JP2002132733A - Electronic equipment, control method therefor, device, method and system for authentication - Google Patents

Abstract

PROBLEM TO BE SOLVED: To speedily perform authenticating processing without impairing operability. SOLUTION: A coping machine 11 transmits the image data of the face of a user picked up by a CCD camera 12 through a LAN 14 to an authentication server 13 together with the identification number of the coping machine 11. The authentication server 13 previously registers the feature amount data of the face of the user for each of ID of respective copy machines 11-1 to 11-N. The authentication server 13 retrieves the transmitted face data of the user out of the face data registered corresponding to the transmitted ID of the coping machine and reports the retrieved result through the LAN 14 to the coping machine 11.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic apparatus, a method of controlling the same, an authentication apparatus and a method thereof, and an authentication system, and more particularly, to enabling easy and reliable authentication of a user of an image forming apparatus. TECHNICAL FIELD The present invention relates to an electronic device and its control method, an authentication device and its method, and an authentication system.

[0002]

2. Description of the Related Art FIG. 1 shows a configuration example of a conventional authentication system. In this configuration example, personal computers 1-1 to 1-N are connected to an authentication server 3 via a network 4. Personal computer 1
-1, personal authentication devices 2-1 to 2-N are connected respectively. The personal authentication devices 2-1 to 2-N read, for example, a fingerprint of the user as authentication data of the user to use, and transmit the fingerprint to the authentication server 3 via the network 4.

The authentication server 3 has, for example, dictionaries A through Z in a dictionary file as shown in FIG. The dictionaries A to Z hold fingerprint data of the users a to z, respectively.

[0004] The authentication server 3 sends an attached personal authentication device 2-1 from each of the personal computers 1-1 to 1-N.
When the fingerprint data read in steps 2-N is transmitted via the network 4, it is determined whether the fingerprint data is fingerprint data registered in advance in the dictionary file. When the fingerprint data transmitted via the network 4 is fingerprint data registered in advance,
The authentication server 3 authenticates that the user is a correct user, and notifies the corresponding personal computer 1-1 to 1-N of the authentication result. If the transmitted fingerprint data is not registered, the authentication server 3 notifies the personal computers 1-1 to 1-N via the network 4 that a correct authentication result has not been obtained.

[0005] In this way, in this authentication system, only users registered in advance can use the personal computers 1-1 to 1-N.

[0006]

As described above, in the conventional authentication system, the authentication server 3 is connected to the corresponding personal authentication device 2 from the personal computers 1-1 to 1-N.
When the fingerprint data read by -1 to 2-N is transmitted, it is necessary to perform an operation of collating with all the fingerprint data registered in advance in the dictionary file. Was.

[0007] Therefore, for example, it is conceivable to make the user input a user ID consisting of four digits and transmit fingerprint data to the authentication server 3 together with the ID.

In this case, the authentication server 3 registers the fingerprint data together with the corresponding ID in the dictionary file, and when the ID and the fingerprint data are transmitted from the network 4,
The authentication process can be completed only by collating with the fingerprint data of the corresponding ID. That is, the authentication server 3
If the transmitted fingerprint data matches the fingerprint data of the corresponding ID, it is determined that a correct authentication result has been obtained; otherwise, it is determined that a correct authentication result has not been obtained. Therefore, only one fingerprint data needs to be compared, and a more rapid authentication process can be performed.

However, in the case of such a system, the user has to input a password every time, and there is a problem that operability is deteriorated.

[0010] The present invention has been made in view of such a situation, and it is an object of the present invention to quickly perform an authentication process without deteriorating operability.

[0011]

According to the present invention, there is provided an electronic apparatus comprising: authentication data capturing means for capturing authentication data of a user; and grouping information for capturing grouping information for grouping the authentication data captured by the authentication data capturing means. Capturing means, transmitting means for transmitting the authentication data captured by the authentication data capturing means, and the grouping information captured by the grouping information capturing means to another device via the network; Control means for receiving the authentication result transmitted via the control unit and controlling the operation.

The authentication data capturing means can capture image data of a user's face or fingerprint data of a finger as authentication data.

The grouping information fetching means can acquire, as the grouping information, an identification number for identifying the electronic device, an IP address or a telephone number of the electronic device on the network, or a time at which the authentication data was transmitted. The identification number may be a manufacturing number added at the time of manufacturing the electronic device, or may be a newly added number.

[0014] An encryption unit for encrypting the authentication data may be further provided, and the transmission unit may transmit the authentication data encrypted by the encryption unit.

This electronic apparatus comprises, for example, the copying machine 11 shown in FIGS. 3 and 13 and the personal computer 81 shown in FIGS. 17 and 22. Further, for example, the authentication data capturing means is constituted by the CCD camera 12 in FIG. 4, the fingerprint reading device 82 in FIGS. 17 and 22, and the like.

For example, the grouping information fetching means includes:
The storage unit 38 shown in FIG. 4 and the storage unit 108 shown in FIG.

The transmitting means is constituted by the communication section 37 shown in FIG. 4 and the communication section 109 shown in FIG. The control means is the CP of FIG.
It is composed of U34 and the CPU 101 of FIG. The encryption means is constituted by, for example, the CPU 34 of FIG.

Further, other devices here include, for example,
Authentication server 13 shown in FIG. 3, FIG. 17, or FIG.
And the network is LAN1 in FIG.
4, the Internet 83 in FIGS. 17 and 22.

In this electronic device, the authentication data and the grouping information are transmitted to another device via the network, and the operation of the electronic device is performed based on the authentication result transmitted from the other device via the network. Controlled.

