The face detection unit 514 detects a face image (face area) from the image using, for example, a face detection method based on the following Haar-like feature. The Haar-like feature value is a value obtained by subtracting the sum of the pixel values of the white region from the sum of the pixel values of the black region in the rectangle to be calculated in the search region. Since this rectangle may be arranged anywhere and how in the search area, there are tens of thousands of possible arrangement places in the search area. Each weak classifier in the search area is weighted by prior learning by boosting these rectangles, and a strong classifier is created by selecting only a few dozen weak classifiers with the highest importance. Is done. Then, it is determined by this strong classifier (by a black and white rectangular number pattern indicating the human face likeness) whether or not the area is a human face area.

  When the feature information of the face image is used as the authentication information, the face detection unit 514 may further detect the feature information from the face image (face region). For example, the face detection unit 514 may extract a feature point (for example, 13-dimensional data) of the face image from the face image as authentication information by a method using a subspace method or the like.

  The image authentication unit 515 is a functional unit that authenticates a user included in the image received by the image receiving unit 513 based on the image received by the image receiving unit 513 and user information registered in advance. . The image authentication unit 515 is realized by, for example, a program that operates on the CPU 331 illustrated in FIG. The image authentication unit 515 includes user authentication information (face image or face image feature information) detected by the face detection unit 514 from the image received by the image reception unit 513, and user information registered in advance. Based on (for example, user information a520 and user information A506 described later), image authentication of the user included in the image is performed.

  When one feature information corresponding to the feature information of the face image extracted by the face detection unit 514 is included in the previously registered user information, the image authentication unit 515 permits authentication of the user included in the image.

  For example, the image authentication unit 515 receives a face image from the face detection unit 514, receives pre-registered user authentication information from the user information management unit 517, and collates it. The image authentication unit 515 repeats the verification for the number of users registered in the user information until the verification is successful. As a matching method, a method of comparing feature points detected from face images, a method of matching by pattern recognition using the luminance value of each pixel per face image as one vector, and the like can be applied. .

  In addition, the image authentication unit 515 outputs information indicating a user who has been authenticated to the device authentication unit 516. Note that the image authentication unit 515 may output the information to the storage unit 518 and store it in order to hold information indicating a user who has been authenticated.

  The authentication method by the image authentication unit 515 is not limited to the above-described method, and any known face authentication technology (for example, see Japanese Patent Application Laid-Open No. 2015-35178) can be applied. Further, the image authentication unit 515 performs various well-known image authentication methods (for example, for performing user authentication) based on feature information indicating characteristics of the user's biological body included in the image received by the image reception unit 513 (for example, User authentication may be performed by fingerprint authentication, iris authentication, vein authentication, or the like.

  The device authentication unit 516 is configured to perform login authentication of the user (device) based on information indicating the user permitted to be authenticated by the wireless authentication unit 512 and information indicating the user permitted to be authenticated by the image authentication unit 515. It is a functional unit that performs authentication. The device authentication unit 516 cancels login authentication of a logged-in user when authentication of the logged-in user is canceled in both wireless authentication and image authentication. The device authentication unit 516 is realized by, for example, a program that operates on the CPU 331 illustrated in FIG. If the user of the wireless tag (RFID tag 104) authorized by the wireless authentication unit 512 and the user authorized by the image authentication unit 515 are the same user, the device authentication unit 516 The user is permitted to use the image forming apparatus 101. As a preferred example, the device authentication unit 516 includes identification information indicating a user of a wireless tag permitted to be authenticated by the wireless authentication unit 512 and identification information indicating a user permitted to be authenticated by the image authentication unit 515. If they match, the user's use of the image forming apparatus 101 is permitted.

  Note that when the identification information indicating the user obtained from the wireless authentication unit 512 matches the identification information indicating the user obtained from the image authentication unit 515, the two identification information completely match. In addition, the case where the two pieces of identification information can be determined as identification information indicating substantially the same user may be included. For example, the identification information indicating the user obtained from the image authentication unit 515 is an 8-digit employee ID, and the identification information indicating the user obtained from the wireless authentication unit 512 is 10 digits obtained by adding two characters to the employee ID. It may be determined that the two pieces of identification information coincide with each other. As described above, in the device authentication unit 516, the identification information indicating the user obtained from the wireless authentication unit 512 and the identification information indicating the user obtained from the image authentication unit 515 are identification information regarding the same user. In this case, the use of the image forming apparatus 101 of the user may be permitted.

  In general, a result notification from the wireless authentication unit 512 is transmitted early. For this reason, the apparatus authentication unit 516 may perform authentication preparation (pre-authentication) in advance, and may make it available to the user as soon as the remaining authentication results are transmitted.

  The user information management unit 517 is a functional unit that manages the user information a 520 stored in the storage unit 518. The user information management unit 517 is realized by, for example, a program that runs on the CPU 331 shown in FIG.

