JP6759621B2 - Information processing system, information processing device, authentication method and program - Google Patents

Description

The present invention relates to information processing systems, information processing devices, authentication methods and programs.

In recent years, as an authentication method for authenticating a user, authentication technologies such as wireless authentication using an IC card that does not require an operation such as entering a password and face authentication that authenticates based on the user's face image have become widespread. .. In particular, the face authentication authentication method does not require password input or login operation, and is used for authentication of various devices as a user authentication method that can prevent spoofing due to the theft of an IC card and is becoming widespread. Further, there is already known a technique of capturing a user's face with a camera and authenticating the face to identify an individual and authenticate the user of the image forming apparatus. As such a technique using face recognition, the face is compared and collated with the information generated from the face image obtained by imaging the area including the face of the person to be authenticated and the authentication information registered in advance. A technique for user authentication of an image forming apparatus using an image has been proposed (see Patent Document 1).

However, in the technology disclosed in Patent Document 1, user authentication by face authentication using a camera is inferior in accuracy to wireless authentication using a commonly used IC card or the like, and the time required for the authentication process is longer. There was a problem that it was big.

The present invention has been made in view of the above, and provides an information processing system, an information processing device, an authentication method and a program capable of improving the accuracy of authentication processing and reducing the processing time. The purpose.

In order to solve the above-mentioned problems and achieve the object, the present invention is an information processing system, the first storage unit for storing the first related information about one or more users, and one or more. A second storage unit that stores a second related information about the user, a wireless communication unit that acquires specific information from a wireless tag, and whether the specific information is included with reference to the first related information. If it is determined whether or not the specific information is included, it is determined whether or not the specific information is included by referring to the second related information, and the specific information is the first related information or. When it is included in at least one of the second related information, the first authentication unit that permits the first authentication for the wireless tag and the image pickup device are made to image the user, and the user is included. The imaging unit that acquires the image and the second authentication for the user included in the image acquired by the imaging unit are executed in parallel with the first authentication by the first authentication unit, and the first authentication is performed. It is determined whether or not the feature information of the image is included by referring to the related information of the image, and if the feature information of the image is not included, whether or not the feature information of the image is included by referring to the second related information. When the feature information of the image is included in at least one of the first related information and the second related information, the second authentication is performed for the user included in the image. In the second authentication unit, the identification information in the first related information or the second related information of the user of the wireless tag authorized in the first authentication, and the second authentication. the identification information in the related information or related information of the second first authorized user, if but is identification information of the same user, devices that allow the use of the information processing apparatus to said user It is characterized by having a certification unit.

According to the present invention, the accuracy of the authentication process can be improved and the process time can be reduced.

FIG. 1 is a diagram showing an example of a configuration of an information processing system according to the first embodiment. FIG. 2 is a diagram showing an example of the detection range of the RFID tag reader and the detection range of the moving body sensor. FIG. 3 is a diagram showing an example of the hardware configuration of the image forming apparatus according to the first embodiment. FIG. 4 is a diagram showing an example of a software configuration of the image forming apparatus according to the first embodiment. FIG. 5 is a diagram showing an example of the functional configuration of the image forming apparatus according to the first embodiment. FIG. 6 is a diagram showing an example of user information according to the first embodiment. FIG. 7 is a diagram showing another example of user information according to the first embodiment. FIG. 8 is a flowchart showing an outline of the wireless authentication process of the image forming apparatus according to the first embodiment. FIG. 9 is a flowchart showing an outline of the image authentication process of the image forming apparatus according to the first embodiment. FIG. 10 is a diagram for explaining image authentication according to the first embodiment. FIG. 11 is a flowchart showing an outline of the authentication process of the image forming apparatus according to the first embodiment. FIG. 12 is a sequence diagram showing details of the wireless authentication process of the image forming apparatus according to the first embodiment. FIG. 13 is a sequence diagram showing details of the image authentication process following the wireless authentication process of the image forming apparatus according to the first embodiment. FIG. 14 is a flowchart showing an outline of the authentication process of the image forming apparatus according to the second embodiment. FIG. 15 is a sequence diagram showing details of the authentication process of the image forming apparatus according to the second embodiment.

[First Embodiment]
Hereinafter, the first embodiment will be described with reference to FIGS. 1 to 13.

(System configuration)
FIG. 1 is a diagram showing an example of a configuration of an information processing system according to the first embodiment. The configuration of the information processing system 100 according to the present embodiment will be described with reference to FIG.

As shown in FIG. 1, the information processing system 100 includes an image forming apparatus 101 and an RFID (Radio Frequency Identification) tag 105 possessed by the user 106.

The image forming apparatus 101 is, for example, an image forming apparatus such as an MFP, a copying machine, a printer, a fax apparatus, or a scanner apparatus, and is an example of the "information processing apparatus" of the present invention. Here, the MFP is a multifunction device having at least two functions of a copy function, a printer function, a scanner function, and a facsimile function. The image forming apparatus 101 identifies the wireless tag ID and the like from the camera 102 that captures an image and the RFID tag 105 (an example of the wireless tag) within a predetermined range (for example, the wireless detection range 202 shown in FIG. 2 described later). It is provided with an RFID tag reader 103 that receives the information of the above, and a mobile sensor 104 that detects a mobile body (user 106, etc.). Here, RFID is a technique for performing short-range wireless communication using electromagnetic waves, radio waves, or the like between an RFID tag 105 that stores specific information such as a wireless tag ID and an RFID tag reader 103. This is an example of wireless communication.

The camera 102 is, for example, an imaging device installed so that the captured image includes a user 106 who uses the image forming apparatus 101.

The RFID tag reader 103 is, for example, a device that, when the RFID tag 105 is a passive tag, radiates radio waves into a predetermined detection range (radio detection range 202) described later and receives specific information from the RFID tag 105. When the RFID tag 105 receives the radio wave radiated from the RFID tag reader 103, the RFID tag 105 operates using the received radio wave as electric power, and transmits specific information such as a radio tag ID stored in advance to the RFID tag reader 103. As the RFID tag reader 103, for example, a RFID tag reader 103 having a frequency used in the 920 [MHz] band and a transmission output of 250 [mW] or less can be adopted. When a plurality of RFID tags 105 are present within the detection range, the RFID tag reader 103 can receive specific information such as a wireless tag ID from each RFID tag 105.

The passive tag is a tag for RFID that operates using radio waves from an RFID tag reader as an energy source, and does not require a built-in battery. The passive tag antenna reflects a part of the radio wave from the RFID tag reader, and returns information such as the wireless tag ID on the reflected wave. Since the intensity of this reflection is very small, the passive tag has a shorter communication distance than the active tag that transmits radio waves by the power of its own device, but it is inexpensive and operates almost permanently.

The moving body sensor 104 is a pyroelectric sensor or the like that detects a moving body (user 106 or the like).

FIG. 2 is a diagram showing an example of the detection range of the RFID tag reader and the detection range of the moving body sensor. The detection range of the RFID tag reader 103, the detection range of the moving body sensor 104, and the like will be described with reference to FIG.

FIG. 2 shows the sensor detection range 201 of the mobile sensor 104, the wireless detection range 202 of the RFID tag reader 103, and the image authentication range 203 of the camera 102 when viewed from the upper surface of the image forming apparatus 101.

In the example of FIG. 2, the moving body sensor 104 is installed on the front side (lower side of FIG. 2) of the image forming device 101, and the fan-shaped sensor detection is performed on the front side (downward direction of FIG. 2) of the image forming device 101. A range 201 is formed. The sensor detection range 201 of the moving body sensor 104 targets a range of, for example, about 2 [m] from the image forming apparatus 101, and when a moving body (user 106, etc.) enters the sensor detection range 201, it moves. The presence of the moving body is detected by the body sensor 104, the image forming apparatus 101 shifts from the power saving state with low power consumption to the normal state, and the operation of the camera 102 and the RFID tag reader 103 is started.

Further, the image forming apparatus 101 has an RFID tag reader 103 such as a patch antenna inside, and a fan-shaped wireless detection range 202 is formed on the front surface (downward in FIG. 2) of the image forming apparatus 101. Has been done. Even if the wireless detection range 202 of the RFID tag reader 103 has a detection performance of, for example, about 2 [m] from the image forming apparatus 101, the communication function deteriorates due to the proximity of the RFID tag 105 and the user 106. Actually, the detection range is about 1 [m]. The radio detection range 202 is formed by radiating radio waves from the RFID tag reader 103 in order to receive predetermined information (for example, radio tag ID) from the RFID tag 105. Then, when the user 106 holding the RFID tag 105 enters the wireless detection range 202, the specific information stored in the RFID tag 105 is automatically transmitted to the image forming apparatus 101.

Further, FIG. 2 shows an image authentication range 203, which is an imaging range in which face authentication can be performed from an image captured by the camera 102.

In the present embodiment, the image forming apparatus 101 stores the user information registered in advance as described later, and is registered in advance in the storage unit of the wireless tag ID received from the RFID tag 105 and the image forming apparatus 101. The RFID tag 105 is authenticated (hereinafter, may be referred to as "wireless authentication") based on the user information. Further, the image forming apparatus 101 includes, for example, a face image of the user 106 included in the image captured by the camera 102 and information associated with the wireless tag ID held at the time of wireless authentication (“record information” described later). Based on the above, the user 106 captured in the image is authenticated (hereinafter, may be referred to as "image authentication"). Further, in the image forming apparatus 101, when the record information including the wireless tag ID of the RFID tag 105 that has been wirelessly authenticated at the time of image authentication includes the characteristic information of the user extracted from the face image of the user 106. , Perform login authentication (hereinafter, may be referred to as "device authentication") that permits the use of the image forming apparatus 101 of the user 106.

As described above, the image forming apparatus 101 permits the login of the user who is permitted to perform both the wireless authentication using the RFID tag 105 and the image authentication using the face image captured by the camera 102. As a result, according to the image forming apparatus 101 according to the present embodiment, the user 106 of the image forming apparatus 101 only possesses the RFID tag 105, and authenticates the authentication method using the captured image such as image authentication. It becomes possible to improve the accuracy of.

