[go: up one dir, main page]

WO2023181267A1 - Système d'authentification, dispositif client d'authentification, dispositif de serveur d'authentification et programme de traitement d'informations - Google Patents

Système d'authentification, dispositif client d'authentification, dispositif de serveur d'authentification et programme de traitement d'informations Download PDF

Info

Publication number
WO2023181267A1
WO2023181267A1 PCT/JP2022/014008 JP2022014008W WO2023181267A1 WO 2023181267 A1 WO2023181267 A1 WO 2023181267A1 JP 2022014008 W JP2022014008 W JP 2022014008W WO 2023181267 A1 WO2023181267 A1 WO 2023181267A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
biometric information
list
information
detected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2022/014008
Other languages
English (en)
Japanese (ja)
Inventor
政博 原
栄信 伊藤
彰 藤井
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujitsu Ltd
Original Assignee
Fujitsu Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Ltd filed Critical Fujitsu Ltd
Priority to PCT/JP2022/014008 priority Critical patent/WO2023181267A1/fr
Publication of WO2023181267A1 publication Critical patent/WO2023181267A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • the present invention relates to an authentication system, an authentication client device, an authentication server device, and an information processing program.
  • Biometric authentication using various types of biometric information such as faces, fingerprints, and veins is becoming widespread. Biometric authentication using multiple types of biometric information has also been proposed. For example, an authentication system has been proposed that narrows down the targets for vein data comparison by performing facial authentication upon entering a store, and performs vein authentication based on the narrowed-down vein data.
  • this face matching system reads ID information from a pass attached to a ticket, it acquires the facial features of the registered face image associated with the ID information, and acquires the facial features of the registered facial image associated with the ID information.
  • a plurality of face feature quantities of the detected face images are acquired, and the face feature quantity of the registered face image is sequentially compared with the face feature quantity of each detected face image.
  • the second biometric information matching candidates are narrowed down by matching using the first biometric information, and the second biometric information of the narrowed down matching candidates is used.
  • the first biological information can be detected from the output data of the corresponding sensor even if the distance between the corresponding sensor and the body part to be detected is longer to some extent than the second biological information.
  • the first biometric information of the same person to be authenticated can be detected even before the person to be authenticated performs an operation for detecting the second biometric information.
  • the first biometric information used for narrowing down information detected before the detection time of the second biometric information can be used. Therefore, the time from when the person to be authenticated performs the operation for detecting the second biometric information until the authentication process is completed, that is, the authentication time experienced by the person to be authenticated can be shortened.
  • a method for shortening the authentication time experienced by the person to be authenticated for example, a method of using the first biometric information detected a certain period of time before the detection time of the second biometric information for narrowing down the search results. is possible.
  • this method if the person to be authenticated is replaced with another person just before the installation location of the sensor for detecting the second biometric information, the person to be authenticated cannot be identified from the narrowed down matching candidates.
  • authentication accuracy decreases.
  • the present invention aims to provide an authentication system, an authentication client device, an authentication server device, and an information processing program that can suppress a decrease in authentication accuracy.
  • an authentication system includes an authentication client device and an authentication server device.
  • the authentication client device includes a first storage section and a first processing section. Management information created for each person is stored in the first storage unit.
  • the first processing unit monitors the first biometric information detected based on the output data of the first sensor, and when the first biometric information corresponding to a new person is detected, the first processing unit stores the first biometric information as management information. , create first management information including the detected first biometric information and store it in the first storage unit, and send a list creation request including the detected first biometric information to the authentication server device.
  • the authentication server device receives a list identification number for identifying a candidate list containing one or more matching candidates, created in response to the transmitted list creation request, from the authentication server device, registers it in the first management information, and transmits the list identification number to the second sensor;
  • the most recently detected first biometric information is select second management information that includes first biometric information similar to the first biometric information, and send an authentication request that includes the list identification number included in the second management information and the detected second biometric information to the authentication server device.
  • the authentication server device also includes a second storage section and a second processing section.
  • the second storage unit stores an authentication database in which first biometric information and second biometric information corresponding to each of a plurality of persons are registered. Each time the second processing unit receives a list creation request from the authentication client device, the second processing unit selects the registered first biometric information from among the people registered in the authentication database, and selects the first biometric information included in the received list creation request. identifying one or more persons similar to the biometric information of No.
  • one proposal provides an authentication client device that performs the same processing as the authentication client device included in the above-described authentication system. Furthermore, one proposal provides an authentication server device that performs the same processing as the authentication server device included in the above-described authentication system.
  • an information processing program is provided that causes a computer to execute the same processing as the authentication client device included in the above authentication system. Furthermore, one proposal provides an information processing program that causes a computer to execute the same processing as the authentication server device included in the above authentication system.
  • FIG. 1 is a diagram showing a configuration example and a processing example of an authentication system according to a first embodiment; FIG. It is a figure showing an example of composition of an authentication system concerning a 2nd embodiment.
  • FIG. 3 is a diagram illustrating an example hardware configuration of an authentication client.
  • FIG. 7 is a diagram illustrating a first comparative example of authentication processing.
  • FIG. 7 is a diagram illustrating a second comparative example of authentication processing.
  • FIG. 7 is a diagram for explaining problems in a second comparative example.
  • FIG. 2 is a diagram illustrating a configuration example of processing functions included in an authentication client and an authentication server.
  • FIG. 3 is a diagram illustrating an example data structure of a face detection data management table.
  • FIG. 3 is a diagram illustrating an example data structure of a candidate list management table.
  • FIG. 6 is a diagram illustrating an example of face detection data and candidate list creation processing.
  • FIG. 7 is a diagram illustrating an example of changes in the similarity of facial feature amounts and the quality score of the facial feature amounts.
  • FIG. 7 is a diagram illustrating a comparative example regarding face detection data and candidate list creation processing.
  • 2 is an example (part 1) of a flowchart showing the procedure of face detection processing.
  • 12 is an example (part 2) of a flowchart showing the procedure of face detection processing. It is an example of a flowchart showing the procedure of list ID reception processing.
  • It is an example of a flowchart showing the procedure of vein detection processing.
  • It is an example of a flowchart showing the procedure of authentication result reception processing.
  • It is an example of a flowchart showing the procedure of list creation processing.
  • a flowchart showing the procedure of authentication processing It is an example of a flowchart showing the procedure of face detection processing in a modified example.
  • It is an example of a flowchart
  • FIG. 1 is a diagram showing a configuration example and a processing example of an authentication system according to a first embodiment.
  • the authentication system shown in FIG. 1 includes an authentication client device 1 and an authentication server device 2.
  • the authentication system shown in FIG. 1 includes an authentication client device 1 and an authentication server device 2.
  • the authentication client device 1 is a client device for the authentication server device 2, and includes a storage section 1a and a processing section 1b.
  • the storage unit 1a is a storage area secured in a storage device (not shown) included in the authentication client device 1.
  • the processing unit 1b is, for example, a processor (not shown) included in the authentication client device 1.
  • sensors 3a and 3b are connected to the authentication client device 1.
  • Different types of biological information can be detected from the output data of the sensors 3a and 3b.
  • first biological information the biological information detected based on the output data of the sensor 3a
  • second biological information the biological information detected based on the output data of the sensor 3b
  • the first biological information can be detected from the output data of the sensor than the second biological information. Therefore, the first biometric information can be detected based on the output data of the sensor 3a, for example, even if the person to be authenticated does not explicitly perform an operation for authentication.
  • the second biometric information can be detected based on the output data of the sensor 3b, for example, when the person to be authenticated explicitly performs an operation for authentication.
  • the operation for authentication referred to here refers to an operation in which biometric information is detected by, for example, a person bringing a specific part of the body close to a sensor or stopping at a specific position in front of a sensor.
  • sensors 3a and 3b are installed at a specific location such as an entrance/exit gate.
  • a specific location such as an entrance/exit gate.
  • the person reaches the specific location and brings a specific part of the body close to the sensor 3b, and second biological information is detected based on the output data of the sensor 3b.
  • Ru the first biological information is detected based on the output data of the sensor 3a. can be detected.
  • the sensor 3a may be installed so that the first biometric information of the same person as the person whose second biometric information is detected by the sensor 3b is detected. In that case, when a certain person reaches the above-mentioned specific place, a certain part of the person's body enters the detection range of the sensor 3a, and the first biological information of the person is detected based on the output data of the sensor 3a. can be detected.
  • the first biological information is, for example, facial information.
  • the sensor 3b for example, a vein sensor, a fingerprint sensor, or an iris sensor can be applied.
  • the vein sensor sensors for various body parts such as the palm and fingers can be applied. Therefore, as the second biometric information, for example, information on veins of the palm or fingers, information on fingerprints, and information on iris can be applied.
  • the authentication client device 1 transmits first biometric information based on the output data of the sensor 3a and second biometric information based on the output data of the sensor 3b to the authentication server device 2, and executes so-called 1-to-N authentication. request.
  • the authentication client device 1 receives the authentication result from the authentication server device 2, and executes processing according to the authentication result, such as output processing of the authentication result.
  • the authentication server device 2 includes a storage section 2a and a processing section 2b.
  • the storage unit 2a is a storage area secured in a storage device (not shown) included in the authentication server device 2.
  • the processing unit 2b is, for example, a processor (not shown) included in the authentication server device 2.
  • An authentication database 4 is stored in the storage unit 1a. First biometric information and second biometric information corresponding to each of a plurality of persons are registered in the authentication database 4.
  • the authentication server device 2 performs one-to-N authentication by comparing the first biometric information and the second biometric information received from the authentication client device 1 with registered information in the authentication database 4. That is, the authentication server device 2 determines whether the person corresponding to the detected first biometric information and second biometric information is registered in the authentication database 4.
