JP2009015422A - Use permission/prohibition control device and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a use permission/prohibition control device and method for properly permitting and prohibiting the use. <P>SOLUTION: An MFP is provided with: an MFP main body 110; an original setting part 120; a paper output part 130; an authentication device 140; an IC tag information processor 150; and an access management device 160. The authentication device 140 is configured to authenticate a user by fingerprints for log-in. Also, the IC information processor 150 is configured to retrieve a non-contact IC tag made of metal or the like embedded in an employee's card 210 carried by a user based on a radio communication (RF) system for log-out. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a use permission / rejection control device and a use permission / rejection control method for restricting use permission / rejection (access) to a device or the like to only a previously authorized person.

  When using an information terminal or entering or leaving a building or room, an authentication device may be used to permit only a predetermined person to perform the action, that is, to permit access.

  When performing access control by authentication, access users are managed by authentication when access is permitted, but at the end of work, it is common to automatically perform access blocking processing with a timeout after the terminal is last operated. there were. For example, an information terminal such as an ATM or accounting information input terminal is frequently operated with a key or a mouse when used by a user. Therefore, when such an operation is not performed for a certain period of time, the screen is automatically locked or logged out. This prevents users other than the certifier from switching and using after the certifier's work is completed.

  However, in general PCs and MFPs (Multi Function Peripherals), when a user uses the terminal, the user spends a short conversation with another user who has passed the screen or copy manuscript or has passed nearby. If there is no key or mouse operation, the screen will be locked or logged out easily. It will be interrupted. If the time until timeout is set to be long so that this does not occur, the above problem does not occur, but if the certifier leaves the terminal immediately after the key operation is completed, There is a possibility that the user will replace and use it, which is a security problem.

  As described above, a terminal or the like that is not always “working” = “frequently input operations” should not manage access blocking due to timeout.

  In order to solve such a timeout problem, there are methods using face authentication and IC tags.

  In the method using face authentication, the face image of the user after access is authenticated or tracked at regular intervals, and the user leaves the terminal when the face at the time of access permission cannot be authenticated or cannot be tracked. As a thing, access to the terminal is automatically blocked.

  In the method using an IC tag, authentication used for access permission is performed using a non-contact type IC tag. In this method, the IC tag is periodically detected and authenticated by a reader installed near the terminal. If the detection and authentication are OK, the access is permitted until the next detection and authentication is performed. In the case of NG, the access is immediately cut off. When the user carries an IC tag for which access permission is set, access is permitted only by approaching the terminal, and access is automatically blocked only by leaving the terminal.

  An example of a method using face authentication is disclosed in Patent Document 1 and the like. In Patent Document 1, use of the device is permitted by face authentication, and the device is locked when the authenticated face cannot be detected.

  An example of a method using an IC tag is disclosed in Patent Document 2 and the like. In Patent Document 2, when there is a registered user (by repeating authentication with an IC tag or the like for a certain period), the use permission state is set, and when the user is not registered, the use disabled state is set.

Japanese Patent Laid-Open No. 2003-141088 JP 2002-116840 A

  However, when the authentication is performed by the above-described method and the access control is performed to restrict the use of the MFP according to the authentication result, the following problems may occur.

  That is, the user who is using the MFP often changes his / her position and orientation greatly. For example, you may be extremely close to the top of the MFP to set a copy document, crouch into the paper output section to check the paper output status, or work to deal with out of paper or paper jams, There may be a conversation with another user in the vicinity while outputting a plurality of sheets of paper.

  In this way, in applications where the user's position and orientation vary greatly, the method using face authentication may cause the user to be located outside the field of view range of the camera or across an obstacle, or the face may not face the camera. There is a problem that usability is reduced due to frequent occurrence of logout of the MFP by mistake.