  The user information management unit 517 provides user information (user information a520 in FIG. 5) to the image authentication unit 515 and the wireless authentication unit 512, for example. For example, the user information management unit 517 sends the “user number” and “authentication information” of each user to the image authentication unit 515. The user information management unit 517 may sequentially send information for each authentication process, or may send it in a lump at the beginning. For example, the user information management unit 517 passes the “user number” of the user having the wireless tag ID specified by the wireless authentication unit 512 to the wireless authentication unit 512.

  The user information management unit 517 acquires data from the cache if the data specified by the wireless authentication unit 512 exists in the cache (flash memory 334 or the like), and stores the data specified by the wireless authentication unit 512 if the data specified by the wireless authentication unit 512 does not exist in the cache. Get data from. The user information management unit 517 first passes the data on the cache to the image authentication unit 515. If all the data in the cache cannot be authenticated, the user information management unit 517 acquires the data from the storage unit 504 and sends the user information not existing in the cache to the image authentication unit 515.

  The storage unit 518 is a functional unit that stores various types of information such as user information a520 including information indicating the user of the image forming apparatus 101. The storage unit 518 is realized by, for example, the RAM 333 illustrated in FIG. 3, the flash memory 334, and a program that operates on the CPU 331 illustrated in FIG.

  The communication unit 519 is a functional unit that connects the operation unit 330 to the network 360 and communicates with an external device connected to the network 360. The communication unit 519 is realized by, for example, a communication I / F 335 illustrated in FIG. 3 and a program that operates on the CPU 331 illustrated in FIG.

  Note that the wireless communication unit 511, the wireless authentication unit 512, the image reception unit 513, the face detection unit 514, the image authentication unit 515, the device authentication unit 516, the user information management unit 517, and the storage unit 518 of the operation unit 330 illustrated in FIG. The communication unit 519 conceptually shows functions, and is not limited to such a configuration. For example, a plurality of functional units illustrated as independent functional units in the operation unit 330 illustrated in FIG. 5 may be configured as one functional unit. On the other hand, the function of one function unit may be divided into a plurality of functions in the operation unit 330 illustrated in FIG. 5 and configured as a plurality of function units.

  The wireless communication unit 511, the wireless authentication unit 512, the image reception unit 513, the face detection unit 514, the image authentication unit 515, the device authentication unit 516, and the user information management unit 517 of the operation unit 330 are all or part of Instead of a program that is software, it may be realized by a hardware circuit such as FPGA or ASIC.

  In addition, at least a part of the function of the operation unit 330 may be executed in the main body 310, and conversely, at least a part of the function of the main body 310 may be executed in the operation unit 330. For example, the apparatus authentication unit 516 may be included in the main body 310. In this case, the other configuration is the same as that of the image forming apparatus 101 shown in FIG. In such a configuration, the wireless authentication unit 512 notifies the device authentication unit 516 of the authentication result of the wireless authentication unit 512 (for example, information indicating a user permitted to be authenticated) via the communication path 350. Similarly, the image authentication unit 515 notifies the device authentication unit 516 of the authentication result of the image authentication unit 515 (for example, information indicating a user permitted to be authenticated) via the communication path 350. The device authentication unit 516 performs user authentication (device authentication) based on the authentication result of the wireless authentication unit 512 and the authentication result of the image authentication unit 515 received via the communication path 350.

(Configuration of user information)
FIG. 6 is a diagram illustrating an example of user information according to the present embodiment. 7 and 8 are diagrams showing another example of user information according to the present embodiment. A data configuration of the user information a520 stored in the storage unit 518 of the operation unit 330 will be described with reference to FIGS.

  User information a520 shown in FIG. 6 is an example of user information registered in advance. In the example of FIG. 6, the user information a 520 includes “user number”, “name”, “mail address”, “login ID”, “login password”, “wireless tag ID”, and “authentication information”. Etc. are included.

  The “user number” is, for example, a serial number assigned when each user's information is registered in the user information a 520 or an identification number unique to each user data. This is an example of unique identification information (identification information indicating a user). The “user number” may be identification information indicating a user, such as an employee ID, for example.

  “Name” is the name of the user. “Mail address” is the user's mail address. “Login ID” and “Login password” are examples of authentication information for the user to log in to the image forming apparatus 101.

  The “wireless tag ID” is identification information such as a tag ID indicating the RFID tag 104 transmitted by the RFID tag 104 possessed by each user, and is represented by, for example, an 8-digit number. The “wireless tag ID” is an example of predetermined information transmitted from the RFID tag 104. The predetermined information may include information other than numbers, for example, identification information indicating a user. Good.