  • the first biometric information is used to narrow down the candidates for authentication using the second biometric information from among the people registered in the authentication database 4.
  • the authentication server device 2 first selects from among the people registered in the authentication database 4 that registered first biometric information is similar to the first biometric information received from the authentication client device 1.
  • One or more people are identified as matching candidates. For example, among the people registered in the authentication database 4, a certain number of people are identified as matching candidates in descending order of the degree of similarity between the first biometric information.
  • a candidate list is created in which one or more identified matching candidates are registered.
  • the authentication server device 2 determines whether the registered second biometric information is the second biometric information received from the authentication client device 1 from among the verification candidates registered in the candidate list. Identify similar people. If a person for whom the degree of similarity between the second biometric information is greater than or equal to a certain value is identified, the authentication is successful; if a person for whom the degree of similarity between the second biometric information is greater than or equal to the certain value is not identified, it is considered an authentication failure. Become.
  • the number of people to be matched using the second biometric information is reduced compared to when all the people in the authentication database 4 are the targets of the similarity search.
  • Processing time for similar searches can be shortened. However, for example, if the first biometric information detected at the same time as the second biometric information is used to narrow down the matching candidates, the time required for narrowing down using the first biometric information, The total time including the time required for the similarity search using the second biometric information becomes the entire time required for the authentication process. In this case, the experience that occurs after the authentication subject performs an action for authentication (that is, after bringing a specific part of the body close to the sensor 3b) until the authentication subject recognizes the authentication result. The time will be the total time above.
  • biometric information detected before the detection time of the second biometric information can be used as the first biometric information for narrowing down matching candidates, it is possible to use biometric information detected before the detection time of the second biometric information. You can shorten the experience time.
  • a method can be considered in which first biometric information detected a certain period of time before the time when the second biometric information was detected is used to narrow down matching candidates.
  • first biometric information detected a certain period of time before the time when the second biometric information was detected is used to narrow down matching candidates.
  • the first biometric information used to narrow down recognition candidates and the second biometric information used for similarity search end up being of different people. For this reason, there is a problem in that it is erroneously determined that authentication has failed, resulting in a decrease in authentication accuracy.
  • the time from when the person to be authenticated performs an operation for authentication until the authentication result is output is shortened while maintaining authentication accuracy through the following processing. Increase your chances of being able to do it.
  • the processing unit 1b of the authentication client device 1 monitors the first biometric information detected based on the output data of the sensor 3a, and when the first biometric information corresponding to a new person is detected, the processing unit 1b detects the first biometric information corresponding to a new person. Management information including the first biometric information obtained is created and registered in the storage unit 1a. At the same time, the processing unit 1b transmits a list creation request including the detected first biometric information to the authentication server device 2.
  • the processing unit 2b of the authentication server device 2 When the processing unit 2b of the authentication server device 2 receives the list creation request from the authentication client device 1, the processing unit 2b selects the registered first biometric information from among the people registered in the authentication database 4 to the received list creation request. One or more persons similar to the included first biometric information are identified as matching candidates. The processing unit 2b creates a candidate list including the identified matching candidates and registers it in the storage unit 2a, and also sends a list identification number for identifying the created candidate list to the authentication client device 1 as a response to the list creation request. Send. The processing unit 1b of the authentication client device 1 registers the received list identification number in the above management information.
  • the determination of whether the detected person is a new person is based on, for example, the degree of similarity between the first biometric information corresponding to the detected person and the previously detected first biometric information. It is executed by the client device 1.
  • the processing unit 1b of the authentication client device 1 creates management information 5a including the detected first biometric information and registers it in the storage unit 1a, and also creates a list including the detected first biometric information.
  • a creation request is sent to the authentication server device 2.
  • the processing unit 2b of the authentication server device 2 determines, from among the people registered in the authentication database 4, that the registered first biometric information is similar to the first biometric information included in the received list creation request.
  • One or more people are identified as matching candidates. In the example of FIG. 1, it is assumed that persons U1, U5, and U10 are identified as matching candidates.
  • the processing unit 2b creates a candidate list L1 including the identification numbers of the identified persons U1, U5, and U10 and registers it in the storage unit 2a, and also sends the list identification number “L1” that identifies this candidate list L1 to the authentication client. Send to device 1.
  • the processing unit 1b of the authentication client device 1 registers the received list identification number "L1" in the management information 5a.
  • management information 5b including the detected first biometric information is created and registered in the storage unit 1a, and a list creation request including the detected first biometric information is sent to the authentication server device. Sent to 2. Then, a search for matching candidates using the first biometric information included in the list creation request is executed.
  • persons U2, U3, and U6 are identified as matching candidates, and a candidate list L2 including the identification numbers of these persons U2, U3, and U6 is created and registered in the storage unit 2a.
  • the identification number "L2" of the candidate list L2 is transmitted to the authentication client device 1. As a result, the authentication number "L2" is registered in the management information 5b.
  • the second biological information is detected based on the output data of the sensor 3b by the person U2 bringing a specific part of the body closer to the sensor 3b.
  • An example of such a case is a case where the persons U1 and U2 approach the installation locations of the sensors 3a and 3b in this order, but the persons U1 and U2 switch positions immediately before the installation locations.
  • the processing unit 1b of the authentication client device 1 acquires the first biometric information detected based on the output data of the sensor 3a immediately before time T3. Then, the processing unit 1b selects management information including first biometric information similar to the acquired first biometric information from among the management information 5a and 5b stored in the storage unit 1a. In the example of FIG. 1, management information 5b is selected. In this case, the processing unit 1b acquires the list identification number "L2" from the selected management information 5b, and sends the authentication request including the list identification number "L2" and the detected second biometric information to the authentication server. Send to device 2.
  • the processing unit 2b of the authentication server device 2 Upon receiving the authentication request, the processing unit 2b of the authentication server device 2 selects a candidate list corresponding to the list identification number “L2” included in the received authentication request from among the candidate lists L1 and L2 stored in the storage unit 2a. Identify L2. Based on the authentication database 4, the processing unit 2b matches the second biometric information corresponding to the matching candidate included in the identified candidate list L2 with the second biometric information included in the received authentication request. Through this verification, the processing unit 2b determines whether the verification candidates (persons U2, U3, U6) included in the candidate list L2 include the person corresponding to the second biometric information included in the authentication request. Execute authentication processing.
  • the processing unit 2b transmits, for example, an authentication result indicating that the authentication was successful to the authentication client device 1.
  • the processing unit 1b of the authentication client device 1 executes processing according to the received authentication result.
  • matching candidates are narrowed down based on the first biometric information detected from the same authentication subject before the time when the second biometric information of the authentication subject is detected, and the candidate list is is created. Then, when the second biometric information of the person to be authenticated is detected, a matching process for the second biometric information is executed using a candidate list created in advance, and an authentication result is output.
  • This increases the possibility that the time from when the person to be authenticated performs an operation for authentication, that is, an operation to detect the second biometric information, until the authentication result is output can be shortened. As a result, there is an increased possibility that the time required for the person to be authenticated to recognize the authentication result can be shortened.
  • a list identification number for identifying the created candidate list is held in the authentication client device 1 as management information, along with the first biometric information from which the candidate list was created.
  • management information including first biometric information similar to the most recently detected first biometric information is selected from among the retained management information.
  • An authentication request is sent specifying the list identification number included in the management information.
  • the candidate list created based on the first biometric information of the person U2 increases. Therefore, it is possible to reduce the time from when the second biometric information is detected until the authentication result is output, while suppressing a decrease in authentication accuracy.
  • vein information is used as the second biometric information.
  • veins in the palm of the hand are detected, but veins in other body parts such as fingers may also be detected.
  • FIG. 2 is a diagram showing a configuration example of an authentication system according to the second embodiment.
  • the authentication system shown in FIG. 2 includes an authentication client 10 and an authentication server 20.
  • the authentication client 10 and the authentication server 20 are connected, for example, via a network (not shown).
  • a camera 11 and a vein sensor 12 are connected to the authentication client 10 as biological sensors.
  • the authentication client 10 is an example of the authentication client device 1 shown in FIG. 1
  • the authentication server 20 is an example of the authentication server device 2 shown in FIG.
  • the camera 11 is an example of the sensor 3a shown in FIG. 1
  • the vein sensor 12 is an example of the sensor 3b shown in FIG.
  • the vein sensor 12 is mounted, for example, on a security gate 13 installed at an entrance/exit gate.
  • the authentication client 10 can acquire the vein feature amount indicating the characteristics of the veins in the palm from the output data of the vein sensor 12. .
  • the camera 11 photographs the face of the person 14 approaching the security gate 13.
  • the authentication client 10 is capable of acquiring facial feature amounts indicating the facial features of the person 14 from the output data of the camera 11 even if the distance between the security gate 13 and the person 14 is long to some extent. Therefore, the authentication client 10 can acquire the facial feature amount for the same person 14 at a time earlier than the time when the vein feature amount is acquired.
  • the authentication client 10 transmits the acquired facial feature amount and vein feature amount to the authentication server 20 and requests authentication processing.
  • the authentication server 20 maintains an authentication database in which facial features and vein features corresponding to each of a plurality of persons are registered, and uses the facial features and vein features received from the authentication client 10 as registered information in the authentication database. Verify.