  Further, in the method using the IC tag, when the communication distance of the IC tag is short, there is a problem that logout occurs frequently due to the position change of the user as in the method using the face authentication. When the communication distance is long When a user who has been registered as a user who should be allowed to access the MFP does not intend to use the MFP but approaches the vicinity of the MFP for another purpose, the MFP becomes usable without being noticed. When an unauthenticated user (non-authenticated person) is in the vicinity of the MFP, the MFP may be used without permission. Therefore, there is a problem that security is lowered.

  For example, as shown in the perspective view of FIG. 13, a description will be given of a case where an MFP that is an access control target includes an MFP main body 110, a document placement unit 120, a paper output unit 130, and an authentication device 140p.

  In the top view of FIG. 14, when the authentication processing is based on face authentication, the authentication device 140 p includes a camera and an authentication processing device, and the authentication target area 500 p is a face area within the angle of view of the camera. This is the range set as the detection or authentication processing target.

  In such a case, for example, if the user tries to confirm the paper output status in the paper output unit 130 during the work, the user will protrude from the angle of view of the camera, that is, from the authentication target area 500p. 140p logs out unintentionally.

  As shown in the top view of FIG. 15, when the authentication process is performed by a (non-contact) IC tag, the authentication device 140p includes a (non-contact) IC tag reader, and the authentication target area 500p is The communication distance of the IC tag reader, that is, the IC tag searchable range.

  In such a case, as shown in FIG. 15A, when the communication distance is relatively short, that is, when the authentication target area 500p is narrow, for example, the user 200 is in the middle of the work and outputs the paper in the paper output unit 130. If the user tries to confirm the password, the authentication device 140p will log out unintentionally because it will protrude from the authentication target area 500p.

  Further, as shown in FIG. 15B, when the communication distance is relatively long, that is, when the authentication target area 500p is wide, for example, the user 201 who is permitted to use the MFP happens to be standing near the MFP. Even if he / she goes, the authentication apparatus 140p logs in unintentionally.

  In other words, in the conventional use permission control device and the use permission control method, only one of use permission (login) or use prohibition (logout) can be appropriately performed, but both cannot be performed appropriately. Therefore, there is a problem that either usability or security is lowered.

  The present invention has been made to solve the above problems, and an object of the present invention is to provide a use permission / rejection control device and a use permission / rejection control method capable of appropriately performing both use permission and use prohibition. To do.

  In order to solve the above-described problem, a usage permission / inhibition control device according to the first aspect of the present invention includes first detection means for detecting first identification information unique to a user in a first spatial region, and the first In response to detection of the first identification information by one detection means, use permission means for setting the use of a predetermined device permitted, and including the first space area and the first space area In response to the detection of the second identification information unique to the user in a wide second space area, and the second detection information is no longer detected by the second detection means, Use prohibiting means for setting to a state in which the use of the predetermined device is prohibited.

  A usage permission / inhibition control device according to a second aspect of the present invention is the usage permission / inhibition control device according to the first aspect, wherein the first identification information is stored in a first IC tag, The identification information is stored in a second IC tag different from the first IC tag, and the first detection means includes a first tag reader that reads the first identification information stored in the first IC tag, and the second tag The detection means includes a second tag reader that reads the second identification information stored in the second IC tag.

  A usage permission / inhibition control device according to a third aspect of the present invention is the usage permission / inhibition control device according to the second aspect, wherein the second IC tag has higher sensitivity than the first IC tag.

  According to a fourth aspect of the present invention, in the usage permission / inhibition control device according to the second aspect of the present invention, the second tag reader is more sensitive than the first tag reader.

  The use permission / inhibition control device according to the invention described in claim 5 is the use permission / inhibition control device according to claim 2, wherein the second tag reader is positioned at a predetermined position of the predetermined device more than the first tag reader. It is provided in the position near.

  According to a sixth aspect of the present invention, there is provided a usage permission / inhibition control device according to the fifth aspect, wherein the predetermined position is an operation unit provided in the predetermined device.