The system configuration in FIG. 1 is just an example. For example, in FIG. 1, the image forming apparatus 101 is shown as an example of the information processing apparatus, but the present invention is not limited to this, and the information processing apparatus is a PC having the same user authentication function as the image forming apparatus 101. (Personal Computer), a tablet terminal, a smartphone, a game machine, a video conferencing device, or the like.

Further, the camera 102, the RFID tag reader 103, the moving body sensor 104, and the like may be externally attached.

Further, the RFID tag 105 may be an RFID active tag, a semi-active tag, or the like. The RFID tag 105 is an example of a wireless tag. The wireless tag may be a wireless terminal that communicates by a short-range wireless system different from RFID (for example, Bluetooth (registered trademark) Low Energy (hereinafter referred to as “BLE”) or NFC (Near Field Communication)). Good. Further, instead of the wireless tag, a mobile terminal or the like equipped with the wireless tag or the like may be used.

Further, the image authentication uses an image of the user, but is not limited to this, and various authentications for authenticating the user by using the feature information indicating the characteristics of the user's living body. It may be a method (eg, fingerprint authentication, iris authentication, vein authentication, etc.).

(Hardware configuration)
FIG. 3 is a diagram showing an example of the hardware configuration of the image forming apparatus according to the first embodiment. The hardware configuration of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG.

As shown in FIG. 3, the image forming apparatus 101 includes a main body 310 (second apparatus) that realizes various image forming functions such as a copy function, a scanner function, a fax function, and a printer function, and a user. It includes an operation unit 330 (first device) that accepts operations. Here, accepting a user's operation is a concept including accepting information (including a signal indicating a coordinate value of a screen) input in response to the user's operation.

The main body 310 and the operation unit 330 are connected to each other so as to be able to communicate with each other via a dedicated communication path 350. As the communication path 350, for example, a USB (Universal Serial Bus) standard can be used, but the communication path 350 is not limited to this, and may be any standard regardless of whether it is wired or wireless. The main body 310 performs an operation according to the operation received by the operation unit 330. Further, the main body 310 can also communicate with an external device such as a client PC, and can perform an operation according to an instruction received from the external device.

<Hardware configuration of the main unit>
As shown in FIG. 3, the main body 310 includes a CPU (Central Processing Unit) 311, a ROM (Read Only Memory) 312, a RAM (Random Access Memory) 313, a storage 314, and a communication I / F (Interface) 315. It has a connection I / F 316, an engine unit 317, a moving body sensor 318, and a system bus 319.

The CPU 311 comprehensively controls the operation of the main body 310. The CPU 311 controls the operation of the entire main body 310 by executing a program stored in the ROM 312 or the storage 314 or the like using the RAM 313 as a work area (work area). For example, the CPU 311 realizes various functions such as the above-mentioned copy function, scanner function, fax function, and printer function.

The ROM 312 is, for example, a non-volatile memory that stores a BIOS (Basic Input / Output System) executed when the main body 310 is started, various settings, and the like. The RAM 313 is a volatile memory used as a work area or the like of the CPU 311. The storage 314 is, for example, a non-volatile storage device that stores an OS (Operating System), an application program, various data, and the like. The storage 314 is composed of, for example, an HDD (Hard Disk Drive) or an SSD (Solid State Drive).

The communication I / F 315 is a network interface for connecting the main body 310 to the network 360 and communicating with an external device connected to the network 360. The connection I / F 316 is an interface for communicating with the operation unit 330 via the communication path 350.

The engine unit 317 is hardware that performs general-purpose information processing and processing other than communication in order to realize functions such as a copy function, a scanner function, a fax function, and a printer function. The engine unit 317 includes, for example, a scanner unit that scans and reads an image of a document, a plotter unit that prints on a sheet material such as paper, and a fax unit that performs fax communication. The engine unit 317 may include a finisher for sorting printed sheet materials, or a specific option such as an ADF (Auto Document Feeder) for automatically feeding documents.

The moving body sensor 318 is a sensor that detects a moving body (user or the like) within the detection range (sensor detection range 201 shown in FIG. 2) around the image forming apparatus 101. The moving body sensor 318 is composed of, for example, a pyroelectric sensor or the like. The moving body sensor 318 corresponds to the moving body sensor 104 shown in FIG.

The system bus 319 is a transmission line that connects the above-mentioned components to each other and transmits an address signal, a data signal, various control signals, and the like.

<Hardware configuration of operation unit>
As shown in FIG. 3, the operation unit 330 includes a CPU 331, a ROM 332, a RAM 333, a flash memory 334, a communication I / F 335, an operation panel 336, a connection I / F 337, and an external connection I / F 338. It has a short-range wireless communication device 339, a camera 340 (imaging device), and a system bus 341.

The CPU 331 comprehensively controls the operation of the operation unit 330. The CPU 331 controls the operation of the entire operation unit 330 by executing a program stored in the ROM 332, the flash memory 334, or the like with the RAM 333 as a work area (work area). For example, the CPU 331 realizes various functions such as displaying information (image) corresponding to the input received from the user on the operation panel 336.

The ROM 332 is, for example, a non-volatile memory that stores the BIOS executed when the operation unit 330 is started, various settings, and the like. The RAM 333 is a volatile memory used as a work area or the like of the CPU 331. The flash memory 334 is, for example, a non-volatile storage device that stores an OS, an application program, various data, and the like.

The communication I / F 335 is a network interface for connecting the operation unit 330 to the network 360 and communicating with an external device connected to the network 360.

The operation panel 336 accepts various inputs according to the user's operation, and also receives various information (for example, information according to the received operation, information indicating the operation status of the image forming apparatus 101, setting information, etc.). It is a device having an input function and a display function for displaying. The operation panel 336 is composed of, for example, a liquid crystal display device (LCD: Liquid Crystal Display) equipped with a touch panel function. The operation panel 336 is not limited to the liquid crystal display device, and may be composed of, for example, an organic EL (Electro-Luminence) display device equipped with a touch panel function. Further, the operation panel 336 may be provided with an operation unit such as a hardware key or a display unit such as a lamp in addition to or in place of the touch panel function.

The connection I / F 337 is an interface for communicating with the main body 310 via the communication path 350. The external connection I / F 338 is an interface such as USB for connecting an external device.

The short-range wireless communication device 339 is a short-range wireless device for communicating with a wireless tag within a predetermined range (radio detection range 202 shown in FIG. 2) by short-range wireless communication. The short-range wireless communication device 339 receives specific information from, for example, the RFID tag reader 103 shown in FIG. 1 and the RFID tag 105 that returns a response to the radiated radio wave. The short-range wireless communication device 339 may be a short-range wireless device that performs short-range wireless communication such as BLE or NFC described above.

The camera 340 is an imaging device that captures an image within a predetermined imaging range (image authentication range 203 shown in FIG. 2). The camera 340 corresponds to the camera 102 shown in FIG.

The system bus 341 is a transmission line that connects the above-mentioned components to each other and transmits an address signal, a data signal, various control signals, and the like.

(Software configuration)
FIG. 4 is a diagram showing an example of a software configuration of the image forming apparatus according to the first embodiment. The software configuration of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG.

As shown in FIG. 4, the main body 310 of the image forming apparatus 101 includes an application layer 411, a service layer 412, and an OS layer 413. The substance of the application layer 411, the service layer 412, and the OS layer 413 is various software stored in the ROM 312, the storage 314, or the like. When the CPU 311 executes these software (programs), various functions of the main body 310 are provided.

The application layer 411 is application software (hereinafter, may be simply referred to as an “application”) for operating a hardware resource to provide a predetermined function. Examples of the application include a copy application for providing a copy function, a scanner application for providing a scanner function, a fax application for providing a fax function, a printer application for providing a printer function, and the like.

The service layer 412 is software that intervenes between the application layer 411 and the OS layer 413 and provides an interface for using the hardware resources of the main body 310 to the application of the application layer 411. Specifically, the service layer 412 provides a function of receiving an operation request for a hardware resource and arbitrating the operation request. Examples of the operation request received by the service layer 412 include a request such as reading by a scanner and printing by a plotter. The interface function by the service layer 412 is provided not only to the application layer 411 of the main body 310 but also to the application layer 431 of the operation unit 330. That is, the application layer 431 of the operation unit 330 can also realize a function using the hardware resources of the main body 310 (for example, the engine unit 317) through the interface function of the service layer 412 of the main body 310.

The OS layer 413 is basic software (operating system) for providing basic functions for controlling the hardware included in the main body 310. The service layer 412 converts the usage request of the hardware resource from various applications into a command that can be interpreted by the OS layer 413 and passes it to the OS layer 413. Then, when the command is executed by the OS layer 413, the hardware resource operates according to the request of the application.

As shown in FIG. 4, the operation unit 330 of the image forming apparatus 101 includes an application layer 431, a service layer 432, and an OS layer 433. The application layer 431, the service layer 432, and the OS layer 433 included in the operation unit 330 also have the same hierarchical structure as the main body 310 side. However, the functions provided by the application of the application layer 431 and the types of operation requests that the service layer 432 can accept are different from those of the main body 310 side.

The application of the application layer 431 may be software for operating the hardware resources included in the operation unit 330 to provide a predetermined function, but is mainly a UI for performing operations and displays related to the functions provided in the main body 310. (User Interface) function is provided. Further, the application of the application layer 431 provides an authentication function using the short-range wireless communication device 339 included in the operation unit 330, the camera 340, and the like.

In the present embodiment, the software of the OS layer 413 on the main body 310 side and the software of the OS layer 433 on the operation unit 330 side are different from each other in order to maintain the independence of the functions. That is, the main body 310 and the operation unit 330 operate independently of each other by different operating systems. For example, Linux (registered trademark) can be used as the software of the OS layer 413 on the main body 310 side, and Android (registered trademark) can be used as the software of the OS layer 433 on the operation unit 330 side.

