JP2015170192A - Information processing device, information processing system and control program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve security to the use of an information processing device.SOLUTION: An information processing device for allowing a user authenticated according to a predetermined authentication system to use the device includes an operation instruction reception part for receiving an operation instruction from a user authenticated according to the predetermined authentication system, a use environment information acquisition part for acquiring use environment information showing the use environment of an information processing device when receiving the operation instruction, an unauthorized operation determination part for determining whether the received operation instruction is an unauthorized operation on the basis of the acquired use environment information, and a fraudulence prevention processing part for performing processing for preventing the information processing device from being unauthorizedly used in the case that the operation instruction is determined to be an unauthorized operation.

Description

  The present invention relates to an information processing apparatus, an information processing system, and a control program, and more particularly, to processing that takes security into consideration for use of the information processing apparatus.

  In an information processing apparatus that performs data processing, in order to prevent a malicious user from operating the apparatus illegally, when the user uses the information processing apparatus, the user authority is entered by inputting a user ID, a password, and the like. User authentication processing is performed to authenticate that there is.

  However, if a malicious user steals a password or acquires a password due to information leakage, the malicious user is authenticated using the password illegally, and the information processing apparatus can be used. Therefore, there are cases where such user authentication processing alone is insufficient in terms of security.

  In order to solve such a problem, when the access time to the server (information processing apparatus) exceeds a predetermined value, authentication data different from the authentication data used for using the server is provided. There has been proposed a method for re-authenticating a user (see, for example, Patent Document 1).

  However, in the technique disclosed in Patent Document 1, re-authentication is performed only when the access time to the information processing apparatus exceeds a predetermined value, so that the user who has made unauthorized access is informed for a short time. When a processing device is used, an unauthorized operation or the like cannot be prevented, and security is still insufficient.

  The present invention has been made to solve such a problem, and an object of the present invention is to improve security with respect to use of an information processing apparatus.

  In order to solve the above-described problem, an aspect of the present invention is an information processing apparatus that permits a user who has been authenticated in accordance with a predetermined authentication scheme to use the apparatus, wherein the predetermined authentication scheme is An operation command receiving unit that receives an operation command from a user who has been authenticated according to the method, a use environment information acquiring unit that acquires use environment information indicating a use environment of the information processing apparatus when the operation command is received, and Based on the use environment information, an unauthorized operation determination unit that determines whether the received operation command is an unauthorized operation, and the information processing when the operation command is determined to be an unauthorized operation. And a fraud prevention processing unit that performs processing for preventing unauthorized use of the apparatus.

  ADVANTAGE OF THE INVENTION According to this invention, the security with respect to utilization of information processing apparatus can be improved.

It is a figure which shows the operation | use form of the image processing system which concerns on embodiment of this invention. It is a block diagram which shows the hardware constitutions of the image processing apparatus which concerns on embodiment of this invention. It is a block diagram which shows the function structure of the image processing apparatus which concerns on this embodiment of this invention. It is a block diagram which shows the function structure of the main-control part which concerns on the 1st Embodiment of this invention. It is a flowchart which shows the operation | movement which concerns on prevention of unauthorized use by the main-control part which concerns on the 1st Embodiment of this invention. It is a figure which shows the example of the information stored in user DB which concerns on embodiment of this invention. It is a figure which illustrates the occupancy management information stored in the management server which concerns on embodiment of this invention. It is a figure which shows the table with which usage environment information and conditions which concern on embodiment of this invention were linked | related. It is a figure which shows the aspect of the face authentication process which concerns on embodiment of this invention. It is a figure which illustrates the table with which the authentication method which concerns on embodiment of this invention and the fraud degree were linked | related. It is a block diagram which shows the function structure of the main-control part 130 which concerns on the 2nd Embodiment of this invention. It is a figure which illustrates the aspect of the information addition process which concerns on the 2nd Embodiment of this invention. It is a block diagram which shows the function structure of the main-control part which concerns on the 3rd Embodiment of this invention. It is a figure which illustrates job history information stored in job history DB concerning a 3rd embodiment of the present invention. It is a figure which shows the example of the information stored in user DB which concerns on embodiment of this invention. It is a block diagram which illustrates the function structure of the main control part which concerns on the 4th Embodiment of this invention. It is a figure which illustrates the unauthorized use information stored in the unauthorized use DB which concerns on the 4th Embodiment of this invention. It is a flowchart which shows the process of each structure part which concerns on the 4th Embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the present embodiment, an example of an information processing apparatus that performs data processing is an image processing apparatus. A user who is authenticated by a predetermined authentication method is permitted to use the image processing apparatus, and a PC (Personal Computer). A system for operating the image processing apparatus via the client terminal or the display panel of the image processing apparatus will be described.

  FIG. 1 is a diagram illustrating an example of an operation mode of the image processing system according to the present embodiment. As shown in FIG. 1, the image processing system according to this embodiment includes n image processing apparatuses 1-1 to 1-n (n is an integer equal to or greater than 1. Hereinafter, “image processing apparatus 1” is generally referred to). The client terminal 2 and the management server 3 are connected via a network such as the Internet or a LAN (Local Area Network).

  The image processing apparatus 1 is an MFP (Multi Function Peripheral) that can be used as a printer, a facsimile, a scanner, and a copier by providing an imaging function, an image forming function, a communication function, and the like. The client terminal 2 is an information processing terminal operated by a user, and is realized by an information processing apparatus such as a PC. The client terminal 2 according to the present embodiment generates, for example, a print job in response to a user operation, and causes the image processing apparatus 1 to execute image forming output via a network. 1 to send. The management server 3 manages various types of information such as information such as IP (Internet Protocol) addresses of n image processing apparatuses and information regarding installation locations of the image processing apparatuses.

  Next, hardware constituting each device of the image processing apparatus 1, the client terminal 2, and the management server 3 included in the image processing system according to the present embodiment will be described. FIG. 2 is a block diagram illustrating a hardware configuration of the image processing apparatus 1 according to the present embodiment. Although FIG. 2 shows the hardware configuration of the image processing apparatus 1, the same applies to other apparatuses.

  As shown in FIG. 2, the image processing apparatus 1 according to the present embodiment has the same configuration as an information processing apparatus such as a general PC (Personal Computer) or a server. That is, the image processing apparatus 1 according to this embodiment includes a CPU (Central Processing Unit) 10, a RAM (Random Access Memory) 20, a ROM (Read Only Memory) 30, an HDD (Hard Disk Drive) 40, and an I / F 50. 80 is connected. Further, an LCD (Liquid Crystal Display) 60 and an operation unit 70 are connected to the I / F 50.