  A use permission / inhibition control device according to a seventh aspect of the present invention is the use permission / inhibition control device according to any one of the second to sixth aspects, wherein for each user, the first identification information and the Storage means for storing information associated with second identification information, wherein the use permission means is permitted to use the predetermined device with reference to the information stored in the storage means The state is set, and the use prohibiting unit refers to the information stored in the storage unit and sets the predetermined device in a state in which use is prohibited.

  According to an eighth aspect of the present invention, there is provided a usage permission / inhibition control device according to any one of the second to sixth aspects, wherein the first IC tag is the first identification information. And the second identification information are stored in correspondence with each other, the first tag reader reads the associated information from the first IC tag, and the use prohibiting means is operated by the first tag reader. The predetermined device is set to a state in which use is prohibited with reference to the read associated information.

  Further, the use permission / inhibition control device according to the invention described in claim 9 is the use permission / inhibition control device according to claim 1, wherein the first and second identification information are stored in the same IC tag, The first detection means includes a tag reader that reads the first identification information stored in the IC tag, and the second detection means includes a tag reader that reads the second identification information stored in the IC tag. Including.

  The use permission / inhibition control device according to the invention described in claim 10 is the use permission / inhibition control device according to claim 9, wherein the first and second identification information are composed of the same identification information.

  In addition, the usage permission / inhibition control device according to an eleventh aspect of the present invention further includes image acquisition means for capturing a captured image by capturing the user, wherein the first detection means is based on the user's face in the captured image. In response to detecting the first identification information, the use permission means permits the use of the predetermined device in response to the size of the user's face occupying the captured image being equal to or larger than the first size. The second detection means detects the second identification information from the user's face in the photographed image, and the use prohibiting means is the size of the user's face that occupies the photographed image. However, in response to being less than the second size smaller than the first size, the use of the predetermined device is prohibited.

  According to a twelfth aspect of the present invention, the usage permission / inhibition control method includes: a first detection step of detecting first identification information unique to a user in the first space region; and the first detection step of the first detection step. A use permission step for setting the use of the predetermined device in a permitted state in response to detection of the identification information, and a second space region that includes the first space region and is wider than the first space region. A second detection step for detecting second identification information unique to the user, and the use of the predetermined device is prohibited in response to the detection of the second identification information in the second detection step. And a use prohibition step for setting to the state.

  The use permission / inhibition control method according to the invention described in claim 13 is the use permission / inhibition control method according to claim 12, wherein the first identification information is stored in a first IC tag, Identification information is stored in a second IC tag, and the first identification information is detected by reading the first identification information stored in the first IC tag with a predetermined tag reader in the first detection step. In the second detection step, the second identification information stored in the second IC tag is read by the predetermined tag reader to detect the second identification information. The method further includes the step of enhancing the sensitivity of the predetermined tag reader after and before the second detection step.

  In the use permission / refusal control device according to the present invention, the use permission is revoked, that is, the use is prohibited in an area wider than the area where the use permission is given. Therefore, both use permission and use prohibition can be appropriately performed. Therefore, both usability and security can be improved.

<Embodiment 1>
FIG. 1 is a perspective view showing an external configuration of an MFP as a use permission / refusal control apparatus according to Embodiment 1 of the present invention.

  As shown in FIG. 1, the MFP includes an MFP main body 110, a document placement unit 120, a paper output unit 130, an authentication device 140, an IC tag information processing device 150, and an access management device 160. Note that the access management device 160 is disposed inside the casing of the MFP.

  The authentication device 140 is for authenticating a user with a fingerprint and performing a login operation. Further, the IC tag information processing apparatus 150 searches for a non-contact IC tag made of metal or the like embedded in (or attached to) the employee ID card 210 carried by the user based on a wireless communication (RF) method, for example. This is for logout operation.

  Note that the authentication unit in the authentication device 140 is not limited to a fingerprint, and may be any authentication unit that requires the user to approach the authentication device 140 and perform authentication.