  • the authentication server 20 executes authentication processing based on this comparison, and sends the authentication result to the authentication client 10.
  • FIG. 3 is a diagram showing an example of the hardware configuration of the authentication client.
  • the authentication client 10 is realized, for example, as a computer as shown in FIG.
  • the authentication client 10 shown in FIG. 3 includes a processor 101, a RAM (Random Access Memory) 102, an HDD (Hard Disk Drive) 103, a GPU (Graphics Processing Unit) 104, an input interface (I/F) 105, a reader 106, and a communication It includes an interface (I/F) 107 and a network interface (I/F) 108.
  • the processor 101 centrally controls the entire authentication client 10.
  • the processor 101 is, for example, a CPU (Central Processing Unit), an MPU (Micro Processing Unit), a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), or a PLD (Programmable Logic Device). Further, the processor 101 may be a combination of two or more elements among a CPU, an MPU, a DSP, an ASIC, and a PLD.
  • the RAM 102 is used as the main storage device of the authentication client 10.
  • the RAM 102 temporarily stores at least a portion of an OS (Operating System) program and application programs to be executed by the processor 101. Further, the RAM 102 stores various data necessary for processing by the processor 101.
  • OS Operating System
  • the HDD 103 is used as an auxiliary storage device for the authentication client 10.
  • the HDD 103 stores OS programs, application programs, and various data. Note that other types of nonvolatile storage devices such as SSD (Solid State Drive) can also be used as the auxiliary storage device.
  • SSD Solid State Drive
  • a display device 104a is connected to the GPU 104.
  • the GPU 104 displays an image on the display device 104a according to instructions from the processor 101.
  • Examples of the display device 104a include a liquid crystal display and an organic EL (Electro Luminescence) display.
  • An input device 105a is connected to the input interface 105.
  • Input interface 105 transmits a signal output from input device 105a to processor 101.
  • Examples of the input device 105a include a keyboard and a pointing device.
  • Pointing devices include mice, touch panels, tablets, touch pads, trackballs, and the like.
  • a portable recording medium 106a is attached to and detached from the reading device 106.
  • the reading device 106 reads data recorded on the portable recording medium 106a and transmits it to the processor 101.
  • Examples of the portable recording medium 106a include an optical disk and a semiconductor memory.
  • the communication interface 107 sends and receives data to and from external devices such as the camera 11 and the vein sensor 12.
  • the network interface 108 sends and receives data to and from other devices, such as the authentication server 200, via the network 108a.
  • the processing functions of the authentication client 10 can be realized.
  • the authentication server 20 can also be realized as a computer having the same hardware configuration as that in FIG. 3.
  • the face detection result is used to narrow down matching candidates to be checked for veins. Comparative examples of authentication processing involving such narrowing down of matching candidates are shown in FIGS. 4 and 5 below.
  • FIG. 4 is a diagram showing a first comparative example of authentication processing.
  • FIG. 4 exemplifies a case where authentication processing is executed using the detection results of a face and veins detected at the same time.
  • the authentication client 10 performs face detection based on the output data of the camera 11 (step S11a), and performs vein detection based on the output data of the vein sensor 12 (step S11b).
  • veins are detected by the person to be authenticated by placing their hand over the vein sensor 12, and at this time, their face is also detected from the output data of the camera 11.
  • the authentication client 10 calculates facial feature amounts based on the detected face information (step S12a), and calculates vein feature amounts based on the detected vein information (step S12b).
  • the authentication client 10 transmits the calculated facial feature amount and vein feature amount to the authentication server 20.
  • the authentication server 20 matches the received facial feature amount with the facial feature amount registered in the authentication database, and executes a process to narrow down matching candidates (step S13).
  • the authentication server 20 identifies one or more persons whose registered facial feature amount is similar to the received facial feature amount as matching candidates from among the persons registered in the authentication database. For example, from among the people registered in the authentication database, a certain number of people are identified as matching candidates in descending order of similarity between facial feature amounts.
  • the authentication server 20 registers a list of identified matching candidates in the candidate list, and then executes vein authentication processing based on the candidate list (step S14).
  • the authentication server 20 identifies the vein feature amount corresponding to the verification candidate person registered in the candidate list among the people registered in the authentication database and the vein feature amount received from the authentication client 10. A person for whom the degree of similarity between vein feature amounts is equal to or greater than a predetermined threshold is identified. If the corresponding person is identified from the matching candidates, the authentication is successful; if the person is not identified, the authentication is failed.
  • the time from when the face and veins are detected in steps S11a and S11b until the end of the vein authentication process in step S14 is the shortest authentication process time experienced by the person to be authenticated.
  • the authentication client 10 can acquire the facial feature amount for the same person at a time earlier than the time when the vein feature amount is acquired. For this reason, as in the second comparative example shown in Figure 5 below, by creating a candidate list in advance using facial features obtained before acquiring vein features, it is possible to The perceived authentication processing time can be shortened.
  • FIG. 5 is a diagram showing a second comparative example of authentication processing.
  • a candidate list of matching candidates is created using facial feature amounts based on a face detected at a certain time t0 before the time when veins were detected.
  • the authentication client 10 detects a face based on the output data of the camera 11 (step S21), calculates facial features (step S22), and sends the calculated facial features to the authentication server 20. .
  • the authentication server 20 executes a process of narrowing down matching candidates using the received facial feature amount, and creates a candidate list showing a list of matching candidates (step S23).
  • the authentication client 10 detects a vein based on the output data of the vein sensor 12 at time T12 when a certain period of time t0 has passed since the face was detected (step S25)
  • the authentication client 10 calculates the vein feature amount (step S26). ), and transmits the calculated vein feature amount to the authentication server 20.
  • the authentication server 20 executes vein authentication processing based on the created candidate list (step S27). That is, the authentication server 20 executes the authentication process by comparing the received vein feature amount with the vein feature amount corresponding to a person who is a verification candidate registered in the candidate list among the people registered in the authentication database. Then, at time T13, the authentication result is transmitted to the authentication client.
  • the time from the time of vein detection in step S25 to the end of the vein authentication process in step S27 is the authentication process time experienced by the person to be authenticated. Therefore, the authentication processing time experienced by the person to be authenticated is shorter than that of the first comparative example shown in FIG. 4. Further, in the vein authentication processing performed by the authentication server 20, only the people registered in the candidate list are compared, not all the people registered in the authentication database, so that the time required for the comparison is short. Therefore, the response time from when the person to be authenticated performs an operation for vein detection to when the authentication result is recognized is shortened, and the operability of the person to be authenticated is improved.
  • FIG. 6 is a diagram for explaining the problems of the second comparative example.
  • matching candidates are narrowed down based on the facial features detected at time T11, and a candidate list is created. Then, vein authentication processing using the created candidate list is executed based on the feature amount of the vein detected at time T12 when a certain period of time t0 has elapsed from time T11.
  • a candidate list is created based on the facial features of person A.
  • person B who was lined up behind person A, switches places with person A, and at time T12, person B holds his palm over the vein sensor 12.
  • person B interrupts person A and person B holds the palm of the hand over vein sensor 12 during the period from time T11 to time T12.
  • the veins of person B instead of person A are detected at time T12.
  • the order of the people may be changed just before the security gate 13, If another person interrupts, there is a high possibility that vein authentication using the candidate list will fail, and there is a problem that authentication accuracy may decrease.
  • a candidate list is created each time a new person is detected by the camera 11, and the facial feature amount of that person and the identification number of the candidate list are held in the authentication client 10. Then, when a vein is detected by the vein sensor 12, the authentication client 10 associates it with a facial feature similar to the facial feature of the most recently detected face from among the identification numbers in the held candidate list. Identify the identified identification number. The authentication client 10 transmits the identified identification number to the authentication server 20 and requests execution of vein authentication using the candidate list indicated by the identification number. With this kind of processing, vein authentication processing using vein features of a certain person is executed using a candidate list created using the same person's facial features, so there is no possibility of mistaken authentication. It can reduce the possibility of failure. Therefore, it is possible to reduce the authentication processing time experienced by the person to be authenticated, while suppressing a decrease in authentication accuracy.
  • FIG. 7 is a diagram illustrating a configuration example of processing functions included in an authentication client and an authentication server.
  • the authentication client 10 includes a storage section 110, a face detection processing section 121, a list creation requesting section 122, a list information receiving section 123, a vein detection processing section 124, an authentication requesting section 125, and an authentication result receiving section 126.
  • the storage unit 110 is a storage area secured in a storage device included in the authentication client 10, such as the RAM 102 or the HDD 103.
  • the storage unit 110 stores a face detection data management table 111. Every time a new person (that is, a person different from the previously detected person) is detected by face detection, face detection data corresponding to that person is registered in the face detection data management table 111. .
  • FIG. 8 is a diagram showing an example of the data structure of the face detection data management table.
  • Each record registered in the face detection data management table 111 corresponds to face detection data for each person.
  • the face detection data includes a face detection ID, time, facial feature amount, quality score, and list ID.
  • the face detection ID indicates the identification number of face detection data.
  • the time indicates the time when the facial feature amount registered in the face detection data was calculated.
  • the facial feature amount indicates a feature amount calculated from a corresponding person's face image.
  • the quality score is a value indicating the quality of the facial feature amount registered in the face detection data, and takes a value from 0% to 100%, for example. This quality score is calculated, for example, based on an index related to the facial image from which the facial feature amount is calculated. As such an index, for example, the size of a face image is used. As the size of the face image, for example, the size (the number of pixels in the horizontal or vertical direction) of a rectangular area circumscribing the face area, the area of the rectangular area, etc. are used.
  • the list ID indicates an identification number of a candidate list created using facial feature amounts registered in the face detection data.
  • the face detection processing unit 121 detects a face from an image taken by the camera 11, and calculates facial features based on the face image of the face area. The face detection processing unit 121 also calculates the quality score of the facial feature amount.
  • the list creation requesting unit 122 compares the calculated facial feature amount with the facial feature amount of each face detection data registered in the face detection data management table 111, and identifies the detected face. It is determined whether there is face detection data that includes facial feature quantities similar to the feature quantities.