As described above, in the image forming apparatus 101 of the present embodiment, since the main body 310 and the operation unit 330 operate in different operating systems, the communication between the main body 310 and the operation unit 330 is in a common device. It is performed as communication between different devices, not as interprocess communication. The operation of transmitting the information received by the operation unit 330 (contents of the operation instruction from the user) to the main body 310 (command communication), the operation of the main body 310 transmitting the information to the operation unit 330, and the like correspond to this. Here, the function of the main body 310 can be used by the operation unit 330 performing command communication to the main body 310. Further, the information transmitted from the main body 310 to the operation unit 330 includes, for example, the execution status of the operation in the main body 310, the contents set on the main body 310 side, and the like. Further, in the present embodiment, since the power supply to the operation unit 330 is performed from the main body 310 via the communication path 350, the power control of the operation unit 330 is separated from the power control of the main body 310 (independently). Can be done.

(Functional configuration)
FIG. 5 is a diagram showing an example of the functional configuration of the image forming apparatus according to the first embodiment. The functional configuration of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG.

<Functional configuration of the main unit>
As shown in FIG. 5, the main body 310 of the image forming apparatus 101 includes a moving body detecting unit 501 (detecting unit), a power state control unit 502, an image forming unit 503, and a storage unit 504 (second storage unit). And a communication unit 505.

The moving body detection unit 501 is a functional unit that detects a moving body (user 106 in the example of FIG. 1) within the detection range around the image forming apparatus 101 by using the moving body sensor 318. The moving body detection unit 501 is realized by, for example, a program that operates on the CPU 311 shown in FIG. When the moving body detection unit 501 detects a moving body within the detection range, the moving body detecting unit 501 notifies the power state control unit 502 of the detection information.

The power state control unit 502 is a functional unit that controls the power state of the main body 310 and the operation unit 330. The power state control unit 502 is realized by, for example, a program that operates on the CPU 311 shown in FIG. When the image forming apparatus 101 is not used for more than a preset time, the power state control unit 502 shifts the image forming apparatus 101 to a power saving state in which power consumption is less than that in a normal state capable of performing image forming processing. Migrate. In the power saving state, the power consumption can be reduced by, for example, stopping a part of the functions of the operation unit 330 and the functions of the engine unit 317 of the main body 310. Further, when the power state control unit 502 receives the detection information of detecting the moving body from the moving body detection unit 501 while the image forming apparatus 101 is in the power saving state, the main body 310 is operated normally from the power saving state. Return to the possible normal state. Further, the power state control unit 502 returns the operation unit 330 from the power saving state to the normal state by notifying the operation unit 330 of the return command via the communication path 350.

The image forming unit 503 is a functional unit that executes various image forming functions (for example, a printer function, a copy function, a scanner function, a fax function, etc.) included in the image forming apparatus 101. The image forming unit 503 is realized by, for example, a program running on the engine unit 317 shown in FIG. 3 and the CPU 311 shown in FIG.

The storage unit 504 is a functional unit that stores various information such as user information A506 (an example of a second related information) including information indicating a user of the image forming apparatus 101 registered in advance. The storage unit 504 is realized, for example, by a program running on the storage 314 shown in FIG. 3 and the CPU 311 shown in FIG.

The communication unit 505 is a functional unit that communicates with the operation unit 330. The communication unit 505 is realized by, for example, the connection I / F 316 shown in FIG. 3 and a program running on the CPU 311 shown in FIG.

The moving body detection unit 501, the power state control unit 502, the image forming unit 503, the storage unit 504, and the communication unit 505 of the main body 310 shown in FIG. 5 conceptually show their functions. It is not limited to the configuration. For example, a plurality of functional units illustrated as independent functional units in the main body 310 shown in FIG. 5 may be configured as one functional unit. On the other hand, the function of one functional unit in the main body 310 shown in FIG. 5 may be divided into a plurality of functions and configured as a plurality of functional units.

Further, a part or all of the moving body detection unit 501, the power state control unit 502, and the image forming unit 503 of the main body 310 are not programs that are software, but are FPGA (Field-Programmable Gate Array) or ASIC (Application Special Integrated Circuit). ) Etc. may be realized by a hardware circuit.

<Functional configuration of the operation unit>
As shown in FIG. 5, the operation unit 330 of the image forming apparatus 101 includes a wireless communication unit 511, a wireless authentication unit 512 (first authentication unit), an imaging unit 513, a feature information extraction unit 514, and image authentication. It has a unit 515 (second authentication unit), an authentication unit 516 (device authentication unit), a user information management unit 517, a storage unit 518 (first storage unit), and a communication unit 519.

The wireless communication unit 511 is a functional unit that receives specific information from a wireless tag within a predetermined range by short-range wireless communication using a short-range wireless communication device 339. The wireless communication unit 511 is realized by, for example, a program that operates on the short-range wireless communication device 339 shown in FIG. 3 and the CPU 331 shown in FIG. The wireless communication unit 511 receives specific information such as a wireless tag ID from the RFID tag 105 within the wireless detection range 202 shown in FIG. 2, for example. When a plurality of RFID tags 105 are present in the wireless detection range 202, the wireless communication unit 511 can receive specific information such as a wireless tag ID from each RFID tag 105.

The wireless authentication unit 512 is a functional unit that authenticates the wireless tag that has transmitted the specific information based on the specific information received by the wireless communication unit 511 and the user information registered in advance. The wireless authentication unit 512 is realized by, for example, a program that operates on the CPU 331 shown in FIG. The wireless authentication unit 512 uses the RFID tag 105 based on the wireless tag ID of the RFID tag 105 received by the wireless communication unit 511 and the user information (user information a520 or user information A506 described later) registered in advance. Authentication (wireless authentication) (first authentication) is performed. The wireless authentication unit 512 permits authentication of the RFID tag 105 when the wireless tag ID of the RFID tag 105 received by the wireless communication unit 511 is included in the user information registered in advance. In addition, the wireless authentication unit 512 holds record information (hereinafter, may be referred to as “record information”) including the wireless tag ID of the RFID tag 105 for which authentication is permitted among the user information. Further, when the wireless authentication unit 512 receives the wireless tag IDs from the plurality of RFID tags 105 by the wireless communication unit 511, the wireless authentication unit 512 sequentially performs wireless authentication for the plurality of wireless tag IDs and holds the corresponding record information. It should be.

The image capturing unit 513 is a functional unit that captures an image using the camera 340. The imaging unit 513 is realized by, for example, a program that operates on the CPU 331 shown in FIG. The image capturing unit 513 acquires an captured image of the user 106 in front of the image forming apparatus 101 by causing the camera 340 to capture an image in front of the image forming apparatus 101.

The feature information extraction unit 514 has a function of extracting the face image and the feature information of the face image (an example of the feature information of the user) when the image (captured image) captured by the image pickup unit 513 includes the face image. It is a department. The feature information extraction unit 514 is realized by, for example, a program running on the CPU 331 shown in FIG. The feature information of the face image includes, for example, information such as the shape and relative position of each part such as the contour of the face, eyes, nose, chin, and cheekbones. As a method for detecting a face image in an image captured by such a feature information extraction unit 514, a face detection method based on a known Har-like feature can be applied.

The image authentication unit 515 is a functional unit that authenticates the user included in the image captured by the image pickup unit 513 based on the image captured by the image pickup unit 513 and the record information held by the wireless authentication unit 512. Is. The image authentication unit 515 is realized by, for example, a program that operates on the CPU 331 shown in FIG. Whether the image authentication unit 515 includes the feature information of the user's face image extracted by the feature information extraction unit 514 from the image captured by the image pickup unit 513 in the record information held by the wireless authentication unit 512. Depending on whether or not, the image authentication (second authentication) of the user included in the image is performed. When the feature information of the face image extracted by the feature information extraction unit 514 is included in the record information held by the wireless authentication unit 512, the image authentication unit 515 permits the authentication of the user included in the image. To do. Further, the image authentication unit 515 outputs the result of the image authentication to the authentication unit 516.

In the present embodiment, the image authentication unit 515 may perform image authentication of the user by using a known face authentication technique (see, for example, Japanese Patent Application Laid-Open No. 2015-055178). Further, the image authentication unit 515 performs various known image authentication methods (for example, fingerprints) that authenticate the user based on the characteristic information indicating the characteristics of the user's living body included in the image captured by the image pickup unit 513. The user may be authenticated by authentication, iris authentication, vein authentication, etc.).

The authentication unit 516 is a functional unit that performs login authentication (device authentication) of the user based on the result of the image authentication by the image authentication unit 515 after the wireless authentication is permitted by the wireless authentication unit 512. The authentication unit 516 is realized by, for example, a program running on the CPU 331 shown in FIG.

The user information management unit 517 is a functional unit that manages the user information a520 (an example of the first related information) stored in the storage unit 518. The user information management unit 517 is realized by, for example, a program running on the CPU 331 shown in FIG.

The storage unit 518 is a functional unit that stores various types of information such as user information a520 including information indicating a user of the image forming apparatus 101. The storage unit 518 is realized by, for example, a program running on the RAM 333 and the flash memory 334 shown in FIG. 3, and the CPU 331 shown in FIG. That is, the read speed from the storage unit 518 is faster than the read speed from the storage unit 504 by the HDD or SSD of the main body 310 described above.

The communication unit 519 is a functional unit that communicates with the main body 310. The communication unit 519 is realized by, for example, the connection I / F 337 shown in FIG. 3 and a program running on the CPU 331 shown in FIG.

The wireless communication unit 511, wireless authentication unit 512, imaging unit 513, feature information extraction unit 514, image authentication unit 515, authentication unit 516, user information management unit 517, storage unit 518 and the operation unit 330 shown in FIG. The communication unit 519 conceptually shows the function, and is not limited to such a configuration. For example, a plurality of functional units illustrated as independent functional units in the operation unit 330 shown in FIG. 5 may be configured as one functional unit. On the other hand, the operation unit 330 shown in FIG. 5 may divide the function of one functional unit into a plurality of functions and configure the operation unit 330 as a plurality of functional units.