  FIG. 2 is a block diagram showing a functional configuration of MFP 100 in FIG.

  The MFP main body 110 includes a user I / F 111, an MFP function processing unit 112, and a login / logout management unit 113. The authentication device 140 includes a fingerprint reader 141, an authentication database 142, and an authentication processing device 143. The IC tag information processing apparatus 150 includes a tag reader 151. The access management device 160 includes an access management unit 161, a target setting processing unit 162, an access management database 163, and a target user detection processing unit 164.

  1 and 2 are merely examples. For example, the access management device 160 may be provided integrally with the authentication device 140 and the IC tag information processing device 150, and the authentication database 142 and the access management. The databases 162 may be provided outside the authentication device 140 and the access management device 160, respectively.

  In the MFP main body 110, a user I / F 111 is used to input an operation command from a user through an operation unit (input means) such as an operation panel, and to output information on the state of the MFP main body 110 through an output means. is there. The MFP function processing unit 112 manages / executes each MFP function such as scanning, printing, and mail transmission. The login / logout management unit 113 receives the information from the authentication processing device 143 and places the MFP body 110 in a login state with a specified user ID, or places the MFP body 110 in a logout state according to internal information or an external request. Is.

  In the authentication apparatus 140, the fingerprint reader 141 detects an input operation of fingerprint information by a user and reads fingerprint information (fingerprint image). Authentication database 142 is a storage unit that can register in advance fingerprint information of a user who is permitted to access MFP 100. The authentication processing device 143 identifies who is the authentication requester by collating the fingerprint information read by the fingerprint reader 141 with the fingerprint information stored in the authentication database 142, and is an authorized user. If there is, the user ID corresponding to the read fingerprint information is transmitted to the access management unit 161 together with the login request. As described above, the authentication database 142 is not necessarily provided in the authentication apparatus 140 or is provided outside the authentication apparatus 140 and is preliminarily provided via a LAN or a dedicated I / F before use. You may make it register to the memory | storage means in the authentication apparatus 140. FIG.

  In the IC tag information processing apparatus 150, the tag reader 151 searches for a non-contact IC tag by transmitting a radio wave by a transmission unit and receiving a reflected wave from the non-contact IC tag by a reception unit. Accordingly, the tag reader 151 can generate a user presence determination result regarding whether or not a user exists in the authentication target area. In the tag reader 151, the communication distance of the IC tag reader, that is, the area to be authenticated can be adjusted by adjusting the output level of the radio wave transmitted from the transmitting unit and the gain of the receiving unit. Alternatively, a shield that weakens radio waves may be disposed in front of the tag reader 151.

  In the access management device 160, the access management unit 161 performs access management based on information received from the authentication processing device 143 (user ID and login request) and information received from the tag reader 151 (user presence determination result), and login / Logout management unit 113 transmits a login (access permission) request and a logout (access cutoff) request, respectively.

  The access management database 163 is a storage unit that can store a login user ID (login ID) and a logout determination tag ID (logout ID) in association with each other. FIG. 3 shows an example of association (table) in the access management database 163. In FIG. 3, the user name and logout ID corresponding to each of the login IDs “0001” to “0005” are stored.

  As described above, the access management database 163 is not necessarily provided in the access management apparatus 160, or is provided outside the access management apparatus 160, and a LAN or dedicated I / F is provided prior to use. It may be registered in advance in the storage means in the access management device 160.

  The access management unit 161 transmits a user ID and a login request regarding the information received from the authentication processing device 143 to the login / logout management unit 113 and transmits the user ID to the target setting processing unit 162.

  The target setting processing unit 162 makes an inquiry to the access management database 163 based on the user ID received from the access management unit 161, thereby obtaining a logout determination tag ID corresponding to the user ID. Thereby, the user 200 corresponding to the tag ID is set as a search target. Then, the target setting processing unit 162 transmits the tag ID to the access management unit 161. The access management unit 161 transmits the tag ID received from the target setting processing unit 162 to the target user detection processing unit 164.