Therefore, the user does not need to input his / her own ID and the like, which not only improves the operability but also improves the operability.
It is possible to prevent unauthorized use of the electronic device.

According to the control method of the present invention, an authentication data capturing step of capturing authentication data of a user, a grouping information capturing step of capturing grouping information for grouping authentication data captured by the processing of the authentication data capturing step, A transmitting step of transmitting the authentication data captured by the processing of the authentication data capturing step and the grouping information captured by the processing of the grouping information capturing step to another device via the network; And a control step of controlling the operation by receiving the authentication result transmitted through the control unit.

For example, the authentication data capturing step includes:
9 and step S152 in FIG. 20. The grouping information capturing step is as shown in FIG.
Step S63 of FIG. 20 and step S153 of FIG. 20 are performed, and the transmission step is performed by step S64 of FIG.
0, and the control step includes steps S66 to S68 in FIG. 9 and FIG.
Steps S156 to S158.

In this control method as well, the authentication data and the grouping information are transmitted to another device via the network and the authentication result transmitted from the other device via the network, similarly to the electronic device described above. The operation of the electronic device is controlled based on the.

Therefore, as in the case of the above-described electronic device, it is possible to simply and surely prevent an unauthorized reason of the electronic device without deteriorating operability.

[0025] The authentication apparatus of the present invention comprises: holding means for holding authentication data of a user of an electronic device; authentication data capturing means for capturing user authentication data transmitted from the electronic device via a network; Grouping information capturing means for capturing grouping information for grouping authentication data captured by the means; and grouping information capturing authentication data captured by the authentication data capturing means from the authentication data held in the holding means. A search unit for searching based on the grouping information captured by the unit; and a transmission unit for transmitting a search result of the search unit to the electronic device via a network.

The apparatus may further comprise a decryption means for decrypting the encrypted authentication data captured by the authentication data capture means.

[0027] The holding means can hold image data of a user's face or fingerprint data of a finger as authentication data.

The grouping information fetching means can acquire, as the grouping information, an identification number for identifying the electronic device, an IP address on the network of the electronic device, or a telephone number, or a time at which the authentication data is received.

[0029] The grouping information acquiring means can acquire the grouping information via a network.

[0030] The search means may be configured to convert the authentication data fetched by the authentication data fetching means into the authentication data held by the holding means of the first group corresponding to the grouping information fetched by the grouping information fetching means. If it is not possible to search from the authentication data of the second group different from the first group, the authentication data is stored in the storage unit.

[0031] The search means can preferentially select a group corresponding to an electronic device nearest to the first group as a second group.

The electronic device is an image forming apparatus, and the searching means sets a group corresponding to the image forming apparatus arranged on the same floor as the image forming apparatus corresponding to the first group as a second group. Can be preferentially selected.

This authentication device is, for example, shown in FIGS.
Alternatively, it is configured by the authentication server 13 shown in FIG. The network is constituted by the LAN 14 in FIG. 3 and the Internet 83 in FIGS. 17 and 22. The electronic equipment is the copier 11, FIG. 17 and FIG.
And a personal computer 81. For example, the decoding means is configured by the CPU 62 of FIG.

For example, the holding unit is constituted by the registration unit 65 of FIG. 5, the authentication data acquisition unit and the grouping information acquisition unit are constituted by the feature amount extraction unit 66 of FIG. 5, and the search unit is the matching unit 64. Consisting of
The transmission means is constituted by the communication unit 63.

When the grouping information is composed of time, it is possible to obtain the time in the authentication device instead of the time transmitted from the electronic device.

In this authentication apparatus, the authentication data transmitted from the electronic device is searched from the held authentication data based on the grouping information. Then, the search result is transmitted to the electronic device via the network. Therefore, the authentication processing can be performed quickly.

According to the authentication method of the present invention, there are provided a holding step of holding authentication data of a user of an electronic device, an authentication data capturing step of capturing user authentication data transmitted from the electronic device via a network, and an authentication data capturing step. A grouping information capturing step of capturing grouping information for grouping the authentication data captured by the step processing; and an authentication data stored in the processing of the holding step, the authentication data captured by the processing of the authentication data capturing step. A search step for searching based on the grouping information captured by the processing of the grouping information capturing step, and a transmission step of transmitting a search result in the processing of the search step to an electronic device via a network. It is characterized by.

For example, the holding step is constituted by step S34 in FIG. 7, and the authentication data taking step and the grouping information taking step are step S82 in FIG. 10, step S102 in FIG. 11, step S122 in FIG. 21. Step S172 of FIG. 11 is performed.
Step S104 of FIG. 14, step S124 of FIG. 14, FIG.
The transmission step includes steps S86 and S87 in FIG. 10, steps S108 and S109 in FIG. 11, and steps S130 and S in FIG.
131 and steps S178 and S179 in FIG.

In this authentication method, the authentication data transmitted from the electronic device is searched from the stored authentication data based on the grouping information, as in the case of the above-described authentication device, and the search result is obtained. Transmitted to the electronic device via the network. Therefore, it is not necessary to search all the stored authentication data, and quick processing becomes possible.

