JP2004240620A - Biological pattern authenticating apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a biological pattern authenticating apparatus which can change the level of a security only by a single authenticating device without using a plurality of biological pattern authenticating devices, which is simple as a system, and which can obtain a merit in its cost. <P>SOLUTION: The biological pattern authenticating apparatus includes a security level generating means for switching the resolution of data and generating a security level signal in response to the level of the security, and a control means for controlling to switch the resolution in the pattern recognition of an organism in response to the security level signal. <P>COPYRIGHT: (C)2004,JPO&NCIPI

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a biometric pattern authentication device, and more particularly to a biometric pattern authentication device that switches the resolution of authentication data according to a security level.
[0002]
[Prior art]
2. Description of the Related Art Conventionally, as systems for security and security enhancement, various systems have been known in which biometric pattern authentication devices for registering biometric pattern information such as fingerprints and used for personal authentication are incorporated. As one of them, an example in which a biometric pattern authentication device is incorporated in an IC card as disclosed in JP-A-11-338985 has come to be seen. In this method, a security level is set so that personal authentication is performed where security is high, and authentication is not performed where security is unnecessary.
[0003]
In such a system, there are only two types of security, that is, a high level of security that requires authentication and a general IC card security that does not require authentication. A method using a plurality of biometric pattern information different from a fingerprint such as an iris or a method of performing authentication with a plurality of fingers in the case of a fingerprint can be used.
[0004]
[Problems to be solved by the invention]
In such a conventional system, the higher the level, the more troublesome it is in exchange for a higher sense of security, the cost of the equipment, or both.
[0005]
Similarly, in a system such as electronic payment that is traded on a network, biological pattern information is obtained from a device connected to the network, and in order to maintain a high level of security, information is stored in a device on the network. Providing a plurality of authentication devices is costly and may not be widely used.
[0006]
The present invention has been made in view of the above-described problem, and an object thereof is to change a security level only by a single authentication device without using a plurality of biometric pattern authentication devices. Another object of the present invention is to provide a biometric pattern authentication device which is simple in terms of cost and can be advantageous in terms of cost.
[0007]
[Means for Solving the Problems]
In order to achieve the above object, the present invention provides a biometric pattern authentication device, which has a security level generating means for generating a security level signal according to a security level, while enabling a change in data resolution. It has a control means for controlling so as to switch the resolution in pattern recognition of a living body in accordance with a security level signal.
[0008]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.
[0009]
FIG. 1 is a block diagram of an authentication device according to the present invention in which a fingerprint is assumed as pattern information of a living body.
[0010]
This system can be roughly divided into two blocks. One is an "information reading device" for reading biological pattern information, and the other is a "host server" for operating an authentication algorithm.
[0011]
First, the “information reading device” will be described.
[0012]
In this apparatus, the sensor 10 is an image sensor for reading the capacitance of the ridges and valleys of the fingerprint or an image sensor for optically reading the fingerprint pattern. Although this device is a sensor that reads optically, the description will be made based on the characteristics of the capacitance type sensor as appropriate.
[0013]
First, in the sensor 10, after a fingerprint pattern is read, the analog signal is converted to a digital signal by A / D (analog-digital conversion) after an appropriate gain is applied by an AGC (auto gain controller). You.
[0014]
The fingerprint pattern converted into a digital signal is written into a memory 80 capable of storing one frame, which is the total number of pixels of the sensor 10. Thereafter, the data is read out from the memory 80 to the externally connected “host server” via the communication 110 for exchanging data with the “host server”.
[0015]
The above is the data flow in the “information reading device”. The communication 110 described here will be described with reference to FIG.
[0016]
Here, the data from the memory is encrypted once in the encryption / decryption unit 111. Thereafter, the received data is converted into packet information by the reception data creation unit 112, the packet information is modulated by the modulation / demodulation unit 113 to a transmission speed corresponding to the network, and transmitted to the “host server” via the line interface 114.
[0017]
Although not shown, for a command request signal such as a command to change the security level from the “host server”, the data is received by the line interface 114, and the data is demodulated by the modulation / demodulation unit 113. Then, the packet information is reassembled by the transmission / reception data creation unit 112, decrypted by the encryption / decryption unit 111, and written into the register 120 of the "information reading device".
[0018]
After that, the control controller 90 interprets the security level signal from the register 120 and sends a command to switch the resolution to the TG (timing generator) 60, the memory 80, and the communication 110 in order to switch to the high resolution mode or the low resolution mode.