  The target user detection processing unit 164 obtains a user presence determination result from the tag reader 151 every predetermined period based on the tag ID received from the access management unit 161, and the search target user does not exist in the authentication target area. In this case, a user absence notification is transmitted to the access management unit 161. Upon receiving the user absence notification from the target user detection processing unit 164, the access management unit 161 transmits a logout request to the login / logout management unit 113.

  Note that when the user logs in without carrying the employee ID card 210 in which the non-contact IC tag is embedded, the logout determination tag ID cannot be detected, and the user is immediately logged out.

  FIG. 4 is a top view schematically showing the operation of the MFP of FIGS.

  As shown in FIG. 4A, the authentication target area 500a at the time of access permission (login) is relatively narrow. Therefore, even if the user 201 who is permitted to use the MFP is talking in the vicinity of the MFP, the authentication apparatus 140 does not log in unintentionally. Therefore, an unauthenticated person near the MFP cannot use the MFP without permission. Thereby, impersonation use by a non-authenticated person can be prevented and security can be improved.

  As shown in FIG. 4B, the authentication target area 500b at the time of access blocking (logout) is relatively wide. Therefore, even if the user 200 tries to check the paper output status in the paper output unit 130 or sets the document in the document setting unit 120 during the work, the authentication device 140 will not log out unintentionally. . Thereby, usability can be improved.

  As shown in FIG. 4C, in order to use the MFP 100 again after the user 200 goes out of the relatively large authentication target area 500b and is blocked from access (logout), It is necessary to enter the narrow authentication target area 500a.

  As described above, in the use permission / inhibition control device according to the present embodiment, the authentication device 140 detects the first identification information unique to the user 200 in the authentication target area 500a by the fingerprint, and the IC tag information processing device 150 The second identification information unique to the user 200 is detected by the IC tag in the authentication target area 500b, and the access management apparatus 160 is permitted to use the operation panel or the like for the user 200 detected by the authentication apparatus 140. And the use of the operation panel or the like is prohibited for the user 200 that is no longer detected by the IC tag information processing apparatus 150. Therefore, both use permission and use prohibition can be appropriately performed. Therefore, both usability and security can be improved.

<Embodiment 2>
In the first embodiment, a case has been described in which the areas of the authentication target areas 500a and 500b are made different by changing the authentication method between the fingerprint and the IC tag in login and logout, respectively (hereinafter, the authentication target (The areas 500a and 500b are collectively referred to simply as an authentication target area 500). However, in both login and logout, even if an IC tag is used as an authentication method, the area of the authentication target area 500 can be made different by changing the sensitivity of the tag reader.

  FIG. 5 is a top view schematically showing the operation of the MFP according to the second embodiment. FIG. 6 is a block diagram showing a functional configuration of the MFP of FIG.

  The MFP shown in FIG. 6 is obtained by providing a tag reader 152 instead of the fingerprint reader 141 in the MFP shown in FIG. 4 according to the first embodiment. In FIG. 6, the authentication database 142 stores user IDs of users who can access, and does not store fingerprint information.

  In FIG. 5, in the employee ID carried by the user 200, in addition to the IC tag to be read by the tag reader 151, an IC tag to be read by the tag reader 152 is embedded (the sensitivity between these IC tags is Same level). As the tag reader 152, a tag reader having a lower sensitivity than the tag reader 151 is used. This makes it possible to perform authentication using an IC tag not only for logout but also for login.

  Regarding sensitivity adjustment, the sensitivity of tag readers may be varied as described above, or the sensitivity (type) of IC tags may be varied.

  Thus, in this embodiment, the IC tag is used as an authentication method for both login and logout. Therefore, in addition to the effect of the first embodiment, by unifying the authentication method for login and logout, there is an effect that the member for authentication (authentication database 142 and the like) and the management method can be simplified.