  • the list creation requesting unit 122 determines that a new person's face has been detected, creates face detection data corresponding to that person, and creates the face detection data management table 111. Register as a new user. At this time, the list creation request unit 122 transmits a list creation request including the face detection ID of the newly registered face detection data and the calculated facial feature amount to the authentication server 20.
  • the list creation requesting unit 122 determines if the quality score of the calculated facial feature amount is higher than the quality score registered for the face detection data. Only then, the facial feature amount of the face detection data is updated with the calculated facial feature amount. Further, the list creation request unit 122 transmits a list creation request including the face detection ID of the face detection data and the updated facial feature amount to the authentication server 20.
  • the list information receiving unit 123 receives from the authentication server 20 the list ID of the candidate list created in response to the list creation request.
  • the list information receiving unit 123 registers the received list ID in the face detection data corresponding to the face detection ID added to the received list ID among the face detection data registered in the face detection data management table 111. At this time, if a list ID has already been registered, that list ID is updated with the received list ID.
  • the vein detection processing unit 124 detects veins from the image taken by the vein sensor 12, and calculates vein feature amounts based on the image of the vein area.
  • the authentication requesting unit 125 acquires the facial feature amount based on the most recently detected face image, and selects the facial feature amount from among the face detection data registered in the face detection data management table 111. Identify face detection data that includes facial features similar to the facial features.
  • the authentication request unit 125 transmits an authentication request including the list ID included in the specified face detection data and the calculated vein feature amount to the authentication server 20.
  • the authentication result receiving unit 126 receives the result of vein authentication performed in response to the authentication request from the authentication server 20, and executes processing according to the authentication result.
  • the authentication server 20 includes a storage section 210, a narrowing-down processing section 221, a list information transmission section 222, a list acquisition section 223, a vein authentication processing section 224, and an authentication result transmission section 225.
  • the storage unit 210 is a storage area secured in a storage device (not shown) included in the authentication server 20.
  • the storage unit 210 stores an authentication database 211, a candidate list 212, and a candidate list management table 213.
  • a user ID for identifying a person, a facial feature amount, and a vein feature amount are registered in advance for all persons to be authenticated.
  • the candidate list 212 is list information in which user IDs of verification candidates at the time of vein authentication are described. Multiple candidate lists 212 may be registered.
  • the candidate list management table 212 is management information for managing candidate lists and face detection data in association with each other.
  • FIG. 9 is a diagram showing an example of the data structure of the candidate list management table. As shown in FIG. 9, a face detection ID for identifying face detection data and a list ID for identifying a candidate list are registered in the candidate list management table 213 in association with each other.
  • the processing of the narrowing-down processing unit 221, list information transmission unit 222, list acquisition unit 223, vein authentication processing unit 224, and authentication result transmission unit 225 is performed by, for example, a processor (not shown) included in the authentication server 20 executing a predetermined program. Realized.
  • the narrowing-down processing unit 221 When the narrowing-down processing unit 221 receives a list creation request from the list creation requesting unit 122, it compares the facial features included in the list creation request with the facial features of each person registered in the authentication database 211, and determines the veins. Narrow down matching candidates for authentication. The narrowing-down processing unit 221 identifies one or more facial features similar to the facial features included in the list creation request from among the facial features registered in the authentication database 211. For example, the narrowing-down processing unit 221 selects a certain number (however, 2 or more) of facial features registered in the authentication database 211 in descending order of similarity to the facial features included in the list creation request. Extract the amount. However, facial features whose similarity is less than a certain value may be excluded. The narrowing-down processing unit 221 uses people corresponding to each extracted facial feature as matching candidates, creates a candidate list 212 in which the user IDs of these people are listed, and registers it in the storage unit 210.
  • the narrowing-down processing unit 221 searches the candidate list management table 213 for a record that includes the face detection ID included in the received list creation request. If there is no corresponding record, the narrowing down processing unit 221 creates a new record in the candidate list management table 213, and writes the face detection ID included in the list creation request and the list ID of the created candidate list 212 into the record. register. On the other hand, if there is a corresponding record, the narrowing-down processing unit 221 updates the list ID registered in that record with the list ID of the created candidate list 212.
  • the list information transmitting unit 222 transmits the list ID of the candidate list 212 created by the narrowing-down processing unit 221 to the authentication client 10 together with the face detection ID included in the list creation request.
  • the list acquisition unit 223 When the list acquisition unit 223 receives the authentication request sent from the authentication request unit 125, it identifies the candidate list 212 indicated by the list ID included in the authentication request from among the candidate lists 212 registered in the storage unit 210. The list acquisition unit 223 passes the user IDs of the matching candidates included in the identified candidate list 212 and the vein feature amounts included in the authentication request to the vein authentication processing unit 224, and requests execution of vein authentication processing.
  • the vein authentication processing unit 224 performs vein authentication processing by comparing the vein features of users who are authentication candidates among the users registered in the authentication database 211 with the vein features passed from the list acquisition unit 223. Execute. The vein authentication processing unit 224 determines that authentication has been successful when there is a vein feature in the former vein feature that has a degree of similarity equal to or higher than a predetermined threshold with the latter vein feature.
  • the authentication result transmitting unit 225 transmits the authentication result obtained by the vein authentication processing unit 224 to the authentication client 10.
  • FIG. 10 is a diagram illustrating an example of processing for creating face detection data and a candidate list.
  • the face detection processing unit 121 of the authentication client 10 monitors the presence or absence of a face in each of the captured images sequentially input from the camera 11, and when a face is detected, calculates the facial feature amount and sends it to the list creation requesting unit 122. Output.
  • the camera 11 is also capable of detecting the face of a person located at a certain distance from the security gate 13. Therefore, for example, if a person approaches the security gate 13, the person's face will be detected when the person's face appears at a certain size or larger on the image taken by the camera 11. .
  • the face detection processing unit 121 calculates the facial feature amount only for the face with the largest facial area size.
  • the list creation requesting unit 122 executes processing for creating and updating face detection data based on the facial feature amount calculated by the face detection processing unit 121. However, such processing is executed only when the quality score of the facial feature amount is equal to or higher than a predetermined lower limit threshold.
  • the list creation request unit 122 creates face detection data every time a new person's face is detected based on the calculated facial feature amount, and registers the calculated facial feature amount. In the example of FIG. 10, it is assumed that the face of person A is detected at time T21 and its facial feature amount is calculated. At this time, the list creation requesting unit 122 determines whether face detection data including facial feature amounts similar to the calculated facial feature amounts are registered in the face detection data management table 111. If there is no such face detection data, it is determined that a new person's face has been detected.
  • the face detected at time T21 is determined to be the face of a new person, and the list creation requesting unit 122 registers new face detection data in the face detection data management table 111.
  • the list creation request unit 122 registers the new face detection ID "0001" and the calculated facial feature amount and quality score in the face detection data.
  • the list creation request unit 122 transmits a list creation request including the face detection ID "0001" and the calculated facial feature amount to the authentication server 20.
  • the narrowing-down processing unit 221 of the authentication server 20 Upon receiving the list creation request from the list creation request unit 122, the narrowing-down processing unit 221 of the authentication server 20 compares the facial features included in the list creation request with the facial features of each person registered in the authentication database 211. to narrow down matching candidates for vein authentication.
  • the list creation requesting unit 122 creates a candidate list including the user IDs of the matching candidates identified by this narrowing down, and assigns a new list ID "00001" to the created candidate list.
  • the narrowing-down processing unit 221 determines whether the face detection ID included in the list creation request is registered in the candidate list management table 213. In the example of FIG. 10, the face detection ID "0001" included in the list creation request is not registered in the candidate list management table 213. In this case, the narrowing down processing unit 221 associates the face detection ID "0001" with the list ID "00001" of the created candidate list and registers them in the candidate list management table 213. Then, the narrowing-down processing unit 221 transmits the face detection ID "0001" and the list ID "00001" to the authentication client 10 as a response to the list creation request.
  • the list information receiving unit 123 of the authentication client 10 When the list information receiving unit 123 of the authentication client 10 receives the face detection ID “0001” and the list ID “00001”, it specifies the face detection data with the face detection ID “0001” from the face detection data management table 111. The list information receiving unit 123 registers the received list ID "00001" in the specified face detection data.
  • the list creation requesting unit 122 determines whether face detection data including facial feature amounts similar to the calculated facial feature amounts are registered in the face detection data management table 111.
  • the list creation request unit 122 registers the new face detection data in the face detection data management table 111, and adds the new face detection ID "0002", the calculated facial feature amount, and the quality score to the face detection data. Register. At the same time, the list creation request unit 122 transmits a list creation request including the face detection ID "0002" and the calculated facial feature amount to the authentication server 20.
  • the narrowing-down processing unit 221 of the authentication server 20 Upon receiving the list creation request from the list creation request unit 122, the narrowing-down processing unit 221 of the authentication server 20 compares the facial features included in the list creation request with the facial features of each person registered in the authentication database 211. to narrow down matching candidates.
  • the list creation requesting unit 122 creates a candidate list including the user IDs of the matching candidates identified through this narrowing down, and assigns a new list ID "00002" to the created candidate list.
  • the narrowing down processing unit 221 associates the face detection ID "0002" with the list ID "00002". and register it in the candidate list management table 213. Then, the narrowing-down processing unit 221 transmits the face detection ID "0002" and the list ID "00002" to the authentication client 10 as a response to the list creation request.
  • the list information receiving unit 123 of the authentication client 10 identifies the received face detection data with the face detection ID "0002" from the face detection data management table 111, and assigns the received list ID "00002" to the specified face detection data. Register.
  • the face detection data management table 111 uses the newly generated face detection ID, the calculated facial feature amount and quality score, and the facial feature amount.