  “Authentication information” is characteristic information regarding the user's face such as the contour and the shape of each part of the user of the image forming apparatus 101, such as the face contour, eyes, nose, chin, and cheekbone, and the relative position. . The “authentication information” needs to be acquired in advance for each user and registered in the user information a520.

  In the user information a520 shown in FIG. 6, for example, when the data type is “data 2”, the user number is “101002”, the name is “BBBB”, the mail address is “bbb@bbb.ccc”, and the login The ID is “BB_BB”, the login password is “abcdef”, the wireless tag ID is “00535213”, the authentication information is “{56, 111, −3,..., −120, 47, 208}”. Are stored in association with each other.

  The storage unit 518 of the operation unit 330 can store, for example, about 300 to 1800 pieces of user information a520 as shown in FIG. For example, the user information management unit 517 of the operation unit 330 stores at least a part of the user information A506 stored in the storage unit 504 of the main body 310 as user information a520 in the storage unit 518 of the operation unit 330. Keep it. Thereby, the wireless authentication unit 512 and the image authentication unit 515 read the user information a520 stored in the storage unit 518 of the operation unit 330 faster than the user information A506 stored in the storage unit 504 of the main body 310. Will be able to.

  The storage unit 518 may store user information 701 shown in FIG. 7 or user information 801 shown in FIG. 8 in addition to or instead of the user information a520. In the user information 701 shown in FIG. 7, the “wireless tag ID” described above and “user ID”, which is an example of identification information indicating the user, are stored in association with each other. The wireless authentication unit 512 can perform authentication (wireless authentication) of the RFID tag 104 if there is at least information shown in the user information 701. For example, when the wireless tag ID of the RFID tag 104 received by the wireless communication unit 511 is included in the user information 701, the wireless authentication unit 512 permits the RFID tag 104 to be authenticated, and allows the RFID tag 104 to which the authentication is permitted to be performed. The corresponding user ID is output to the device authentication unit 516 or the like.

  In the user information 801 illustrated in FIG. 8, “user ID” and the above-described “authentication information” are stored in association with each other. The image authentication unit 515 can authenticate the user included in the image (image authentication) if there is at least the information shown in the user information 801. For example, the image authentication unit 515 authenticates the user included in the image when one piece of feature information corresponding to the feature information of the user's face image extracted by the face detection unit 514 is included in the user information 801. And the user ID of the user who has been authenticated is output to the device authentication unit 516 or the like.

  The user information a520, 701, and 801 shown in FIGS. 6 to 8 are all information in a table format, but the present invention is not limited to this, and the values of each field can be managed in association with each other. If possible, the information may be in any format.

(Wireless authentication process flow)
FIG. 9 is a flowchart illustrating an example of wireless authentication processing of the image forming apparatus according to the present embodiment. The flow of wireless authentication processing of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG.

<Step S101>
First, the wireless communication unit 511 receives identification information (wireless tag ID) from a wireless tag (RFID tag 104) within a predetermined range (for example, the detection range 252 shown in FIG. 2). When the wireless communication unit 511 receives the identification information (step S101: Yes), the process proceeds to step S102, and when it cannot be received (step S101: No), the reception is performed again.

<Step S102>
The wireless authentication unit 512 authenticates the wireless tag (RFID tag 104) that transmitted predetermined information based on the identification information received by the wireless communication unit 511 and user information registered in advance. Specifically, the wireless authentication unit 512 authenticates the RFID tag 104 based on the wireless tag ID of the RFID tag 104 received by the wireless communication unit 511 and the user information a520 or user information A506 registered in advance ( Wireless authentication). The wireless authentication unit 512 permits authentication of the RFID tag 104 when the wireless tag ID of the RFID tag 104 received by the wireless communication unit 511 is included in the user information a520 or the user information A506. Also, the wireless authentication unit 512 does not permit the RFID tag 104 to be authenticated when the wireless tag ID received by the wireless communication unit 511 is not included in the user information a520 or the user information A506. Then, the process proceeds to step S103.

<Step S103>
If authentication of the RFID tag 104 is permitted as a result of wireless authentication by the wireless authentication unit 512 (when the authentication result is “OK”) (step S103: Yes), the process proceeds to step S104. On the other hand, when the authentication of the RFID tag 104 is not permitted (when the authentication result is not “OK”) (step S103: No), the process returns to step S101 and the same processing is repeated.

<Step S104>
The wireless authentication unit 512 permits the authentication (the authentication result is “OK”). Information regarding the user of the RFID tag 104 (for example, the user identification information such as “user number” or “user ID”) ) Is output to the device authentication unit 516. At this time, the wireless authentication unit 512 transmits information indicating that the authentication is permitted (the authentication result is “OK”) together with the identification information of the user of the RFID tag 104 that has permitted the authentication, to the device authentication unit 516. May be output. In step S103 described above, the wireless authentication unit 512 outputs information indicating that authentication is not permitted (authentication result is “NG”) to the device authentication unit 516 when authentication is not permitted. There may be.