<Embodiment 3>
In the second embodiment, the case has been described in which the size of the authentication target area 500 is varied by using two tag readers having different sensitivities for login and logout. However, even when two tag readers having the same sensitivity are used for log-in and log-out, it is possible to substantially vary the area of the authentication target area 500 by changing the installation position. Is possible.

  FIG. 7 is a top view schematically showing the operation of the MFP according to the third embodiment. FIG. 7 shows that the tag reader 151 is installed at a position farther from the user 200 than the tag reader 152 instead of shortening the communication distance of the tag reader 152 compared to the tag reader 151 in FIG. 5 according to the second embodiment. Specifically, the tag reader 151 is installed at a position farther from the operation panel in the user I / F 111 than the tag reader 152). That is, the log-in tag reader 151 is relatively far from the user 200 (user I / F 111), that is, rearward, and the log-out tag reader 151 is relatively close to the user 200 (user I / F 111), that is, in front. By installing each of them, even if one kind of tag reader 151 having the same sensitivity is used, the area of the authentication target area 500 can be made substantially different.

  Thus, in this embodiment, a tag reader having the same sensitivity is used for login and logout. Therefore, in addition to the effect of the second embodiment, by unifying the IC tag and the tag reader for login and logout, the authentication member and the management method can be further simplified.

<Embodiment 4>
In the third embodiment, the case has been described in which the size of the authentication target area 500 is different by using two tag readers having the same sensitivity and different installation positions in login and logout. However, even when a single tag reader is used for login and logout, it is possible to change the size of the authentication target area 500 by changing the sensitivity halfway.

  FIG. 8 is a top view schematically showing the operation of the MFP according to the fourth embodiment. FIG. 8 shows a configuration in which the tag reader 153 is installed only at a position relatively close to the user 200, that is, in front, in FIG. 7 according to the third embodiment.

  FIG. 9 is a block diagram showing a functional configuration of the MFP of FIG. The MFP in FIG. 9 is the same as the MFP in FIG. 6 according to the second embodiment except that the IC tag information processing apparatus 150 is omitted by disposing the tag reader 153 only in the authentication apparatus 140, and the communication distance changing process is performed in the authentication apparatus 140. A portion 144 is provided.

  In FIG. 9, the communication distance change processing unit 144 increases the area of the authentication target area 500 by increasing the sensitivity of the tag reader 153 after login. Accordingly, after performing login authentication in the relatively narrow authentication target area 500a using one tag reader 153, login authentication can be performed in the relatively wide authentication target area 500b.

  Note that the sensitivity of the tag reader 153 can be changed by changing the output level or the like of the radio wave transmitted from the transmission means of the tag reader 153 as described in the first embodiment. Further, after logout, the communication distance change processing unit 144 returns the sensitivity of the tag reader 153 to the same sensitivity as before the login.

  As described above, in the present embodiment, the area of the authentication target area 500 is expanded by increasing the sensitivity of the tag reader 153 after login and before logout. Therefore, in addition to the effect of the third embodiment, the number of tag readers to be installed can be reduced, and the installation space can be reduced.

<Embodiment 5>
In the first embodiment or the like, the association between the login user ID and the logout determination tag ID shown in FIG. 3 is stored as a table in the access management database 163 in the access management device 160 using FIG. Explained the case. However, this correspondence may be recorded not only in the access management device 160 but also in the employee ID card 210 in which the IC tag is embedded.

  FIG. 10 is a schematic diagram showing the association between a login user ID and a logout determination tag ID according to the fifth embodiment. In the present embodiment, the employee ID card 210 has a login user ID (login ID “0001”) corresponding to the user 200 (name “Aoki”) who carries it and a logout determination tag ID (logout). In addition to ID “A13B5”), information indicating that the user ID for login (login ID is “0001”) and the tag ID for logout determination (logout ID is “A13B5”) Magnetically recorded. This information is recorded in the IC tag integrally with the login user ID, and is read by the tag reader at the same time when the login user ID is read.