In the authentication system according to the present invention, the electronic device includes authentication data capturing means for capturing user authentication data, and grouping information capturing means for capturing grouping information for grouping the authentication data captured by the authentication data capturing means. A first transmitting unit for transmitting the authentication data captured by the authentication data capturing unit and the grouping information captured by the grouping information capturing unit to the authentication device via the network; Control means for receiving the authentication result transmitted by the electronic device, and controlling the operation. The authentication device includes: a holding unit for storing authentication data of a user of the electronic device; and an authentication device transmitted from the electronic device via a network. First receiving means for receiving the authentication data of the user; A second receiving unit for receiving the grouping information transmitted through the first receiving unit and the authentication data received by the first receiving unit from the authentication data held in the holding unit by the second receiving unit. A search unit for searching based on the received grouping information, and a second transmission unit for transmitting a search result of the search unit to the electronic device via a network are provided.

This authentication system is, for example, shown in FIGS.
The electronic apparatus includes the authentication system shown in FIG. 3, FIG. 17, or FIG. 22, and the electronic apparatus includes the copying machine 11 in FIG. 3, FIG. 13, and the personal computer 81 in FIG. The authentication device is an authentication server 1
3.

The authentication data taking-in means of the electronic device is constituted by the CCD camera 12 in FIG. 4 and the fingerprint reading device 82 in FIG. 18, and the grouping information taking means is the storage unit 38 in FIG. 4 and the storage unit 108 in FIG. And the first transmitting means includes a communication unit 37 in FIG. 4 and a communication unit 109 in FIG.
The control means includes the CPU 34 of FIG.
Of the CPU 101.

The holding means of the authentication device is the registration unit 65 of FIG.
Wherein the first receiving means and the second receiving means are
The searching unit is configured by the matching unit 64 of FIG. 5, and the second transmitting unit is configured by the communication unit 63 of FIG.
The communication unit 63 is configured.

In this authentication system, in the electronic device, the acquired authentication data and grouping information are
Sent to the authentication device via the network. The authentication device searches the received authentication data from the authentication data stored in advance based on the grouping information, and transmits the search result to the electronic device via the network.

Therefore, it is possible to realize a system capable of easily and surely preventing unauthorized use of an electronic device without deteriorating user's operability.

[0046]

FIG. 3 shows an example of the configuration of an authentication system to which the present invention is applied. In this configuration example, the copying machines 11-1 to 11-N are connected to a LAN (Local Area Network).
k) It is connected to the authentication server 13 via 14. The copiers 11-1 to 11-N each have a CCD camera 12
-1 to 12-N.

In the following, the copying machines 11-1 to 11-N are simply referred to as the copying machines 11 when it is not necessary to distinguish them individually. CCD cameras 12-1 to 12-N,
The same applies to other devices.

FIG. 4 shows an example of the internal configuration of the copying machine 11. The image captured by the CCD camera 12 is amplified by an amplifier 31 and then supplied to an A / D converter 32, where it is A / D converted.

The CPU 34 controls the operation of the copying machine 11 and encrypts the image data captured by the CCD camera 12 based on a user command input from the operation panel 33. The copying unit 35 is controlled by the CPU 34,
A process of reading a document placed on a platen and copying the read image to a sheet is executed. The sensor 36 detects the presence of a user in front of the copying machine 11 and detects
Notify. The communication unit 37 performs a process of communicating with the authentication server 13 via the LAN 14.

The storage unit 38 is composed of a semiconductor memory, and stores an IP address as an address on the LAN 14 as an ID of the copying machine 11 or an identification number (a manufacturing number assigned when the copying machine 11 is manufactured, or (A number added as necessary).

The authentication server 13 is configured, for example, as shown in FIG. The input unit 61 includes a switch, a keyboard, a mouse, and the like, is operated by a user, and outputs a signal corresponding to the operation to the CPU 62. CPU62
Executes various processes corresponding to the input from the input unit 61, in addition to the process of decrypting the encrypted image data transmitted from the copying machine 11. The communication unit 63 is a LAN1
4, and communicates with the copying machine 11.

The feature amount extraction unit 66 executes a process of extracting feature amounts necessary for identifying a user, such as the shapes and positions of eyes, nose, mouth, and ears, from input image data of a face image. I do. The registration unit 65 registers the feature amount extracted by the feature amount extraction unit 66 in the registration mode. The registration unit 65 is composed of, for example, a hard disk or a semiconductor memory. The matching unit 64 performs a matching process between the feature amount extracted by the feature amount extraction unit 66 and the feature amount registered in the registration unit 65 in advance in the normal authentication mode.

In order to use this system, each user needs to register an image of his / her face in advance.

Next, registration processing in the authentication system of FIG. 3 will be described with reference to the flowchart of FIG.

In step S11, the CPU 34 determines whether or not the currently set mode is the registration mode. If the mode is not the registration mode (when the authentication mode is the normal authentication mode), the process ends.

In the registration mode, a serviceman or a predetermined administrator of the copying machine 11 can operate the registration
3 is set by inputting a predetermined password.
Alternatively, the registration mode may be set when a key or the like prepared in advance is attached to a predetermined position.

If the registration mode has been set, the process proceeds to step S12, where the CPU 34 executes a face image capturing process. At this time, the CPU 34 controls the CCD camera 12 to capture an image of the user's face. The image data captured by the CCD camera 12 is amplified by the amplifier 31 and then input to the A / D converter 32. A / D converter 32
Performs A / D conversion of input image data. The CPU 34
The image data is encrypted and output to the communication unit 37.

Next, in step S13, an ID reading process is executed. Specifically, the CPU 34 reads the ID stored in the storage unit 38 and outputs the ID to the communication unit 37.

In step S14, the communication unit 37
The encrypted image data supplied from the CPU 34 and the ID acquired from the storage unit 38 are transmitted to the authentication server 13 via the LAN 14 and a user registration is requested.