  The wireless authentication process is executed by the image forming apparatus 101 through the operations in steps S101 to S104.

(Image authentication processing flow)
FIG. 10 is a flowchart illustrating an example of image authentication processing of the image forming apparatus according to the present embodiment. 11 and 12 are diagrams for explaining an example of image authentication according to the present embodiment. A flow of image authentication processing of the image forming apparatus 101 according to the present embodiment will be described with reference to FIGS.

<Step S201>
The image receiving unit 513 acquires a captured image captured by the camera 340. An example of the captured image acquired at this time is shown in FIG. A captured image 1001 illustrated in FIG. 11 includes a user 1002 in front of the image forming apparatus 101. As described above, the camera 340 is installed so that the user in front of the image forming apparatus 101 is included in the captured image 1001. Then, the process proceeds to step S202.

<Step S202>
The face detection unit 514 detects a face portion image (face image) from the captured image acquired by the image reception unit 513. An example of the detected face image at this time is shown in FIG. The face detection unit 514 extracts parts such as the contour 1004, eyes 1005, and nose 1006 of the user's face from the captured image 1001 captured by the camera 340, for example, using a known pattern matching technique or the like. The user's face image 1003 is detected by using this. Then, the process proceeds to step S203.

<Step S203>
When the face image 1003 is detected from the captured image 1001 by the face detection unit 514 (step S203: Yes), the process proceeds to step S204. On the other hand, when the face image 1003 is not detected from the captured image 1001 by the face detection unit 514 (step S203: No), the process returns to step S201 and the same processing is repeated.

<Step S204>
The image authentication unit 515 performs authentication (image authentication) using the detected face image. Note that various known face authentication techniques (for example, see the above-mentioned JP-A-2015-35178) can be applied to the image authentication process. Here, only an outline will be described for an example.

  For example, in the “authentication information” of the user information a 520 and the user information A 506, the face outline, eyes, nose, chin, and cheek bone acquired in advance for each user permitted to use the image forming apparatus 101. Etc., such as the shape and relative position of each part. In addition, the face detection unit 514 detects a face image 1003 included in the captured image 1001 acquired by the image reception unit 513, and extracts user feature information from the detected face image 1003. The image authentication unit 515 compares the user characteristic information extracted by the face detection unit 514 with each of the “authentication information” of the user information a520 or the user information A506, and the user included in the captured image 1001 It is determined whether the user is registered in the user information a520 or the user information A506. If the image authentication unit 515 determines that the user included in the captured image 1001 is a registered user in the user information a520 or the user information A506, the image authentication unit 515 permits authentication of the user included in the captured image 1001. To do. On the other hand, if the image authentication unit 515 determines that the user included in the captured image 1001 is not a user registered in the user information a520 or the user information A506, the image authentication unit 515 authenticates the user included in the captured image 1001. not allowed. Then, the process proceeds to step S205.

<Step S205>
As a result of the image authentication performed by the image authentication unit 515, when user authentication is permitted (when the authentication result is “OK”) (step S205: Yes), the process proceeds to step S206. On the other hand, when the user authentication is not permitted (when the authentication result is not “OK”) (step S205: No), the process returns to step S201 and the same processing is repeated.

<Step S206>
The image authentication unit 515 uses information (for example, user identification information such as “user number”, “user ID”) that is permitted to be authenticated (authentication is “OK”) as device authentication. To the unit 516. At this time, the image authentication unit 515 outputs information indicating that the authentication is permitted (the authentication result is “OK”) to the device authentication unit 516 together with the identification information of the user who has permitted the authentication. It may be. In step S205 described above, the image authentication unit 515 outputs information indicating that the authentication is not permitted (the authentication result is “NG”) to the apparatus authentication unit 516 when the authentication is not permitted. There may be.

  Image authentication processing is executed by the image forming apparatus 101 through the operations in steps S201 to S206 described above.

(Composite authentication process flow)
FIG. 13 is a flowchart illustrating an example of authentication processing of the image forming apparatus according to the present embodiment. The flow of the composite authentication process of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG. It is assumed that the image forming apparatus 101 is controlled to the above-described power saving state by the power state control unit 502 at the start of the composite authentication process shown in FIG.

<Step S301>
When the moving body detection unit 501 of the main body 310 detects a moving body (for example, a person) around the image forming apparatus 101 (step S301: Yes), the process proceeds to step S302. When the moving object is not detected (step S301: No), the moving object detection unit 501 continues the detection operation of the moving object.