Further, a part or all of the wireless communication unit 511, the wireless authentication unit 512, the imaging unit 513, the feature information extraction unit 514, the image authentication unit 515, the authentication unit 516, and the user information management unit 517 of the operation unit 330 are software. It may be realized by a hardware circuit such as FPGA or ASIC instead of a certain program.

Further, each functional unit included in the main body 310 and the operation unit 330 of the image forming apparatus 101 is not limited to being included in the main body 310 or the operation unit 330 in the configuration as shown in FIG. For example, in the example shown in FIG. 5, the authentication unit 516 is included in the operation unit 330, but the present invention is not limited to this, and the authentication unit 516 may be included in the main body 310. In this case, the image authentication unit 515 notifies the authentication unit 516 of the authentication result of the image authentication unit 515 via the communication path 350. In addition, the authentication unit 516 authenticates the user (device authentication) based on the authentication result of the image authentication unit 515 received via the communication path 350. Further, for example, in the example shown in FIG. 5, the moving body detection unit 501 is included in the main body 310, but the present invention is not limited to this, and the structure may be included in the operation unit 330.

(Structure of user information)
FIG. 6 is a diagram showing an example of user information according to the first embodiment. FIG. 7 is a diagram showing another example of user information according to the first embodiment. The data structure of the user information a520 stored in the storage unit 518 of the operation unit 330 will be described with reference to FIGS. 6 and 7.

The user information a520 shown in FIG. 6 is an example of user information registered (stored) in advance in the storage unit 518 of the operation unit 330. In the example of FIG. 6, the user information a520 includes, for example, "user number", "name", "email address", "login ID", "login password", "wireless tag ID", and "user's". Information such as "feature information" is included as a record associated with each other.

The "user number" is, for example, a serial number assigned when each user's information is registered in the user information a520, an identification number unique to each user's data, or the like, and is a user. This is an example of unique identification information (user identification information) for each. Further, the "user number" may be user identification information such as an employee ID or the like.

The "name" is the name of the user. The "email address" is the user's email address. The "login ID" and "login password" are examples of authentication information for the user to log in to the image forming apparatus 101.

The "wireless tag ID" is identification information such as a tag ID indicating the RFID tag 105 transmitted by the RFID tag 105 possessed by each user, and is represented by, for example, an 8-digit number. The "wireless tag ID" is an example of specific information transmitted from the RFID tag 105, and the specific information may include information other than numbers, for example, user identification information and the like. ..

"User feature information" is feature information about the user's face of the image forming apparatus 101, such as the shape and relative position of each part such as the contour of the face, eyes, nose, chin, and cheekbone. Is. The data format of the "user feature information" shown in FIG. 6 is an example, and may be any format. "User characteristic information" needs to be acquired in advance for each user and registered in user information a520 or user information A506.

In the user information a520 shown in FIG. 6, for example, when the data type is "data 2", the user number is "101002", the name is "BBBB", the e-mail address is "bbbb@bbbb.ccc", and the login. The ID is "BB_BB", the login password is "abcdef", the wireless tag ID is "00535213", and the user's characteristic information is "{56,111, -3, ..., -120, 47, 208}". , Each information is associated and stored.

For example, about 300 to 1800 user information a520 as shown in FIG. 6 can be stored in the storage unit 518 of the operation unit 330. For example, the user information management unit 517 of the operation unit 330 stores at least a part of the records of the user information A506 stored in the storage unit 504 of the main body 310 in the storage unit 518 of the operation unit 330, and the user information a520. It is stored (cached) as. Some records of the user information A506 cached in the user information a520 include, for example, a record corresponding to a user who frequently authenticates the image forming apparatus 101, or a user having a high priority. Records to be used can be mentioned. As a result, the wireless authentication unit 512 and the image authentication unit 515 first refer to the user information a520 stored in the storage unit 518 of the operation unit 330, and thereby the user information stored in the storage unit 504 of the main body 310. It will be possible to read faster than when referring to A506.

In addition to or instead of the user information a520, the storage unit 518 may store the user information 801 and 802 shown in FIG. 7. The user information 801 shown in FIG. 7A includes the above-mentioned "wireless tag ID" and a "user ID" which is an example of identification information (user identification information) unique to each user. It is associated and remembered. The wireless authentication unit 512 can authenticate the RFID tag 105 (wireless authentication) if there is at least the information shown in the user information 801. For example, the wireless authentication unit 512 permits the authentication of the RFID tag 105 when the wireless tag ID of the RFID tag 105 received by the wireless communication unit 511 is included in the user information 801. Then, the wireless authentication unit 512 holds the record information including the wireless tag ID of the RFID tag 105 for which authentication is permitted among the user information 801.

In the user information 802 shown in FIG. 7B, the "user ID" and the above-mentioned "characteristic information of the user" are stored in association with each other. For example, the image authentication unit 515 has the same user ID as the user ID in which the feature information of the user's face image extracted by the feature information extraction unit 514 is included in the record information held by the wireless authentication unit 512. If it is included in the record in the user information 802 including, the user is allowed to authenticate. Then, the image authentication unit 515 outputs the result of the image authentication to the authentication unit 516.

Note that the user information a520 and the user information 801 and 802 shown in FIGS. 6 and 7 are all table-type information in which record information is aggregated, but the information is not limited to this, and the user information of each field is not limited to this. The information may be in any form as long as the values can be managed in association with each other. For example, the records constituting the user information a520 and the user information 801 and 802 shown in FIGS. 6 and 7 may be stored as a file such as a text file for one user.

(Overview of wireless authentication processing flow)
FIG. 8 is a flowchart showing an outline of the wireless authentication process of the image forming apparatus according to the first embodiment. An outline of the flow of the wireless authentication process of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG.

<Step S101>
First, the wireless communication unit 511 receives identification information (radio tag ID) from a wireless tag (RFID tag 105) within a predetermined range (for example, the wireless detection range 202 shown in FIG. 2). When the wireless communication unit 511 receives the identification information (step S101: Yes), the process proceeds to step S102, and when the wireless communication unit 511 cannot receive the identification information (step S101: No), the reception is performed again.

<Step S102>
The wireless authentication unit 512 transmits specific information (wireless tag ID) based on the identification information received by the wireless communication unit 511 and the user information (user information a520 or user information A506) registered in advance. Authenticate the wireless tag (RFID tag 105). Specifically, the wireless authentication unit 512 authenticates the RFID tag 105 based on the wireless tag ID of the RFID tag 105 received by the wireless communication unit 511 and the user information a520 or the user information A506 registered in advance (). Wireless authentication). When the wireless tag ID of the RFID tag 105 received by the wireless communication unit 511 is included in the user information a520 or the user information A506, the wireless authentication unit 512 permits the authentication of the RFID tag 105. At this time, the wireless authentication unit 512 first refers to the user information a520 stored in the storage unit 518 of the operation unit 330, and if the user information a520 does not have a record including the wireless tag ID of the RFID tag 105, the main body Refer to the user information A506 stored in the storage unit 504 of 310. Then, the wireless authentication unit 512 holds the record information including the wireless tag ID of the RFID tag 105 that has been authenticated (the authentication result is "OK").

On the other hand, the wireless authentication unit 512 does not allow the authentication of the RFID tag 105 when the wireless tag ID received by the wireless communication unit 511 is not included in the user information a520 or the user information A506. Then, the process proceeds to step S103.

<Step S103>
When the authentication of the RFID tag 105 is permitted as a result of the wireless authentication by the wireless authentication unit 512 (when the authentication result is "OK") (step S103: Yes), the process proceeds to step S104. On the other hand, when the authentication of the RFID tag 105 is not permitted (when the authentication result is not "OK") (step S103: No), the process returns to step S101 and the same process is repeated.

<Step S104>
The wireless authentication unit 512 outputs the record information including the wireless tag ID of the RFID tag 105 that has been permitted to be authenticated to the image authentication unit 515. At this time, the wireless authentication unit 512 displays the record information including the wireless tag ID of the RFID tag 105 that has been authenticated and the information indicating that the authentication has been permitted (the authentication result is "OK"). It may be output to the authentication unit 515. Further, in step S103 described above, when the authentication is not permitted, the wireless authentication unit 512 outputs information indicating that the authentication is not permitted (the authentication result is "NG") to the image authentication unit 515. There may be.

By the operation of the above steps S101 to S104, the wireless authentication process is executed by the image forming apparatus 101.

(Overview of the flow of image authentication processing)
FIG. 9 is a flowchart showing an outline of the image authentication process of the image forming apparatus according to the first embodiment. FIG. 10 is a diagram for explaining image authentication according to the first embodiment. An outline of the flow of the image authentication process of the image forming apparatus 101 according to the present embodiment will be described with reference to FIGS. 9 and 10.

<Step S201>
The image pickup unit 513 uses the camera 340 to take an image toward the front image pickup range (for example, the image authentication range 203 shown in FIG. 2), and acquires the captured image. An example of the captured image acquired at this time is shown in FIG. 10 (a). The captured image 1001 shown in FIG. 10A includes a user 1002 in front of the image forming apparatus 101. As described above, the camera 340 is installed so that the user in front of the image forming apparatus 101 is included in the captured image 1001. Then, the process proceeds to step S202.

<Step S202>
The feature information extraction unit 514 detects a face image (face image) from the captured image acquired by the imaging unit 513. An example of the face image detected at this time is shown in FIG. 10 (b). The feature information extraction unit 514 extracts parts such as the contour 1004 of the user's face, the eyes 1005, and the nose 1006 from the captured image 1001 captured by the camera 340, and uses, for example, a known pattern matching technique or the like. It is used to detect the user's face image 1003. Then, the process proceeds to step S203.

<Step S203>
When the face image 1003 is detected from the captured image 1001 by the feature information extraction unit 514 (step S203: Yes), the process proceeds to step S204. On the other hand, when the face image 1003 is not detected from the captured image 1001 by the feature information extraction unit 514 (step S203: No), the process returns to step S201 and the same process is repeated.