Thereafter, as will be described later with reference to the flowchart of FIG. 7, the authentication server 13 executes a user registration process in response to the registration request, and when the registration process is completed, the registration is performed in step S35. You will be notified of completion.

Therefore, in step S15, the CPU 3
4 waits until a registration completion notification is received from the authentication server 13, and when the registration completion notification is received, Step S16
To execute the registration mode release processing.

On the other hand, in the registration mode, the authentication server 13
The registration processing shown in the flowchart of FIG. 7 is executed. In step S31, the CPU 62 of the authentication server 13 determines whether or not a registration request has been received from the copier 11, and if not, ends the processing. If it is determined that registration has been requested from the copying machine 11, the process proceeds to step S32, and the CPU 62 executes the face image capturing process transmitted from the copying machine 11. That is, the CPU 62 decrypts the encrypted image data taken in with the ID from the copying machine 11 via the communication unit 63 and supplies the decrypted image data to the feature amount extraction unit 66.

In step S33, the feature amount extraction unit 6
6 extracts feature amounts of the user's face from the captured face image data. In step S34, when the registration unit 65 receives the feature amount and the ID from the feature amount extraction unit 66 via the matching unit 64, the registration unit 65 registers the feature amount for each ID. In step S35, the CPU 62 notifies the copying machine 11 of the registration completion from the communication unit 63 via the LAN 51.

As described above, the copying machine 11-1 shown in FIG.
The feature amount of the image of the face of each user who uses 11 to N is registered in the registration unit 65 in advance.

FIG. 8 shows an example of a database of a dictionary file of the face data of each user registered in the registration section 65 in this way. In this example, copier 1
One hundred dictionary files 00 to 99 are registered corresponding to the ID of 1. For example, ID = 00 corresponds to the ID of the copying machine 11 in FIG.
-2, and similarly, ID = 98 corresponds to copier 1
The ID = 99 corresponds to the ID of 1- (N-1).
-N corresponding to ID.

Further, for example, in the dictionary file with ID = 00, 100 pieces of facial feature data with dictionary numbers = 0000 to 0099 are registered. The data of the 100 facial features is stored in the copying machine 11 having ID = 00.
It is the data of the user's facial feature amount captured by the CCD camera 12-1. That is, in this example, 100
This means that the data of the facial feature amounts of two users are stored.

Similarly, the facial feature data of 100 users captured by the CCD video camera 12-2 of the copying machine 11-2 is registered in the dictionary file with ID = 01 as dictionary numbers 0100 to 0199. The facial feature data of 100 users captured by the CCD camera 12- (N-1) of the copying machine 11- (N-1) is registered as data of dictionary numbers = 9800 to 9899. And the CCD camera 1 of the copying machine 11-N
The facial feature data of the user captured by 2-N is registered as dictionary number = 9900 to 9999. The number of users registered for each ID is arbitrary.

As described above, the legitimate user registers the feature amount of his / her own face in the registration unit 65 in advance, and thereafter uses the copying machine 11 in the authentication mode.
The original can be copied. The processing in this case will be described with reference to the flowchart in FIG.

In step S61, the CPU 34 monitors the output of the sensor 36 and waits until a user is detected in front of the copying machine 11. If it is determined that the user has been detected from the output of the sensor 36, the process proceeds to step S62,
The CPU 34 controls the CCD camera 12 to photograph the user's face. The image signal of the user's face captured by the CCD camera 12 is amplified by the amplifier 31 and is converted by the A / D converter 3.
After being converted into digital data by 2, the data is encrypted by the CPU 34 and further supplied to the communication unit 37.

In step S 63, the CPU 34 reads out the ID stored in the storage section 38 and supplies the ID to the communication section 37.

In step S64, the CPU 34 stores the encrypted image data in the ID read from the storage unit 38.
At the same time, it controls the communication unit 37 to transmit the image data to the authentication server 13 via the LAN 51, and requests authentication of the image data.

When the copying machine 11 has a feature extracting unit, the feature extracted by each copying machine 11 is encrypted and transmitted to the authentication server 13.

As will be described later with reference to the flowchart of FIG. 10, the authentication server 13 executes an authentication process in response to the authentication request, and outputs the authentication result to step S8.
6, and is notified in the process of S87.

Therefore, in step S65, the CPU 3
4 receives the authentication result from the authentication server 13 via the LAN 51, and determines in step S66 whether or not the authentication result indicates that copying is possible.
If the authentication result does not indicate that copying is possible (indicating that the user has not been registered),
Proceeding to step S67, the CPU 34 displays a message such as "Not available because it has not been registered" on the display unit of the operation panel 33.

On the other hand, if the authentication result indicates that copying is possible (indicating that the user has been registered), the CPU 3 determines in step S68.
Reference numeral 4 denotes a standby state until the start button on the operation panel 33 is operated and a copy start is instructed. When the start is instructed, the copy unit 35 controls the copy unit 35 to execute a copy process.

Next, the authentication processing of the authentication server 13 in the authentication mode will be described with reference to the flowchart of FIG.

In step S81, the CPU 62 waits until an authentication request is received from the copying machine 11, and when the authentication request is received, proceeds to step S82 to execute a process for taking in image data and an ID. That is, the CPU 62
Captures the image data and the ID transmitted from the copier 11 via the communication unit 63, decodes the image data, and outputs the decoded image data to the feature amount extraction unit 66 together with the ID.

In step S83, the feature amount extraction unit 6
6 extracts the face feature amount of the image data supplied from the communication unit 63 and outputs the extracted feature amount to the matching unit 64 together with the ID.