<Step S302>
The power state control unit 502 of the main body 310 cancels the power saving state of the operation unit 330. For example, the power state control unit 502 notifies the operation unit 330 of a return command via the communication path 350 to return the operation unit 330 from the power saving state to the normal state. For example, the power state control unit 502 transmits power-on to the image reception unit 513, the wireless communication unit 511, the device authentication unit 516, and the like. As a result, the wireless authentication process of the wireless authentication unit 512 shown in FIG. 9 and the image authentication process of the image authentication unit 515 shown in FIG. 10 can be executed. Then, the process proceeds to steps S303 and S304.

<Step S303>
For example, the wireless communication unit 511 and the wireless authentication unit 512 of the operation unit 330 execute a wireless authentication process as illustrated in FIG. 9. Here, when the authentication of the RFID tag 104 is permitted by the wireless authentication process, the wireless authentication unit 512 uses information indicating that the processing result of the wireless authentication process is “OK”, and the use of the RFID tag 104 permitted to be authenticated. The identification information of the user (for example, “user number” in FIG. 6) is output to the device authentication unit 516. On the other hand, the wireless authentication unit 512 outputs information indicating that the processing result of the wireless authentication processing is “NG” to the device authentication unit 516 when the authentication of the RFID tag 104 is not permitted by the wireless authentication processing. . Then, the process proceeds to step S305.

<Step S304>
For example, the image reception unit 513, the face detection unit 514, and the image authentication unit 515 of the operation unit 330 execute an image authentication process as illustrated in FIG. Here, when the authentication of the user included in the captured image is permitted by the image authentication process, the image authentication unit 515 includes information indicating that the processing result of the image authentication process is “OK”, and the use permitted for the authentication. The identification information of the user (for example, “user number” in FIG. 6) is output to the device authentication unit 516. On the other hand, the image authentication unit 515 outputs information indicating that the processing result of the image authentication process is “NG” to the device authentication unit 516 when the authentication of the user included in the captured image is not permitted by the image authentication process. It shall be. Then, the process proceeds to step S305.

<Step S305>
Based on the information output from the wireless authentication unit 512 and the image authentication unit 515, the device authentication unit 516 determines that the result of the wireless authentication process is “OK” and the result of the image authentication process is “OK” (permitted). It is determined whether or not. When both the result of the wireless authentication process and the result of the image authentication process are “OK” (permitted) (step S305: Yes), the process proceeds to step S306. On the other hand, if either the result of the wireless authentication process or the result of the image authentication process is not “OK” (permitted) (step S305: No), the process proceeds to step S308.

<Step S306>
The device authentication unit 516 determines whether the user of the RFID tag 104 whose wireless authentication processing is “OK” in step S303 and the user whose image authentication processing is “OK” in step S304 are the same user. Judge whether or not. For example, the device authentication unit 516 determines whether the user identification information output from the wireless authentication unit 512 matches the user identification information output from the image authentication unit 515. When the user identification information output from the wireless authentication unit 512 matches the user identification information output from the image authentication unit 515 (step S306: Yes), the process proceeds to step S307. On the other hand, when the user identification information output from the wireless authentication unit 512 does not match the user identification information output from the image authentication unit 515 (step S306: No), the process proceeds to step S308. As a specific example of the case where the user identification information does not match, a user holding the RFID tag 104 passes around the image forming apparatus 101 and a registered user who does not hold the RFID tag 104 There is a case where the user is in front of the image forming apparatus 101.

<Step S307>
If the apparatus authentication unit 516 determines that the user identification information output from the wireless authentication unit 512 matches the user identification information output from the image authentication unit 515, the apparatus authentication unit 516 transmits the information to the image forming apparatus 101 of the user. Login authentication (device authentication) is allowed. As a result, the user can use the image forming apparatus 101.

<Step S308>
The power state control unit 502 determines whether or not a predetermined time (for example, 5 minutes) has elapsed since the power saving state of the operation unit 330 was canceled in step S302. When the predetermined time has elapsed, that is, when the device authentication by the device authentication unit 516 is not successful within the predetermined time (step S308: Yes), the process proceeds to step S309. On the other hand, when the predetermined time has not elapsed (step S308: No), the process returns to steps S303 and S304, and the same processing is repeated.

<Step S309>
The power state control unit 502 shifts the operation unit 330 to the power saving state. For example, the power state control unit 502 shifts the operation unit 330 from the normal state to the power saving state by notifying the operation unit 330 of a transition command via the communication path 350.

  The apparatus authentication process is executed by the image forming apparatus 101 through the operations in steps S301 to S309 described above.

(Logout process flow)
FIG. 14 is a flowchart illustrating an example of logout processing of the image forming apparatus according to the present embodiment. The flow of logout processing of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG. The logout process is a process for logging in by combined authentication of wireless authentication and image authentication, and logging out immediately after the use is completed. It is assumed that the user is logged in at the start of the logout process shown in FIG.

