JP2018207295A - Image processing device, method of controlling image processing device, and program - Google Patents

Abstract

To provide functions with necessary security kept without carelessly providing all functions for a user in a state in which it is not convinced that the user is the authenticated person himself or herself.SOLUTION: A user identification module of an image processing device acquires an identification result of a user from an environmental authentication system (S505), identifies the user based upon feature quantities of operation input that the user performs (S506 to S509), determines the right to access the image processing device based upon an integrated user identifier identifying the user based upon an authentication result identifier acquired from the environmental authentication system and feature quantities of the operation input (S510 to S512), and provides functions of the image processing device according to the determined access right (S514).SELECTED DRAWING: Figure 5

Description

  The present invention relates to an image processing apparatus that identifies a user and provides a function to the user, a control method for the image processing apparatus, and a program.

  Conventionally, a technique for determining a user of an image processing apparatus has been proposed. Patent Document 1 discloses a personal recognition process by collating image information obtained continuously through an image acquisition device in an environment in which an image processing apparatus is installed with a plurality of classes of image feature quantities for performing personal recognition. A technique for performing the above has been proposed.

Japanese Patent No. 5008269

The technique of Patent Document 1 can identify who the user is with a certain accuracy. However, when an attempt is made to authenticate a user of a specific image processing apparatus, it is not possible to determine what authority the user has in the image processing apparatus. For this reason, when providing the screen customized for the said user, there existed a subject that it was difficult to judge to what extent handling attention information may be disclosed. That is, when the user is not sure that the user is an authorized person when viewed from the image processing apparatus, the handling caution information held by the image processing apparatus is fully displayed to the user. Disclosure was a security issue.
In addition to the information display, there is a similar problem in providing functions of the image forming apparatus. In other words, if the user is not sure that the user is an authorized person when viewed from the image processing apparatus, it is a security issue to provide the functions of the image processing apparatus in full. Met.

  The present invention has been made to solve the above problems. An object of the present invention is to provide a mechanism for providing functions while maintaining necessary security without providing all functions to a user carelessly.

  The present invention is an image processing apparatus, an acquisition unit that externally acquires an identification result that identifies a user according to a detection result of a detection apparatus provided in an installation environment of the image processing apparatus, and an operation input performed by the user Identification means for identifying a user based on the feature quantity of the image, and a first identification result that is the identification result acquired by the acquisition means and a second identification result that is the identification result by the identification means. Determining means for determining the access authority of the image processing apparatus, and control means for controlling the provision of functions in the image processing apparatus in accordance with the access authority determined by the determining means.

  According to the present invention, functions can be provided while maintaining necessary security without providing all functions to the user carelessly.

1 is a diagram illustrating an entire system including an image processing apparatus according to an embodiment. The figure explaining the internal structure of the image processing apparatus of a present Example Hardware configuration diagram of the system controller of the image processing apparatus of the present embodiment Software configuration diagram of image processing apparatus of embodiment 1 Flowchart for explaining processing in the image processing apparatus according to the first embodiment. Software configuration diagram of image processing apparatus of embodiment 2 Flowchart for explaining processing in the image processing apparatus according to the second embodiment. Software configuration diagram of image processing apparatus of embodiment 3 Flowchart for explaining processing in the image processing apparatus according to the third embodiment.

  Hereinafter, embodiments for carrying out the present invention will be described with reference to the drawings.

FIG. 1 is a diagram illustrating an entire system including a network to which an image processing apparatus according to an embodiment of the present invention is connected.
In FIG. 1, an image processing apparatus 104 is an image forming apparatus such as an MFP (Multifunction Peripheral).

  The in-environment sensor 102 is a detection device for detecting information of a person who is active in the environment where the image processing apparatus 104 is installed. The detection result by the environment sensor 102 is used by an environment authentication system described later. As the environment sensor 102, for example, a monitoring camera capable of photographing a user in the environment, a beacon installed to provide position information of the user in the environment, and the like can be considered. A beacon is a device that transmits, for example, a BLE (Bluetooth (registered trademark) Low Energy) signal. When a person carrying a smartphone or the like capable of receiving a BLE signal approaches this beacon, a value corresponding to the distance between the beacon and the smartphone can be acquired on the beacon side. In addition, the portable information terminal (for example, smart phone etc.) which a user himself possesses, a wearable terminal, etc. can also be included in an environmental sensor.