<Step S204>
The image authentication unit 515 performs authentication (image authentication) using the detected face image. Various known face recognition techniques (see, for example, Japanese Patent Application Laid-Open No. 2015-305178) can be applied to the image recognition process. Here, only an outline will be described with respect to an example.

For example, the "user feature information" of the user information a520 and the user information A506 includes facial contours, eyes, nose, chin, etc. acquired in advance for each user who is permitted to use the image forming apparatus 101. It also contains information such as the shape and relative position of each part such as the cheekbone. Further, the feature information extraction unit 514 detects the face image 1003 included in the captured image 1001 acquired by the imaging unit 513, and extracts the user's feature information from the detected face image 1003. The image authentication unit 515 receives record information including the wireless tag ID of the RFID tag 105 for which wireless authentication is permitted from the wireless authentication unit 512. The image authentication unit 515 compares the user's characteristic information extracted by the feature information extraction unit 514 with the user's characteristic information included in the received record information, and the user included in the captured image 1001 is the user. The degree of similarity for determining whether or not the user is a registered user in the information a520 or the user information A506 is obtained. When the obtained similarity is equal to or higher than a predetermined threshold value, the image authentication unit 515 determines that the user's characteristic information extracted by the feature information extraction unit 514 matches the user's characteristic information included in the record information. , It is determined that the user included in the captured image 1001 is a user registered in the user information a520 or the user information A506, and the authentication of the user included in the captured image 1001 is permitted. On the other hand, when the obtained similarity is less than a predetermined threshold value, the image authentication unit 515 determines that the user included in the captured image 1001 is not a user registered in the user information a520 or the user information A506. Authentication of the user included in the captured image 1001 is not permitted. Then, the process proceeds to step S205.

<Step S205>
As a result of the image authentication by the image authentication unit 515, when the user authentication is permitted (when the authentication result is "OK") (step S205: Yes), the process proceeds to step S206. On the other hand, when the user authentication is not permitted (when the authentication result is not "OK") (step S205: No), the process returns to step S201 and the same process is repeated.

<Step S206>
The image authentication unit 515 outputs the result of image authentication to the authentication unit 516.

By the operation of the above steps S201 to S206, the image authentication process is executed by the image forming apparatus 101.

(Outline of authentication processing of image forming apparatus)
FIG. 11 is a flowchart showing an outline of the authentication process of the image forming apparatus according to the first embodiment. An outline of the flow of the authentication process of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG. At the start of the authentication process shown in FIG. 11, it is assumed that the image forming apparatus 101 is controlled to the power saving state described above by the power state control unit 502.

<Step S401>
When a person (user) is detected within the detection range around the image forming apparatus 101 (for example, the sensor detection range 201 shown in FIG. 2) by the moving body detection unit 501 of the main body 310 (step S401: Yes). The process proceeds to step S402. When the moving body detection unit 501 detects a person (user), the moving body detection unit 501 notifies the power state control unit 502 of the detection information. When no person is detected (step S401: No), the moving body detection unit 501 continues the human detection operation.

<Step S402>
The power state control unit 502 of the main body 310 releases the power saving state of the main body 310 and the operation unit 330. For example, the power state control unit 502 returns the operation unit 330 from the power saving state to the normal state by notifying the operation unit 330 of the return command via the communication path 350. As a result, the wireless authentication process of the wireless authentication unit 512 shown in FIG. 8 and the image authentication process by the image authentication unit 515 shown in FIG. 9 can be executed. Then, the process proceeds to step S403.

<Step S403>
The wireless communication unit 511 and the wireless authentication unit 512 of the operation unit 330 execute, for example, the wireless authentication process as shown in FIG. Here, when the user 106 having the RFID tag 105 enters the sensor detection range 201 shown in FIG. 2, is detected by the moving object detection unit 501, and then further enters the wireless detection range 202, the wireless communication unit 511 The radio waves radiated by the device enable wireless communication between the wireless communication unit 511 and the RFID tag 105.

Here, when the authentication of the RFID tag 105 is permitted by the wireless authentication process, the wireless authentication unit 512 outputs the record information including the wireless tag ID of the RFID tag 105 for which the authentication is permitted to the image authentication unit 515. Then, the process proceeds to step S404.

<Step S404>
If wireless authentication is permitted (“OK”) by the wireless authentication unit 512 (step S404: Yes), the process proceeds to step S405, and if wireless authentication is not permitted (step S404: No), the process proceeds to step S409.

<Step S405>
The image pickup unit 513, the feature information extraction unit 514, and the image authentication unit 515 of the operation unit 330 execute, for example, an image authentication process as shown in FIG. Here, the image authentication unit 515 outputs the result of the image authentication to the authentication unit 516. Then, the process proceeds to step S406.

<Step S406>
The authentication unit 516 determines whether or not the image authentication is "OK" (permission) from the result of the image authentication received from the image authentication unit 515. If image authentication is permitted (step S406: Yes), the process proceeds to step S407, and if image authentication is not permitted (step S406: No), the process proceeds to step S409.

<Step S407>
The authentication unit 516 determines whether the user of the RFID tag 105 whose wireless authentication process is "OK" (permitted) and the user whose image authentication process is "OK" (permitted) are the same user. To judge. Specifically, when the result of the image authentication received from the image authentication unit 515 indicates the permission, the authentication unit 516 determines that the users for whom the wireless authentication and the image authentication are permitted are the same user. If the users for whom wireless authentication and image authentication are permitted are the same user (step S407: Yes), the process proceeds to step S408, and if they are not the same user (step S407: No), the process proceeds to step S409.

<Step S408>
When the authentication unit 516 determines that the users for whom wireless authentication and wireless authentication are permitted are the same user, the authentication unit 516 permits the login authentication (device authentication) of the user to the image forming apparatus 101. As a result, the user can use the image forming apparatus 101.

<Step S409>
The power state control unit 502 releases the power saving state of the main body 310 and the operation unit 330 in step S402 (that is, after the moving body detection unit 501 detects a person), and then a predetermined time (for example, 5 minutes). ) Has passed or not. When the predetermined time has elapsed (step S409: Yes), the process proceeds to step S410. On the other hand, when the predetermined time has not elapsed (step S409: No), the process returns to step S403 and the same process is repeated.

<Step S410>
The power state control unit 502 shifts the main body 310 and the operation unit 330 to the power saving state. For example, the power state control unit 502 shifts the operation unit 330 from the normal state to the power saving state by notifying the operation unit 330 of the operation unit 330 via the communication path 350.

By the operation of the above steps S401 to S410, the image forming apparatus 101 executes the authentication process.

(Details of authentication process flow)
FIG. 12 is a sequence diagram showing details of the wireless authentication process of the image forming apparatus according to the first embodiment. FIG. 13 is a sequence diagram showing details of the image authentication process following the wireless authentication process of the image forming apparatus according to the first embodiment. The details of the wireless authentication process of the image forming apparatus 101 according to the present embodiment and the subsequent authentication process based on the image authentication process will be described with reference to FIGS. 12 and 13.

First, the details of the wireless authentication process of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG.

<Step S501>
The wireless communication unit 511 receives identification information (radio tag ID) from a wireless tag (RFID tag 105) within a predetermined range (for example, the wireless detection range 202 shown in FIG. 2).

<Step S502>
The wireless communication unit 511 sends the received identification information (wireless tag ID) to the wireless authentication unit 512.

<Step S503>
In order to perform wireless authentication processing on the RFID tag 105, the wireless authentication unit 512 receives information (record information) for one record of the user information a520 to the storage unit 518 that stores the user information a520. Send a record information request for.

<Step S504>
The wireless authentication unit 512 receives information (record information) for one record of the user information a520 from the storage unit 518.

<Step S505>
The wireless authentication unit 512 determines whether or not the wireless tag ID of the RFID tag 105 received by the wireless communication unit 511 matches the wireless tag ID included in the received record information. If they match, the process proceeds to step S506, and if they do not match, the process returns to step S503, and the wireless authentication unit 512 receives new record information (the record information next to the previously received record information) from the storage unit 518, and the same is true. Perform processing.

<Step S506>
In the wireless authentication unit 512, when the wireless tag ID of the RFID tag 105 received by the wireless communication unit 511 and the wireless tag ID included in the received record information match, that is, the wireless tag ID of the RFID tag 105 is the user. When included in the information a520, the RFID tag 105 is allowed to be authenticated. In addition, the wireless authentication unit 512 holds record information including the wireless tag ID of the RFID tag 105. Then, the wireless authentication process by the wireless authentication unit 512 ends.

If the radio authentication unit 512 cannot find the record information including the radio tag ID of the RFID tag 105 from the user information a520 in the loop processing of steps S503 to S505 described above, the loop processing is terminated and the process proceeds to step S507. Transition.

<Step S507>
The wireless authentication unit 512 receives information (record information) for one record of the user information A506 from the storage unit 504 of the main body 310 that stores the user information A506 in order to perform the wireless authentication process for the RFID tag 105. The record information request for this is sent to the communication unit 519.

<Step S508>
The communication unit 519 confirms whether or not communication with the main body 310 has been established, and if not, transmits a communication establishment request to the communication unit 505 of the main body 310 via the communication path 350. Establish communication.

<Step S509>
The communication unit 519 transmits the record information request received from the wireless authentication unit 512 to the communication unit 505 of the main body 310 via the communication path 350.

<Step S510>
The communication unit 505 transmits the record information request received from the communication unit 519 of the operation unit 330 to the storage unit 504 that stores the user information A506.

<Step S511>
The communication unit 505 receives information (record information) for one record of the user information A506 from the storage unit 504.

<Step S512>
The communication unit 505 transmits the received record information to the communication unit 519 of the operation unit 330 via the communication path 350.

<Step S513>
The communication unit 519 sends the received record information to the wireless authentication unit 512.

<Step S514>
The wireless authentication unit 512 determines whether or not the wireless tag ID of the RFID tag 105 received by the wireless communication unit 511 matches the wireless tag ID included in the received record information. If they match, the process proceeds to step S515, and if they do not match, the process returns to step S507, and the wireless authentication unit 512 receives new record information (the record information next to the previously received record information) from the storage unit 504 of the main unit 310. , Perform the same processing.