[0019]
The TG 60 described here is generating a drive pulse for the sensor 10 and also generates a drive pulse for the human body detection 20 and the LED 30 described later. Also, the resolution of the sensor 10 is changed by the driving pulse. Further, the memory 80 changes the writing size for one frame by a signal for switching the resolution from the control 90. The communication 110 also changes the total number of pixels to be read.
[0020]
As a result, an operation of changing the security level in accordance with a signal from an external device to which an “information reading device” called “host server” is connected becomes possible.
[0021]
Next, the data flow in the “host server” will be described.
[0022]
The communication 230 in the “host server” receives the fingerprint data from the “information reading device”. This is the same configuration as that of FIG. 2. The line I / F 114 receives the data, modulates the data with the modulation / demodulation unit 113, and reassembles the packet information into data with the transmission / reception data creation unit 112.
[0023]
After that, in the arithmetic processing 200, binarization, special vertex extraction, and matching processing with a registered pattern registered in the recording device 220 in advance are performed. The instructions are written to the register 120 through 110, and the commands are interpreted by the control 90 and transmitted to the display 100, thereby displaying the display 100 in a form that is visible to the user, such as turning on an LED. . The detailed operation of the LED will be described in a later flowchart.
[0024]
Also, in the binarization of the arithmetic processing 200, when the difference between the ridge and the valley of the fingerprint is not clear, a command is transmitted from the control control 210 to the register 120 through the communication 230 and the communication 110, and the control control 90 sends the DA ( A digital / analog controller (50) converts a digital signal into an analog signal and performs an operation of increasing or decreasing the gain. If the light amount is still large, the TG 60 reduces the lighting time of the LED or turns off the light. Conversely, when the light amount is small, an operation of extending the lighting time of the LED is performed. Here, the sensor for measuring the capacitance of the fingerprint does not require an LED for illumination, nor does it need any one that sequentially performs gain such as AGC. When the capacitance changes with the state of the finger, it is necessary to switch the gain.
[0025]
The above is the description of the authentication device system block in FIG.
[0026]
Next, how the resolution of the sensor 10 varies with the security level will be described with reference to FIG.
[0027]
In FIG. 3, one pixel is represented by a small square. In the high resolution mode, all pixels in the image sensor are driven. In the low pixel mode, thinning is an example of thinning one pixel from two pixels. It goes without saying that the concept corresponding to the low-resolution mode by adding signal charges as well as thinning-out also falls into this category.
[0028]
As a result, when imaging at high resolution, the security level is increased by increasing the number of feature points extracted, and conversely, when imaging at low resolution, the security level is decreased by reducing the number of feature points extracted. Become. In addition, in the case of low resolution, it is needless to say that the level can be set more finely by thinning the thinning interval for each pixel at the security level.
[0029]
In the feature point extraction performed in the arithmetic processing 200, features such as branching and end points of the fingerprint pattern are extracted and the relative position is processed as pattern information. It can be seen that the number of feature points to be extracted decreases along with. Therefore, when the security level is low, the total number of feature points that can be extracted decreases and the probability of erroneous authentication increases, but the number of pixels to be processed decreases, so that high-speed authentication can be performed.
[0030]
On the other hand, at the high level, all pixels are driven, so the processing time is longer than that of the lower security level.However, by making the pixel pitch in the sensor smaller, higher-level authentication can be performed. It can be carried out. As a result, not only all the characteristic points of the fingerprint pattern of the human body but also, for example, the sweat gland pattern of the human body can be processed as the characteristic points.
[0031]
Next, an example of an operation flow of this system will be described in more detail with reference to flowcharts shown in FIGS. The operation assumed here is a case where the security level is changed by a URL on the Internet, or a case where application software that can be used is managed by a host server and a level is given to a user. The information reading device is assumed to be incorporated in a PC as a part of the terminal.
[0032]
Here, FIG. 4 is an operation flow when registering a fingerprint pattern of an individual before using the authentication device of the present invention.
[0033]
First, personal information registration is performed. Here, input is made from the keyboard of the PC which is a terminal, but necessary personal information such as name, address, TEL, employment, annual income, etc. is input, and the host server examines the personal information to determine a security level. At the same time, the security level is registered together with the issuing ID number. Thereafter, the user is notified of the ID number.
[0034]
Thereafter, the user inputs the issued ID in advance for fingerprint registration. The host server determines whether the input ID is the same as the ID registered in advance. If an error occurs in the ID determination, the error 1 display indicates that the ID number is different, or informs that personal information has not been registered. Thereby, registration of personal information or input of an ID is started again. If the result of the ID determination is OK, the sensor is driven so that the sensor can be driven at the resolution of the security level.