  The CPU 10 is a calculation unit and controls the operation of the entire image processing apparatus 1. The RAM 20 is a volatile storage medium capable of reading and writing information at high speed, and is used as a work area when the CPU 10 processes information. The ROM 30 is a read-only nonvolatile storage medium and stores a program such as firmware. The HDD 40 is a non-volatile storage medium that can read and write information, and stores an OS (Operating System), various control programs, application programs, and the like.

  The I / F 50 connects and controls the bus 80 and various hardware and networks. The LCD 60 is a visual user interface for the user to check the state of the image processing apparatus 1. The operation unit 70 is a user interface for a user to input information to the image processing apparatus 1 such as a keyboard, a mouse, various hard buttons, and a touch panel. When the management server 3 is operated as a server, these user interface devices can be omitted.

  In such a hardware configuration, the software control unit is configured by the CPU 10 performing calculations in accordance with a program stored in the ROM 30 or a program read into the RAM 20. Functional blocks for realizing the functions of the image processing apparatus 1, the client terminal 2, and the management server 3 included in the image processing system according to the present embodiment by combining the software control unit configured as described above and hardware. Composed.

  Next, functions of the image processing apparatus 1 according to the present embodiment will be described. FIG. 3 is a block diagram showing a functional configuration of the image processing apparatus 1 according to the present embodiment. As shown in FIG. 3, the image processing apparatus 1 according to the present embodiment includes a controller 100, an ADF (Auto Document Feeder) 110, a scanner unit 111, a paper discharge tray 112, a display panel 113, and a paper feed table. 114, a print engine 115, a paper discharge tray 116, a network I / F 117, and a near field communication I / F 118.

  The controller 100 includes a main control unit 130, an engine control unit 101, an input / output control unit 102, an image processing unit 103, and an operation display control unit 104. As shown in FIG. 3, the image processing apparatus 1 according to the present embodiment is configured as a multifunction machine having a scanner unit 111 and a print engine 115. In FIG. 3, the electrical connection is indicated by solid arrows, and the flow of paper is indicated by broken arrows.

  The display panel 113 is an output interface that visually displays the state of the image processing apparatus 1, and an input when the user directly operates the image processing apparatus 1 or inputs information to the image processing apparatus 1 as a touch panel. It is also an interface (operation unit). The network I / F 117 is an interface for the image processing apparatus 1 to communicate with other devices such as an administrator terminal via the network, and an interface such as Ethernet (registered trademark) or USB is used.

  The short-range communication I / F 118 is an interface for the image processing apparatus 1 to communicate with other devices by short-range wireless communication, such as Bluetooth (registered trademark), Wi-Fi (Wireless Fidelity), FeliCa (registered trademark), and the like. The interface is used.

  The controller 100 is configured by a combination of software and hardware. Specifically, a software control unit and an integrated circuit configured by loading a control program such as firmware stored in a non-volatile storage medium such as the ROM 30 or the HDD 40 into the RAM 20 and performing an operation by the CPU 10 according to the program. The controller 100 is configured by hardware such as the above. The controller 100 functions as a control unit that controls the entire image processing apparatus 1.

  The main control unit 130 plays a role of controlling each unit included in the controller 100 and gives a command to each unit of the controller 100. The engine control unit 101 serves as a driving unit that controls or drives the print engine 115, the scanner unit 111, and the like. The input / output control unit 102 inputs signals and commands input via the network I / F 117 and the short-range communication I / F 118 to the main control unit 130. The main control unit 130 also controls the input / output control unit 102 to access other devices via the network I / F 117, the near field communication I / F 118, and the network.

  The image processing unit 103 generates drawing information based on image information to be printed out under the control of the main control unit 130. The drawing information is information for drawing an image to be formed in the image forming operation by the print engine 115 as an image forming unit. The image processing unit 103 processes image data input from the scanner unit 111 and generates image data. This image data is information stored in the image processing apparatus 1 as a result of the scanner operation or transmitted to another device via the network I / F 117 or the short-range communication I / F 118. The operation display control unit 104 displays information on the display panel 113 or notifies the main control unit 130 of information input via the display panel 113.

  When the image processing apparatus 1 operates as a printer, first, the input / output control unit 102 receives a print job via the network I / F 117. The input / output control unit 102 transfers the received print job to the main control unit 130. When receiving the print job, the main control unit 130 controls the image processing unit 103 to generate drawing information based on document information or image information included in the print job. When drawing information is generated by the image processing unit 103, the engine control unit 101 executes image formation on a sheet conveyed from the paper feed table 114 based on the generated drawing information. As a specific mode of the print engine 115, an image forming mechanism using an ink jet method, an image forming mechanism using an electrophotographic method, or the like can be used. A document on which an image is formed by the print engine 115 is discharged to a discharge tray 116.

  When the image processing apparatus 1 operates as a scanner, the operation display control unit 104 or input / output control is performed in accordance with a user operation on the display panel 113 or a scan execution instruction input from an external device via the network I / F 117. The unit 102 transfers the scan execution signal to the main control unit 130. The main control unit 130 controls the engine control unit 101 based on the received scan execution signal. The engine control unit 101 drives the ADF 110 and conveys the document to be imaged set on the ADF 110 to the scanner unit 111. Further, the engine control unit 101 drives the scanner unit 111 and images a document conveyed from the ADF 110. If no original is set on the ADF 110 and the original is directly set on the scanner unit 111, the scanner unit 111 captures the set original under the control of the engine control unit 101. That is, the scanner unit 111 operates as an imaging unit.

  In the imaging operation, an imaging element such as a CCD included in the scanner unit 111 optically scans the document, and imaging information based on the optical information is generated. The engine control unit 101 transfers the imaging information generated by the scanner unit 111 to the image processing unit 103. The image processing unit 103 generates image information based on the imaging information received from the engine control unit 101 under the control of the main control unit 130. Image information generated by the image processing unit 103 is stored in a storage medium attached to the image processing apparatus 1 such as the HDD 40. The image information generated by the image processing unit 103 is stored in the HDD 40 or the like as it is according to a user instruction, or is transmitted to an external device by the input / output control unit 102 via the network I / F 117 and the short-range communication I / F 118. Sent.

  Further, when the image processing apparatus 1 operates as a copying machine, the image processing unit 103 generates drawing information based on imaging information received from the scanner unit 111 by the engine control unit 101 or image information generated by the image processing unit 103. To do. Based on the drawing information, the engine control unit 101 drives the print engine 115 as in the case of the printer operation.