<Step S515>
In the wireless authentication unit 512, when the wireless tag ID of the RFID tag 105 received by the wireless communication unit 511 and the wireless tag ID included in the received record information match, that is, the wireless tag ID of the RFID tag 105 is the user. When included in the information A506, the RFID tag 105 is allowed to be authenticated. In addition, the wireless authentication unit 512 holds record information including the wireless tag ID of the RFID tag 105. Then, the wireless authentication process by the wireless authentication unit 512 ends.

If the record information including the wireless tag ID of the RFID tag 105 is not found in the user information A506 by the wireless authentication unit 512 in the loop processing of steps S507 to S514 described above, the loop processing is terminated and the process proceeds to step S516. Transition.

<Step S516>
When the wireless tag ID of the RFID tag 105 received by the wireless communication unit 511 and the wireless tag ID of all the record information of the received user information A506 do not match, the wireless authentication unit 512 of the RFID tag 105 If the wireless tag ID is not included in the user information A506, the RFID tag 105 is not permitted to be authenticated.

When the authentication of the RFID tag 105 is permitted in step S506 or S515 described above, the process proceeds to the image authentication process shown in FIG. Hereinafter, the details of the image authentication process following the wireless authentication process of the image forming apparatus 101 according to the present embodiment will be described with reference to FIG.

<Step S521>
The image pickup unit 513 uses the camera 340 to take an image toward the front image pickup range (for example, the image authentication range 203 shown in FIG. 2), and acquires the captured image.

<Step S522>
The imaging unit 513 sends the acquired captured image to the feature information extraction unit 514.

<Step S523>
The feature information extraction unit 514 detects a face image (face image) from the captured image acquired by the imaging unit 513. When the feature information extraction unit 514 detects a face image from the captured image, the feature information extraction unit 514 extracts the feature information of the user from the face image.

<Step S524>
The feature information extraction unit 514 sends the extracted user feature information to the image authentication unit 515.

The process of steps S521 to S524 described above may be performed in advance in parallel with the wireless authentication process shown in FIG.

<Step S525>
The image authentication unit 515 sends a request for record information including the wireless tag ID of the RFID tag 105, which is held by the wireless authentication unit 512 and has been permitted to wirelessly authenticate, to the wireless authentication unit 512.

<Step S526>
When the wireless authentication unit 512 receives the record information request, the wireless authentication unit 512 sends the held record information to the image authentication unit 515.

<Step S527>
The image authentication unit 515 compares the user's characteristic information extracted by the feature information extraction unit 514 with the user's characteristic information included in the acquired record information, and the user included in the captured image is the user information. The degree of similarity for determining whether or not the user is a registered user in a520 or user information A506 is obtained. If the similarity is equal to or greater than a predetermined threshold value, the process proceeds to step S528, and if the similarity is less than the predetermined similarity, the process proceeds to step S529.

<Step S528>
When the obtained similarity is equal to or higher than a predetermined threshold value, the image authentication unit 515 determines that the user included in the captured image is a user registered in the user information a520 or the user information A506, and determines that the captured image is a user registered in the user information A506. Allows user image authentication included in.

<Step S529>
When the obtained similarity is less than a predetermined threshold value, the image authentication unit 515 determines that the user included in the captured image is not a user registered in the user information a520 or the user information A506, and determines that the captured image is a user. Do not allow authentication of included users.

<Step S530>
If the image authentication unit 515 cannot acquire the record information from the wireless authentication unit 512, the image authentication unit 515 does not allow the authentication of the user included in the captured image.

<Step S531>
The image authentication unit 515 outputs the result of image authentication to the authentication unit 516.

<Step S532>
When the result of the image authentication received from the image authentication unit 515 indicates the permission of the image authentication, the authentication unit 516 determines that the users for whom the wireless authentication and the wireless authentication are permitted are the same user, and the user thereof. Allows the user to log in to the image forming device 101 (device authentication). As a result, the user can use the image forming apparatus 101.

As described above, in the wireless authentication by the wireless authentication unit 512, first, the user stored in the storage unit 518 (RAM 333 or flash memory 334) of the operation unit 330 having a high read speed based on the acquired wireless tag ID. When the information a520 is referred to and a record matching the wireless tag ID is not found, the storage unit 504 (HDD or the like) of the main body 310 is referred to. Further, in the image authentication by the image authentication unit 515, whether or not the record information including the wireless tag ID of the RFID tag 105 for which wireless authentication is permitted includes the user's characteristic information extracted by the feature information extraction unit 514. It is assumed that the user information a520 and the user information A506 are not referred to again as to whether or not there is record information including information that matches the extracted user characteristic information. Further, the authentication unit 516 permits login authentication (device authentication) for the user of the RFID tag 105 whose wireless authentication is permitted by the wireless authentication unit 512 when the image authentication is further permitted by the image authentication unit 515. It is said. As a result, the accuracy of the authentication process for the user can be improved, and the processing time of the authentication process can be reduced.

[Second Embodiment]
Hereinafter, the image forming apparatus according to the second embodiment will be described with reference to FIGS. 14 and 15, focusing on the differences from the image forming apparatus 101 according to the first embodiment. In the first embodiment, the operation of executing the image authentication process after the wireless authentication process has been described. In this embodiment, the operation of executing the wireless authentication process and the image authentication process in parallel will be described. The configuration of the information processing system, the hardware configuration of the image forming apparatus, the software configuration, and the functional block configuration according to the present embodiment are the configuration of the information processing system 100 and the image forming apparatus 101 described in the first embodiment. Similar to the hardware configuration, software configuration, and functional block configuration. Further, the image forming apparatus according to the present embodiment is referred to as an "image forming apparatus 101a", the main body of the image forming apparatus 101a of the present embodiment is referred to as a "main body 310a", and the operating unit is referred to as an "operating unit 330a". ..

In the present embodiment, the image forming apparatus 101a stores the user information registered in advance, the wireless tag ID received from the RFID tag 105, and the user information registered in advance in the storage unit of the image forming apparatus 101a. Based on the above, the RFID tag 105 is wirelessly authenticated. Further, the image forming apparatus 101a is based on, for example, an image of the user 106 included in the image captured by the camera 102 and the user's characteristic information registered in advance in the storage unit of the image forming apparatus 101a. The image of the user 106 captured in the image is authenticated. Further, when wireless authentication and image authentication are permitted, the image forming apparatus 101a includes information indicating a user corresponding to the RFID tag 105 for which wireless authentication is permitted, and information indicating a user for whom image authentication is permitted. Login authentication (device authentication) that permits the use of the image forming apparatus 101a of the user 106 is performed based on the above. That is, when the user of the RFID tag 105 for which wireless authentication is permitted and the user for whom image authentication is permitted are the same user, the image forming device 101a logs in to the image forming device 101a of the user. to approve.

(Outline of authentication processing of image forming apparatus)
FIG. 14 is a flowchart showing an outline of the authentication process of the image forming apparatus according to the second embodiment. An outline of the flow of the authentication process of the image forming apparatus 101a according to the present embodiment will be described with reference to FIG. At the start of the authentication process shown in FIG. 14, it is assumed that the image forming apparatus 101a is controlled to the power saving state described above by the power state control unit 502.

<Steps S601 and S602>
The processes of steps S601 and S602 are the same as the processes of steps S401 and S402 of the first embodiment shown in FIG. After the processing of step S602 is completed, the process proceeds to steps S603 and S604.

<Step S603>
The wireless communication unit 511 and the wireless authentication unit 512 of the operation unit 330a execute, for example, the wireless authentication process as shown in FIG. Here, when the user 106 having the RFID tag 105 enters the sensor detection range 201 shown in FIG. 2, is detected by the moving object detection unit 501, and then further enters the wireless detection range 202, the wireless communication unit 511 The radio waves radiated by the device enable wireless communication between the wireless communication unit 511 and the RFID tag 105.

However, when the wireless authentication unit 512 permits the authentication of the RFID tag 105 by the wireless authentication process in step S104 shown in FIG. 8, the user number of the record information including the wireless tag ID of the RFID tag 105 for which the authentication is permitted is included. (An example of user identification information) is output to the authentication unit 516. On the other hand, when the wireless authentication unit 512 does not allow the authentication of the RFID tag 105 in the wireless authentication process, the wireless authentication unit 512 outputs information indicating that fact to the authentication unit 516. Then, the process proceeds to step S605.

<Step S604>
The image pickup unit 513, the feature information extraction unit 514, and the image authentication unit 515 of the operation unit 330a execute the image authentication process. The details of the image authentication process in this embodiment will be described later with reference to FIG. The image authentication unit 515 outputs a user number (an example of user identification information) of record information including characteristic information of a user who has permitted image authentication by image authentication processing to the authentication unit 516. On the other hand, when the image authentication unit 515 does not allow the user authentication in the image authentication process, the image authentication unit 515 outputs information indicating that fact to the authentication unit 516. Then, the process proceeds to step S605.

<Step S605>
Based on the information output from the wireless authentication unit 512 and the image authentication unit 515, the authentication unit 516 has a wireless authentication process result of "OK" (permission) and an image authentication process result of "OK" (OK). Judge whether or not it is permission). When both the result of the wireless authentication process and the result of the image authentication process are "OK" (permission) (step S605: Yes), the process proceeds to step S606. On the other hand, if either the result of the wireless authentication process or the result of the image authentication process is not "OK" (permission) (step S605: No), the process proceeds to step S608.

<Step S606>
The authentication unit 516 determines whether the user of the RFID tag 105 whose wireless authentication process is "OK" (permitted) and the user whose image authentication process is "OK" (permitted) are the same user. To judge. Specifically, when the user number received from the wireless authentication unit 512 matches the user number received from the image authentication unit 515, the authentication unit 516 allows the user to be authorized to perform wireless authentication and image authentication. Judge that they are the same user. If the users for whom wireless authentication and image authentication are permitted are the same user (step S606: Yes), the process proceeds to step S607, and if they are not the same user (step S606: No), the process proceeds to step S608.