When the feature amount is transmitted from the copying machine 11, the feature amount extraction processing in the authentication server 13 can be omitted.

In step S84, matching unit 6
Reference numeral 4 selects a dictionary file corresponding to the ID (group) supplied from the feature amount extraction unit 66 from the feature amount data registered in the registration unit 65 in advance. For example, when the ID supplied from the feature amount extraction unit 66 is ID = 00,
The dictionary file with ID = 00 is selected. Then, in the matching unit 64, the feature amount of the user that has just been extracted by the feature amount extracting unit 66 matches the feature amount of the user registered in advance in the registration unit 65 selected corresponding to the ID ( (Corresponding). In the case of the example of FIG. 8, ID = 00
The matching unit 64 has registered in advance the feature amounts of the users extracted by the feature amount extracting unit 66 for the 100 users in the dictionary file of. It is compared with the feature quantity to determine whether or not there is a match (whether or not the corresponding feature quantity is registered). The matching unit 64 notifies the CPU 62 of the determination result.

At step S 85, the CPU 62 determines, based on the notification from the matching unit 64, the feature amount of the user's face image that has just been taken in, and registers the feature amount of the user's face image registered in advance in the registration unit 65. It is determined whether or not the amount has been matched, and if not, step S8
In step 6, the communication unit 63 is controlled to notify the copying machine 11 that copying is not permitted (that the user is not a registered user).

On the other hand, if the matching feature amount has been registered in advance, the process proceeds to step S87, where the CPU
Reference numeral 62 causes the copying machine 11 to transmit a notification of permitting copying (a notification that the user is a registered user).

Based on this notification, the processing of step S67 or step S68 in FIG.

According to this example, each user only needs to register his / her own face once, and then copy the registered copying machine.
Thereafter, it can be used.

However, in the above example, it is possible to use the copying machine 11 on which the user has actually performed the registration operation, but cannot use a copying machine which is not used for the registration operation. For example, the copying machine 11 having ID = 00
The user who has performed the registration operation in 1 cannot use the copying machines 11-2 to 11-N with IDs of 01 to 99. Therefore, not only the registered copying machines 11 but also all the copying machines 11 connected on the LAN 14 can be used.

In this case, the authentication server 13 executes, for example, the processing shown in the flowchart of FIG. FIG.
The processing of steps S101 to S109 of the first
This is the same processing as the processing of steps S81 to S87 in FIG. However, in the processing in step S105 corresponding to step S85 in FIG.
If it is determined that the feature amount of the user extracted in step 6 does not match the registered feature amount of the corresponding ID,
In the example of FIG. 10, the non-permission is immediately notified to the copying machine 11 in step S86. However, in the example of FIG. 11, the process proceeds to step S106, where the CPU 62 checks the ID (group ) Is determined. For example, in the example shown in FIG. 8, when it is determined that the feature amount data corresponding to the dictionary file with ID = 00 does not exist, there is a dictionary file with IDs of 01 to 99 that has not been subjected to the matching processing yet.

In this case, the process proceeds to step S107, where the CPU
62 selects the next ID (group). For example, ID =
The dictionary file of ID = 01 obtained by incrementing 00 by 1 is selected here. Thereafter, the process proceeds to step S104, where the matching unit 64 compares the feature amount data just extracted by the feature amount extracting unit 66 with the feature amount data of dictionary numbers 0101 to 0199 registered in the dictionary file with ID = 01. Compare. And the comparison result is the CPU
62 is notified.

In step S105, the CPU 62
Based on the notification from the matching unit 64, it is determined whether or not a match has been made.
Proceeding to 106, it is determined whether or not an ID that has not yet been checked exists.

As described above, for example, as shown in FIG. 12, when there is no matching feature data in the dictionary file corresponding to the ID of the copying machine 11 that has transmitted the authentication request, the ID = 01, 02, 03,. . . 98,
99 and dictionary files having different IDs are sequentially selected. Therefore, the user can use any copier 11 regardless of which copier 11 performs registration.

If it is determined in step S106 that there is no ID that has not been checked, the process proceeds to step S108, and a rejection is notified.

The other processes are the same as those in FIG. 10, and the description is omitted.

In the example of FIG. 11, step S107
In the above process, the new ID is selected by incrementing the ID by one. For example, as shown in FIG. 13, a plurality of copy machines 11 are installed on each of a plurality of floors. If it is, it corresponds to the nearest copying machine 11
IDs can be selected sequentially with priority. FIG. 14 shows the process of the authentication server 13 in this case.

Steps S121 to S in FIG.
The processing of step 131 is basically the same as the processing of steps S101 to S109 of FIG.
In the process of step S126 corresponding to the first step S106, it is determined whether an unchecked ID exists on the same floor.

For example, in the example of FIG.
Copiers 11 and 11-5 with ID numbers 00 and 04 are arranged, and copiers 11-2, 11-4 and 11-7 with ID numbers 01, 03 and 06 are installed on the second floor. On the third floor, a copying machine 11-3, 1 having an ID number of 02, 05, 07
1-6, 11-8 are arranged.

In such a case, for example, as a result of performing an authentication process based on a request from the copying machine 11 with ID number = 00, if it is determined that the data of the corresponding feature amount does not exist, this ID number Since the copying machine 11 = 00 is installed on the first floor, it is determined in step S126 whether another copying machine 11 exists on the same floor, that is, the first floor. If another copier 11 exists on the same floor,
Proceeding to step S127, the CPU 62 selects the ID of the nearest copying machine 11 present on the same floor. In the example of FIG. 13, since the copying machine 11-5 having the ID = 04 is installed, the ID = 04 is selected in step S127.