  In such a system configuration, in the image processing system according to the present embodiment, when a user authenticated by a predetermined authentication method operates the image processing apparatus 1, this operation is performed by an unauthorized user. It is determined whether or not there is an operation by an unauthorized user, and processing for preventing unauthorized use is performed. Hereinafter, first, as a configuration according to the first embodiment of the present invention, a functional configuration related to prevention of unauthorized use among the functions of the main control unit 130 according to the first embodiment will be described.

  FIG. 4 is a block diagram illustrating a functional configuration related to prevention of unauthorized use among the functions of the main control unit 130 according to the first embodiment of the present invention. FIG. 5 is a flowchart illustrating an operation related to prevention of unauthorized use by the main control unit 130 according to the first embodiment. As shown in FIG. 4, the main control unit 130 according to the first embodiment includes an authentication processing unit 131, a user DB 132, a job reception unit 133, a use environment information acquisition unit 134, an unauthorized operation determination unit 135, and a re-authentication processing unit. 136 and a job processing unit 137.

  In the main control unit 130 according to the first embodiment, as illustrated in FIG. 5, first, the authentication processing unit 131 is predetermined based on the input user information and information stored in the user DB 132. User authentication processing is performed by the authentication method (S500).

  The user DB 132 is a storage medium that stores information used for user authentication processing. FIG. 6 shows an example of information stored in the user DB 132. As shown in FIG. 6, the user DB 132 has a table configuration in which, for example, information of “user ID”, “authentication information”, and “re-authentication information” is associated.

  “User ID” is an identifier for identifying a user of the image processing apparatus 1. “Authentication information” is information used for user authentication processing for the user to use the image processing apparatus 1. For example, when authentication using a user ID and a password is used as a predetermined authentication method, the “authentication information” is a password. “Re-authentication information” is information used when performing re-authentication processing. Details of the “re-authentication information” and the re-authentication process will be described later.

  For example, when authentication using a user ID and password is used as a predetermined authentication method, an authentication screen for prompting input of the user ID and password is displayed on the display panel 113 or the like. The authentication processing unit 131 acquires the user ID and password input via the authentication screen displayed on the display panel 113 or the like. Then, the authentication processing unit 131 refers to the user DB 132 and authenticates the user when “authentication information” (here, a password) associated with the acquired user ID matches the acquired password.

  If the user authentication fails (S501 / NO), the authentication processing unit 131 performs the user authentication process again based on the user information input again (S500). If the user cancels the authentication (for example, presses the “cancel” button included in the authentication screen) or if the user authentication fails for a predetermined number of times, the authentication processing unit 131 performs the processing. You may make it complete | finish.

  On the other hand, when the user authentication is successful (S501 / YES), the job receiving unit 133 receives a job input via the display panel 113 or the client terminal 2 (S502). The job is an operation command for causing the image processing apparatus 1 to perform processing. For example, the job is a print job indicating a print command, a copy job indicating a copy command, a scan job indicating a scan command, or a fax job indicating a fax command. . That is, the job reception unit 133 functions as an operation command reception unit that receives an operation command.

  Further, the job reception unit 133 outputs the received job to the job processing unit 137 and notifies the use environment information acquisition unit 134 that the job has been received. If the job is a print job, the job reception unit 133 receives a print job transmitted from the client terminal 2 or the like by the user before the user authentication processing, and then performs user authentication processing by the authentication processing unit 131. When the user authentication process is successful, a process related to determination of an unauthorized operation thereafter may be performed.

  The usage environment information acquisition unit 134 acquires usage environment information indicating the usage environment of the image processing apparatus 1 when a job is received by the job reception unit 133 (S503). Specifically, for example, the usage environment information indicates timing information indicating the timing (time, date, day of the week, etc.) when the image processing apparatus 1 receives a job, and the location where the image processing apparatus 1 that received the job is installed. Installation location information and the number of people present when a job is received at a location where the image processing apparatus 1 that received the job is installed. In other words, the usage environment information indicates an external environmental situation when the image processing apparatus 1 receives a job. It is assumed that which information the usage environment information acquisition unit 134 acquires as usage environment information is set in advance by the administrator of the image processing apparatus 1 or the like.

  When the use environment information indicates the timing when the job is received, the use environment information acquisition unit 134 acquires the time, date, day of week, etc., when the job is received, for example, using a clock or calendar built in the image processing apparatus 1. . In addition, when the usage environment information indicates the installation location of the image processing apparatus 1 that received the job, the usage environment information acquisition unit 134 manages, for example, a management information base (MIB) included in the management server 3 or the like. It is acquired from the installation location information of the image processing apparatus 1 being used.

  In addition, when the usage environment information is the number of people present when the job is received at the place where the image processing apparatus 1 that received the job is installed, the usage environment information acquisition unit 134, for example, the management server 3 or the like. The number of people in the room where the image processing apparatus 1 is installed is acquired from the room management information of each room included.

  FIG. 7 is a diagram exemplifying occupancy management information stored in the management server 3 or the like. As shown in FIG. 7, the occupancy management information is on the floor where the image processing apparatus 1 is installed (for example, the floor and direction, “3N” means “north side of the third floor”). This is information in which each room number and the current number of people in each room are managed in real time. The number of people present may be the number of people in the entire building calculated from the number of people in all the rooms of the building in which the image processing apparatus 1 is installed.

  Based on the usage environment information acquired by the usage environment information acquisition unit 134, the unauthorized operation determination unit 135 determines whether the operation command that is a job received by the job reception unit 133 is an illegal operation ( S504). The unauthorized operation is, for example, an operation on the image processing apparatus 1 performed by a malicious user who has been obtained by stealing another user's password and has been unauthorized and authenticated.

  Specifically, the unauthorized operation determination unit 135 determines that the operation command that is a job received by the job reception unit 133 is likely to be an unauthorized operation when the usage environment information satisfies a predetermined condition. To do. Hereinafter, “determining that the operation command is likely to be an illegal operation” is described as “determining that the operation command is an illegal operation”. For example, when the image processing apparatus 1 is installed in an office, it is popular around the image processing apparatus 1 at the time of late night, Friday (many people come home early), Saturday, Sunday, consecutive holidays, and summer vacation. There is little possibility that a malicious user performs an unauthorized operation of the image processing apparatus 1.

  Therefore, for example, the usage environment information indicates the time when the job is received, and the usage environment information acquisition unit 134 acquires the job when the predetermined condition is 22:00 to 7 o'clock as shown in FIG. When the usage environment information is “23:00”, the unauthorized operation determination unit 135 determines that the operation command received by the job reception unit 133 is an unauthorized operation.