<Step S607>
When the authentication unit 516 determines that the users for whom wireless authentication and image authentication are permitted are the same user, the authentication unit 516 permits the login authentication (device authentication) of the user to the image forming device 101a. As a result, the user can use the image forming apparatus 101a.

<Step S608>
The power state control unit 502 releases the power saving state of the main body 310a and the operation unit 330a in step S602 (that is, after the moving body detection unit 501 detects a person), and then a predetermined time (for example, 5 minutes). ) Has passed or not. When the predetermined time has elapsed (step S608: Yes), the process proceeds to step S609. On the other hand, when the predetermined time has not elapsed (step S608: No), the process returns to steps S603 and S604, and the same process is repeated.

<Step S609>
The power state control unit 502 shifts the main body 310a and the operation unit 330a to the power saving state. For example, the power state control unit 502 shifts the operation unit 330a from the normal state to the power saving state by notifying the operation unit 330a of the shift command via the communication path 350.

By the operation of the above steps S601 to S609, the authentication process is executed by the image forming apparatus 101a.

(Details of authentication process flow)
FIG. 15 is a sequence diagram showing details of the authentication process of the image forming apparatus according to the second embodiment. With reference to FIG. 15, details of the wireless authentication process of the image forming apparatus 101a and the parallel processing of the image authentication process according to the present embodiment will be described.

<Step S701>
The wireless communication unit 511 and the wireless authentication unit 512 of the operation unit 330a execute the wireless authentication process shown in FIG.

<Step S702>
The image pickup unit 513 uses the camera 340 to take an image toward the front image pickup range (for example, the image authentication range 203 shown in FIG. 2), and acquires the captured image.

<Step S703>
The imaging unit 513 sends the acquired captured image to the feature information extraction unit 514.

<Step S704>
The feature information extraction unit 514 detects a face image (face image) from the captured image acquired by the imaging unit 513. When the feature information extraction unit 514 detects a face image from the captured image, the feature information extraction unit 514 extracts the feature information of the user from the face image.

<Step S705>
The feature information extraction unit 514 sends the extracted user feature information to the image authentication unit 515.

<Step S706>
Since the image authentication unit 515 performs the image authentication process of the user included in the captured image, the information (record information) for one record of the user information a520 is used for the storage unit 518 that stores the user information a520. Send a record information request to receive.

<Step S707>
The image authentication unit 515 receives information (record information) for one record of the user information a520 from the storage unit 518.

<Step S708>
The image authentication unit 515 compares the user's characteristic information extracted by the feature information extraction unit 514 with the user's characteristic information included in the acquired record information, and the user included in the captured image is the user information. The degree of similarity for determining whether or not the user is a registered user in a520 is obtained. If the similarity is equal to or higher than a predetermined threshold, the process proceeds to step S709, and if the similarity is less than the predetermined threshold, the process returns to step S706, and the image authentication unit 515 returns a new record (the previously received record) from the storage unit 518. (Record information next to the information) is received and the same processing is performed.

<Step S709>
The image authentication unit 515 uses the captured image when the obtained similarity is equal to or higher than a predetermined threshold value, that is, when the user feature information extracted by the feature information extraction unit 514 is included in the user information a520. Allow authentication of the person. In addition, the image authentication unit 515 holds record information including the user's feature information extracted by the feature information extraction unit 514. Then, the image authentication process by the image authentication unit 515 is completed, and the process proceeds to step S720.

In the loop processing of steps S706 to S708 described above, when the record information including the user's characteristic information extracted by the image authentication unit 515 by the feature information extraction unit 514 is not found in the user information a520, the loop processing Is completed, and the process proceeds to step S710.

<Step S710>
Since the image authentication unit 515 performs the image authentication process of the user included in the captured image, the information for one record of the user information A506 is used for the storage unit 504 of the main body 310a that stores the user information A506. A record information request for receiving (record information) is sent to the communication unit 519.

<Step S711>
The communication unit 519 confirms whether or not communication with the main body 310a has been established, and if not, transmits a communication establishment request to the communication unit 505 of the main body 310a via the communication path 350. Establish communication.

<Step S712>
The communication unit 519 transmits the record information request received from the image authentication unit 515 to the communication unit 505 of the main body 310a via the communication path 350.

<Step S713>
The communication unit 505 transmits the record information request received from the communication unit 519 of the operation unit 330a to the storage unit 504 that stores the user information A506.

<Step S714>
The communication unit 505 receives information (record information) for one record of the user information A506 from the storage unit 504.

<Step S715>
The communication unit 505 transmits the received record information to the communication unit 519 of the operation unit 330a via the communication path 350.

<Step S716>
The communication unit 519 sends the received record information to the image authentication unit 515.

<Step S717>
The image authentication unit 515 compares the user's characteristic information extracted by the feature information extraction unit 514 with the user's characteristic information included in the acquired record information, and the user included in the captured image is the user information. The degree of similarity for determining whether or not the user is a registered user in A506 is obtained. If the similarity is equal to or more than a predetermined threshold value, the process proceeds to step S718, and if the similarity is less than the predetermined threshold value, the process returns to step S710, and the image authentication unit 515 receives new record information (from the storage unit 504 of the main body 310a). The record information next to the record information received last time) is received, and the same processing is performed.

<Step S718>
The image authentication unit 515 uses the captured image when the obtained similarity is equal to or higher than a predetermined threshold value, that is, when the user feature information extracted by the feature information extraction unit 514 is included in the user information A506. Allow authentication of the person. In addition, the image authentication unit 515 holds record information including the user's feature information extracted by the feature information extraction unit 514. Then, the image authentication process by the image authentication unit 515 is completed, and the process proceeds to step S720.

In the loop processing of steps S710 to S717 described above, when the record information including the user's characteristic information extracted by the image authentication unit 515 by the feature information extraction unit 514 is not found in the user information A506, the loop processing Is completed, and the process proceeds to step S719.

<Step S719>
The image authentication unit 515 has a similarity between the user's characteristic information extracted by the feature information extraction unit 514 and the user's characteristic information for all the record information of the received user information A506 is less than a predetermined threshold value. In a certain case, that is, when the feature information of the user extracted by the feature information extraction unit 514 is not included in the user information A506, the authentication of the user included in the captured image is not permitted. Then, the process proceeds to step S725.

<Step S720>
The authentication unit 516 is held by the image authentication unit 515, and the user number of the record information including the user's characteristic information extracted by the feature information extraction unit 514 for which image authentication is permitted (an example of user identification information, An example of identification information) is received from the image authentication unit 515.

<Step S721>
The authentication unit 516 obtains a user number (an example of user identification information, an example of identification information) of record information including the wireless tag ID of the RFID tag 105 held by the wireless authentication unit 512 and for which wireless authentication is permitted. Received from the wireless authentication unit 512.

<Step S722>
The authentication unit 516 compares the user number received from the wireless authentication unit 512 with the user number received from the image authentication unit 515. If the user numbers match, the process proceeds to step S723, and if they do not match, the process proceeds to step S724.

<Step S723>
When the user number received from the wireless authentication unit 512 and the user number received from the image authentication unit 515 match, the authentication unit 516 is the same user for whom wireless authentication and image authentication are permitted. It is determined that there is, and the login authentication (device authentication) of the user to the image forming apparatus 101a is permitted.

<Step S724>
If the user number received from the wireless authentication unit 512 and the user number received from the image authentication unit 515 do not match, the authentication unit 516 is not the same user for whom wireless authentication and image authentication are permitted. It is determined that the user is not allowed to log in to the image forming device 101a (device authentication).

<Step S725>
If either of the wireless authentication by the wireless authentication unit 512 and the image authentication by the image authentication unit 515 is not permitted, the authentication unit 516 permits the login authentication (device authentication) of the user to the image forming device 101a. do not do.

By the operation of the above steps S701 to S725, the image forming apparatus 101a executes the authentication process.

As described above, in the present embodiment, the wireless authentication process and the image authentication process are performed in parallel. In each authentication process, first, the storage unit 518 (RAM 333 or flash memory 334) of the operation unit 330a having a high read speed is used. If a record that matches the user information a520 stored in the user information a520 is not found in the wireless authentication process and matches the user's characteristic information in the image authentication process, the storage unit 504 (HDD, etc.) of the main body 310a is stored. It is supposed to be referred to. Then, when the user of the RFID tag 105 whose wireless authentication is permitted by the wireless authentication unit 512 and the user whose image authentication is permitted by the image authentication unit 515 are the same user, the authentication unit 516 uses the same user. The login authentication (device authentication) of the person is permitted. As a result, the accuracy of the authentication process for the user can be improved, and the processing time of the authentication process can be reduced.

It should be noted that the case where the user identification information obtained from the wireless authentication unit 512 and the user identification information obtained from the image authentication unit 515 match is only when the two identification information completely match. However, it may be included that the two identification information can be determined to be substantially the same user identification information. For example, the user identification information obtained from the image authentication unit 515 is an 8-digit employee ID, and the user identification information obtained from the wireless authentication unit 512 is a 10-digit login with two characters added to the employee ID. If it is an ID, it may be determined that the two identification information match.

Further, in step S722 described above, the authentication unit 516 compares the user number received from the wireless authentication unit 512 with the user number received from the image authentication unit 515, but is limited to this. is not. For example, the authentication unit 516 receives from the image authentication unit 515 a wireless tag ID (an example of identification information) of record information including the user's characteristic information extracted by the feature information extraction unit 514 for which image authentication is permitted. The radio tag ID (an example of identification information) of the record information including the radio tag ID of the RFID tag 105 for which radio authentication is permitted may be received from the radio authentication unit 512, and these may be compared. Like the user identification information, the wireless tag ID is also information that uniquely identifies the record in the user information a520 and the user information A506. Therefore, if the records match as a result of comparison, wireless authentication and image authentication are permitted. It is possible to determine that the users who have become the same users.