  • the face detection data including the list ID of the candidate list created by the process is registered.
  • the list creation requesting unit 122 determines whether face detection data including facial feature amounts similar to the calculated facial feature amounts are registered in the face detection data management table 111.
  • face detection data with face detection ID "0001" is specified as the relevant face detection data.
  • the list creation requesting unit 122 compares the quality score included in the specified face detection data and the quality score of the calculated facial feature amount.
  • the quality score of the former is greater than or equal to the quality score of the latter, no request is made to update the specified face detection data or to create a candidate list.
  • the list creation requesting unit 122 updates the facial feature amount and quality score included in the specified face detection data using the calculated facial feature amount and quality score. Furthermore, the list creation request unit 122 transmits a list creation request including the face detection ID “0001” and the calculated facial feature amount to the authentication server 20.
  • the narrowing-down processing unit 221 of the authentication server 20 narrows down the matching candidates using the facial features included in the received list creation request, and creates a candidate list, using the same procedure as above.
  • the narrowing-down processing unit 221 determines whether the face detection ID "0001" included in the list creation request is registered in the candidate list management table 213.
  • the face detection ID "0001" is registered in the candidate list management table 213.
  • the narrowing down processing unit 221 updates the list ID "00001" associated with the face detection ID "0001" in the candidate list management table 213 with the list ID "00003" of the created candidate list. Then, the narrowing-down processing unit 221 transmits the face detection ID "0001" and the list ID "00003" to the authentication client 10 as a response to the list creation request.
  • the list information receiving unit 123 of the authentication client 10 identifies the received face detection data with the face detection ID "0001" from the face detection data management table 111, and assigns the received list ID "00003" to the specified face detection data. Register. In the example of FIG. 10, the list ID will be updated.
  • FIG. 11 is a diagram illustrating an example of changes in the similarity of facial feature amounts and the quality score of the facial feature amounts.
  • the “similarity threshold” shown in FIG. 11 indicates the similarity threshold between the calculated facial feature amount and the facial feature amount registered in the face detection data. If the similarity is greater than or equal to the threshold, this means that a different person's face has been detected.
  • the faces of persons A, A, A, B, and A are detected at times T31, T32, T33, T34, and T35, respectively.
  • the quality score of the facial feature amount is not a sufficient value, so the facial feature amount is not registered.
  • face detection data including the facial feature amount of person A is registered, and a face detection ID "0001" is assigned to this face detection data. Furthermore, a candidate list with list ID "00001” is created based on this facial feature amount, and list ID "00001" is registered in the face detection data.
  • a facial feature with a higher quality score is calculated as the facial feature of person A, and the face detection data with face detection ID "0001" is updated with this facial feature and quality score. Furthermore, a candidate list with list ID "00002” is created based on this facial feature amount, and list ID "00002" is registered in the face detection data.
  • the facial feature amount of person B is calculated, face detection data including the facial feature amount of person B is registered, and a face detection ID "0002" is assigned to this face detection data. Furthermore, a candidate list with list ID "00003” is created based on this facial feature amount, and list ID "00003" is registered in the face detection data.
  • the facial feature amount of person A is calculated. However, since the quality score registered in the face detection data with face detection ID "0001" (quality score updated at time T33) is higher than the quality score of the calculated face feature amount, the face detection data It is not updated and no candidate list is created.
  • the authentication requesting unit 125 of the authentication client 10 acquires the facial feature amount based on the most recently detected face, and selects the acquired facial feature amount from among the face detection data registered in the face detection data management table 111. Identify face detection data that includes facial features similar to. In the example of FIG. 11, face detection data with face detection ID "0001" is specified. In this case, the authentication request unit 125 transmits an authentication request including the list ID “00002” included in the specified face detection data and the calculated vein feature amount to the authentication server 20. That is, the authentication server 20 is requested to perform vein authentication using the candidate list with list ID "00002."
  • the list acquisition unit 223 of the authentication server 20 identifies the candidate list with list ID “00002” included in the authentication request from among the candidate lists registered in the storage unit 210.
  • the vein authentication processing unit 224 compares the vein features of users who are authentication candidates included in the candidate list with list ID "00002" with the vein features included in the authentication request. By doing so, vein authentication processing is executed. In the example of FIG. 11, since the vein authentication process is executed at time T33 using the candidate list created based on the facial feature amount of person A, the vein authentication processing unit 224 succeeds in authentication.
  • vein authentication can be performed using a candidate list created based on the facial features of the person whose veins have been detected. Since the authentication accuracy is improved, a decrease in authentication accuracy can be suppressed. That is, according to the process of the present embodiment, it is possible to reduce the authentication processing time experienced by the person to be authenticated, while suppressing a decrease in authentication accuracy.
  • the distance between the camera 11 and the person A is estimated to be the closest at the time T35.
  • the quality score of the facial feature amount is highest at time T33.
  • the timing at which the facial feature amount with the highest quality score can be acquired is not necessarily immediately before vein authentication.
  • the security gate 13 if the face of a certain person can be detected multiple times while the person approaches the security gate 13, the highest quality score among the facial features based on the detected face Facial feature amounts are held in face detection data. Therefore, vein authentication can be performed using a candidate list that is calculated with high accuracy using the facial feature amount with the highest quality score. Therefore, authentication accuracy can be improved.
  • FIG. 12 is a diagram illustrating a comparative example of face detection data and candidate list creation processing.
  • FIG. 12 exemplifies a case in which face detection data is created every time a face is detected, regardless of whether it is a new person's face or not, and a corresponding candidate list is created.
  • the face detection data management table 111a in FIG. 12 is a management table in which face detection data created in this comparative example is registered.
  • the faces of persons A, A, B, B, and A are detected at times T41, T42, T43, T44, and T45, respectively.
  • candidate lists with list IDs "a1", “a2”, “b1", “b2”, and “a3” are created in response to requests from the authentication client 10, respectively. has been created. Therefore, list IDs "a1", “a2”, “b1", "b2", and “a3" are registered in the face detection data created at times T41, T42, T43, T44, and T45, respectively.
  • the authentication client 10 acquires facial feature amounts based on the most recently detected face, and selects the facial features from among the face detection data registered in the face detection data management table 111a. Identify face detection data that includes facial features similar to the acquired facial features. That is, face detection data corresponding to person A is identified from among the registered face detection data.
  • creation of a candidate list is requested only when a facial feature amount with a higher quality score is calculated. Therefore, the number of candidate lists to be created can be reduced, and the storage capacity of the authentication server 20 for holding these candidate lists can also be reduced.
  • FIGS. 13 and 14 are examples of flowcharts showing the procedure of face detection processing. It is assumed that the most recently calculated facial feature amount is stored in the storage unit 110 of the authentication client 10.
  • Step S31 The face detection processing unit 121 acquires a photographed image (frame) from the camera 11 and executes face detection processing. [Step S32] If the face detection processing unit 121 detects a face, the process proceeds to step S33. On the other hand, if no face is detected, the process proceeds to step S31, and the process using the next captured image is executed.
  • the face detection processing unit 121 calculates facial features based on the detected face image.
  • the face detection processing unit 121 also calculates the quality score of the facial feature amount. Note that if faces of multiple people are detected from the photographed image, the face with the larger size of the face area is targeted for processing.
  • Step S34 The list creation request unit 122 determines whether the calculated quality score is greater than or equal to a predetermined threshold. If the quality score is greater than or equal to the threshold, the process proceeds to step S35. At this time, the most recently calculated facial feature amount stored in the storage unit 110 is updated with the facial feature amount calculated in step S33. On the other hand, if the quality score is less than the threshold, the process proceeds to step S31, and the process using the next captured image is executed.
  • Step S35 The list creation request unit 122 compares the calculated facial feature amount with the facial feature amount of each face detection data registered in the face detection data management table 111. In this comparison, the degree of similarity between facial feature amounts is calculated.
  • Step S36 The list creation requesting unit 122 determines whether there is a facial feature amount whose calculated degree of similarity is greater than or equal to a predetermined threshold value among the facial feature amounts of the face detection data. If there is a corresponding facial feature amount, the process proceeds to step S39, and if there is no corresponding facial feature amount, the process proceeds to step S37.
  • Step S37 If the determination in step S36 is "No", a new person's face has been detected. In this case, the list creation requesting unit 122 creates new face detection data and registers it in the face detection data management table 111. The list creation requesting unit 122 also generates a new face detection ID, and registers the face detection ID, the current time, and the calculated facial feature amount and quality score in the face detection data.
  • Step S38 The list creation request unit 122 transmits a list creation request including the face detection ID generated in step S37 and the calculated facial feature amount to the authentication server 20. After this, the process proceeds to step S31, and the process using the next captured image is executed.
  • step S39 If “Yes” is determined in step S36, the face of the same person as the person whose face was detected in the past has been detected. In this case, the list creation requesting unit 122 determines, from among the face detection data registered in the face detection data management table 111, the degree of similarity between the registered facial feature amount and the calculated facial feature amount as shown in step S36. Identify face detection data that is equal to or greater than a threshold. The list creation request unit 122 obtains a quality score from the specified face detection data.
  • Step S40 The list creation request unit 122 determines whether the quality score calculated in step S33 is higher than the quality score obtained from the face detection data. If this determination condition is satisfied, the process proceeds to step S41. On the other hand, if this determination condition is not satisfied, the process proceeds to step S31, and the process using the next captured image is executed.
  • Step S41 The list creation request unit 122 updates the time, facial feature amount, and quality score of the face detection data specified in step S39 with the current time, facial feature amount, and quality score calculated in step S33.
  • Step S42 The list creation request unit 122 transmits a list creation request including the face detection ID of the face detection data specified in step S39 and the calculated facial feature amount to the authentication server 20. After this, the process proceeds to step S31, and the process using the next captured image is executed.
  • FIG. 15 is an example of a flowchart showing the procedure of list ID reception processing.
  • the list information receiving unit 123 receives the list ID of the candidate list created in response to the list creation request from the authentication server 20 together with the face detection ID.
  • the list information receiving unit 123 registers the received list ID in the face detection data corresponding to the received face detection ID among the face detection data registered in the face detection data management table 111. At this time, if a list ID has already been registered, that list ID is updated with the received list ID.