  The environment authentication server 101 provides an environment authentication system that operates in the installation environment of the image processing apparatus 104. The environment authentication system uses the information obtained from the environmental sensor 102 in the environment where the image processing apparatus 104 is installed, collates the person who is active in the environment, recognizes the person, and based on the result, A “recognition result identifier” is assigned to a person. The recognition result of the environment authentication server 101 can be acquired from the image processing apparatus 104. The environment authentication server 101 can be configured by a general information processing apparatus, such as a personal computer (PC), and the details are omitted. Further, since the environment authentication system is also a known technique, details are omitted.

The information processing apparatus 105 is an information processing apparatus such as a PC. For example, the user can create a document in the information processing apparatus 105, transmit it to the image processing apparatus 104, and perform printing.
The network 103 connects devices such as the environment authentication server 101, the in-environment sensor 102, the image processing device 104, and the information processing device 105 so that they can communicate with each other.

FIG. 2 is a block diagram illustrating the internal configuration of the image processing apparatus 104.
In FIG. 2, a system controller 201 controls the entire system of the image processing apparatus 104. The engine 203 is for performing image formation. The engine controller 202 controls the engine 203 when information handled by the system controller 201 is read as an image from the engine 203 or output as an image from the system controller 201 to the engine 203.

FIG. 3 is a block diagram schematically illustrating the internal hardware configuration of the system controller 201.
In FIG. 3, the CPU 301 performs overall control of the image processing apparatus 104 by reading a program stored in the ROM 302 to the RAM 303 and executing it as necessary. The ROM 302 stores a control program for the CPU 301 and various information. The RAM 303 functions as a work area for the CPU 301.

  The secondary storage unit 305 is, for example, a hard disk drive (HDD) or a solid state drive (SSD). A secondary storage unit interface (I / F) 304 controls connection with the secondary storage unit 305.

The HID 307 is a human interface device such as an operation panel. A human interaction device (HID) I / F is an interface with the HID 307.
A network I / F 308 controls connection with the network 103 and the like.
The engine controller I / F 309 controls connection with the engine controller 202.
The bus 310 connects the CPU 301 to the ROM 302, RAM 303, secondary storage unit I / F 304, HID I / F 306, network I / F 308, engine controller I / F 309, and the like.

FIG. 4 is a diagram schematically illustrating a software configuration of the image processing apparatus 104 according to the first embodiment.
In FIG. 4, the operation input module 401 and the user identification module 402 are realized when the CPU 301 on the system controller 201 executes a program stored in the ROM 302.

  The operation input module 401 is for receiving information on operations performed by the user through the HID 307. The user identification module 402 is for identifying a user who is currently using the image processing apparatus 104.

Hereinafter, the user identification module 402 will be described in detail.
The connection unit 403 is for connecting to the environment authentication server 101. The acquisition unit 404 obtains the authentication result identifier given to the user who is currently using the image processing apparatus 104 as a result of the environment authentication by the environment authentication server 101, and the environment authentication that is an external system of the image processing apparatus 104. Obtained from the environment authentication system running on the server 101. As described above, the environment authentication system recognizes a person who is active in the environment where the image processing apparatus 104 is installed (a user who is currently using the image processing apparatus 104) and recognizes the person as “ "Recognition result identifier" is assigned.

  The collection unit 405 includes a series of operation input information including feature amounts (for example, personal habits in the operation) of operations performed on the operation input module 401 by a user who is currently using the image processing apparatus 104. Are collected as operation records.

  The user identification unit 406 estimates whether or not the user who is currently using the image processing apparatus 104 is the same person as the user who has been operating until just before, and the user who is estimated to be a different person Is assigned a “temporary user identifier”. The assigned temporary user identifier is a temporary user identifier that is different from the temporary user identifier of the user who has been operating until just before.