Then, in step S124, ID =
If the matching process is performed with the dictionary file No. 04, and no match is found, the process proceeds from step S125 to step S1.
Proceeding to 26, it is determined whether an unchecked ID exists on the same floor. In the example of FIG.
IDs no longer checked on the same floor (1st floor)
Does not exist. Therefore, in this case, the process proceeds to step S128, and the CPU 62 determines whether or not there is a floor that has not been checked yet. In the case of the example of FIG. 13, the floors that have not yet been checked exist on the second floor and the third floor.
In this example, the CPU 62 selects the second floor. Then, the process proceeds to step S127, where the CPU 62 selects one ID from the copying machines arranged on the second floor. FIG.
In the case of example 3, since three copying machines 11-2, 11-4, and 11-7 with IDs of 01, 03, and 06 are installed on the second floor, for example, ID = 01 is selected. You.

Thereafter, the same processing is repeated, and even if the IDs of all the copying machines 11 on the second floor are selected, if no matching feature data is found, the copying machines installed on the third floor are further installed. Eleven IDs are selected.

If the dictionary file corresponding to the ID of the copying machine 11 installed on the third floor does not match even if it is searched, it is determined in step S128 that the unchecked floor no longer exists. Step S13
Then, the copying machine 11 is notified of non-permission.

Thus, in this example, as shown in FIG. 15, ID = 00, 04, 01, 03, 06, 0
IDs are sequentially selected in the order of 2,05,07, and matching processing is performed.

Since the user is likely to use the nearest copier on the same floor, incrementing the ID by one completes the user authentication process more quickly than when changing the ID. It becomes possible.

For example, in the example of FIG.
When there is an authentication request from the copier 11-3 of No. 02, as shown in FIG. 16, the authentication server 13 sends the ID = 0, 05, 0 corresponding to the copier installed on the third floor.
7 are sequentially selected, and then the copy machine installed on the second floor is
ID = 01, 03, 06 are sequentially selected, and further, ID = 00, 04 of the copier installed on the first floor are sequentially selected.

FIG. 17 shows another configuration example of the authentication system. In this configuration example, personal computers 81-1 to 81-N are connected to the authentication server 13 via the Internet 83. The personal computers 81-1 to 81-N include a fingerprint reader 82
-1 to 82-N are respectively connected. In the case of this example, the login time to each personal computer 81 is used as data for identifying each personal computer 81.

FIG. 18 shows a configuration example of the personal computer 81. In FIG. 18, the CPU (Central
Processing Unit (101) is a ROM (Read Only Memor
y) In accordance with a program stored in 102 or a program loaded from a storage unit 108 into a RAM (Random Access Memory) 103, various processes including an encryption process are executed. The RAM 103 also stores data necessary for the CPU 101 to execute various types of processing, as appropriate.

CPU 101, ROM 102, and RAM 103
Are connected to each other via a bus 104. An input / output interface 105 is also connected to the bus 104.

The input / output interface 105 includes an input unit 106 including a keyboard and a mouse, a display including a CRT and an LCD, an output unit 107 including a speaker, a storage unit 108 including a hard disk, a modem, a terminal, and the like. A communication unit 10 configured by an adapter or the like and performing communication processing with the Internet 83
9 is connected.

The input / output interface 105 is further connected to a fingerprint reader 82. When the fingerprint reader 82 reads the fingerprint of the user's finger, it
/ D conversion and outputs it to the authentication server 13 as authentication data of the user.

In this authentication system, the personal computer 81 performs the registration processing by the same processing as that shown in the flowchart of FIG. 6. In step S12, the personal computer 81 performs the registration processing of the face image data. Instead, fingerprint data of the user's finger is read by the fingerprint reader 82 and encrypted. Then, in step S13, instead of the ID, the time at which the user logged in is obtained from a timer built in the CPU 101.

In response, the authentication server 13 transmits
In the registration process as shown in (3), fingerprint data capturing process is performed in place of the face image capturing process in step S32, and in step S33, fingerprint data feature value extracting process is performed instead of the face feature value extracting process. . Then, in step S34, the authentication server 13 executes a process of registering fingerprint data at each login time. Thereby, the registration unit 65 of the authentication server 13 stores, for example, FIG.
Is registered.

In the example shown in FIG. 19, fingerprint data for 100 persons whose dictionary numbers are 0000 to 0099 are registered as fingerprint data whose login time is a time in a time zone of 9:00 to 12:00. Similarly, as a dictionary file of a time zone in which the login time is from 18:00 to 21:00, the dictionary file of the dictionary number = 0100 to 0199
Fingerprint data for 0 persons is registered, and fingerprint data for 100 persons with dictionary numbers = 9800 to 9899 are registered as dictionary files in the time zone from 00:00 to 3:00 at the login time. , Login time is 3:
Fingerprint data with dictionary numbers 9900 to 9999 are registered as dictionary files in the time zone from 00 to 6:00.

The time zone to which this login time belongs corresponds to the time zone in which the user uses the personal computer in each country in the world. The login in the time zone from 9:00 to 12:00 is A login from a Japanese user is determined. A login during the period from 18:00 to 21:00 is determined to be a login from a user in the United States. A login during the period from 0:00 to 3:00 is determined by a user in the United Kingdom. Is determined to be a login from
The login during the time period from 00 to 6:00 is determined to be a login from Moscow, Russia.