  • FIG. 16 is an example of a flowchart showing the procedure of vein detection processing.
  • the vein detection processing unit 124 acquires a captured image from the vein sensor 12 and executes vein detection processing.
  • Step S62 If a vein is detected by the vein detection processing unit 124, the process proceeds to step S63. On the other hand, if no vein is detected, the process proceeds to step S61, and the process using the next captured image is executed.
  • the vein detection processing unit 124 calculates vein feature amounts based on the image of the vein region.
  • the authentication request unit 125 acquires the most recently calculated facial feature amount from the storage unit 110.
  • Step S65 The authentication requesting unit 125 compares the facial feature amount acquired in step S64 with the facial feature amount of each face detection data registered in the face detection data management table 111. In this comparison, the degree of similarity between facial feature amounts is calculated.
  • Step S66 The authentication requesting unit 125 determines that the degree of similarity between the registered facial feature amount and the facial feature amount obtained in step S64 is equal to or greater than a predetermined threshold in the face detection data management table 111, and the list ID is Determine whether there is registered face detection data. If there is corresponding face detection data, the process proceeds to step S68, and if there is no corresponding face detection data, the process proceeds to step S67.
  • Step S67 The authentication request unit 125 transmits a list creation request including the facial feature amount acquired in step S64 to the authentication server 20.
  • the authentication server 20 narrows down the matching candidates using the facial feature amount, creates a candidate list containing the user IDs of the matching candidates, and returns the list ID of the candidate list.
  • the process proceeds to step S68.
  • Step S68 If the determination is “Yes” in step S66, the authentication request unit 125 uses the vein feature amount calculated in step S63 and the list ID included in the face detection data that matches the determination condition in step S66. An authentication request including the above is sent to the authentication server 20. On the other hand, if the process advances from step S67 to step S68, the authentication request unit 125 sends the authentication request including the vein feature amount calculated in step S63 and the list ID received in response to the list creation request to the authentication server 20. Send to. After this, the process proceeds to step S61, and the process using the next captured image is executed.
  • FIG. 17 is an example of a flowchart showing the procedure of authentication result reception processing.
  • the authentication result receiving unit 126 receives the authentication result from the authentication server 20.
  • the authentication result receiving unit 126 executes processing according to the received authentication result. For example, the authentication result receiving unit 126 outputs audio information and image information indicating the authentication result (success or failure of authentication). Further, the authentication result receiving unit 126 sets the security gate 13 in an open state when the authentication is successful, and sets the security gate 13 in a closed state when the authentication fails.
  • FIG. 18 is an example of a flowchart showing the procedure of list creation processing.
  • the narrowing-down processing unit 221 receives a list creation request from the authentication client 10.
  • the narrowing-down processing unit 221 searches for one or more facial features similar to the facial features included in the list creation request from among the facial features of each person registered in the authentication database 211.
  • this similarity search for example, a predetermined number of facial features are identified in descending order of similarity. Alternatively, all facial features whose similarity is equal to or greater than a predetermined threshold are identified.
  • Step S83 The person corresponding to the facial feature amount specified by the search in step S82 becomes a matching candidate.
  • the narrowing down processing unit 221 creates a candidate list in which the user IDs of the obtained matching candidates, that is, the user IDs associated with the facial feature amounts obtained as a result of the search are described.
  • the narrowing-down processing unit 221 assigns a new list ID to the created candidate list and registers it in the storage unit 210.
  • Step S84 The narrowing-down processing unit 221 searches the candidate list management table 213 for a record that includes the face detection ID included in the received list creation request. If there is no corresponding record, it is determined that the face detection ID is new, and the process proceeds to step S85. On the other hand, if there is a corresponding record, the process advances to step S86.
  • Step S85 The narrowing-down processing unit 221 creates a new record in the candidate list management table 213.
  • the narrowing-down processing unit 221 registers the face detection ID included in the list creation request and the list ID of the candidate list created in step S83 with respect to the created record.
  • Step S86 The narrowing-down processing unit 221 identifies a record including the face detection ID included in the list creation request from the candidate list management table 213, and uses the list ID registered in that record as the candidate created in step S83.
  • the list is updated by the list ID of the list. Note that the candidate list corresponding to the list ID before update may be deleted from the storage unit 210.
  • Step S87 The list information transmitting unit 222 transmits the list ID of the candidate list created in step S83 to the authentication client 10 together with the face detection ID included in the list creation request.
  • FIG. 19 is an example of a flowchart showing the procedure of authentication processing.
  • the list acquisition unit 223 receives an authentication request from the authentication client 10.
  • Step S92 The list acquisition unit 223 determines whether the received authentication request includes a list ID. If the list ID is included, the process proceeds to step S93; if the list ID is not included, the process proceeds to step S97.
  • the list acquisition unit 223 identifies a candidate list corresponding to the list ID included in the authentication request from among the candidate lists stored in the storage unit 210.
  • the vein authentication processing unit 224 compares the vein feature amount included in the authentication request with the vein feature amount of each verification candidate included in the candidate list specified in step S93. In this comparison process, the degree of similarity between vein feature amounts is calculated.
  • Step S95 The vein authentication processing unit 224 determines whether there is a matching candidate among the matching candidates for which the degree of similarity between the registered vein feature and the vein feature included in the authentication request reaches a predetermined threshold. . If there is a matching candidate, the process proceeds to step S96, and if there is no matching candidate, the process proceeds to step S97.
  • the vein authentication processing unit 224 determines that authentication has been successful.
  • the vein authentication processing unit 224 determines that authentication has failed.
  • the authentication result transmitter 225 transmits information indicating the authentication result to the authentication client 10.
  • the authentication process may be executed again according to a predetermined procedure. For example, the entire authentication database 211 is searched for vein features similar to the vein features included in the authentication request, and an authentication result is output depending on the presence or absence of similar vein features. Alternatively, the most recently detected facial feature amount is sent from the authentication client 10, a candidate list is created using this facial feature amount, and the veins included in the authentication request are targeted for matching candidates in the created candidate list. Vein authentication may be performed using feature amounts.
  • a part of the processing of the authentication client 10 in the second embodiment may be modified as follows. In this modification, when veins are detected, the processing procedure for selecting appropriate face detection data is streamlined. Further, it is no longer necessary to store the most recently detected facial feature amount in the storage unit 110 of the authentication client 10 separately from the face detection data management table 111.
  • FIG. 20 is an example of a flowchart showing the procedure of face detection processing in a modified example.
  • the process in step S43 is executed.
  • Step S43 The list creation request unit 122 updates the time of the face detection data specified in step S39 with the current time. After this, the process proceeds to step S31, and the process using the next captured image is executed.
  • FIG. 21 is an example of a flowchart showing the procedure of vein detection processing in a modified example.
  • the process shown in FIG. 16 is modified as shown in FIG. 21.
  • steps S101 and S102 shown in FIG. 21 are executed instead of steps S64 to S66 shown in FIG.
  • the authentication requesting unit 125 selects face detection data whose registered time is the latest from the face detection data management table 111.
  • the authentication request unit 125 determines whether a list ID is registered in the selected face detection data. If the list ID is registered in the face detection data, the process advances to step S68. In this case, in step S68, the list ID included in the face detection data selected in step S101 is used as the list ID included in the authentication request. On the other hand, if the list ID is not registered in the face detection data, the process proceeds to step S67. In this case, in step S67, the facial feature amount included in the face detection data selected in step S101 is transmitted to the authentication server 10 together with the list creation request.
  • step S43 in FIG. 20 when a face is detected, if face detection data that is estimated to belong to the same person as the person with the face is registered, the face detection data The time is updated to the current time regardless of whether or not the facial feature amount and list ID of . Therefore, among the face detection data registered in the face detection data management table 111, the face detection data with the latest time becomes the face detection data corresponding to the person whose face was detected most recently (at the latest time). will always be applicable.
  • the process for selecting appropriate face detection data when veins are detected can be made more efficient, and as a result, the authentication processing time experienced by the person to be authenticated can be shortened.
  • the processing unit 1b of the authentication client device 1 when the processing unit 1b of the authentication client device 1 detects the second biometric information, it acquires the first biometric information detected most recently or within a predetermined time. You may. Further, in the second embodiment as well, when the vein feature amount is detected by the vein detection processing section 124, the authentication requesting section 125 of the authentication client 10 sends the facial feature amount detected most recently or within a predetermined time. You may obtain it. As a result, the person corresponding to the second biometric information (vein feature) and the first biometric information (facial feature) obtained when the second biometric information (vein feature) is detected. It is possible to improve the possibility that the person and the person are the same person.
  • the most recent is, for example, the time closest to the time when the second biometric information (vein feature) was detected among the times when the first biometric information (facial feature) was detected.
  • the processing unit 1b of the authentication client device 1 may acquire first biometric information detected before or after the time when the second biometric information was detected, most recently, or within a predetermined time. good.
  • the authentication requesting unit 125 of the authentication client 10 may acquire facial features detected before or after the time when the vein features were detected, most recently, or within a predetermined time.
  • the processing functions of the devices can be realized by a computer.
  • a program is provided that describes the processing contents of the functions that each device should have, and by executing the program on the computer, the above-mentioned processing functions are realized on the computer.
  • a program that describes processing contents can be recorded on a computer-readable recording medium. Examples of computer-readable recording media include magnetic storage devices, optical disks, and semiconductor memories. Magnetic storage devices include hard disk drives (HDD), magnetic tapes, and the like. Optical discs include CDs (Compact Discs), DVDs (Digital Versatile Discs), and Blu-ray Discs (BD, registered trademark).
  • a computer that executes a program stores, for example, a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. Note that a computer can also directly read a program from a portable recording medium and execute processing according to the program. Furthermore, each time a program is transferred from a server computer connected via a network, the computer can sequentially execute processing according to the received program.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