  Further, for example, when the use environment information indicates a date when the job is received, the unauthorized operation determination unit 135 sets a predetermined condition from August 12 to August 15 (for example, summer vacation) as illustrated in FIG. If the usage environment information indicates the day of the week on which the job is received, as shown in FIG. 8, the predetermined processing is performed on Friday, Saturday, and Sunday.

  Further, for example, when the image processing apparatus 1 is installed on a floor that is not easily noticeable, there is a high possibility that a malicious user performs an unauthorized operation of the image processing apparatus 1. Therefore, for example, when the usage environment information indicates the installation location of the image processing apparatus 1 and the predetermined conditions are 3N, 4N, and 5N as shown in FIG. When the acquired use environment information is “3N”, the unauthorized operation determination unit 135 determines that the operation command received by the job reception unit 133 is an unauthorized operation.

  Further, for example, when there are few people in the room where the image processing apparatus 1 is installed or in the building, the popularity of the image processing apparatus 1 is low, and a malicious user performs an unauthorized operation of the image processing apparatus 1. Is likely to do. Therefore, for example, when the usage environment information indicates the number of people present at the installation location of the image processing apparatus 1 and the predetermined condition is less than 5 as shown in FIG. When the usage environment information acquired by the acquisition unit 134 is “three people”, the unauthorized operation determination unit 135 determines that the operation command received by the job reception unit 133 is an unauthorized operation.

  When it is determined that the operation command received by the job receiving unit 133 is an illegal operation (YES in S504), the re-authentication processing unit 136 is based on the input user information and information stored in the user DB 132. Then, the user re-authentication process is performed by an authentication method different from the authentication method used in the authentication processing unit 131 (S505).

  For example, when authentication using a password (second password) different from the authentication method used in the authentication processing unit 131 is used as the re-authentication method, the “re-authentication information” is the second password. In this case, an authentication screen prompting the user ID and the second password to be input is displayed on the display panel 113 or the like.

  The re-authentication processing unit 136 acquires the user ID and the second password input via the authentication screen displayed on the display panel 113 or the like. The re-authentication processing unit 136 refers to the user DB 132 and authenticates the user when “re-authentication information” associated with the acquired user ID matches the acquired second password.

  If the user re-authentication fails (S506 / NO), the re-authentication processing unit 136 performs the user re-authentication process again based on the user information input again (S505). As in the case of the authentication process, when the authentication cancellation process is performed by the user, or when the user re-authentication has failed a predetermined number of times, the re-authentication processing unit 136 may end the process. Good.

  On the other hand, when it is determined that the operation command received by the job receiving unit 133 is not an unauthorized operation (S504 / NO), or when the user re-authentication is successful (S506 / YES), the job processing unit 137 The job (operation instruction) input from the unit 133 is executed (S507). For example, when the job input from the job reception unit 133 is a print job, the job processing unit 137 controls the engine control unit 101 to execute print processing. That is, the job processing unit 137 functions as an operation command processing unit that performs processing based on an operation command.

  As described above, in the image processing system according to the first embodiment, based on use environment information of the image processing apparatus 1 when an operation command from a user authenticated by a predetermined authentication method is received. , It is determined whether or not the received operation command is an unauthorized operation, and if it is determined to be an unauthorized operation, re-authentication processing is performed using an authentication method different from a predetermined authentication method, and re-authentication is performed. If so, execute the operation command. As a result, when the malicious user is in an environment where it is easy to perform an unauthorized operation on the image processing apparatus 1, the user is re-established using a method different from the user authentication performed to use the image processing apparatus 1. When the authentication process is performed and re-authentication fails, the operation command is not executed, and unauthorized use can be prevented. Therefore, it is possible to improve security for the use of the information processing apparatus such as the image processing apparatus 1. .

  In the present embodiment, the case where the second password is used as the authentication method used for the re-authentication process has been described as an example. However, this is only an example, and biometric authentication such as face authentication and fingerprint authentication may be used, or card authentication using an IC (Integrated Circuit) card or the like, or a mobile terminal such as a user's mobile phone may be used. Terminal authentication by transmitting user information via the short-range communication I / F 118 by approaching the Felica reader of the image processing apparatus 1 may be used.

  FIG. 9 is a diagram illustrating an example of face authentication processing. As shown in FIG. 9, for example, when a message prompting the user to shoot a user's face is displayed on the face authentication screen, the user brings his / her face close to the display panel 113, so that an imaging device 119 such as a camera installed therein. Thus, the user's face is photographed. In this case, “re-authentication information” in the user DB 132 is the feature amount of the user's face image, and the feature amount of “re-authentication information” associated with the input user ID is the feature amount of the photographed face image. If they match, the user is re-authenticated. The feature amount of the face image is calculated using, for example, a Gabor filter that extracts the feature of the image.

  In the case of fingerprint authentication, “re-authentication information” is a feature amount of a user's fingerprint image, and in the case of card authentication or terminal authentication, it is information (for example, a password) included in an IC card or a mobile terminal. In addition, these authentication methods may be used as a predetermined authentication method used in the authentication processing unit 131. The authentication method used in the authentication processing unit 131 and the authentication method used by the re-authentication processing unit 136 may be used. It only has to be different.

  Further, in the present embodiment, the unauthorized operation determination unit 135 determines that the operation command is unauthorized based on any one of the usage environment information among the timing information, the installation location information, the number of people existing at the installation location, and the like. The case where it is determined whether or not the operation is a simple operation has been described as an example. In addition, the unauthorized operation determination unit 135 may perform the determination process by combining a plurality of these use environment information. For example, when combining the time when the job is received and the number of people in the room at the installation location, the unauthorized operation determination unit 135 receives the job (operation command) between 22:00 and 7:00, and the image processing apparatus 1 When the number of people in the room in which is installed is less than three, it is determined that the received operation command is an illegal operation.

  In addition, a fraud level indicating a fraud level is set in advance for each of these usage environment information, and the fraudulent operation determination unit 135 has a total fraud level that is a sum of the fraud levels set for the usage environment information that satisfies the conditions. The determination process may be performed based on whether or not a predetermined threshold value is exceeded.

  In addition, when the total fraud degree exceeds a predetermined threshold, it is not determined that the received operation command is an illegal operation, but a re-authentication method selection unit (not shown) A re-authentication method may be selected. For example, the re-authentication method selection unit refers to a table in which authentication methods and fraud levels are associated with each other as illustrated in FIG. The re-authentication processing unit 136 uses the authentication method selected by the re-authentication method selection unit for the re-authentication process. In this case, the unauthorized operation determination unit 135 determines that the received operation command is an unauthorized operation when any of the usage environment information satisfies the condition.