[0035]
Next, the authentication device detects whether it is a human body before performing fingerprint registration. This is performed in the part of the human body detection 20 in FIG. 1, but it may be one that detects electric resistance of the human body or that detects heat of the human body using infrared rays. Thereafter, the data is converted into a digital signal by the A / D 70 in FIG. 1, and then transmitted to the host server via the memory 80 and the communication 110. The host server determines whether it is a human body or not, and if it is not likely to be a human body, tells the error by displaying Error 2 or tells you to detect the human body again.
[0036]
Thereafter, if the human body detection is OK, an image of the fingerprint pattern is obtained. After that, the image information is transmitted to the host server to perform feature point extraction. At this time, if the image is too dark or too bright, the information is fed back from the host server to the information reading device in real time, and the gain is controlled by the AGC 40 as described above, or the light amount is adjusted by the LED 30 to obtain an appropriate image. So that you can get If the characteristic point is still below the threshold that matches the security level even after that, there are causes such as the finger being dirty or the fingerprint of the finger being difficult to read. Is displayed, and the image is acquired again. If OK, the feature point of the finger is registered together with the relative positional relationship and the like. The user is notified that the registration has been completed.
[0037]
Here, in the sensor for measuring the capacitance of the fingerprint, if the number of feature points is smaller than the number corresponding to the security level in the threshold value determination of the feature point, first, since the finger is a dry finger or a wet finger, the gain is switched. If the value is still equal to or smaller than the threshold value, the user is told to wipe the finger with the display of error 3, and the process is started again from image acquisition. If OK, the feature point of the finger is registered together with the relative positional relationship and the like. The user is notified that the registration has been completed.
[0038]
FIG. 5 is a flowchart showing a processing procedure when actually using the fingerprint registered in FIG.
[0039]
Here, as described above, if an attempt is made to access a site having a security function that requires biometric pattern authentication at a certain URL on the Internet, or software that has a security function with application software managed by the host server. When activating, the security level is determined, and the level is acquired. Then, the sensor 10 of the information reading device is driven to match the level.
[0040]
Thereafter, the user inputs an ID, and the host server determines whether the input ID is the same as an ID registered in advance. If an error occurs in the ID determination, the error 1 display indicates that the ID number is different, or informs that personal information has not been registered. Thereby, registration of personal information or input of an ID is started again. If the ID is OK, the human body is detected. Here, it is determined whether the object is a human body or not, and if it is not likely to be a human body, an error 2 is displayed to indicate the fact, or that the human body is to be detected again.
[0041]
Thereafter, if the human body detection is OK, a fingerprint image is obtained, the fingerprint image is transmitted to the host server, and feature points are extracted. At this time, if the image is too dark or too bright, the information is fed back from the host server to the information reading device in real time, and the gain is controlled by the AGC 40 as described above, or the light amount is adjusted by the LED 30 to obtain an appropriate image. So that you can get If the feature point is still below the threshold that matches the security level even after that, there is a possibility that the finger is dirty, so an error 3 display such as cleaning the finger is displayed, and the image is acquired again.
[0042]
Here, in the sensor for measuring the capacitance of the fingerprint, if the number of feature points is smaller than the number corresponding to the security level in the threshold value determination of the feature point, first, since the finger is a dry finger or a wet finger, the gain is switched. If the value is still equal to or smaller than the threshold value, an error 3 is displayed to inform the user that the finger is to be wiped, and the processing is performed again from the image acquisition.
[0043]
When the threshold value of the feature point is determined to be OK, matching is performed with the fingerprint information already registered by the ID number, and the matching determination is performed. In this case, if an error occurs, the error is displayed on the display of error 4 and the operation is started again from the image acquisition, or since the registered fingerprint is expected to be different from the ID, the operation is started again from the input of the ID. If it is OK, an authentication completion notification is made, the site is displayed, or the software is activated to end the process.
[0044]
Further, when an authentication device is present in a device connected to such a network, the device ID of the device itself can be acquired through the network, so that the security level can be changed according to those IDs. Needless to say.
[0045]
FIG. 6 is a system block diagram of an authentication device for generating a security level by a manual operation member.
[0046]
The system described here is assumed to be used for doors and the like. The manual member is constituted by a switch such as a dip switch in the information reading device by the SW 130, and the level is set by an administrator operating the switch. Since the reading information device is not set inside the PC, an ID input unit 140 is separately provided to input an ID number or input personal information.
[0047]
Regarding the communication 110, the read operation from the memory 80 is performed only for the data request signal from the “host server” without passing through the network, and the operation of the “information reading device” is performed by the command request signal from the host. A configuration in which the “information reading device” and the “host server” are connected one-to-one without passing through a network that changes the mode may be used. Other parts are the same as those described in FIG.