  In the second embodiment or the like, the IC tag corresponding to the login user ID and the IC tag corresponding to the logout determination tag ID are simply embedded separately (without being associated with each other). It is necessary to store information indicating that it is compatible as a table in the access management database 163 in the access management device 160.

  On the other hand, in the present embodiment, information indicating that the IC tag corresponding to the log-in user ID and the IC tag corresponding to the log-out determination tag ID are recorded in the employee ID card 210. As shown in FIG. 11, the access management database 163 can be omitted in the access management device 160.

  As described above, in the present embodiment, the information in which the login user ID and the logout determination tag ID are associated is not stored in the access management database 163 in the access management device 160 but for each user 200. It is stored in the IC tag. Therefore, in addition to the effects of the first embodiment, the access management database 163 can be omitted.

  In the above description, a case where different IDs, that is, different IC tags are used for login and logout has been described. However, the present invention is not limited to this. For example, two or more registered users 200 can simultaneously enter the MFP authentication area 500a. When the possibility of entering is extremely small, the same ID, that is, the same IC tag may be used for login and logout. This makes it unnecessary to associate the login ID with the logout ID.

  In the above description, a case where a fingerprint or an IC tag is used as an ID for identifying the user 200 has been described. However, the present invention is not limited thereto, and a face may be used as shown in FIG. In this case, the MFP needs to include a camera or the like instead of the tag reader.

  That is, as shown in FIG. 12 (b), access is permitted when it is detected that the face size is equal to or larger than the first threshold size in the captured image acquired by photographing the user 200 with the camera. (Login) is performed, and as shown in FIG. 12C, when the face size is detected smaller than the second threshold size smaller than the first threshold size, the access may be blocked. As a result, the authentication target area 500a related to log-in can be made narrower than the authentication target area 500b related to log-out.

  When a camera with a variable angle of view is used, the authentication target area 500 can be expanded by increasing the angle of view.

1 is a perspective view showing an external configuration of an MFP according to Embodiment 1. FIG. 2 is a block diagram illustrating a functional configuration of the MFP according to the first embodiment. FIG. 6 is a diagram illustrating an example of association between a login user ID and a logout determination tag ID in the MFP according to the first embodiment; FIG. 6 is a top view schematically showing the operation of the MFP according to the first embodiment. FIG. FIG. 9 is a top view schematically showing the operation of the MFP according to the second embodiment. 6 is a block diagram illustrating a functional configuration of an MFP according to a second embodiment. FIG. FIG. 10 is a top view schematically showing the operation of the MFP according to the third embodiment. FIG. 10 is a top view schematically showing the operation of the MFP according to the fourth embodiment. FIG. 10 is a block diagram illustrating a functional configuration of an MFP according to a fourth embodiment. It is a figure which shows the example of matching with the user ID for login and tag ID for logout determination in the IC tag which concerns on Embodiment 5. FIG. FIG. 10 is a block diagram illustrating a functional configuration of an MFP according to a fifth embodiment. FIG. 10 schematically illustrates an operation of an MFP according to a fifth embodiment. It is a perspective view which shows the external appearance structure of the conventional MFP. FIG. 10 is a top view schematically showing the operation of a conventional MFP. FIG. 10 is a top view schematically showing the operation of a conventional MFP.

Explanation of symbols

110 MFP main body 111 User I / F
112 MFP Function Processing Unit 113 Login / Logout Management Unit 120 Document Placement Unit 130 Paper Output Unit 140 Authentication Device 141 Fingerprint Reader 142 Authentication Database 143 Authentication Processing Device 144 Communication Distance Change Processing Unit 150 IC Tag Information Processing Devices 151, 152, 153 Tag reader 160 Access management device 161 Access management unit 162 Target setting processing unit 163 Access management database 164 Target user detection processing unit 210 Employee ID 200, 201 User 500 Authentication target area

Claims (13)