  Next, a second embodiment will be described. In the first embodiment, a case where the re-authentication processing unit 136 performs a user re-authentication process when the operation command (job) received by the job receiving unit 133 is determined to be an unauthorized operation is taken as an example. explained. In the second embodiment, when it is determined that the operation command received by the job receiving unit 133 is an illegal operation, a process of adding information that serves as a deterrent to the unauthorized operation to the result of the job process is performed. Do.

  FIG. 11 is a block diagram illustrating a functional configuration of the main control unit 130 in the second embodiment. As shown in FIG. 11, the main control unit 130 has a configuration in which the re-authentication processing unit 136 shown in FIG. 4 is replaced with an information addition control unit 141. Only the components different from those shown in FIG. 4 will be described below.

  The information addition control unit 141 is information previously determined for result data output or generated by processing based on an operation command when the operation command received by the job reception unit 133 is determined to be an illegal operation. The job processing unit 137 is controlled to add. Specifically, for example, when the operation command is a copy job, the information addition control unit 141 prints a copy-forgery-inhibited pattern that can be secondarily copied on a printed sheet. 137 is controlled.

  Under the control of the information addition control unit 141, for example, the job processing unit 137 prints “COPY” background pattern as additional information in addition to the image printed in the hatched area as shown in FIG. Process the job to

  In addition, for example, when the operation command is a print job, the information addition control unit 141 can determine who printed when and when the copy-forgery-inhibited pattern (for example, the user ID authenticated by the authentication processing unit 131 and the date when the job was executed). The job processing unit 137 is controlled so as to print the printed background pattern on the paper to be printed out.

  When the operation command is a scan job or a fax job, the information addition control unit 141 adds the above-described user ID and date and time to the read image generated by the reading process or the image to be faxed. The job processing unit 137 is controlled to superimpose information. Also, when the operation command is a copy job, such additional information may be printed instead of the characters “COPY”. Such a copy-forgery-inhibited pattern may be printed on the header area or footer area of the paper or image.

  As described above, in the second embodiment, when it is an environmental situation in which a malicious user easily performs an unauthorized operation on the image processing apparatus 1, secondary processing is performed on the job processing result data. Since it is a copy and information that can determine who executed it and when is added, it serves as a deterrent to unauthorized operation by a malicious user and improves security against the use of an information processing apparatus such as the image processing apparatus 1 It becomes possible.

  In the second embodiment, the case has been described as an example in which additional information is superimposed in a visible state on a printed sheet, a read image, a transmission target image, and the like. However, this is only an example, and when additional information is superimposed on a recording medium such as a paper to be printed, the additional information is superimposed on the paper by ink or the like that displays the additional information by applying light of a specific wavelength. May be. In addition, when information is added to image data such as a read image or a transmission target image, the additional information may be added to the read image or the transmission target image as metadata. Further, such metadata may be assigned to each page of the image. Thus, by allowing metadata to be assigned to each page, it is possible to perform processing for preventing unauthorized use even during job processing.

  In the second embodiment as well, as in the case described in the first embodiment, the unauthorized operation determination unit 135 may perform determination processing by combining a plurality of usage environment information, and the total degree of fraud The determination process may be performed based on the above.

  Next, a third embodiment will be described. In the third embodiment, processing for storing information related to execution of job processing in a storage medium is performed. FIG. 13 is a block diagram illustrating a functional configuration of the main control unit 130 in the third embodiment. As shown in FIG. 13, the main control unit 130 has a configuration in which the re-authentication processing unit 136 shown in FIG. 4 is replaced with a storage processing unit 142 and a job history DB 143 is added. Only the components different from those shown in FIG. 4 will be described below.

  When it is determined that the operation command received by the job receiving unit 133 is an illegal operation, the storage processing unit 142 displays an image used for job processing, a user's still image or moving image for job processing, and a job history. Store in the DB 143.

  FIG. 14 is a diagram illustrating job history information stored in the job history DB 143. As illustrated in FIG. 14, the job history information includes, for example, “user ID”, “job type”, “number of executed sheets”, “start date / time”, “end date / time”, “data storage destination”, “still image storage destination”. "And" moving image storage destination "are associated with each other. That is, each record is a job history when one job is executed.

  “User ID” corresponds to the user ID used for the authentication processing in the authentication processing unit 131. “Job type” indicates the type of job executed. The “executed number” is the number of pages processed by the executed job. “Start date and time” and “End date and time” are the date and time when the job was started and completed. The “input data storage destination”, “still image storage destination”, and “moving image storage destination” are respectively input data used when processing a job, a storage area in which a still image and a moving image of a user who executed the job are stored (for example, , File path).

  When the job processing ends, the job processing unit 137 stores the “user ID”, “job type”, “execution number”, “start date”, and “end date” that executed the job in the job history DB 143.

  For example, when the job is a copy job, a scan job, or a fax job, the storage processing unit 142 reads an input document (for example, a document to be copied in the case of a copy job) used when processing these jobs. The read image generated in this manner is stored in the storage area as input data, and information indicating the storage area in which the read image is stored is stored in the “input data storage destination” associated with the job execution history.

  If the job is a print job, the storage processing unit 142 stores the output target image in the storage area as input data, and stores the output target image in the “input data storage destination” associated with the execution history of the job. The stored storage area is stored. However, the storage process of the output target image in the storage area is not essential, and if the storage process of the output target image in the storage area is not performed, the “input data storage destination” may be blank.

  Further, when executing the job, the storage processing unit 142 stores a still image or a moving image obtained by capturing the face of the user executing the job in the storage area, and stores the “still image storage” associated with the execution history of the job. Information indicating a storage area in which a still image or a moving image is stored is stored in “destination” or “moving image storage destination”.

  For example, when a message prompting the user to shoot a face is displayed on the display panel 113 when executing a job, the user's face is brought closer to the display panel 113, so that the camera shown in FIG. A still image or a moving image of the user's face is taken by the imaging device 119 such as the above. Further, the job processing unit 137 may not start job processing until a still image or a moving image of the user's face is stored in the storage area.

  As described above, in the third embodiment, the image of the input data used when executing the job in a circumstance where a malicious user easily performs an unauthorized operation on the image processing apparatus 1. By recording an image of a user who executes a job or by recording an image of a user who performs a job, it becomes easy to track the user who has performed the operation or the data that has been operated when an unauthorized operation is performed. It is possible to improve the security against the use of the information processing apparatus 1 or the like. In addition, when the user knows that such data is recorded, it also serves as a deterrent to unauthorized operation, so it is possible to improve security against the use of an information processing apparatus such as the image processing apparatus 1. .