[0048]
The operation will be described with reference to the flowcharts of FIGS.
[0049]
First, the authentication device acquires the security level determined by the administrator. In this case, since the security level is always obtained from the SW 130, there is no need to register. The sensor is then driven at a resolution appropriate for that level.
[0050]
The user decides and inputs appropriate alphanumeric characters and alphabets that are difficult to forget as his / her ID number, and the “information reading device” transfers the content to the “host server”. The “host server” checks whether the entered ID has already been registered, and if there is a duplicate, tells the user to change to another ID with an error 1 display. If there is no overlap, the ID is registered with the input ID.
[0051]
Thereafter, human body detection is performed. This is the same as that described in the flowchart of FIG. 4, and it is determined whether the subject is a human body or not, and if it is not likely to be a human body, an error 2 is displayed or the human body is detected again. Tell.
[0052]
If the human body detection is OK, the image information is transmitted to the host server and feature points are extracted. At this time, if the image is too dark or too bright, the information is fed back from the host server to the information reading device in real time, and the gain is controlled by the AGC 40 as described above, or the light amount is adjusted by the LED 30 to obtain an appropriate image. So that you can get If the characteristic point is still below the threshold that matches the security level even after that, there are causes such as the finger being dirty or the fingerprint of the finger being difficult to read. Is displayed, and the image is acquired again.
[0053]
Here, in the sensor for measuring the capacitance of the fingerprint, if the number of feature points is smaller than the number corresponding to the security level in the threshold value determination of the feature point, first, since the finger is a dry finger or a wet finger, the gain is switched. If the value is still equal to or smaller than the threshold value, the user is told to wipe the finger with the display of error 3, and the process is started again from image acquisition.
[0054]
If OK, the feature point of the finger is registered together with the relative positional relationship and the like. The user is notified that the registration has been completed.
[0055]
FIG. 8 is a flowchart showing a processing procedure when actually using the fingerprint registered in FIG.
[0056]
First, the authentication device obtains the security level determined by the administrator, and then the sensor is driven at a resolution that matches the level.
[0057]
Thereafter, the user inputs an ID, and determines whether or not the input ID is the same as an ID registered in advance in the “host server”. If an error occurs in the ID determination, a notification that the ID number is different or that personal information has not been registered is displayed in the error 1 display. Thereby, registration of personal information or input of an ID is started again. If the ID is OK, the human body is detected. Here, it is determined whether the object is a human body or not, and if it is not likely to be a human body, an error 2 is displayed to indicate the fact, or that the human body is to be detected again.
[0058]
After that, if the human body detection is OK, a fingerprint image is acquired, and the fingerprint image is transmitted to the “host server”, and feature points are extracted. At this time, if the image is too dark or too bright, the image is fed back from the host server to the information reading device in real time, and the gain is controlled by the AGC 40 as described above, and the light amount is adjusted by the LED 30, and Make sure you get an image. If the feature point is still below the threshold that matches the security level even after that, there is a possibility that the finger is dirty. Therefore, an error 3 display such as cleaning the finger is displayed and the image is acquired again.
[0059]
Here, in the sensor for measuring the capacitance of the fingerprint, if the number of feature points is smaller than the number corresponding to the security level in the threshold value determination of the feature point, first, since the finger is a dry finger or a wet finger, the gain is switched. If the value is still equal to or smaller than the threshold value, an error 3 is displayed to inform the user that the finger is to be wiped, and the processing is performed again from the image acquisition.
[0060]
When the threshold value of the feature point is determined to be OK, matching is performed with the fingerprint information already registered by the ID number, and the matching determination is performed. In this case, if an error occurs, the error is displayed on the display of error 4 and the operation is started again from the image acquisition, or since the registered fingerprint is expected to be different from the ID, the operation is started again from the input of the ID. If OK, an authentication completion notification is performed, and processing such as opening a door is performed.
[0061]
Further, as described above, in the example shown in the system block diagram of FIG. 1, authentication and registration are performed by a “host server” via a network, and only a biological pattern is read by an “information reading device”. In the example shown in the system block diagram of FIG. 6, an example is shown in which an external switch is provided to manage security and is installed on a door or the like. However, as another example, a “host server” is performed by a PC, and the PC is installed in the PC. It is assumed that an “information reading device” is provided.
[0062]
Data is exchanged through a parallel port, a USB, or the like of the PC. Therefore, the memory 80 serves as a buffer for absorbing those transmission speed standards, and the communication 110 needs to conform to the communication standards. Further, the collation algorithm can be provided as application software in the PC, and can include the arithmetic processing 200, and the recording device 220 is performed by a hard disk in the PC.