Next, the login process of the personal computer 81 will be described with reference to the flowchart of FIG. In step S151, the CPU 101 of the personal computer 81 waits until a login is instructed by the user. When the login is instructed, the process proceeds to step S152, in which the CPU 101
2 to execute a process of capturing fingerprint data.
That is, the user presses a finger against the fingerprint reader 82 to read his / her own fingerprint. The CPU 101 stores the fingerprint data read by the fingerprint reader 82 in a RAM.
103, temporarily store and encrypt.

Next, the process proceeds to step S153, where the CPU 10
1 fetches a login time from a built-in timer. In step S154, the CPU 101 determines in step S1
50 and the encrypted fingerprint data,
The login time acquired in 153 is transmitted to the authentication server 13 via the communication unit 109. At this time, CP
U101 requests the authentication server 13 to perform fingerprint data authentication processing.

In response to the request, the authentication server 13
Step S178 or step S1 in FIG.
Since the authentication result is notified in the process of 79, the CPU 101 receives the authentication result from the authentication server 13 via the communication unit 109 in step S 155.

At step S156, the CPU 101
Determines whether the received authentication result indicates that the login is permitted, and if not, the process proceeds to step S
Proceeding to 157, the CPU 101
Display a message on the CD indicating that login is not allowed.

On the other hand, when it is notified that the login is possible, the process proceeds to step S158, and the CPU proceeds to step S158.
101 executes a process of permitting login.

On the other hand, in response to the authentication request from the personal computer 81, the authentication server 13 executes a process as shown in the flowchart of FIG. The processing in steps S171 to S179 in FIG. 21 is basically the same as the processing in steps S101 to S109 in FIG. However, fingerprint data and time are used in FIG. 21 instead of the face image data and ID in FIG.

Then, the matching section 64 determines in step S
If it is determined at 175 that the corresponding fingerprint data is not registered in the dictionary file of the time zone corresponding to the login time transmitted from the personal computer 81, at step S176 the time zone (group ) Exists or not,
If there is, the process proceeds to step S177, and the next login time zone (group) is selected. Then, the process returns to step S174, where the fingerprint data matching process is executed again.

As described above, the matching process is performed based on the dictionary files grouped for each login time slot. If it is determined in step S176 that the time zones corresponding to all the login times have been checked, in step S178, the non-permission is notified to the personal computer 81. Other processes are the same as those in FIG.

Since the same user is highly likely to log in during the same time period, the authentication process can be quickly performed in this example as well.

In the above description, the fingerprint data is grouped for each time zone of the log-in time. However, other grouping information for grouping includes, for example,
As shown in FIG. 20, each personal computer 8
It is possible to use the telephone number to which 1 is connected.

In the example of FIG. 22, personal computers 81-1 to 81-N each have a telephone number = 0.
001 to 9999. Therefore, in this example, a telephone number is used as grouping information instead of the above-described IP address and identification number.

In the above description, face image data or fingerprint data is used as authentication data for identifying a user. In addition, biometric information such as a blood vessel pattern of a user's eyeball and a voice print is used as authentication data. It is also possible to use as.

In this specification, the step of describing a program recorded on a recording medium may be performed not only in chronological order but also in chronological order in the order described. This also includes processing executed in parallel or individually.

In this specification, a system is
It represents the entire device composed of a plurality of devices.

[0125]

As described above, according to the present invention, it is possible to easily and quickly perform an authentication process of an apparatus without impairing operability.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating a configuration example of a conventional authentication system.

FIG. 2 is a diagram illustrating a dictionary file of the authentication server in FIG. 1;

FIG. 3 is a diagram showing a configuration example of an authentication system to which the present invention is applied.

FIG. 4 is a block diagram illustrating a configuration example of a copying machine in the authentication system of FIG. 3;

FIG. 5 is a block diagram illustrating a configuration example of an authentication server in the authentication system of FIG. 3;

FIG. 6 is a flowchart illustrating a registration process of a copying machine in the authentication system of FIG. 3;

FIG. 7 is a flowchart illustrating registration processing of an authentication server in the authentication system of FIG. 3;

8 is a diagram showing an example of a dictionary file registered in a registration unit of the authentication server in FIG.

FIG. 9 is a flowchart illustrating a copy process of a copying machine in the authentication system of FIG. 3;

FIG. 10 is a flowchart illustrating an authentication process of an authentication server in the authentication system of FIG. 3;

FIG. 11 is a flowchart illustrating another authentication process of the authentication server of the authentication system in FIG. 3;

FIG. 12 is a diagram for explaining the processing in steps S106 and S107 in FIG. 11;

FIG. 13 is a diagram showing another configuration example of the authentication system to which the present invention is applied.

FIG. 14 is a flowchart illustrating a process of an authentication server of the authentication system of FIG. 13;

FIG. 15 is a diagram for explaining the processing of steps S126 to S129 of FIG. 12;

FIG. 16 is a diagram for explaining the processing in steps S126 to S129 of FIG. 12;

FIG. 17 is a diagram showing still another configuration example of the authentication system to which the present invention is applied.

18 is a block diagram illustrating a configuration example of a personal computer in the authentication system of FIG.

19 is a diagram illustrating a dictionary file registered in an authentication server in the authentication system of FIG.

FIG. 20 is a flowchart illustrating a login process of a personal computer in the authentication system of FIG. 17;

FIG. 21 is a flowchart illustrating an authentication process of an authentication server in the authentication system of FIG. 17;

FIG. 22 is a diagram showing another configuration example of the authentication system to which the present invention is applied.