La présente invention supprime une baisse d'efficacité d'authentification. Une unité de traitement (1b) crée et stocke, lorsque des premières informations de corps vivant correspondant à une nouvelle personne sont détectées, des informations de gestion comportant les premières informations de corps vivant détectées dans une unité de stockage (1a), transmet une demande de création de liste comportant les premières informations de corps vivant détectées à un dispositif serveur d'authentification (2), reçoit, du dispositif de serveur d'authentification, un numéro d'identification de liste ayant été créé à la suite de la demande de création de liste transmise et identifiant une liste de candidats comprenant un ou plusieurs candidats de collationnement, et enregistre le numéro d'identification de liste dans les informations de gestion. Une unité de traitement (1b), lors de la détection de secondes informations de corps vivant, sélectionne, parmi les informations de gestion (5a, 5b) stockées dans l'unité de stockage (1a), les informations de gestion (5b) comportant des premières informations de corps vivant similaires aux premières informations de corps vivant détectées le plus récemment et transmet, au dispositif de serveur d'authentification (2), une demande d'authentification comportant les informations d'identification de liste incluses dans les informations de gestion (5b) et les secondes informations de corps vivant détectées.
PCT/JP2022/014008 2022-03-24 2022-03-24 Système d'authentification, dispositif client d'authentification, dispositif de serveur d'authentification et programme de traitement d'informations Ceased WO2023181267A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/014008 WO2023181267A1 (fr) 2022-03-24 2022-03-24 Système d'authentification, dispositif client d'authentification, dispositif de serveur d'authentification et programme de traitement d'informations