  The accumulation unit 407 accumulates operation feature amounts (operation feature information) in the secondary storage unit 305. Here, the operation feature amount is a combination of the operation record collected by the collection unit 405, the user temporary user identifier given by the user identification unit 406, and the user recognition result identifier obtained by the acquisition unit 404. It is a thing. An example of the record definition of the operation feature amount stored in the storage unit 407 is shown in Table 1.

A record number is stored in the item number AC1. The record number is an integer value greater than or equal to 0 given as a serial number and serves as an index. Therefore, the value is unique through the entire accumulated operation feature data.
The item number AC2 stores a temporary user identifier assigned to the user by the user identification unit 406. The temporary user identifier takes an integer value of 0 or more.

  In the item number AC3, an operation record acquired and collected by the collection unit 405 (a record of a series of operations including a feature amount regarding a user's operation) is stored. For example, this may take the form of an indefinite-length sequence of a pair of the touched coordinates when the user performs a touch operation on the touch panel and the occurrence time of the touch. As a result, it is possible to later extract, for example, a habit when the user operates the touch panel. In addition, for the item number AC3, for example, what menu the user has selected, what destination has been selected as the transmission destination, or what item has been selected when selecting from among the items It is also possible to include records such as

  In the item number AC4, the recognition result identifier of the user acquired by the acquisition unit 404 is stored. The environment authentication system can also assume that the user cannot be identified. In such a case, it is assumed that “−1” can be stored in AC4. On the other hand, when the user is identified, the value stored in AC4 is an integer value equal to or greater than “0”.

Returning to the description of FIG.
The analysis integration unit 408 analyzes the operation feature amount accumulated in the accumulation unit 407. Further, the analysis integration unit 408 integrates the temporary user identifiers of the records having the operation feature amounts that are determined to belong to the same cluster (the operation feature amount distribution is highly identical) as necessary. Then, the original temporary user identifier is replaced with the representative value. It should be noted that provisional user identifiers are not integrated with respect to the recording of the operation feature quantity determined that the cluster to which it belongs cannot be determined. Here, the temporary user identifier after the integration is referred to as an “integrated user identifier”. That is, the integrated user identifier is an identifier for identifying the user's operation input by the feature amount. It is assumed that the integrated user identifier is distinguishable from the temporary user identifier that has not been integrated by its range. The analysis integration unit 408 may perform analysis and integration on all accumulated operation feature amount records. Alternatively, the analysis integration unit 408 performs analysis and integration only on recent records within a certain period at short intervals, and performs analysis and integration on all records at long intervals such as once every few times. The operation may be performed to increase the overall accuracy.

  The correlation calculation unit 409 includes the integrated user identifier integrated by the analysis integration unit 408 included in the operation feature amount stored in the storage unit 407, and the recognition given to the user acquired by the acquisition unit 404. Calculate correlation of result identifiers. In calculating the correlation, for example, the following calculation is performed.

If there are Na pieces of accumulated operation feature values to which the integrated user identifier value a is assigned, and among them, there are Naα pieces to which the recognition result identifier value α is assigned, a Appearance rate R (a, α) of the combination of and α is given by “Naα / Na”.
When there are integrated user identifier values from a to z, the specific appearance ratio RA (a, α) for the combination of identifiers a and α is given by the following equation (1).

  When recognition result identifiers exist from α to ω, the value of RA (a, α) to RA (a, ω) is calculated for the integrated user identifier a, and the recognition result identifier having the maximum value is set as K. It shall be represented by (a). For example, when RA (a, α) is maximum, K (a) = α.

  At this time, as the correlation between the integrated user identifier and the recognition result identifier, for example, an arithmetic average or a geometric average of RA (a, K (a)),..., RA (z, K (z)) is used. It is possible to adopt it. The reason why the average is adopted here is mainly to eliminate the influence of the number of elements.

  As described above, the correlation between the integrated user identifier and the recognition result identifier obtained based on the record of the combination of the integrated user identifier and the recognition result identifier is based on the user recognition result by the environment authentication system and the feature of the operation input. Indicates the reliability of the combination of user identification results. Therefore, the fact that this correlation is equal to or greater than a predetermined value means that the reliability of the user recognition result by the environment authentication system and the user identification result based on the feature of the operation input is high.