  In the third embodiment, an example in which an image of input data used for job processing is stored in a storage area has been described as an example, but this input data is data that has been subjected to OCR (Optical Character Reader) processing. Also good. In this case, since the input data can be searched by the character string, the manager of the image processing apparatus 1 can easily find the necessary input data.

  In the third embodiment, the case where the input data used for job processing and the user's image are recorded has been described as an example. However, any one of predetermined data may be recorded. Also in the third embodiment, similarly to the case described in the first embodiment, the unauthorized operation determination unit 135 may perform determination processing by combining a plurality of usage environment information, and the total degree of fraud The determination process may be performed based on the above. Further, the storage processing unit 142 may determine which data to record or whether to record both the input data and the user image based on the total fraud level.

  The re-authentication processing unit 136 in the first embodiment, the information addition control unit 141 in the second embodiment, and the storage processing unit 142 in the third embodiment determine that the operation command is an illegal operation. When it is done, it functions as a fraud prevention processing unit that performs processing for preventing unauthorized use of the image processing apparatus 1.

  And you may combine two or more processes in these 1st to 3rd embodiments which function as a fraud prevention processing part. For example, the re-authentication process in the first embodiment may be performed, and the process of adding information to the result data in the second embodiment may be performed. Further, a combination of processes may be determined according to the above-described total fraud degree.

  Further, in the first to third embodiments, the case where the unauthorized operation determination unit 135 performs an unauthorized operation determination process based on the use environment information input from the use environment information acquisition unit 134 will be described as an example. did. In addition, the unauthorized operation determination unit 135 may perform an unauthorized operation determination process based on the user authentication history information and the job execution history.

  For example, when performing the unauthorized operation determination process based on the user authentication history information, the information stored in the user DB 132 shown in FIG. Is associated with the user ID ". The unauthorized operation determination unit 135 determines the number of authentications of the user who performed the operation command so far from the history information of such “login date / time” or within a predetermined time (for example, within the last one hour). The number of times of authentication may be calculated, and if the number of times satisfies a predetermined condition (for example, exceeds a predetermined threshold), it may be determined that the received operation command is an illegal operation.

  Note that the number of authentications so far is reset when the operation command is determined to be an illegal operation and the processing performed in the first to third embodiments is executed (that is, zero times). You may do it. Further, the unauthorized operation determination unit 135 may perform the determination process based on the number of times including not only the number of successful authentications but also the number of failed authentications. Thereby, even when user authentication has failed many times, it can be determined that a malicious user is performing an unauthorized operation.

  Further, for example, when performing an unauthorized operation determination process based on job execution history information, the unauthorized operation determination unit 135 has been input from the job history information illustrated in FIG. The average execution time (execution time) of the total number of jobs, the total number of pages output in the previous jobs, and the predetermined number of jobs that ended most recently (for example, the number of jobs completed within the last hour) The required time from the start date to the end date is calculated. The unauthorized operation determination unit 135 determines that the received operation command is an unauthorized operation when the number and the average execution time satisfy the predetermined conditions (for example, exceed a predetermined threshold). judge. Note that any one of the above-described number and average execution time may be used for the determination process, or two or more of the above-described numbers and average execution time may be combined and used for the determination process.

  Further, the unauthorized operation determination unit 135 calculates the total number of jobs, the total number of pages, and the average execution time for each job type from the job history information illustrated in FIG. Based on the job type information received by the receiving unit 133, it may be determined whether the operation is an unauthorized operation.

  As described above, it is also possible to perform the unauthorized operation determination process based on the internal history information of the image processing apparatus 1 such as the user authentication history information for the image processing apparatus 1 and the job execution history information in the image processing apparatus 1. As in the first to third embodiments, it is possible to improve the security against the use of the information processing apparatus such as the image processing apparatus 1.

  Note that the unauthorized operation determination process may be performed by combining the user authentication history information and the job execution history information in the image processing apparatus 1. Further, as in the first to third embodiments, a fraud level may be set for each piece of information, and a fraudulent operation determination process may be performed based on the total fraud level.

  In the first to third embodiments, the case where the re-authentication process is performed before starting the job process when the operation command is determined to be an illegal operation has been described as an example. In addition, when it is determined that the operation command is an illegal operation, the number of pages processed in the received job (for example, the number of sheets output by copy processing in the case of a copy job) is a predetermined number of pages. When the number of pages is 10 or more (for example, 10 pages), the re-authentication process is performed after a predetermined ratio of the number of pages processed in the job (for example, half of the total number of pages) is processed. May be. This makes it possible to perform re-authentication processing even during job processing.

  Next, a fourth embodiment will be described. In the first to third embodiments, the processing of the image processing apparatus 1 alone has been described. In the fourth embodiment, a process of another image processing apparatus 1 based on an unauthorized operation determination process in any one of the image processing apparatuses 1 will be described.

  FIG. 16 is a block diagram illustrating a functional configuration of the main control unit 130 in the fourth embodiment. As shown in FIG. 16, the main control unit 130 has a configuration in which an unauthorized use information update unit 151, an unauthorized use DB 152, and an unauthorized use information output unit 153 are added to the configuration shown in FIG. Only the components different from those shown in FIG. 4 will be described below.

  The unauthorized use information update unit 151 receives the unauthorized use information output from the other image processing apparatus 1 included in the image processing system, and updates the unauthorized use information stored in the unauthorized use DB 152. That is, the unauthorized use information updating unit 151 also functions as an unauthorized use information receiving unit that receives unauthorized use information.

  FIG. 17 is a diagram illustrating the unauthorized use information stored in the unauthorized use DB 152. As shown in FIG. 17, the unauthorized use DB 152 has a table configuration in which, for example, “user ID” and “illegal use flag” are associated. “User ID” corresponds to the user ID used for the authentication processing in the authentication processing unit 131. Whether the operation command by the user of “user ID” associated with the “illegal use flag” is determined as an illegal operation in any of the image processing apparatuses 1 included in the image processing system This is information indicating whether or not. For example, when the “unauthorized use flag” is “ON”, the state is determined as an unauthorized operation, and when it is “OFF”, the state is determined not to be an unauthorized operation.

  That is, the unauthorized use DB 152 is unauthorized user list information in which users who are determined to have performed unauthorized operations are specified. In such unauthorized user list information, the user of “user ID” whose “user flag” is “ON” is identified as the user who is determined to have performed an unauthorized operation. That is, the unauthorized use information update unit 151 functions as an unauthorized user list information update unit that acquires unauthorized use information output from other image processing apparatuses 1 and updates the unauthorized user list information.