<Step S401, Step S402>
After login, the wireless authentication process in step S401 and the image authentication process in step S402 are executed in parallel. Steps S401 and S402 are the same as steps S303 and S304 in FIG.

<Step S403>
The device authentication unit 516 determines whether or not the result of the wireless authentication process is “OK” based on the information output from the wireless authentication unit 512. When the result of the wireless authentication process is not “OK” (step S403: No), the process proceeds to step S405. When the result of the wireless authentication process is “OK” (step S403: Yes), the process proceeds to step S404.

<Step S404>
The device authentication unit 516 determines whether the user who has achieved the wireless authentication and the currently logged-in user match. If they match (step S404: Yes), the process returns to step S401 and step S402 again to continue the login. If they do not match (step S404: No), the process proceeds to step S405.

<Step S405>
The device authentication unit 516 determines whether or not the result of the image authentication process is “OK” based on the information output from the image authentication unit 515. When the result of the image authentication process is not “OK” (step S405: No), the process proceeds to step S407. When the result of the image authentication process is “OK” (step S405: Yes), the process proceeds to step S406.

<Step S406>
The device authentication unit 516 determines whether or not the user who has successfully authenticated the image and the currently logged-in user match. If they match (step S406: Yes), the process returns to step S401 and step S402 again to continue the login. If they do not match (step S406: No), the process proceeds to step S407.

<Step S407>
The device authentication unit 516 logs out the logged-in user and proceeds to step S408.

<Step S408>
The apparatus authentication unit 516 shifts the image forming apparatus 101 from the normal state to the power saving state.

  With the above method, the device authentication unit 516 can log out a logged-in user when authentication of a logged-in user is canceled in both image authentication and wireless authentication. In the cancellation of the authentication of the logged-in user, when there is no user to be authenticated (for example, step S403: No, step S405: No), and the authenticated user and the logged-in user A case where they do not match (for example, step S404: No, step S406: No) is included. As a result, it is possible to prevent the user from using it as it is after the user's use is completed. Further, for example, when the user tries to pick up an object that has been dropped, it is possible to prevent the user from being logged out accidentally by simply being unable to perform image authentication temporarily.

(Example of login and logout)
FIG. 15 is a diagram illustrating a state where the user is not authenticated by both the wireless authentication and the image authentication. FIG. 15 is an example of a state in which neither the wireless authentication nor the image authentication is authenticated because the user 105 exists at a position far from the image forming apparatus 101. An image 1301 schematically shows an example of an image captured by the camera 102. In the image 1301, since the size of the user's face is relatively small, image authentication is not permitted. Further, since the user 105 is outside the detection range 252, wireless authentication is not permitted.

  FIG. 16 is a diagram illustrating a state in which a user is authenticated by wireless authentication but a user is not authenticated by image authentication. In FIG. 16, since the user 105 has entered the detection range 252, wireless authentication is permitted. On the other hand, since the user's face is not sufficiently large as shown in the image 1401, image authentication is not permitted.

  FIG. 17 is a diagram illustrating a state in which a user is authenticated by both wireless authentication and image authentication. In FIG. 17, since the user 105 further approaches the image forming apparatus 101, the image of the user 105 is captured so large that the face of the user 105 can be detected in the image 1501. As a result, the user 105 is authenticated by both wireless authentication and image authentication. Note that the starting point of the flow in FIG. 14 is in this state.

  FIG. 18 is a diagram illustrating a state where authentication by wireless authentication is continued but authentication is no longer performed by image authentication. In FIG. 18, since the user 105 is within the detection range 252, wireless authentication is permitted. On the other hand, as shown in the image 1601, the user 105 is in a position not captured by the camera 102, and therefore the user 105 is not authenticated by image authentication. In the flow of FIG. 14, even in this state, since step S <b> 404 is “Yes”, the user is not logged out.

  FIG. 19 is a diagram illustrating a state where authentication cannot be performed by both wireless authentication and image authentication. FIG. 19 shows an example of a state where the user 105 has finished using the image forming apparatus 101 and is away from the image forming apparatus 101. In this state, the user 105 exists outside the detection range 252. Further, the face of the user 105 is captured small in the image 1701. Therefore, the user 105 is not authenticated by both wireless authentication and image authentication. In the flow of FIG. 14, in this state, both step S403 and step S405 are “No”, and the user is logged out.

(Modification)
In the above embodiment, the device authentication is canceled when both the wireless authentication and the image authentication are canceled. In such a configuration, it may be impossible to appropriately determine the end of use. For example, when the wireless authentication area (for example, RFID detection range 3 m) is wider than the image authentication area (for example, image capturing range 0.6 m), the face is out of the imaging range in consideration of security. Sometimes it is desirable to log out device authentication. However, in the method of the above-described embodiment, unless the user walks out of the RFID detection range, the device authentication cannot be logged out and the user continues to log in.