The level determination unit 410 determines the security level of information on the HID 307 provided in the current operation for the user currently in use. The security level is determined based on the integrated user identifier value assigned to the current user, the recognition result identifier value, and the correlation value calculated by the correlation calculation unit 409. The security level corresponds to the access authority for the image processing apparatus 104. In this embodiment, it is assumed that the security level is higher as the numerical value is smaller, and the security is lower as the numerical value is larger.
Table 2 schematically shows security level determination by the level determination unit 410.

The level determination unit 410 determines as follows when a recognition result identifier having an integer value of 0 or more has been acquired by the environment authentication system for the currently used user.
In this case, when the integrated user identifier related to the user is also given and the correlation calculated by the correlation calculation unit 409 is equal to or greater than a specified value, it is determined as “level 1”. Further, when the integrated user identifier related to the user is also given and the correlation is less than the specified value, it is determined as “level 3”. (*) In this case, “level 2” may be determined depending on the accuracy of user identification based on the feature of the operation input by the user identification module 402 or the authentication accuracy of the environment authentication system. If the integrated user identifier is not assigned and the temporary user identifier is not integrated, it is determined as “level 3”.

Similarly, when the recognition result identifier by the environment authentication system is “−1” for the user, that is, when the user cannot be identified, the following determination is made.
In this case, if the integrated user identifier related to the user is also given and the correlation calculated by the correlation calculation unit 409 is equal to or greater than a specified value, it is determined as “level 2”. Further, when the integrated user identifier related to the user is also given and the correlation is less than the specified value, it is determined as “level 3”. If the integrated user identifier is not assigned and the temporary user identifier is not integrated, it is determined as “level 4”.

The control unit 411 determines the form of information to be displayed on the screen on the HID 307, and performs control so as to present a customized screen customized for the user.
Table 3 shows examples of information displayed based on the security level.

  For example, in “Level 1”, an example of how to display the information displayed at each level, such as “Meeting March 15 meeting room 3.doc 33kB” displayed by the control unit 411, is shown below. Shown in Here, “Minutes March 15 meeting room 3.doc” is the document name of the job, and “33 kB” is the job size.

  It is possible to display the same information in “Level 2” as “Meeting ○○○○ 15th XXX3.doc 33kB”. In addition, in “Level 3”, it is possible to display “GiOOOOOOHOOXX.doc 33kB”. In “level 4”, it may be possible to display simply as “type: doc”.

In the above example, an example of display control that restricts information to be presented to the user according to the level has been described. However, display restriction of information is considered as one of function provision restrictions. Therefore, the provided function control for restricting a part of the functions provided to the user according to the level may be performed. For example, the function provision control may be performed such that a relatively higher level is provided with a relatively larger number of functions than a relatively low level. Specifically, in the case of level 1, relatively more functions are provided than in the case of levels 2-4. For example, it is assumed that the functions of A, B, and C among the functions (A to Z) of the image processing apparatus 104 are originally permitted to the “user α”. When this “user α” is recognized as “user α” by the environment authentication system when operating the image processing apparatus 104 and is determined to be “level 1” by the determination unit 410, the control unit 411 determines A, B, All functions of C and D are provided. However, when it is determined as “level 2”, the control unit 411 prohibits the provision of the C function, for example, and provides the A, B, and D functions. If it is determined as “level 3”, the control unit 411 prohibits the provision of B and C functions, for example, and provides only the A and D functions. If it is determined as “level 4”, the control unit 411 prohibits the provision of functions A, B, and C, for example, and provides only the function D.
That is, when both the integrated user identifier and the recognition result identifier can be acquired, relatively more functions than when the integrated user identifier and the recognition result identifier can be acquired and the other cannot be acquired. Determine the level to be provided. Further, when the correlation is higher than the specified value, the level is determined so that relatively more functions are provided than when the correlation is lower than the specified value.
In addition, you may perform control which combined the display restriction | limiting of the information according to the level mentioned above, and the restriction | limiting of the provision function according to a level.