  In the following, processing by each component shown in FIG. 16 will be described with reference to FIG. FIG. 18 is a flowchart illustrating processing by each component. In the processing shown in FIG. 18, the user authentication by the authentication processing unit 131 shown in FIG. 5 is successful (S500, S501 / YES), the job receiving unit 133 receives the job (S502), and the usage environment information acquiring unit 134 This is performed after the use environment information is acquired (S503).

  As illustrated in FIG. 18, the unauthorized operation determination unit 135 refers to the unauthorized use DB 152 and the “unauthorized use flag” associated with the “user ID” of the user authenticated by the authentication processing unit 131 is “ON”. It is determined whether or not there is (S1800). When the “unauthorized use flag” is “ON” (S1800 / YES), the re-authentication processing unit 136 is different from the authentication method used in the authentication processing unit 131, similarly to the processing in S505 shown in FIG. The user is re-authenticated by the authentication method (S1803).

  On the other hand, when the “unauthorized use flag” is “OFF” (S1800 / NO), the unauthorized operation determination unit 135 determines that the operation command received by the job reception unit 133 is invalid, similar to the processing in S504 illustrated in FIG. It is determined whether the operation is an incorrect operation (S1801).

  If it is determined that the operation command received by the job reception unit 133 is an unauthorized operation (YES in S1801 / YES), the unauthorized use information update unit 151 converts the unauthorized use information stored in the unauthorized use DB 152 into an authentication processing unit. The information is updated to the unauthorized use information including the user ID of the user authenticated in 131 and the “illegal use flag” set to “ON” (S1802).

  In addition, the unauthorized use information output unit 153 outputs the unauthorized use information including the user ID of the user authenticated by the authentication processing unit 131 and the “unauthorized use flag” set to “ON” to other image processing included in the image processing system. The data is output to the device 1 (S1803). As a result, the unauthorized use information update unit 151 of the other image processing apparatus 1 receives the unauthorized use information output in S1803. For example, the unauthorized use information output unit 153 acquires the IP addresses of all the image processing apparatuses 1 in the image processing system managed by the management server 3, and uses the acquired IP addresses to obtain other image processing apparatuses. 1 shows illegal use information.

  Further, when it is determined that the operation command received by the job receiving unit 133 is an illegal operation (S1801 / YES), the re-authentication processing unit 136 performs a user re-authentication process (S1804). In FIG. 18, after the unauthorized use information is updated by the unauthorized use information update unit 151 and the unauthorized use information is output by the unauthorized use information output unit 153, the re-authentication processing unit 136 performs the user re-authentication process. However, the processing order may be changed.

  If the user re-authentication fails (S1805 / NO), the re-authentication processing unit 136 performs the user re-authentication process again based on the re-input user information, similarly to the process in S505 shown in FIG. 5 (S1804). ). On the other hand, when it is determined that the operation command received by the job receiving unit 133 is not an unauthorized operation (S1801 / NO), or when the user re-authentication is successful (S1805 / YES), the job processing unit 137 performs processing shown in FIG. The job input from the job receiving unit 133 is executed in the same manner as in the processing of S507 shown in (S1806).

  In addition, the unauthorized use information update unit 151 measures the elapsed time from the time when the user is re-authenticated by the re-authentication processing unit 136, and if the elapsed time exceeds a predetermined time (for example, 5 minutes), the unauthorized use information update unit 151 The “illegal use flag” associated with the re-authenticated user ID stored in the usage DB 152 is updated to “OFF”.

  As described above, in the fourth embodiment, when the “illegal use flag” associated with the user ID of the user authenticated by the authentication processing unit 131 is “OFF”, the operation performed on this user The image processing system includes the unauthorized use information in which the “unauthorized use flag” is set to “ON” when it is determined that the instruction is an unauthorized operation. Output to another image processing apparatus 1. On the other hand, when the “unauthorized use flag” is “ON”, the re-authentication processing unit 136 performs the re-authentication process without performing the process of determining whether or not the operation command issued by the user is an unauthorized operation. Is done.

  As described above, the user information determined to have performed an illegal operation in any one of the image processing apparatuses 1 included in the image processing system is also shared in the other image processing apparatuses 1, and the other image processing apparatuses 1 Can perform re-authentication processing on the basis of the shared information on the assumption that the user has performed an unauthorized operation. Therefore, each image processing apparatus 1 can reduce the load of performing the unauthorized operation determination process, and It becomes possible to improve the security against the use of the information processing apparatus such as the processing apparatus 1.

  In the fourth embodiment, the case where the unauthorized use information output unit 153 outputs unauthorized use information to all the image processing apparatuses 1 included in the image processing system has been described as an example. In addition, the unauthorized use information output unit 153 is another image processing apparatus installed at a location within a predetermined distance from the location where the image processing apparatus 1 determined that the operation command is an unauthorized operation. The unauthorized use information may be output for only one. Even with such a configuration, it is possible to improve security against the use of the near-field image processing apparatus 1 that can be used by a user who has performed an unauthorized operation. Further, since it is not necessary to output unauthorized use information to all the image processing apparatuses 1, it is possible to reduce the load of unauthorized use information output processing.

  In the fourth embodiment, the re-authentication method selection unit (not shown) described above refers to the table shown in FIG. 17 and has the highest degree of fraud when the “unauthorized use flag” is “ON”. An authentication method may be selected. In addition, the re-authentication method selection unit may use an authentication method with a degree of fraud closest to the degree of fraud of the re-authentication method used in the other image processing apparatus 1 that has output the fraudulent use information whose “unauthorized use flag” is “ON”. Or an authentication method with a higher fraud level than the fraud level of the re-authentication method used in another image processing apparatus 1 may be selected. In this case, information on the re-authentication method used together with the unauthorized use information and the degree of fraud are output from the unauthorized use information output unit 153 of the other image processing apparatus 1.

  In the fourth embodiment, the unauthorized use information update unit 151 sets the “illegal use flag” stored in the unauthorized use DB 152 when a predetermined time has elapsed since the time when the re-authentication process was performed. The case of updating to “OFF” has been described as an example. In addition, the unauthorized use information updating unit 151 illegally uses the unauthorized use information in which the “illegal use flag” is updated to “OFF” when a predetermined time has elapsed from the time when the re-authentication process is performed. You may output with respect to the information output part 153. FIG.

  Then, the unauthorized use information output unit 153 outputs the unauthorized use information input from the unauthorized use information update unit 151 to another image processing apparatus 1. As a result, the unauthorized use information update unit 151 of the other image processing apparatus 1 acquires the unauthorized use information in which the “illegal use flag” is updated to “OFF”, and the correspondence of the unauthorized use DB 152 of the other image processing apparatus 1 Therefore, the timing of updating the “illegal use flag” to “OFF” can be synchronized with other image processing apparatuses 1.