  Therefore, in this modified example, when the image authentication is canceled, the device authentication is canceled. If device authentication is canceled and wireless authentication is maintained for a certain time and a face is detected again within the imaging range (within the face image recognition range), the wireless authentication result and the image authentication result are used again. Allow device authentication. With such a configuration, it is possible to speed up re-authentication when the image authentication temporarily falls outside the scope of image authentication, for example, when trying to pick up a dropped object.

  For example, when the wireless authentication area is wider than the image authentication area, the apparatus authentication may be canceled when the wireless authentication is canceled. That is, device authentication may be canceled when any of the plurality of authentication processes is canceled.

  FIG. 20 is a flowchart illustrating an example of a modification of the authentication process. The flowchart of FIG. 20 starts with, for example, both wireless authentication and image authentication being permitted and device authentication being permitted.

  The image authentication unit 515 determines whether or not a face image exists within the imaging range (step S501). When it exists (step S501: Yes), the determination process of step S501 is repeated. When it does not exist (step S501: No), the image authentication unit 515 determines whether or not a predetermined time (for example, 5 seconds) has elapsed (step S502). If the predetermined time has not elapsed (step S502: No), the determination process of step S502 is repeated. When the predetermined time has elapsed (step S502: Yes), the image authentication unit 515 cancels the image authentication, and accordingly, the device authentication unit 516 cancels the device authentication (step S503).

  The image authentication unit 515 further determines whether or not a predetermined time (for example, 5 seconds) has elapsed (step S504). If it has not elapsed (step S504: No), the image authentication unit 515 determines whether or not a face image exists within the imaging range (step S505). If it does not exist (step S505: No), the image authentication unit 515 returns to step S504 and repeats the process. If it exists (step S505: Yes), the image authentication unit 515 executes image authentication processing using the face image detected within the imaging range (step S506). This image authentication process is the same as, for example, step S204 in FIG. The image authentication unit 515 may start the image authentication process from the same user information as the previous authentication target. As a result, the authentication process can be executed at a higher speed.

  The image authentication unit 515 determines whether or not the image authentication is successful (step S507). If successful (step S507: Yes), the image authentication unit 515 determines whether or not the authenticated user is the same as the previously authenticated user (step S508). If they are the same (step S508: Yes), the device authentication unit 516 permits device authentication using the wireless authentication information that is currently permitted (step S509), and ends the authentication process. Thereby, it is possible to speed up re-permission of the device authentication once canceled.

  If it is determined in step S504 that the predetermined time has elapsed (step S504: Yes), if it is determined in step S507 that image authentication has not been successful (step S507: No), and the previous authentication is performed in step S508. When it is determined that the user is not the same as the user (step S508: No), the device authentication unit 516 cancels the wireless authentication (step S510) and ends the authentication process. Thereafter, as shown in FIG. 13, for example, authentication processing based on the results of both wireless authentication and image authentication is resumed.

[Supplement of embodiment]
The functional configuration of the image forming apparatus 101 described in the above embodiments is an example, and each functional unit may be mounted on the main body 310 or the operation unit 330.

  In each of the above-described embodiments, the main body 310 and the operation unit 330 operate independently of each other with different operating systems. However, the present invention is not limited to this. May be in the form of operating on the same operating system.

  In each of the above-described embodiments, when at least one of the functional units of the image forming apparatus 101 is realized by executing a program, the program is provided by being incorporated in advance in a ROM or the like. The programs executed by the image forming apparatus 101 according to each of the above-described embodiments are files in an installable format or an executable format, such as a CD-ROM (Compact Disc Read Only Memory), a flexible disk (FD), a CD -R (Compact Disk-Recordable) or DVD (Digital Versatile Disc) may be recorded and provided on a computer-readable recording medium. Further, the program executed by the image forming apparatus 101 of each of the above-described embodiments may be provided by being stored on a computer connected to a network such as the Internet and downloaded via the network. Further, the program executed by the image forming apparatus 101 of each of the above embodiments may be configured to be provided or distributed via a network such as the Internet. The program executed by the image forming apparatus 101 of each of the above-described embodiments has a module configuration including at least one of the above-described functional units. As actual hardware, the CPU 311 or the CPU 331 includes the above-described module. By reading and executing a program from a storage device (for example, ROM 312, ROM 332, storage 314, flash memory 334, etc.), the above-described functional units are loaded on the main storage device (for example, RAM 313, RAM 333, etc.) and generated. It has come to be.