  The estimated holding unit 412 refers to a record to which the same integrated user identifier is assigned from the accumulated operation feature value record, and a common setting value that is often used there or a destination that is frequently called. Extract information such as The estimation holding unit 412 stores the record thus extracted in the secondary storage unit 305 or the like so that it can be recalled if necessary.

  FIG. 5 is a flowchart for explaining mainly the flow of processing of the user identification module 402 when the image processing apparatus 104 presents a screen to the user after the user starts the operation in the first embodiment. . That is, the processing of this flowchart is realized by the CPU 301 executing a program stored in the ROM 302.

  When the image processing apparatus 104 is activated, the CPU 301 activates the user identification module 402, and processing by the user identification module 402 is started (S501). In S502, the user identification module 402 waits for an operation by the user through the operation input module 401. In step S503, the user identification module 402 determines whether an operation has been performed. If it is determined that no operation has been performed (No in S503), the user identification module 402 returns the process to S502 and waits for an operation by the user.

On the other hand, if the user identification module 402 determines in S503 that the operation has been performed (Yes in S503), the process proceeds to S504.
In S504, the user identification module 402 determines whether or not a predetermined time has elapsed since the previous operation was performed until the current operation is performed. If the user identification module 402 determines that the specified time has not elapsed since the previous operation was performed until the current operation is performed (No in S504), the process proceeds to S507.

  On the other hand, in S504, when the user identification module 402 determines that the specified time has elapsed since the previous operation was performed until the current operation is performed (Yes in S504), the process proceeds to S505. To proceed.

In S505, the user identification module 402 determines that the specified time has elapsed since the previous operation was performed until the current operation is performed, so a person other than the person who performed the previous operation It is determined that there is a high possibility that Then, the user identification module 402 uses the acquisition unit 404 to acquire a recognition result identifier from the environment authentication server 101 via the connection unit 403 for the user who is performing the current operation.
In step S506, the user identification module 402 uses the user identification unit 406 to generate a temporary user identifier for the user who is operating this time, and proceeds to step S507.

  In step S507, the user identification module 402 uses the collection unit 405 to acquire an operation feature amount from the operation content acquired through the operation input module 401. Further, the user identification module 402 uses the storage unit 407 to calculate the operation feature amount based on the acquired operation feature amount, the recognition result identifier acquired in S505, and the temporary user identifier assigned in S506. Accumulate in the accumulation unit 407. Note that if the specified time has not elapsed since the previous operation in S504 and it is highly likely that the same person continues to operate, the process proceeds to S507. In this case, the temporary user identifier already generated for the user or the integrated user identifier that is the result of analysis and integration from the temporary user identifier is continuously used as it is. Similarly, it is assumed that the recognition result identifier is continuously used by the user who is operating continuously.

  Next, in S508, the user identification module 402 determines whether or not the operation feature value that is supposed to belong to the current user obtained so far is sufficient for analysis and integration. In addition, although the reference | standard of whether quantity is sufficient changes with mounting, it is possible to employ | adopt on the basis that the touch is performed on the operation input module 401 several times. For example, the user identification module 402 determines that the amount is sufficient when a predetermined amount of operation is performed.

In S508, when the user identification module 402 determines that a sufficient amount of operation feature quantities have not yet been acquired (No in S508), the process returns to S507.
On the other hand, in S508, when the user identification module 402 determines that a sufficient amount of operation feature quantities have already been acquired (Yes in S508), the process proceeds to S509. During this time, the system controller 201 may be separately processing necessary processes in accordance with user operations in parallel, but they are omitted here.

  In S509, the user identification module 402 uses the analysis integration unit 408 to analyze the operation feature amount, and if possible, tries to obtain an integrated user identifier. Even if an integrated user identifier has already been obtained, there is a possibility that an integrated user identifier for each result of analysis integration is obtained.

  Next, in S510, the user identification module 402 determines whether the integrated user identifier is available. Here, the integrated user identifier can be used is the case where a new integrated user identifier has been obtained as a result of analysis and integration in the immediately preceding S509, and has already been obtained by integrated analysis before that. This includes the case where the integrated user identifier is continuously used.

In S510, if the user identification module 402 determines that the integrated user identifier is not usable (No in S510), the process proceeds to S512.
On the other hand, in S510, if the user identification module 402 determines that the integrated user identifier is available (Yes in S510), the process proceeds to S511.