[Explanation of symbols]

 11-1 to 11-N Copier 12-1 to 12-N CCD Camera 13 Authentication Server 14 LAN 65 Registration Unit

 ────────────────────────────────────────────────── ─── Continuation of the front page (72) Inventor Yoshinori Yamaguchi 801 Minami-Fudo-do, Higashi-iri, Horikawa, Shiokoji-dori, Shimogyo-ku, Kyoto F-term in Omron Co., Ltd. 5B085 AE23 AE25 BG07 5J104 AA07 KA01 KA02 KA16 MA02 NA36 NA38 PA07

Claims (15)

[Claims] 1. An authentication data capturing means for capturing user authentication data; a grouping information capturing means for capturing grouping information for grouping the authentication data captured by the authentication data capturing means; and the authentication data capturing means. Transmitting means for transmitting the authentication data captured by the above and the grouping information captured by the grouping information capturing means to another device via a network, and transmitting from the other device via the network An electronic device, comprising: a control unit that receives an authentication result obtained and controls an operation. 2. The electronic device according to claim 1, wherein the authentication data capturing unit captures image data of a face of the user or fingerprint data of a finger as the authentication data. 3. The grouping information fetching means transmits, as the grouping information, an identification number for identifying the electronic device, an IP address of the electronic device on the network, or a telephone number, or the authentication data. The electronic device according to claim 1, wherein a time is acquired. 4. The apparatus according to claim 1, further comprising an encryption unit for encrypting the authentication data, wherein the transmission unit transmits the authentication data encrypted by the encryption unit.
The electronic device according to 2 or 3. 5. A control method for controlling operation of an electronic device, comprising: an authentication data capturing step of capturing user authentication data; and grouping information for grouping the authentication data captured by the processing of the authentication data capturing step. A grouping information capturing step of capturing, the authentication data captured by the processing of the authentication data capturing step, and the grouping information captured by the processing of the grouping information capturing step, to another device via a network. A control method comprising: a transmitting step of transmitting; and a control step of receiving an authentication result transmitted from the another device via the network and controlling an operation. 6. An authentication device for authenticating a user of an electronic device connected via a network, comprising: a holding unit for holding authentication data of a user of the electronic device; and an authentication device transmitted from the electronic device via the network. Authentication data capturing means for capturing authentication data of the user, grouping information capturing means for capturing grouping information for grouping the authentication data captured by the authentication data capturing means, and capturing by the authentication data capturing means. Searching means for searching the obtained authentication data from the authentication data held in the holding means on the basis of the grouping information fetched by the grouping information fetching means; and a search result of the searching means. Sending to the electronic device via the network Authentication apparatus characterized by comprising a signal means. 7. The authentication apparatus according to claim 6, further comprising a decrypting unit that decrypts the encrypted authentication data captured by the authentication data capturing unit. 8. The authentication apparatus according to claim 6, wherein the holding unit holds, as the authentication data, image data of a face of the user or fingerprint data of a finger. 9. The grouping information receiving means receives, as the grouping information, an identification number for identifying the electronic device, an IP address of the electronic device on the network, or a telephone number, or the authentication data. The authentication device according to claim 6, 7 or 8, wherein a time is acquired. 10. The grouping information capturing means,
The authentication device according to claim 6, wherein the grouping information is obtained via the network. 11. The search unit stores the authentication data fetched by the authentication data fetching unit in the first group corresponding to the grouping information fetched by the grouping information fetching unit. If the search is not possible from the authentication data stored in the storage unit, the search is performed from the authentication data stored in the storage unit in a second group different from the first group. The authentication device according to any one of claims 6 to 10. 12. The authentication according to claim 11, wherein the search unit preferentially selects a group corresponding to the electronic device nearest to the first group as the second group. apparatus. 13. The electronic apparatus is an image forming apparatus, and the search unit is configured to search for a group corresponding to the image forming apparatus which is arranged on the same floor as the image forming apparatus corresponding to the first group. 13. The authentication apparatus according to claim 12, wherein the first group is preferentially selected as the second group. 14. An authentication method for an authentication device that authenticates an electronic device connected via a network, wherein: a holding step for holding authentication data of a user of the electronic device; and a transmission from the electronic device via the network. An authentication data capturing step of capturing the authentication data of the user that has been performed; a grouping information capturing step of capturing grouping information for grouping the authentication data captured by the processing of the authentication data capturing step; A search step of searching the authentication data captured by the processing of the step from the authentication data stored in the processing of the holding step based on the grouping information captured by the processing of the grouping information capturing step And the search step Authentication method comprising a transmission step of transmitting the search result in the process of up to the electronic device via the network. 15. An authentication system comprising an electronic device mutually connected via a network and an authentication device for authenticating a user of the electronic device, wherein the electronic device captures authentication data of the user. Means, grouping information capturing means for capturing grouping information for grouping the authentication data captured by the authentication data capturing means, the authentication data captured by the authentication data capturing means, and the grouping information capturing First transmitting means for transmitting the grouping information fetched by the means to the authentication device via the network, receiving an authentication result transmitted from the authentication device via the network, Control means for controlling the electronic device. Holding means for holding the authentication data of the user, first receiving means for receiving the authentication data of the user transmitted from the electronic device via the network, and transmission from the electronic device via the network. A second receiving unit for receiving the grouping information that has been obtained, and a second receiving unit that receives the authentication data received by the first receiving unit from the authentication data held in the holding unit. A search unit for searching based on the grouping information received by the unit; and a second transmission unit for transmitting a search result of the search unit to the electronic device via the network. Authentication system.