First detection means for detecting first identification information unique to the user in the first spatial region;
In response to detection of the first identification information by the first detection means, use permission means for setting the use of a predetermined device to a permitted state;
Second detection means for detecting second identification information unique to the user in a second spatial region that includes the first spatial region and is wider than the first spatial region;
In response to the fact that the second identification information is no longer detected by the second detection means, use prohibiting means for setting the use of the predetermined device to a prohibited state;
Use permission control device comprising. The use permission / refusal control device according to claim 1,
The first identification information is stored in a first IC tag,
The second identification information is stored in a second IC tag different from the first IC tag,
The first detection means includes a first tag reader that reads the first identification information stored in the first IC tag,
The use permission control device, wherein the second detection means includes a second tag reader for reading the second identification information stored in the second IC tag. The use permission / refusal control device according to claim 2,
The second IC tag is a usage permission / inhibition control device having higher sensitivity than the first IC tag. The use permission / refusal control device according to claim 2,
The second tag reader is a usage permission / inhibition control device having higher sensitivity than the first tag reader. The use permission / refusal control device according to claim 2,
The second tag reader is a usage permission / inhibition control device provided at a position closer to a predetermined position of the predetermined device than the first tag reader. The use permission / refusal control device according to claim 5,
The use permission / inhibition control device, wherein the predetermined position is an operation unit provided in the predetermined device. The use permission / refusal control device according to any one of claims 2 to 6,
Storage means for storing information in which the first identification information and the second identification information are associated with each other;
The use permission means refers to the information stored in the storage means, sets the predetermined device in a permitted state,
A use permission / refusal control device in which the use prohibiting unit refers to the information stored in the storage unit and sets the predetermined device in a state in which use is prohibited. The use permission / refusal control device according to any one of claims 2 to 6,
The first IC tag stores information in which the first identification information and the second identification information are associated with each other;
The first tag reader reads the associated information from the first IC tag;
A use permission / refusal control device in which the use prohibition unit sets the predetermined device in a state in which use is prohibited with reference to the associated information read by the first tag reader. The use permission / refusal control device according to claim 1,
The first and second identification information are stored in the same IC tag,
The first detection means includes a tag reader that reads the first identification information stored in the IC tag,
The use permission control device, wherein the second detection means includes a tag reader that reads the second identification information stored in the IC tag. The use permission / refusal control device according to claim 9,
The use permission / inhibition control device in which the first and second identification information include the same identification information. The use permission / refusal control device according to claim 1,
It further comprises image acquisition means for capturing a photographed image of the user,
The first detection means detects the first identification information from the user's face in the captured image,
In response to the fact that the size of the user's face occupying the captured image is equal to or larger than the first size, the use permission unit sets the use of the predetermined device to be permitted.
The second detection means detects the second identification information from the user's face in the captured image,
The use prohibiting means is in a state in which use of the predetermined device is prohibited in response to the size of the user's face occupying the captured image being smaller than a second size smaller than the first size. Use permission control device set to. A first detection step of detecting first identification information unique to the user in the first spatial region;
In response to the detection of the first identification information in the first detection step, a use permission step for setting the use of the predetermined device to a permitted state;
A second detection step of detecting second identification information unique to the user in a second spatial region that includes the first spatial region and is wider than the first spatial region;
In response to the fact that the second identification information is no longer detected in the second detection step, a use prohibiting step for setting the use of the predetermined device to a prohibited state;
Use permission / inhibition control method. The use permission / denial control method according to claim 12,
The first identification information is stored in a first IC tag;
The second identification information is stored in a second IC tag;
In the first detection step, the first identification information stored in the first IC tag is read by a predetermined tag reader to detect the first identification information;
In the second detection step, the second identification information stored in the second IC tag is read by the predetermined tag reader to detect the second identification information;
The use permission / inhibition control method further comprising the step of increasing the sensitivity of the predetermined tag reader after the first detection step and before the second detection step.

Images