DESCRIPTION OF SYMBOLS 100 Image forming system 101 Image forming apparatus 102 Camera 103 RFID tag reader 104 RFID tag 105 User 251 Imaging range 252 and 253 Detection range 310 Main body 311 CPU
312 ROM
313 RAM
314 Storage 315 Communication I / F
316 Connection I / F
317 Engine 318 Moving body sensor 319 System bus 320 External connection I / F
330 Operation unit 331 CPU
332 ROM
333 RAM
334 Flash memory 335 Communication I / F
336 Operation panel 337 Connection I / F
338 External connection I / F
339 Short-range wireless communication device 340 Camera 341 System bus 350 Communication path 360 Network 371 Keyboard 411 Application layer 412 Service layer 413 OS layer 431 Application layer 432 Service layer 433 OS layer 501 Mobile object detection unit 502 Power state control unit 503 Image formation unit 504 Storage unit 505 Communication unit 506 User information A
511 Wireless communication unit 512 Wireless authentication unit 513 Image reception unit 514 Face detection unit 515 Image authentication unit 516 Device authentication unit 517 User information management unit 518 Storage unit 519 Communication unit 520 User information a

Japanese Patent Laying-Open No. 2015-011181

Claims (14)

An image forming apparatus,
A first authentication unit for performing first authentication;
A second authentication unit for performing second authentication;
A user who is authenticated by both the first authentication and the second authentication is permitted to use the image forming apparatus, and the use is performed by at least one of the first authentication and the second authentication. A device authentication unit for canceling permission of use of the image forming device to the user when authentication of the user is canceled;
An image forming apparatus comprising: The device authentication unit cancels permission of the user to use the image forming apparatus when the user authentication is canceled in both the first authentication and the second authentication;
The image forming apparatus according to claim 1. A wireless communication unit for acquiring authentication information from the wireless tag;
The first authentication unit performs the first authentication for the user of the wireless tag based on authentication information acquired by the wireless communication unit and user information registered in advance.
The image forming apparatus according to claim 1. The user information includes identification information unique to each user, and authentication information corresponding to the identification information,
The first authentication unit authenticates the user indicated by the identification information corresponding to the authentication information when the authentication information acquired by the wireless communication unit is included in the user information.
The image forming apparatus according to claim 3. A detection unit for detecting feature information indicating the characteristics of the user's living body;
The second authentication unit performs the second authentication for the user based on the feature information detected by the detection unit and user information registered in advance.
The image forming apparatus according to claim 1. The detection unit detects a user's face image from the captured image;
The user information includes identification information unique to each user, and image feature information as feature information indicating features of a living body corresponding to the identification information,
The second authentication unit authenticates the user indicated by the identification information corresponding to the feature information of the image when the feature information of the image detected by the detection unit is included in the user information.
The image forming apparatus according to claim 5. A power state control unit that shifts from the first state to a second state that consumes less power than the first state when permission to use the image forming apparatus is released by the device authentication unit;
The image forming apparatus according to claim 1. A moving body detection unit for detecting the moving body;
A radio communication unit that emits radio waves to a detection range and acquires authentication information from a radio tag within the detection range when a mobile unit is detected by the mobile unit detection unit;
The image forming apparatus according to claim 1. When authentication of the user is canceled in one of the first authentication unit and the second authentication unit, the other authentication permission is maintained for a predetermined time, and the device authentication unit is within the predetermined time, 2. The image formation according to claim 1, wherein, when the same user as the last successful authentication is authenticated by the authentication unit that has been de-authenticated, the authenticated user is permitted to use the image forming apparatus again. apparatus. A main body having an image forming engine, and an operation unit for instructing operation on the main body;
The first authentication unit and the second authentication unit are provided in the operation unit.
The image forming apparatus according to claim 1. A moving body detection unit for detecting the moving body;
A power state control unit that activates the detection unit when a mobile unit is detected by the mobile unit detection unit;
The image forming apparatus according to claim 5. An image forming system for authenticating a user,
A first authentication unit for performing first authentication;
A second authentication unit for performing second authentication;
A user who is authenticated by both the first authentication and the second authentication is permitted to use the image forming system, and the use is performed by at least one of the first authentication and the second authentication. A device authentication unit for canceling permission of use of the image forming system to the user when authentication of the user is canceled;
An image forming system comprising: An authentication method by an image forming apparatus,
A first authentication step for performing a first authentication;
A second authentication step for performing second authentication;
A user who is authenticated by both the first authentication and the second authentication is permitted to use the image forming apparatus, and the use is performed by at least one of the first authentication and the second authentication. A device authentication step for canceling permission of use of the image forming apparatus to the user when authentication of the user is canceled;
An authentication method that includes: In the computer provided in the image forming apparatus,
A first authentication step for performing a first authentication;
A second authentication step for performing second authentication;
A user who is authenticated by both the first authentication and the second authentication is permitted to use the image forming apparatus, and the use is performed by at least one of the first authentication and the second authentication. A device authentication step for canceling permission of use of the computer to the user when authentication of the user is canceled;
A program for running