  In the fourth embodiment, the unauthorized use information update unit 151 updates the “illegal use flag” to “OFF” when a predetermined time has elapsed since the time when the re-authentication process was performed. Described as an example. However, when a predetermined time has elapsed from the start time or completion time of a job process received from a user whose “unauthorized use flag” is “ON”, or the re-authentication process has been performed more than a predetermined number of times. In some cases, the unauthorized use flag "may be updated to" OFF "at some timing.

  In the fourth embodiment, the unauthorized use information output unit 153 acquires the IP address of the other image processing apparatus 1 managed by the management server 3, and performs other image processing based on the acquired IP address. The case where unauthorized use information is output to the device 1 has been described as an example. However, this is only an example, and it is only necessary that the unauthorized use information can be output to the other image processing apparatus 1 by some method, such as outputting the unauthorized use information to the other image processing apparatus 1 via the management server 3. .

  In the fourth embodiment, the case where the re-authentication process is performed by the re-authentication processing unit 136 when the operation command is determined to be an illegal operation has been described as an example. In addition, information addition processing by the information addition control unit 141 of the second embodiment may be performed, or storage processing by the storage processing unit 142 of the third embodiment may be performed. The re-authentication process, the information addition process, and the storage process may be combined.

  In the first to fourth embodiments, the image processing apparatus 1 has been described as an example of the information processing apparatus. However, this is merely an example, and the present invention performs data processing in accordance with an operation command such as an operation command to copy data to another device connected via a network or an operation command to send text data by e-mail. The present invention can be applied to an information processing apparatus such as a PC that performs the above and an information processing system including these information processing apparatuses.

DESCRIPTION OF SYMBOLS 1 Image processing apparatus 2 Client terminal 3 Management server 10 CPU
20 RAM
30 ROM
40 HDD
50 I / F
60 LCD
70 Operation Unit 80 Bus 100 Controller 101 Engine Control Unit 102 Input / Output Control Unit 103 Image Processing Unit 104 Operation Display Control Unit 110 ADF
111 Scanner Unit 112 Paper Discharge Tray 113 Display Panel 114 Paper Feed Table 115 Print Engine 116 Paper Discharge Tray 117 Network I / F
118 Short range communication I / F
119 Imaging device 130 Main control unit 131 Authentication processing unit 132 User DB
133 Job reception unit 134 Usage environment information acquisition unit 135 Unauthorized operation determination unit 136 Re-authentication processing unit 137 Job processing unit 141 Information addition control unit 142 Storage processing unit 143 Job history DB
151 Unauthorized Use Information Update Unit 152 Unauthorized Use DB
153 Unauthorized use information output part

JP-A-2005-107712

Claims (10)

An information processing apparatus that allows a user who has been authenticated according to a predetermined authentication method to use the apparatus,
An operation command receiving unit that receives an operation command from a user who is authenticated in accordance with the predetermined authentication method;
A usage environment information acquisition unit that acquires usage environment information indicating a usage environment of the information processing apparatus when the operation instruction is received;
An unauthorized operation determination unit that determines whether the received operation command is an unauthorized operation based on the acquired use environment information;
An information processing apparatus, comprising: a fraud prevention processing unit that performs processing for preventing unauthorized use of the information processing apparatus when the operation command is determined to be an unauthorized operation. The usage environment information acquisition unit acquires timing information indicating a timing at which the operation command is received as the usage environment information,
The information processing apparatus according to claim 1, wherein the unauthorized operation determination unit determines that the operation command is an unauthorized operation when the acquired timing satisfies a predetermined timing condition. . The usage environment information acquisition unit acquires installation location information indicating a location where the information processing apparatus is installed as the usage environment information,
The said unauthorized operation determination part determines that the said operation command is an unauthorized operation, when the acquired said installation location information shows the predetermined installation location. Information processing device. The usage environment information acquisition unit acquires, as the usage environment information, the number of people present at the place where the information processing apparatus is installed when the operation command is received,
The unauthorized operation determination unit determines that the operation command is an unauthorized operation when the number of acquired persons is smaller than a predetermined number of persons. The information processing apparatus according to item 1. The information processing apparatus according to any one of claims 1 to 4, wherein the fraud prevention processing unit performs an authentication process for the user according to an authentication method different from the predetermined authentication method. . 6. The fraud prevention processing unit adds predetermined information to information acquired as a result of processing based on the received operation command. The information processing apparatus according to item. The information processing apparatus according to claim 1, wherein the fraud prevention processing unit stores image information related to processing based on the received operation command in a storage medium. An unauthorized use information output unit that outputs unauthorized use information indicating that the authenticated user's operation command is an unauthorized operation when the operation command is determined to be an unauthorized operation;
An unauthorized user list information updating unit that obtains the unauthorized use information output from another information processing apparatus and updates the unauthorized user list information in which a user determined to have performed an unauthorized operation is identified; Including
The fraud prevention processing unit, when the authenticated user is specified in the unauthorized user list information or when the operation command is determined to be an unauthorized operation, the unauthorized use of the information processing apparatus The information processing apparatus according to any one of claims 1 to 7, wherein a process for preventing an error is performed. An information processing system that permits a user who has been authenticated in accordance with a predetermined authentication method to use the information processing apparatus,
An authentication processing unit for processing whether to authenticate a user of the information processing apparatus according to a predetermined authentication method;
An operation command receiving unit that receives an operation command from a user who is authenticated in accordance with the predetermined authentication method;
A usage environment information acquisition unit that acquires usage environment information indicating a usage environment of the information processing apparatus when the operation instruction is received;
An unauthorized operation determination unit that determines whether the received operation command is an unauthorized operation based on the acquired use environment information;
A fraud prevention processing unit for performing processing for preventing unauthorized use of the information processing apparatus when the operation command is determined to be an unauthorized operation;
An information processing system comprising: an operation command processing unit that performs processing based on the operation command. A control program for controlling an information processing apparatus that permits a user who has been authenticated according to a predetermined authentication method to use the apparatus,
Receiving an operation command from a user authenticated in accordance with the predetermined authentication method;
Obtaining usage environment information indicating a usage environment of the information processing apparatus when the operation command is received;
Determining whether the received operation command is an illegal operation based on the acquired use environment information;
A control program for causing an information processing apparatus to execute a step for performing processing for preventing unauthorized use of the information processing apparatus when the operation command is determined to be an unauthorized operation.