  In step S511, the user identification module 402 uses the correlation calculation unit 409 to acquire the correlation. Here, the correlation calculation unit 409 may calculate the correlation with respect to the operation feature amount accumulated by the accumulation unit 407 again. Alternatively, if there is an already calculated correlation and it is assumed that it has sufficient accuracy, the value may be reused for the time being. Regarding the timing for recalculating the correlation, there can be various implementations regarding the range and frequency of information used for the recalculation of the correlation.

  In S512, the user identification module 402 uses the level determination unit 410 to determine the security level based on the value of the temporary user identifier or the integrated user identifier, the value of the recognition result identifier, and the correlation value.

  In step S513, the user identification module 402 uses the control unit 411 to perform the following processing. The control unit 411 first calls the estimation holding unit 412 to acquire the default values of the setting values assigned to the current integrated user identifier, and then performs processing such as making the default values easy to call on the customization screen. Perform (set the default value of the above setting value). Note that in cases where the integrated user identifier is not obtained and the value of the recognition result identifier by the environment authentication system is not valid, there is no information about the user. It is assumed that processing is performed using values.

  Next, in S514, the user identification module 402 uses the control unit 411 to control the content of information displayed on the screen to be displayed on the HID 307 in a form corresponding to the security level.

  Next, in S515, the user identification module 402 uses the collection unit 405 to determine whether or not a certain time has elapsed since the last operation. If the user identification module 402 determines that a certain time has elapsed since the last operation (Yes in S515), the process proceeds to S516.

  In S516, the user identification module 402 uses the control unit 411 to protect the content of information displayed on the screen and to prevent the display screen from being deteriorated by hardware. Control to display. The time-out screen may be a screen that simply displays nothing, or a screen that displays a movie with some irregular shape. After the timeout screen is displayed by the control unit 411, the user identification module 402 returns the process to S502.

  On the other hand, in S515, when the user identification module 402 determines that a predetermined time has not elapsed since the last operation (No in S515), the process proceeds to S517.

  In S517, the user identification module 402 determines whether or not a shutdown operation has been executed in the operation input module 401. The shutdown operation is a process for stopping the entire processing of the image processing apparatus 104 and turning off the power. If it is determined that the shutdown operation has not been performed (No in S517), the user identification module 402 returns the process to S502.

  On the other hand, when the user identification module 402 determines in S517 that the shutdown operation has been performed (Yes in S517), the process of this flowchart ends (S518).

  As described above, according to the first embodiment, the image processing apparatus 104 identifies the user from the operation characteristics independently of the recognition result by the environment authentication system, so that the user does not particularly perform the authentication operation. Both can provide a screen that matches the user's identification status. On the screen provided in this way, according to the identification status of the user, setting values and frequently used information that are frequently used by the user can be set easily and convenience is improved. Furthermore, sensitive information can be displayed face down according to the user's identification status, and security can be improved.

  In the first embodiment, the change of the operator is determined based on the operation time interval (the elapsed time from the previous operation). However, in the second embodiment, the change of the operator is performed using a human sensor. It is set as the structure judged. Details will be described below. In addition, description is abbreviate | omitted about the structure same as Example 1, and only a different structure is demonstrated.

FIG. 6 is a diagram schematically illustrating a software configuration of the image processing apparatus 104 according to the second embodiment. The same components as those in FIG. 4 are denoted by the same reference numerals.
The human sensor module 601 holds a human sensor and has a function of detecting that a person has approached or moved away from the image processing apparatus 104.

  Note that the user identification unit 406 according to the second embodiment can acquire from the human sensor module 601 whether there is a record of occurrence of an event such as a person approaching or going away. It is configured as follows.

  FIG. 7 is a flowchart for explaining the processing flow of the user identification module 402 when the image processing apparatus 104 presents a screen to the user after the user starts the operation in the second embodiment. . That is, the processing of this flowchart is realized by the CPU 301 executing a program stored in the ROM 302. In addition, the same step number is attached | subjected to the step same as FIG.