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/014008 WO2023181267A1 (fr) 2022-03-24 2022-03-24 Système d'authentification, dispositif client d'authentification, dispositif de serveur d'authentification et programme de traitement d'informations

Publications (1)

Publication Number Publication Date
WO2023181267A1 true WO2023181267A1 (fr) 2023-09-28

Family

ID=88100622

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/014008 Ceased WO2023181267A1 (fr) 2022-03-24 2022-03-24 Système d'authentification, dispositif client d'authentification, dispositif de serveur d'authentification et programme de traitement d'informations

Country Status (1)

Country Link
WO (1) WO2023181267A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200143148A1 (en) * 2014-07-15 2020-05-07 FaceChecks LLC Multi-Algorithm-Based Face Recognition System and Method with Optimal Dataset Partitioning for a Cloud Environment
JP2021131606A (ja) * 2020-02-18 2021-09-09 パナソニックIpマネジメント株式会社 照合装置、照合システム、及び、照合方法
JP2021140622A (ja) * 2020-03-09 2021-09-16 富士通株式会社 認証方法、情報処理装置、及び認証プログラム
WO2021250845A1 (fr) * 2020-06-11 2021-12-16 富士通株式会社 Procédé d'authentification, dispositif de traitement d'informations et programme d'authentification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200143148A1 (en) * 2014-07-15 2020-05-07 FaceChecks LLC Multi-Algorithm-Based Face Recognition System and Method with Optimal Dataset Partitioning for a Cloud Environment
JP2021131606A (ja) * 2020-02-18 2021-09-09 パナソニックIpマネジメント株式会社 照合装置、照合システム、及び、照合方法
JP2021140622A (ja) * 2020-03-09 2021-09-16 富士通株式会社 認証方法、情報処理装置、及び認証プログラム
WO2021250845A1 (fr) * 2020-06-11 2021-12-16 富士通株式会社 Procédé d'authentification, dispositif de traitement d'informations et programme d'authentification

Similar Documents

Publication Publication Date Title
JP7092911B2 (ja) 携帯装置において利用されるスキャンアンドペイ方法と装置
JP6318588B2 (ja) 生体認証装置、生体認証方法及び生体認証用コンピュータプログラム
TWI582656B (zh) 意外觸摸拒絕之判定技術
US20150047017A1 (en) Mobile device and method of controlling therefor
JP6607061B2 (ja) 情報処理装置、データ比較方法、およびデータ比較プログラム
JP7147860B2 (ja) 生体認証装置、生体認証方法、及び生体認証プログラム
US11004080B2 (en) Fraud deterrence and/or identification using multi-faceted authorization procedures
CN111581625A (zh) 一种用户身份识别方法、装置及电子设备
CN112836612B (zh) 一种用户实名认证的方法、装置及系统
US9992181B2 (en) Method and system for authenticating a user based on location data
KR20250053068A (ko) 비접촉식 트랜잭션의 인증
JP2012073796A (ja) 生体認証システム、生体認証方法、および認証サーバ
US9207945B2 (en) Multi-persona computing based on real time user recognition
CN111242105A (zh) 一种用户识别方法、装置及设备
US20230044788A1 (en) Authentication method, storage medium, and authentication device
JP2019053381A (ja) 画像処理装置、情報処理装置、方法およびプログラム
US20250029085A1 (en) Image-based multi-user transaction authentication and allocation
WO2023181267A1 (fr) Système d'authentification, dispositif client d'authentification, dispositif de serveur d'authentification et programme de traitement d'informations
US20200412778A1 (en) Information processing apparatus, information processing system, and information processing method
JP6773144B2 (ja) コンテンツ選択装置、コンテンツ選択方法、コンテンツ選択システム及びプログラム
US11488027B2 (en) Targeted data retrieval and decision-tree-guided data evaluation
US9256847B2 (en) Detection, identification and integration of office squatters
JP7448846B2 (ja) 情報処理システム
KR20210150999A (ko) Qr코드를 활용한 방역관리 시스템 및 그 제어 방법
US20230013232A1 (en) Control method, storage medium, and information processing device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22933408

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22933408

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP