Field
Aspects of the present invention generally relate to authentication control of an information processing apparatus.
Description of the Related Art
In information processing apparatuses, such as a multifunctional peripheral and a multifunctional printer (MFP), user authentication is performed.
User authentication in these systems is performed as follows.
Authentication information for identity verification of the user is registered in an authentication server. Authentication information is acquired from authentication information input by the user or an IC card that the user carries, and the system communicates with the authentication server for identity verification. If identity verification is successfully completed, use of the MFP is permitted, and if not, use of the MFP is not permitted. In this manner, use of the MFP by an unregistered person can be controlled. Some devices acquire profile information of a person, customize a manipulation panel based on the information, or download and use personal address information.
Japanese Patent Laid-Open No. 2010-277557 discloses a technique to perform an authentication process quickly when a user logs in to a multi-functional peripheral by acquiring authentication information of the user regarding the multi-functional peripheral that the user may use from a server when the user enters a room, and holding the acquired information in the multi-functional peripheral.
In some authentication methods, face data is used as the authentication information.
The MFP is equipped with a camera with which the face of a person manipulating the MFP is recognized. Feature points of the face are sent to an authentication server for identity verification.
FIG. 14 schematically illustrates related art face recognition using a camera.
As illustrated in FIG. 14, a MFP 1401 includes a camera 1402 and is connected to be communicable with an authentication server 1404 via a network 1406. An authentication database 1405 in which face data used for face recognition of the user is stored is connected to the authentication server 1404.
The reference numeral 1403 denotes a camera recognition area of the camera 1402. When a user A is recognized with the camera 1402, the MFP 1401 acquires feature data of the face of the user A (i.e., extracts feature information from the face of the user A) and sends the feature data as face data to the authentication server 1404 via the network 1406 to make an authentication request.
The authentication server 1404 (1) retrieves the authentication database 1405 based on the sent face data, (2) compares the sent face data with collation face data and, (3) if the sent face data matches the collation face data, notifies permission of authentication to the MFP 1401.
If a user B is recognized with the camera 1402, the MFP 1401 makes an authentication request to the authentication server 1404 as in the case of the user A to perform authentication.
As described above, a plurality of users may be authenticated by a single MFP 1401. The MFP 1401 may, for example, authenticate all the users in the recognition area 1403 of the camera.
The MFP 1401 detects a person approaching itself with the camera, and performs face recognition in advance so that the person's profile information is prepared in advance. Therefore, when the user manipulates the manipulation panel, the MFP 1401 is ready to use. Thus, in the MFP 1401, convenience is increased by utilizing the characteristics of automatic authentication with a camera.
The users in the recognition area 1403 of the camera change all the time: i.e., users move or enter or exit. In order for the MFP 1401 to recognize such change of the users, it is necessary to always identify each user with the camera.
In the system as disclosed in Japanese Patent Laid-Open No. 2010-277557, entrance of the user into a room is managed by notification from an entrance and exit management server, whereas in the technique of face recognition using the camera, it is necessary to recognize change of the users in the recognition area 1403 of the camera based on the face data extracted from the camera image.
In the related art technique of face recognition using a camera, however, storing confidential personal information, such as face data for identifying users, in the MFP 1401 has a potential security risk. Therefore, to always identify the users, it is necessary to acquire face data of each user located in the recognition area 1403, send the acquired face data to the authentication server 1404 in which the face data for the collation is registered, and collate the face data all the time.
For example, in the above example, if the user B enters the recognition area 1403 of the camera after the user A is authenticated, the MFP 1401 needs to send the face data of the user A to the authentication server 1404 together with face data of the user B, in order to recognize a change in the user in the recognition area 1403. The authentication server 1404 returns some statuses: e.g., for the user A, “authenticated” and for user B, “new authentication.” With this status information, the MFP 1401 may recognize that the user A is still staying in the recognition area 1403, and that the user B is newcomer to the recognition area.
This collation method, however, in which face data is collated in the authentication server 1404 all the time via the network 1406 from the MFP 1401 about each user located in the recognition area 1403 takes long time. Especially collation of face data in the authentication server takes longer time than collation using an ID and the like and, therefore, there is a problem that collating face data in the authentication server about each user located in the recognition area 1403 is not operationally practical. Further, authenticating by face data in the authentication server about all the users entering in the recognition area 1403 may increase the network traffic. These issues are not limited to image processing apparatuses, such as the MFP, but also exist in any apparatuses that perform face recognition.