[0063]
In this case, the security level is set by the administrator using the application software in the PC. For example, the security level may be increased when the PC is started up, and the security level may be decreased when returning from the screen saver. .
[0064]
As described above, in the system block diagram and the operation flowchart, the operation of switching the resolution in the sensor 10 has been described. However, the switching of the resolution is performed not only in the sensor 10 but also in the memory 80 by thinning out or writing all pixels. The thinning may be performed later in the reading operation. Further, the calculation may be performed in the arithmetic processing 200 in which an authentication algorithm exists, or may be performed in the case where the algorithm exists as application software.
[0065]
Also, according to the flowchart, when it is desired to perform authentication at a plurality of levels from low-level security to high-level security in one authentication system, it is necessary to perform registration at all of the corresponding security levels.
[0066]
【The invention's effect】
As is clear from the above description, according to the present invention, it is possible to change the level of security with only a single authentication device without using a plurality of biometric pattern authentication devices. Therefore, a merit can be obtained in terms of cost.
[0067]
Also, at a high resolution used at a high level of security, even finer features such as sweat gland patterns can be used, so that high reliability can be maintained.
[0068]
Furthermore, by lowering the level of security, high-speed authentication can be performed, so that it is not necessary to use time until authentication.
[0069]
Also, a security level is given to each device having a different individual identification, and at the time of authentication, authentication can be performed quickly according to the level.
[0070]
Furthermore, different security levels are given to different application software, and at the time of authentication, authentication can be performed quickly according to the level.
[0071]
In addition, a security level is assigned to each of different URLs, and authentication can be quickly performed at the time of authentication.
[Brief description of the drawings]
FIG. 1 is a system block diagram of a biometric pattern authentication device according to the present invention.
FIG. 2 is a block diagram illustrating an example of a communication unit of the biometric pattern authentication device according to the present invention.
FIG. 3 is a conceptual diagram of resolution switching in an image sensor of the biological pattern authentication device according to the present invention.
FIG. 4 is an operation flowchart (fingerprint registration) of the biological pattern authentication device according to the present invention.
FIG. 5 is an operation flowchart (fingerprint authentication) of the biological pattern authentication apparatus according to the present invention.
FIG. 6 is a system block diagram of a biological pattern authentication device having a manual member.
FIG. 7 is an operation flowchart (fingerprint registration) of the biological pattern authentication device having a manual member.
FIG. 8 is an operation flowchart (fingerprint authentication) of the biological pattern authentication apparatus having a manual member.
[Explanation of symbols]
10 sensor 20 human body detection 30 LED
40 AGC
50 DA
60 TG
70 A / D
80 memory 90 control control 100 display 110 communication 120 register 230 communication 200 arithmetic processing 210 control control 220 arithmetic processing

Claims (13)

In a biometric pattern authentication device,
A security level generating means for generating a security level signal according to a security level, wherein the resolution of the data can be switched, and control is performed to switch a resolution in pattern recognition of a living body in accordance with the security level signal A biometric pattern authentication device, comprising: The biometric pattern authentication device according to claim 1, wherein the security level generating means generates a different security level signal by a manual operation member. 2. The biometric pattern authentication device according to claim 1, wherein the security level generation unit generates a different security level according to a signal from an external device to which the biometric pattern authentication device is connected. The biometric pattern authentication device according to claim 3, wherein the security level generation means generates a different security level according to the individual identification of a device on a network to which the biometric pattern authentication device is connected. 4. The biometric pattern authentication device according to claim 3, wherein the security level generation unit generates a different security level according to a URL on a network to which the biometric pattern authentication device is connected. 4. The biometric pattern authentication device according to claim 3, wherein the security level generation means generates a different security level according to application software on an external device to which the biometric pattern authentication device is connected. 2. The biometric pattern authentication device according to claim 1, wherein the higher the security level, the higher the resolution. The biometric pattern authentication device according to claim 1, wherein an authentication algorithm is also changed according to the switching of the resolution. The biometric pattern authentication device according to claim 1, wherein the switching of the resolution is performed in an image sensor. The biometric pattern authentication device according to claim 1, wherein the switching of the resolution is performed in a memory. 2. The biometric pattern authentication device according to claim 1, wherein the switching of the resolution is performed within an authentication algorithm. In a biometric pattern authentication device,
A biometric pattern authentication device, wherein the resolution of data can be switched, the biometric pattern authentication data has a plurality of registration data at different resolutions, and the biometric pattern authentication data is switched in resolution as needed. 13. The biometric pattern authentication device according to claim 12, wherein authentication is performed between data having the same resolution.

Images