In the second embodiment, if the user identification module 402 determines in S503 that an operation has been performed (Yes in S503), the process proceeds to S704.
In step S704, the user identification module 402 uses the user identification unit 406 to acquire the occurrence status of an event that occurs when a person approaches or moves away from the human sensor module 601. It is determined whether or not the above has occurred.

If the user identification module 402 determines that one or more events that have been performed away from the person have occurred (Yes in S704), the process proceeds to S505.
On the other hand, if the user identification module 402 determines that the event that the person has gone away has never occurred (No in S704), the process proceeds to S507.
The other steps are the same as in FIG.

  As described above, in the second embodiment, instead of the configuration in which the user identifying unit 406 identifies the user based on the time interval at which the operation is performed as in the first embodiment, the human sensor module 601 is used. It uses the information from For this reason, it is possible to more reliably determine whether or not the user is the same person as the person who performed the previous operation. As a result, the accuracy of person identification is improved, and convenience and security can be further improved.

  In the third embodiment, a configuration for discriminating the operation of the administrator and controlling the function provision according to the administrator will be described. In addition, description is abbreviate | omitted about the structure same as Example 1, 2, and only a different structure is demonstrated.

FIG. 8 is a diagram schematically illustrating a software configuration of the image processing apparatus 104 according to the third embodiment. The same components as those in FIG. 6 are denoted by the same reference numerals.
The administrator discriminating unit 801 discriminates whether or not the operation feature value accumulated by the accumulating unit 407 includes items that are mainly operated by the administrator as the menu operated by the user. The administrator may perform operations such as changing the default values of the settings of the entire image processing apparatus 104 or checking the counter for counting the number of prints on the screen, for example, so that general users do not perform normal operations. .

  The administrator of the image processing apparatus 104 may be set independently of the user authority recognized by the entire network 103. For this reason, even if it is determined that the user is a general user who does not have privileges in the environment authentication system, the image processing apparatus 104 may be an administrator.

  FIG. 9 is a flowchart for explaining the processing flow of the user identification module 402 when the image processing apparatus 104 presents a screen to the user after the user starts the operation in the third embodiment. . That is, the processing of this flowchart is realized by the CPU 301 executing a program stored in the ROM 302. In addition, the same step number is attached | subjected to the step same as FIG.

In the third embodiment, if the user identification module 402 determines in S510 that the integrated user identifier is available (Yes in S510), the process proceeds to S901.
In step S901, the user identification module 402 uses the administrator determination unit 801 to determine whether there is a record of administrator work in the operation feature amount record to which the integrated user identifier is assigned. If the user identification module 402 determines that there is no record of administrator work in the operation feature value record to which the integrated user identifier is assigned (No in S901), the process proceeds to S511.

  On the other hand, in S901, when the user identification module 402 determines that there is a record of administrator work in the operation feature value record to which the integrated user identifier is assigned (Yes in S901), the process is performed in S902. Proceed.

  In S902, the user identification module 402 uses the control unit 411 to perform the following processing. The control unit 411 first calls the estimation holding unit 412 to acquire the default values of the setting values assigned to the current integrated user identifier, and then performs processing such as making the default values easy to call on the customization screen. Perform (set the default value of the above setting value).

In step S903, the user identification module 402 uses the control unit 411 to perform control so that a screen customized for the administrator is displayed on the HID 307, and the process proceeds to step S515.
The other steps are the same as in FIG. Note that S504 in FIG. 4 may be used instead of S704.

  As described above, according to the third embodiment, the administrator of the image processing apparatus 104 is configured to easily start the operation and perform the operation as the administrator based on the previous administrator operation. It is possible to operate the screen. This further improves convenience for the administrator.

  As described above, in each embodiment, the identification function in the environment authentication system, the function of analyzing the user's operation feature quantity and identifying the user, and the correlation between these functions (information display on the screen) Including) is customized for the user. As a result, the necessary security can be provided without inadvertently providing all functions to the user in a state where the user cannot be surely authenticated by the image processing apparatus connected to the environment authentication system. Functions can be provided. For example, an operation screen with appropriate security customized for the user can be provided to the user. Accordingly, a customized screen for operating the image processing apparatus can be provided without displaying sensitive information (handling information) inadvertently to the user, and security can be maintained. In other words, it is possible to provide functions with the necessary security without inadvertently providing all functions to the user in a state where the user is not sure that the person is an authenticated person, and image formation. Security in use of the device can be improved.

In addition, the structure of the various data mentioned above and its content are not limited to this, You may be comprised with various structures and content according to a use and the objective.
Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or storage medium. Specifically, the present invention may be applied to a system composed of a plurality of devices, or may be applied to an apparatus composed of a single device.
Moreover, all the structures which combined said each Example are also contained in this invention.

(Other examples)
The present invention supplies a program that realizes one or more functions of the above-described embodiments to a system or apparatus via a network or a storage medium, and one or more processors in the computer of the system or apparatus read and execute the program This process can be realized. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.
Further, the present invention may be applied to a system composed of a plurality of devices or an apparatus composed of one device.
The present invention is not limited to the above embodiments, and various modifications (including organic combinations of the embodiments) are possible based on the spirit of the present invention, and these are excluded from the scope of the present invention. is not. That is, the present invention includes all the combinations of the above-described embodiments and modifications thereof.

Claims (11)

An image processing apparatus,
An acquisition unit for acquiring an identification result for identifying a user according to a detection result of a detection device provided in an installation environment of the image processing device;
Identification means for identifying the user based on the feature amount of the operation input performed by the user;
A determination unit that determines an access right to the image processing device based on a first identification result that is an identification result acquired by the acquisition unit and a second identification result that is an identification result by the identification unit;
Control means for controlling function provision in the image processing apparatus according to the access authority determined by the determination means;
An image processing apparatus comprising: Storing means for storing, as operation feature information, information combining the operation input information, the first identification result, and the second identification result;
Calculation for calculating a predetermined correlation between the first identification result and the second identification result based on a combination of the first identification result and the second identification result included in the operation feature information accumulated in the accumulation means. Means,
The determining means determines the access authority such that relatively more functions are provided when the correlation is higher than a predetermined value than when the correlation is lower than a predetermined value. The image processing apparatus according to claim 1.   When the determination means can acquire both the first identification result and the second identification result, and can acquire one of the first identification result and the second identification result and cannot acquire the other The image processing apparatus according to claim 2, wherein the access authority is determined so that relatively more functions are provided. The access authority includes a first authority that can provide some functions and a second authority that can provide more functions than the first authority.
The control means performs control to provide relatively more functions when the second authority is determined as the access authority than when the first authority is determined. The image processing apparatus according to claim 2. Providing the function includes displaying information;
The control means controls to display relatively more information when the second authority is determined as the access authority than when the first authority is determined. The image processing apparatus according to claim 4. A determination unit configured to determine whether or not a predetermined administrator feature is included in the operation input information included in the operation feature information including the first identification result identified by the identification unit; And
3. The determination unit according to claim 2, wherein when the determination unit determines that the administrator feature is included, the determination unit determines the access right so that a function for the administrator is provided. The image processing apparatus according to any one of? Determining means for determining whether or not a user operating the image processing apparatus has changed;
The said identification means identifies a user, and the said acquisition means acquires the said 2nd identification result, when the said determination means determines with the user having changed, The said acquisition means acquires the said 2nd identification result. The image processing apparatus according to item.   The image processing apparatus according to claim 7, wherein the determination unit determines whether the user has changed based on the interval of the operation input. Detecting means for detecting that a person has approached the image processing apparatus or that a person has moved away;
The image processing apparatus according to claim 7, wherein the determination unit determines whether the user has changed based on a result of detection by the detection unit. A control method for an image processing apparatus, comprising:
A first acquisition step of acquiring a first identification result identifying the user based on a feature amount of an operation input performed by the user;
A second acquisition step for acquiring a second identification result for identifying a user according to a detection result of a detection device provided in an installation environment of the image processing apparatus;
A determination step of determining an access right to the image processing device based on the first identification result and the second identification result;
A control step of controlling the function provision in the image processing apparatus according to the access authority determined in the determination step;
A control method for an image processing apparatus, comprising:   The program for functioning a computer as a means of any one of Claims 1-9.

Images