[Supplement to Embodiment]
The functional configuration of the image forming apparatus 101 (101a) described in each of the above-described embodiments is an example, and each functional unit may be mounted on the main body 310 (310a) or mounted on the operation unit 330 (330a). You may.

Further, in each of the above-described embodiments, the main body 310 (310a) and the operation unit 330 (330a) operate independently of each other in different operating systems, but the present invention is not limited to this, and for example, The main body 310 (310a) and the operation unit 330 (330a) may be in the form of operating in the same operating system.

Further, in each of the above-described embodiments, when at least one of the functional units of the image forming apparatus 101 (101a) is realized by executing a program, the program is provided by being incorporated in a ROM or the like in advance. Further, the program executed by the image forming apparatus 101 (101a) according to each of the above-described embodiments is a file in an installable format or an executable format, and is a CD-ROM (Compact Disc Read Only Memory) or a flexible disk (FD). ), CD-R (Compact Disc-Recordable), or DVD (Digital Versaille Disc), which may be configured to be recorded and provided on a computer-readable recording medium. Further, the program executed by the image forming apparatus 101 (101a) of each of the above-described embodiments is stored on a computer connected to a network such as the Internet, and is provided by being downloaded via the network. May be good. Further, the program executed by the image forming apparatus 101 (101a) of each of the above-described embodiments may be configured to be provided or distributed via a network such as the Internet. Further, the program executed by the image forming apparatus 101 (101a) of each of the above-described embodiments has a module configuration including at least one of the above-mentioned functional units, and the actual hardware is CPU311 or CPU331. Reads a program from the above-mentioned storage device (for example, ROM 312, ROM 332, storage 314, flash memory 334, etc.) and executes the program, so that each of the above-mentioned functional units is loaded on the main storage device (for example, RAM 313, RAM 333, etc.). It is designed to be generated.

100 Information processing system 101, 101a Image forming device 102 Camera 103 RFID tag reader 104 Mobile sensor 105 RFID tag 106 User 201 Sensor detection range 202 Wireless detection range 203 Image authentication range 310, 310a Main unit 311 CPU
312 ROM
313 RAM
314 storage 315 communication I / F
316 connection I / F
317 Engine unit 318 Mobile sensor 319 System bus 330, 330a Operation unit 331 CPU
332 ROM
333 RAM
334 Flash memory 335 Communication I / F
336 Operation panel 337 Connection I / F
338 External connection I / F
339 Near field communication device 340 Camera 341 System bus 350 Communication path 360 Network 411 App layer 412 Service layer 413 OS layer 431 App layer 432 Service layer 433 OS layer 501 Mobile detection unit 502 Power status control unit 503 Image formation unit 504 Storage Department 505 Communication Department 506 User Information A
511 Wireless communication unit 512 Wireless authentication unit 513 Imaging unit 514 Feature information extraction unit 515 Image authentication unit 516 Authentication unit 517 User information management unit 518 Storage unit 518 Communication unit 520 User information a
801, 802 User information 1001 Captured image 1002 User 1003 Face image 1004 Contour 1005 Eyes 1006 Nose

Japanese Unexamined Patent Publication No. 2015-055178

Claims (9)

It is an information processing system
A first storage unit that stores a first related information about one or more users,
A second storage unit that stores a second related information about one or more users,
A wireless communication unit that acquires specific information from a wireless tag,
It is determined whether or not the specific information is included by referring to the first related information, and if the specific information is not included, whether or not the specific information is included by referring to the second related information. When the specific information is included in at least one of the first related information and the second related information, a first authentication unit that permits the first authentication for the wireless tag. When,
An imaging unit that causes an imaging device to image a user and acquires an image including the user.
The second authentication for the user included in the image acquired by the imaging unit is executed in parallel with the first authentication by the first authentication unit, and the first related information is referred to. It is determined whether or not the feature information of the image is included, and when the feature information of the image is not included, it is determined whether or not the feature information of the image is included by referring to the second related information. When the feature information is included in at least one of the first related information and the second related information, a second authentication unit that permits the user included in the image to perform the second authentication. When,
The identification information in the first related information or the second related information of the user of the wireless tag authorized by the first authentication, and the first related information of the user authorized by the second authentication . and identification information in the additional information about or second, if but is identification information of the same user, the device authentication unit to permit use of the information processing apparatus to said user,
Information processing system equipped with. The second authentication unit is a user associated with the specific information of the radio tag for which the first authentication is permitted by the first related information or the second related information described in the previous PHNC. The information processing system according to claim 1, wherein when the feature information and the feature information of the image acquired by the imaging unit match, the user included in the image is allowed to perform the second authentication. The first storage unit is a RAM (Random Access Memory).
The information processing system according to claim 1 or 2 , wherein the second storage unit is an HDD (Hard Disk Drive). When the user of the wireless tag authorized by the first authentication and the user authorized by the second authentication executed in parallel with the first authentication are not the same user, the information processing The information processing system according to any one of claims 1 to 3 , further comprising a power state control unit that shifts the device to a power saving state. Further equipped with a detection unit that detects a moving object within a predetermined range,
The information processing system according to claim 4 , wherein the power state control unit shifts the information processing device to a power saving state at least when a predetermined time has elapsed after the moving body is detected by the detection unit. An information processing device including a first device and a second device that communicates with the first device.
The first device comprises a first storage unit that stores a first relevant information about one or more users.
The second device comprises a second storage unit that stores a second relevant information about one or more users.
A wireless communication unit that acquires specific information from a wireless tag,
It is determined whether or not the specific information is included by referring to the first related information, and if the specific information is not included, whether or not the specific information is included by referring to the second related information. When the specific information is included in at least one of the first related information and the second related information, a first authentication unit that permits the first authentication for the wireless tag. When,
An imaging unit that causes an imaging device to image a user and acquires an image including the user.
The second authentication for the user included in the image acquired by the imaging unit is executed in parallel with the first authentication by the first authentication unit, and the first related information is referred to. It is determined whether or not the feature information of the image is included, and when the feature information of the image is not included, it is determined whether or not the feature information of the image is included by referring to the second related information. When the feature information is included in at least one of the first related information and the second related information, a second authentication unit that permits the user included in the image to perform the second authentication. When,
The identification information in the first related information or the second related information of the user of the wireless tag authorized by the first authentication, and the first related information of the user authorized by the second authentication . and identification information in the additional information about or second, if but is identification information of the same user, the device authentication unit to permit use of the information processing apparatus to said user,
Information processing device equipped with. An authentication method that authenticates a user to an information processing device in an information processing system.
A wireless communication step to get specific information from a wireless tag, and
It is determined whether or not the specific information is included by referring to the first related information about one or a plurality of users stored in the first storage unit, and if the specific information is not included, the second It is determined whether or not the specific information is included by referring to the second related information about one or more users stored in the storage unit, and the specific information is the first related information or the second related information. When it is included in at least one of the related information of the above, the first authentication step for permitting the first authentication for the wireless tag, and
An imaging step in which an imaging device is made to image a user and an image including the user is acquired.
The second authentication for the user included in the acquired image is executed in parallel with the first authentication in the first authentication step, and the feature information of the image is referred to with reference to the first related information. If the feature information of the image is not included, it is determined whether or not the feature information of the image is included by referring to the second related information, and the feature information of the image is said to be. When included in at least one of the first related information or the second related information, a second authentication step for permitting the user included in the image to perform the second authentication, and
The identification information in the first related information or the second related information of the user of the wireless tag authorized by the first authentication, and the first related information of the user authorized by the second authentication . and identification information in the additional information about or second, if but is identification information of the same user, a device authentication step for permitting the use of the information processing apparatus to said user,
Authentication method with. An authentication method for authenticating a user to an information processing device including a first device and a second device that communicates with the first device.
A wireless communication step to get specific information from a wireless tag, and
It is determined whether or not the specific information is included by referring to the first related information about one or a plurality of users stored in the first storage unit included in the first device, and the specific information is used. If it is not included, it is determined whether or not the specific information is included by referring to the second related information about one or more users stored in the second storage unit included in the second device. When the specific information is contained in at least one of the first related information or the second related information, the first authentication step for permitting the first authentication for the wireless tag, and
An imaging step in which an imaging device is made to image a user and an image including the user is acquired.
The second authentication for the user included in the acquired image is executed in parallel with the first authentication in the first authentication step, and the feature information of the image is referred to with reference to the first related information. If the feature information of the image is not included, it is determined whether or not the feature information of the image is included by referring to the second related information, and the feature information of the image is said to be. When included in at least one of the first related information or the second related information, a second authentication step for permitting the user included in the image to perform the second authentication, and
The identification information in the first related information or the second related information of the user of the wireless tag authorized by the first authentication, and the first related information of the user authorized by the second authentication . and identification information in the additional information about or second, if but is identification information of the same user, a device authentication step for permitting the use of the information processing apparatus to said user,
Authentication method with. A wireless communication step to get specific information from a wireless tag, and
It is determined whether or not the specific information is included by referring to the first related information about one or a plurality of users stored in the first storage unit, and if the specific information is not included, the second It is determined whether or not the specific information is included by referring to the second related information about one or more users stored in the storage unit, and the specific information is the first related information or the second related information. When it is included in at least one of the related information of the above, the first authentication step for permitting the first authentication for the wireless tag, and
An imaging step in which an imaging device is made to image a user and an image including the user is acquired.
The second authentication for the user included in the acquired image is executed in parallel with the first authentication in the first authentication step, and the feature information of the image is referred to with reference to the first related information. If the feature information of the image is not included, it is determined whether or not the feature information of the image is included by referring to the second related information, and the feature information of the image is said to be. When included in at least one of the first related information or the second related information, a second authentication step for permitting the user included in the image to perform the second authentication, and
The identification information in the first related information or the second related information of the user of the wireless tag authorized by the first authentication, and the first related information of the user authorized by the second authentication . and identification information in the additional information about or second, if but is identification information of the same user, a device authentication step for permitting the use of the information processing apparatus to said user,
A program that lets your computer run.

Images