JP2006221282A - Face authentication device and system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a face authentication system with high security in which a nearly constant face image size is photographed by using two reference points to easily improve authentication rate for registrant/non-registrant even in a mobile environment, furthermore to reduce variations in normalization processing of the face image. <P>SOLUTION: The face authentication device is provided with a camera for photographing a face, a reference point superimposing part for superimposing the two reference points on the face image photographed by the camera, and a display part which is arranged close to the camera to display an image in which the two reference points are superimposed on the face image. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a face authentication apparatus and a face authentication system using the face authentication apparatus.

  Mobile devices typified by mobile phones have entered the third generation, and their functions are rapidly expanding in addition to calls, such as mail, Internet connection, still image shooting, video shooting, music distribution, music playback, and GPS functions. . The next-generation mobile phone, which is said to be the fourth generation, is changing from a telephone to a personal information terminal as a terminal for information appliance operation and telemedicine diagnosis in a ubiquitous society. With such expansion and enhancement in hardware, various applications such as mobile banking and electronic money are being developed. The information handled by these applications contains a lot of personal information.

  On the other hand, personal authentication in such a network for mobile devices is still mainly using passwords with numbers and characters of about 4 digits. Such a four-digit password cannot be said to have sufficient security such as theft, leakage, or alteration of information due to unauthorized access.

  Recently, biometrics authentication technology has been actively developed as a means for personal authentication instead of passwords. Biometric authentication techniques include, for example, authentication techniques using fingerprints and authentication techniques using the iris of the eyeball. Mobile phones that have a fingerprint sensor mounted on a mobile phone have been developed. However, it is only used in models equipped with a fingerprint sensor and is difficult to use in a wide range. In addition, a sensor for identifying an iris of an eyeball is expensive and has a large apparatus, and there are still problems to be applied to a mobile device.

  Furthermore, optical face image recognition technology has been developed as another method of biometric authentication technology (see, for example, Patent Document 1). Various types of face image recognition are disclosed mainly using a digital computer. However, in the case of a digital computer, collation with a huge database still has a problem from the viewpoint of calculation time. Patent Document 1 overcomes this problem and incorporates an optical correlation calculation, which is an optical calculation method, for collation with a database.

In the optical face image recognition method using optical correlation calculation, for example, in an optical signal processing unit, correlation calculation between images is performed in real time in spatial parallel using a binary optical element, and input / reference images are read out. Each performs a high-speed operation using a duplicate and an optical memory. Also, the digital computer unit performs normalization, edge extraction, and binarization processing based on the area of three points in the face image suitable for light calculation, and from the correlation signal obtained by light calculation, An evaluation value for identifying the registrant is obtained.
JP 2002-117406 A

  By this optical face image recognition method using the optical correlation calculation, it is possible to perform ultra-high speed face image recognition. In this method, when an image is captured, a frame is provided on a monitor that displays the image, and a face image is captured such that a face enters the frame. However, the act of putting a face in the frame is affected by the registrant's subjectivity, and the distance between the camera and the face, that is, the size of the captured face image varies. In addition, three points in the photographed face image, for example, the eyes and nose of both eyes are designated in the image, the area is obtained, and the image is normalized. However, the photographed face image has an area difference between when the face is photographed parallel to the camera and when the face is photographed at an inclination, and the face image size after normalization varies. If the correlation processing between the registration face image and the authentication face image is performed based on this, the authentication rate decreases. It is possible to reduce the above variation by defining the distance between the camera and the face with a fixed camera and a fixed chair, etc., but this can be used in environments using mobile devices such as mobile phones. Can not.

  Therefore, in the present invention, it is assumed that the face authentication device captures images by superimposing two reference points on a captured face image. The registrant takes a face image so that the specific part of the face is aligned with the reference point. This reduces variations in the size of the face image to be photographed, performs image processing based on this face image size, and easily provides a face authentication device with a high authentication rate for registrants and unregistered people even in a mobile environment. The purpose is to provide.

  The present invention also constructs a system that combines a face authentication device that captures a registrant's registration face image and authentication face image, a communication terminal, a control server, an authentication server, and an information distribution server. . Accordingly, an object of the present invention is to provide a face authentication system that has a high authentication rate for registered / unregistered users and a high security level even in a mobile environment.

  In order to solve the above-described problems, the present invention provides a face authentication apparatus that captures and captures two reference points on a captured face image. Further, the present invention is a face authentication device that identifies two reference points in both eyes. Furthermore, the present invention is a face authentication apparatus that uses a normal camera-equipped mobile phone as the face authentication apparatus. In order to solve the above problems, the present invention provides a face authentication device that captures a registrant's registration face image and authentication face image, a communication terminal, a control server, an authentication server, and an information distribution server. A combined face recognition system. A normal camera-equipped mobile phone is used as the face authentication device, and a wireless communication terminal is used as the communication terminal. In addition, a face authentication system having a high security level is obtained by encryption, deletion of information from the memory, or invalidation of a password.

  Specifically, a face authentication apparatus according to the present invention is provided in the vicinity of a camera that captures a face, a reference point superimposing unit that superimposes two reference points on a face image captured by the camera, and the camera. And a display unit that displays an image in which two reference points are superimposed on the face image.

  By providing the camera and the face image display unit close to each other, the face image registrant can adjust the distance between the camera and the face, that is, the size of the face image to be photographed, while viewing his / her face image. In addition, by aligning the specific part of the face with the two reference points displayed on the display unit, a substantially constant face image size can be taken by any registrant.

  In the face authentication apparatus according to the present invention, it is preferable that the two reference points are superimposed on both eyes of the face image photographed by the camera. The registrant who has specified both eyes can superimpose the reference points relatively easily compared to other parts. Further, the distance between the eyes is relatively small in individual differences, and a substantially constant face image size can be obtained among a plurality of arbitrary registrants, so that a substantially constant authentication rate can be obtained. Further, by superimposing the two reference points on both eyes of the registrant, the two reference points fit in both eyes of the face image, so there is no influence when used as an authentication image.

  In the face authentication device according to the present invention, the camera is a camera installed in a camera-equipped mobile phone, and the reference point superimposing unit superimposes the two reference points on the face image by a downloaded application program. The camera-equipped mobile phone, wherein the display unit is a liquid crystal monitor installed in the camera-equipped mobile phone. Thus, it is not necessary to prepare a special device or function, and a normal camera-equipped mobile phone can be used as the face authentication device regardless of the model.

  The face authentication system according to the present invention uses the first face authentication device using any one of the face authentication devices according to claims 1 to 3 and the face authentication device according to any one of claims 1 to 3. A second face authentication device, a communication terminal connected to a communication network, a control server connected to the communication network, an authentication server connected to the communication network, and an information distribution server connected to the communication network. A face authentication system comprising at least the first face authentication device that captures a registration face image and transmits the registration face image to the authentication server via the communication network. The face authentication device of 2 captures an authentication face image and transmits the authentication face image to the communication terminal. The communication terminal identifies a registrant from the control server via the communication network. The registrant ID to be received and the registrant ID Recording, receiving the authentication face image from the second face authentication device, transmitting the authentication face image to the control server via the communication network, and recording the registered user ID for authentication ID is transmitted to the control server via the communication network, the authentication ID and password are received from the control server via the communication network, the password is recorded, and the recorded authentication ID and The password is transmitted to the information distribution server via the communication network, and predetermined information is received from the information distribution server via the communication network. The control server corresponds to the registrant and Giving a registrant ID, transmitting the registrant ID to the communication terminal via the communication network, transmitting the registrant ID to the authentication server, and transmitting the registrant ID from the communication terminal via the communication network. Face image Upon receiving the authentication ID, authenticating that the authentication ID is the registrant ID, and authenticating that the authentication ID is the registrant ID, the authentication face transmitted from the communication terminal The image and the authentication ID are transmitted to the authentication server, the image authentication signal is received from the authentication server, the password for accessing the information distribution server is assigned to the authentication ID, and the communication network The authentication ID and the password are transmitted to the communication terminal, and the authentication ID and the password are transmitted to the information distribution server. The authentication server receives the registrant ID from the control server. Obtaining the registration face image from the first face authentication device via the communication network, registering the registration face image, and receiving the authentication face image and the authentication face from the control server. The registration face image is received, the registration face image and the authentication face image are normalized and correlated to determine whether the registration face image and the authentication face image are the same, and the registration When the face image for authentication and the face image for authentication are authenticated to be the same, the image authentication signal is transmitted to the control server, and the information distribution server receives the authentication ID and the password from the control server. The authentication ID and the password are recorded as a confirmation ID and a confirmation password, respectively, and the authentication ID and the password are received from the communication terminal via the communication network, and the authentication ID and the password are Confirm that the confirmation ID and the confirmation password are the same, and acquire that the authentication ID and the password are the same as the confirmation ID and the confirmation password, respectively. That it is characterized in that the predetermined information is intended to be transmitted to the communication terminal via the communication network.

  By capturing the registrant's registration face image and authentication face image with the face authentication device, the face image normalization processing performed in the image processing for authentication can be performed with a substantially constant face image size. . In addition, since the registrant ID is issued at the stage of registering the registration face image and this is recorded in the communication terminal of the registrant, when the control server receives the authentication face image, it first checks with the registrant ID. Can be done. In the authentication server, the registration face image and the authentication face image sized at two specific reference points are normalized, and this is subjected to, for example, the optical correlation process disclosed in Patent Document 1, thereby providing a highly accurate registrant.・ You can check for unregistered users. Further, when the registrant is authenticated, a password is assigned to the registrant ID, and the information distribution server is accessed with this password, so that only the authenticated registrant can obtain predetermined information.

  In the face authentication system according to the present invention, it is preferable that the registrant ID and the authentication ID are IDs of camera-equipped mobile phones. As described above, a normal camera-equipped mobile phone can be used as the face authentication device, and an ID unique to the camera-equipped mobile phone can be used as a registrant ID and an authentication ID.

  Furthermore, in the face authentication system according to the present invention, the communication terminal is preferably a wireless communication terminal connected by a wireless communication network. Predetermined information can be obtained from the information distribution server in a mobile environment using a camera-equipped mobile phone as a face authentication device.

  The face authentication system according to the present invention includes that the authentication face image transmitted from the communication terminal to the control server via the communication network is encrypted. Enhancing the security level of personal information by encrypting the authentication face image using SSL (Secure Socket Layer) communication against unauthorized access from outside the system when sending the authentication face image Can do.

  In the face authentication system according to the present invention, when the communication terminal transmits the authentication face image to the control server via the communication network, the authentication face image is deleted from the memory of the communication terminal. including. For example, when a communication terminal is stolen, it is possible to prevent the stolen person from stealing information by using the communication terminal as a registrant.

  Further, in the face authentication system according to the present invention, the normalization process performed by the authentication server may normalize each face image with a distance between both eyes of the registration face image and the authentication face image. preferable. For example, when normalization is performed with the area formed by three points in the face image, there is an area difference between when the face is photographed parallel to the camera and when the face is photographed at an angle, and the face after normalization The image size varies. If the correlation processing between the registration face image and the authentication face image is performed based on this, the authentication rate decreases. On the other hand, if the normalization process is performed with the distance between the two points of both eyes, it is not affected by the above-described area difference, there is little variation in the face image size after normalization, and a high authentication rate can be realized.

  In the face authentication system according to the present invention, the information distribution server includes deleting or invalidating the password when the password is received from the control server and a predetermined time is exceeded. When a communication terminal that has received a password from the control server is stolen, a predetermined period of time elapses on the information distribution server side to prevent the stolen person from using the communication terminal as a registrant and stealing information. The password is limited.

  In the face authentication system according to the present invention, the information distribution server receives the password from the communication terminal via the communication network and transmits the predetermined information to delete or invalidate the password. including. If the communication terminal that received the password from the control server is stolen, the password once used on the information distribution server side to prevent the stolen person from using the communication terminal as a registrant and stealing information This is a so-called one-time password that restricts the password.

  According to the present invention, the face authentication device provides the camera and the face image display unit close to each other, so that the face image registrant looks at his / her own face image while the distance between the camera and the face, that is, the face to be photographed. The image size can be adjusted. In addition, by aligning the specific part of the face with the two reference points displayed on the display unit, an arbitrary registrant can photograph a substantially constant face image size. As a result, normalization processing performed at the image processing stage can be performed with a substantially constant face image size, and a face authentication device with a high authentication rate of registered / unregistered users can be easily provided even in a mobile environment. .

  In addition, according to the present invention, a system that combines a face authentication device that captures a registrant's registration face image and authentication face image, a communication terminal, a control server, an authentication server, and an information distribution server is constructed. . By capturing the registration face image and the authentication face image of the registrant with the face authentication device, the normalization process performed in the image processing stage can be performed with a substantially constant face image size. In addition, since the registrant ID is issued at the stage of registering the registration face image and this is recorded in the communication terminal of the registrant, when the control server receives the authentication face image, it first checks with the registrant ID. Can be done. In the authentication server, the registration face image and the authentication face image are normalized at two specific reference points, and correlation processing is performed on the registration face image and the authentication face image, thereby enabling highly accurate registration between registered users and unregistered persons. . Further, when the registrant is authenticated, a password is assigned to the registrant ID, and the information distribution server is accessed with this password, so that only the authenticated registrant can obtain predetermined information. Therefore, it is possible to provide a face authentication system that has a high authentication rate for registrants / unregistered persons and a high security level even in a mobile environment.

  Hereinafter, although this invention is demonstrated in detail, showing embodiment, this invention is limited to these description and is not interpreted. Hereinafter, a face authentication apparatus and a face authentication system using the same according to the present embodiment will be described with reference to FIGS. 1 to 6.

(Face recognition device)
The face authentication apparatus according to the present embodiment is provided in the vicinity of a camera that captures a face, a reference point superimposing unit that superimposes two reference points on a face image captured by the camera, and the face image. And a display unit for displaying an image in which two reference points are superimposed on each other.

  FIG. 1 shows a schematic diagram of one form of the face authentication apparatus 100 according to the present embodiment. The face authentication device 100 includes a camera 1, a display unit 2, and a reference point superimposing unit 3 in the display unit 2. The face authentication apparatus 100 shown in FIG. 1 is an example that also serves as a camera-equipped mobile phone. In the present embodiment, such a form may be used, or a combination of a digital camera and a mobile device such as a PDA may be used. Moreover, the personal computer with a camera may be sufficient and the combination of a digital camera and a personal computer may be sufficient.

  The camera 1 is a digital camera provided in an ordinary camera-equipped mobile phone, and there is no particular limitation on the type, size, number of pixels, and the like. A CCD sensor may be used for the image sensor, or a CMOS sensor may be used.

  The display unit 2 is a display provided in a normal camera-equipped mobile phone, and is not particularly limited in type and size. When the display unit 2 is a liquid crystal display, the type of liquid crystal may be TFT liquid crystal, STN liquid crystal, or TFD liquid crystal. Moreover, the display which uses organic EL (Electro Luminescence) may be sufficient.

  The arrangement of the display unit 2 in the face authentication device 100 is preferably provided in the vicinity of the camera 1, and the surface on which the camera 1 is provided and the surface on which the display unit 2 is provided are preferably in the same direction. When the face image 5 is photographed, it can be photographed while checking the image. Further, since the camera 1 is close to the display unit 2, for example, it becomes easy to superimpose both eyes on a reference point 4 described later. When the face authentication device 100 is a foldable mobile phone as shown in FIG. 1, the camera 1 may be provided in a rotating unit, and may be provided on any one of up, down, left, and right on the same plane of the display unit 2. It may be provided at a position.

  The reference point superimposing unit 3 superimposes two reference points 4 on the face image 5 photographed by the camera 1. In this embodiment, as shown in FIG. 1, the face authentication device 100 is a camera-equipped mobile phone, and the camera-equipped mobile phone that displays the reference point 4 on the display unit 2 by the downloaded application program is the reference point superimposing unit 3. Also good. Alternatively, the reference point superimposing unit 3 may be a sheet that protects the display of the mobile phone, and a reference point may be described in advance on the sheet, and this sheet may be affixed on the display.

  When the camera-equipped mobile phone itself that displays the reference point 4 on the display unit 2 by the downloaded application program is used as the reference point superimposing unit 3, the application program is preferably a program created in JAVA (registered trademark) language. A program developed in the JAVA (registered trademark) language operates in principle on any platform without depending on a specific OS or microprocessor. Therefore, the present invention can be used in many types of devices equipped with JAVA (registered trademark).

  The reference point 4 serves as an index for superimposing a specific part of the face image 5. The shape and dimensions of the reference point 4 are not particularly limited. It may be round or rectangular. The color is not particularly limited. For example, when the reference point 4 is superimposed on both faces of the face image 5 and the face image 5 obtained by combining the reference points 4 is used as a registration face image and an authentication face image, if the reference point 4 is black, Since the reference point 4 fits in both eyes of the face image 5, it is preferable because it has no influence when used as an authentication image.

  Two reference points 4 are provided. When one reference point 4 is used, a person who captures the face image 5 cannot recognize the distance between the camera and the face, and the captured face image size varies. If the correlation processing between the registration face image and the authentication face image is performed based on this, the authentication rate is reduced. By providing two reference points 4, it is possible to reduce the variation in face image size. Further, three or more reference points 4 may be provided.

  The two reference points 4 are preferably superimposed on both eyes of the face image 5 photographed by the camera 1. A registrant who has specified both eyes can superimpose the reference point 4 relatively easily compared to other parts. Further, the distance between the eyes is relatively small in individual differences, and a substantially constant face image size can be obtained among a plurality of arbitrary registrants, so that a substantially constant authentication rate can be obtained.

  FIG. 2 (1) shows an example of a face image that is captured by using two reference points so that the two reference points fit in both eyes. FIG. 2 (2) shows an example of a face image obtained by using a rectangular frame in place of the reference point so that the face falls within this frame. In FIGS. 2A and 2B, the face images arranged on the left side are images taken for registration, and the face images arranged on the right side are images taken for authentication. When two reference points 4 are used as shown in FIG. 2A, it can be said that the face image sizes of the registration face image and the authentication face image are substantially the same. On the other hand, when a frame is used as shown in FIG. 2 (2), it can be seen that there is a large variation in the size of both face images. By photographing a face image using two reference points in this way, a very stable face image size can be acquired regardless of the subject, and as a result, a substantially constant authentication rate can be obtained. .

(Face recognition system)
Next, the face authentication system according to this embodiment will be described. The face authentication system according to the present embodiment includes a first face authentication device using any one of the face authentication devices according to claims 1 to 3 and any one of the face authentication devices according to claims 1 to 3. A second face authentication device to be used; a communication terminal connected to a communication network; a control server connected to the communication network; an authentication server connected to the communication network; an information distribution server connected to the communication network; The first face authentication device captures a registration face image and transmits the registration face image to the authentication server via the communication network, and The second face authentication device captures an authentication face image and transmits the authentication face image to the communication terminal. The communication terminal receives a registrant from the control server via the communication network. The registrant ID to be identified is received and the registrant D is recorded, the authentication face image is received from the second face authentication device, the authentication face image is transmitted to the control server via the communication network, and the recorded registrant ID is recorded. It transmits to the control server via the communication network as an authentication ID, receives the authentication ID and password from the control server via the communication network, records the password, and records the authentication The ID and the password are transmitted to the information distribution server via the communication network, and predetermined information is received from the information distribution server via the communication network. The control server corresponds to the registrant. The registrant ID is given, the registrant ID is transmitted to the communication terminal via the communication network, the registrant ID is transmitted to the authentication server, and the communication terminal transmits the registrant ID to the authentication server. Authentication face drawing And the authentication ID transmitted from the communication terminal is authenticated when the authentication ID is the registrant ID, and the authentication ID is authenticated. Transmitting a face image and the authentication ID to the authentication server, receiving an image authentication signal from the authentication server, assigning the password for accessing the information distribution server to the authentication ID, and the communication network The authentication ID and the password are transmitted to the communication terminal via the authentication terminal, and the authentication ID and the password are transmitted to the information distribution server. The authentication server receives the registrant ID from the control server. The registration face image is received from the first face authentication device via the communication network, the registration face image is registered, and the authentication face image and the previous face image are registered from the control server. Receiving the authentication ID, normalizing and correlating the registration face image and the authentication face image, determining whether the registration face image and the authentication face image are the same, When the face image for registration and the face image for authentication are authenticated as the same, the image authentication signal is transmitted to the control server, and the information distribution server receives the authentication ID and the password from the control server. The authentication ID and the password are recorded as a confirmation ID and a confirmation password, respectively, and the authentication ID and the password are received from the communication terminal via the communication network, and the authentication ID and the password are received. Are the same as the confirmation ID and the confirmation password, respectively, and the authentication ID and the password are obtained as the confirmation ID and the confirmation password, respectively. It said predetermined information being those to be transmitted to the communication terminal via the communication network.

  FIG. 3 shows a conceptual diagram of the face authentication system 200 according to the present embodiment. The face authentication system 200 includes a first face authentication device 10, a second face authentication device 11, a communication terminal 12 connected to the communication network 20, a control server 13 connected to the communication network 20, and a communication network 20. The authentication server 14 to be connected and the information distribution server 15 to be connected to the communication network 20 are configured. The authentication server 14 includes a face image preprocessing unit 16 and a correlation calculation processing unit 17. Further, the face image pre-processing unit 16 includes a normalization processing unit 19 that extracts a face image and performs a clipping process and a binarization process. In FIG. 3, the control server 13, the authentication server 14, and the information distribution server 15 are shown as separate servers. However, these three servers may be integrated with each other, and any two servers are integrated with each other. It may be a server.

  The flow of information in the face authentication system 200 is shown in the flowchart of FIG. FIG. 4 shows each component in the horizontal direction, and shows the flow of time in the vertical direction.

(Registration stage)
First, the first face authentication device 10 captures a registrant's face image. At this time, it is preferable that the first face authentication device 10 downloads, for example, an application program for displaying a reference point in advance and displays the reference point on the display unit. Next, the first face authentication device 10 transmits the captured registration face image to the authentication server 14. In addition, the first face authentication device 10 may transmit the registrant face image to the control server 13 and the control server 13 may transfer it to the authentication server 14.

  The authentication server 14 receives the registration face image transmitted from the first face authentication device 10 and registers it. In addition, the authentication server 14 registers the registrant ID. The registrant ID may be input to the authentication server, or may be automatically updated by the authentication server. Further, when the first face authentication device 10 is a mobile phone, the ID of the mobile phone may be used. Further, when the registrant face image of the first face authentication device 10 is transferred to the authentication server 14 via the control server 13, the ID issued by the control server 13 may be used as the registrant ID.

  The control server 13 registers the registrant ID. Thereafter, the registrant ID functions as an ID for confirmation when the registrant accesses the face authentication system for authentication. When the first face authentication device 10 is a mobile phone, the registrant ID may be a mobile phone ID or may be input to the control server 13. The control server 13 transmits the registrant ID to the communication terminal 12 of the registrant.

  The communication terminal 12 receives the registrant ID from the control server 13 and records it. This is because the registrant ID is used as an authentication ID when authentication is requested.

(Authentication stage)
Next, the authentication stage will be described. In the authentication stage, first, the second face authentication device 11 captures the face image of the authentication requester. At this time, it is preferable that the second face authentication apparatus 11 downloads an application program for displaying a reference point in advance and displays the reference point on the display unit. Next, the second face authentication device 11 transmits the captured authentication face image to the communication terminal 12.

  The communication terminal 12 receives the authentication face image from the second face authentication device 11. The communication terminal 12 that has received the authentication face image transmits the authentication face image to the control server 13. In addition, the communication terminal 12 transmits the recorded registrant ID to the control server 13 as an authentication ID.

  The control server 13 receives the authentication face image and the authentication ID from the communication terminal 12. The control server 13 that has received the authentication ID collates the previously registered registrant ID with the authentication ID. ID verification is performed by a normal verification means. When it is confirmed that the authentication ID is a registrant ID, the control server 13 transmits the authentication face image and the authentication ID to the authentication server 14. The reason why the authentication ID is transmitted to the authentication server 14 is that the authentication server 14 calls the corresponding face image from the registered face image database. If the authentication ID does not match the registrant ID, the control server 13 may send an error message to the communication terminal 12.

  The authentication server 14 receives the authentication face image and the authentication ID from the control server 13. Upon receiving the authentication face image and the authentication ID, the authentication server 14 calls the registration face image having the same registrant ID as the authentication ID from a recording unit such as a memory of the authentication server 14. The authentication server 14 compares the registrant face image with the authentication face image (hereinafter, the registrant face image and the authentication face image are collectively referred to as “both images”). The collation of both images is performed by a procedure of normalization processing, correlation processing, and determination. Normalization processing, correlation processing, and determination will be described later. When the authentication server 14 authenticates that both images are the same, the authentication server 14 transmits an image authentication signal to the control server 13. If it is not authenticated that both images are the same, the authentication server 14 transmits an error message to the control server 13, and the control server 13 transmits an error message to the communication terminal 12 of the person seeking authentication.

  When the control server 13 receives the image authentication signal from the authentication server 14, it issues a password and assigns this password to the authentication ID (hereinafter, the combination of the authentication ID and the password is referred to as “ID with password”). .) In the ID with password, the authentication ID and the password may actually be integrated, or the authentication ID and the password may be different signals. The control server 13 transmits the password-added ID to the communication terminal 12 and the information distribution server 15.

  When receiving the ID with password from the control server 13, the communication terminal 12 records the password in a recording unit such as a memory of the communication terminal 12.

  When receiving the ID with password from the control server 13, the information distribution server 15 records the ID with password in a recording unit such as a memory of the information distribution server 15 as a confirmation password. The information distribution server 15 at this time is a server that records predetermined information in a recording unit.

(Information distribution stage)
The communication terminal 12 transmits an ID with a password to the information distribution server 15 in response to a request from a person who wants to acquire information.

  The information distribution server 15 receives the ID with password from the communication terminal 12, and confirms that the ID with password and the confirmation password are the same. When it is confirmed that the password-added ID and the confirmation password are the same, the information distribution server 15 transmits predetermined information to the communication terminal 12. If it is not confirmed that the password-added ID and the confirmation password are the same, the information distribution server 15 may transmit an error message to the communication terminal 12.

  The communication terminal 12 receives predetermined information from the information distribution server 15. The above is the information flow of the face authentication system 200.

  In the face authentication system 200 according to the present embodiment, the registrant ID and the authentication ID may be the ID of the camera-equipped mobile phone. A normal camera-equipped mobile phone can be used as the first face authentication device 10 and the second face authentication device 11, and IDs unique to the camera-equipped mobile phone can be used as a registrant ID and an authentication ID. It is.

  In the face authentication system 200 according to the present embodiment, the communication terminal 12 may be a wireless communication terminal connected by a wireless communication network. Predetermined information can be obtained from the information distribution server 15 in a mobile environment using a camera-equipped mobile phone as the face authentication device. When there is little predetermined information from the information distribution server 15, the face authentication device and the communication terminal may be integrated into a camera-equipped mobile phone.

  The face authentication system 200 according to the present embodiment includes that the authentication face image transmitted from the communication terminal 12 to the control server 13 via the communication network 20 is encrypted. Enhancing the security level of personal information by encrypting the authentication face image using SSL (Secure Socket Layer) communication against unauthorized access from outside the system when sending the authentication face image Can do.

  In the face authentication system 200 according to the present embodiment, when the communication terminal 12 transmits the authentication face image to the control server 13 via the communication network 20, the authentication face image is recorded in the memory of the communication terminal 12 or the like. Including deletion from the department. For example, when the communication terminal 12 is stolen, it is possible to prevent the stolen person from stealing information by using the communication terminal 12 pretending to be a registrant.

  Furthermore, in the face authentication system 200 according to the present embodiment, the normalization process performed by the authentication server 14 can normalize each face image by the distance between both eyes of the registration face image and the authentication face image. preferable. For example, when normalization is performed with the area formed by three points in the face image, there is an area difference between when the face is photographed parallel to the camera and when the face is photographed at an angle, and the face after normalization The image size varies. If the correlation processing between the registration face image and the authentication face image is performed based on this, the authentication rate decreases. On the other hand, if the normalization process is performed with the distance between the two points of both eyes, it is not affected by the above-described area difference, there is little variation in the face image size after normalization, and a high authentication rate can be realized.

  In the face authentication system 200 according to the present embodiment, the information distribution server 15 includes deleting or invalidating the password-added ID when the password-added ID is received from the control server 13 and a predetermined time is exceeded. When the communication terminal 12 that received the password-added ID from the control server 13 is stolen, the information distribution server 15 side prevents the stolen person from using the communication terminal 12 as a registrant and stealing information. In this case, a restriction is placed on a password after a predetermined time has passed.

  Further, in the face authentication system 200 according to the present embodiment, the information distribution server 15 receives the ID with a password from the communication terminal 12 via the communication network 20, and deletes or invalidates the ID with a password when transmitting predetermined information. Including processing. When the communication terminal 12 that received the password-added ID from the control server 13 is stolen, the information distribution server 15 side prevents the stolen person from using the communication terminal 12 as a registrant and stealing information. This is a so-called one-time password that places a restriction on the ID with password once used.

(Authentication process)
Next, normalization processing and correlation processing, which are authentication processing performed by the face image preprocessing unit 16 and the correlation calculation processing unit 17 of the authentication server 14, will be described. The normalization processing according to the present embodiment is performed after sizing the face size in both images to the same level in order to perform collation with high accuracy when collating the registration face image and the authentication face image. Both images are filtered for correlation processing. The normalization process of this embodiment includes a reference point extraction process, a cut-out process, and a binarization process.

(Normalization processing)
In the reference point extraction process, a reference point provided in each image of the registration face image and the authentication face image is extracted. As described above, in the case of data in which a reference point is superimposed on both eyes in a face image photographed by the face authentication apparatus of the present embodiment, it can be easily extracted from the shape and color of the reference point. When the reference point is not superimposed on the face image, both eyes in the face image may be specified and a new reference point may be provided. In this case, the specification of both eyes may be automatically performed by the signal processing unit of the authentication server or may be made by an operator of the authentication server. In the face image on which the reference point photographed by the face authentication device of the present embodiment is superimposed, it is not necessary to correct the face size of both images to the same size, and the position of the face in the image is the same position. There is no need to correct it.

  In the reference point extraction process, it is preferable that the reference points are two points in both eyes in the face image. For example, when normalization is performed with the area formed by three points in the face image, there is an area difference between when the face is photographed parallel to the camera and when the face is photographed at an angle, and the face after normalization The image size varies. If the correlation processing between the registration face image and the authentication face image is performed based on this, the authentication rate decreases. On the other hand, if the normalization process is performed based on the distance between the two points of both eyes, it is not affected by the above-described area difference, there is little variation in the face image size, and a high authentication rate can be realized.

  Since the clipping process performs high image processing, extra images such as the background in the face image are reduced as much as possible. The range recognized as the outline of the face in the face image can be automatically cut out using a range having general versatility as a specified value, although there are individual differences. For example, several hundreds of pixels may be designated on the top, bottom, left, and right with reference to the reference point described above, and the cutout process may be performed by automatically deleting images exceeding this number. Of course, the authentication server operator may input an arbitrary size.

  In the binarization process, edges such as contours and facial parts are extracted using a filter. This is to make the transmitted light quantity uniform or improve the S / N ratio when the later correlation calculation is an optical correlation calculation. It is preferable to use a Sobel filter as the filter. Further, it is preferable to perform binarization processing for whitening 20% of the whole.

(Correlation processing)
Subsequently, the image normalized by the normalization process is correlated. The correlation processing unit used for the correlation processing of this embodiment is not particularly limited, but is preferably an optical parallel correlation processing unit using optical correlation calculation. Hereinafter, an example in which the correlation processing unit of the present embodiment is an optical parallel correlation processing unit will be described. The optical parallel correlation processing unit 30 shown in FIG. 5 uses the principle of JTC (Joint Transform Correlation) which is an optical correlation calculation.

  In the optical parallel correlation processing unit 30, the light emitted from the light source LD 31 is converted into parallel light by the collimator lens 32 and split by the beam splitter 33. The registration face image and the authentication face image that have been subjected to the above-described normalization processing are displayed on an electric writing type spatial light modulator (ESLM) 34 at a predetermined distance d, and Fourier is obtained by a multi-level zone plate array (MLZPA) 35. A converted image (JPS: Joint Power Spectra) is obtained. The JPS is reflected by the mirror 36 and the mirror 37 and written in the optical writing type spatial light modulator (OSLM) 38, and the light passing through the OSLM 38 is irradiated onto the surface of the half mirror 41. On the other hand, the light split by the beam splitter 33 described above is irradiated as coherent light onto the surface of the half mirror 41 via the mirror 39 and the mirror 40. The light that has passed through the half mirror 41 is again subjected to Fourier transform by the MLZPA 42, collected by the condenser lens 43, and acquired by the CCD camera 44 as a correlation signal.

  In the calculation process by the optical system of the optical parallel correlation processing unit 30, when autocorrelation (registration face image and authentication face image are the same person) and cross-correlation (registration face image and authentication face image are different) FIG. 6 shows a comparison of the differences in the case of (person) on each surface in the optical path. 6A shows the display image on the ESLM 34 surface, FIG. 6B shows the JPS image on the OSLM 38 surface, and FIG. 6C shows the correlation signal on the CCD camera 44 surface.

  As shown in FIG. 6A, both the auto-correlation and the cross-correlation are arranged in parallel with the registration face image and the authentication face image separated by a distance d. The reference point for the distance d is the center point of the two reference points of each face image. The face image subjected to the binarization process becomes a Fourier transform image after passing through the ESLM 34 plane, and is obtained as an optical signal intensity distribution as shown in FIGS. FIG. 6B and FIG. 6B show the frequency and optical signal intensity obtained by adding coherent light to this. As shown in FIGS. 6B and 6B, in the case of autocorrelation, a certain vibration (hereinafter referred to as “pitch”) is applied to the curve of the optical signal intensity with respect to the frequency. This pitch p is given by p = fλ / d (f: Fourier transform focal length, λ: wavelength, d: distance between face images), and periodic interference fringes appear in the processed image. On the other hand, in the case of cross-correlation, the pitch is broken and periodic interference fringes do not appear. Therefore, as shown in FIG. 6C, a high light intensity appears as a sharp peak in the correlation signal obtained on the surface of the CCD camera 44, and a low light intensity distribution is obtained in the cross correlation. This difference in light intensity can be used as the authentication rate of the face authentication system according to the present embodiment. This light intensity may be received by a CCD camera and output as a level value such as a light intensity of 0 to 255. This signal may be taken into the authentication server, and authentication may be performed using a correlated light intensity threshold preset by the authentication server.

  As described above, the face authentication system according to the present embodiment captures the registration face image and the authentication face image with the face authentication apparatus capable of reducing variation, and normalizes and correlates the images to register them in the mobile environment. Can be used as a face authentication system with a high authentication rate for registered / unregistered users and a high security level.

  Next, the present invention will be described in more detail with reference to examples. The face authentication system described above as Example 1 was constructed, and the difference in authentication rate from the conventional one as Comparative Example 1 was verified. The conditions of Example 1 and Comparative Example 1 are as follows. As the face authentication device, a camera-equipped mobile phone of model name A5303H manufactured by Hitachi, Ltd. was used. In the display of the reference point in Example 1, a program created by JAVA (registered trademark) was used. In Comparative Example 1, a program for displaying a frame instead of the reference point was used. Communication between the communication terminal and each server was performed using the http protocol. In Example 1 and Comparative Example 1, 20 subjects were used, and autocorrelation and cross-correlation were performed in each case. Conditions such as the location and lighting at the time of shooting are arbitrary. FIG. 7 shows intensity values that are light intensities captured by the CCD sensor when autocorrelation and cross-correlation are performed in each case. In addition, the cross-correlation strength value described the cross-correlation with subjects other than the person, and the strength value is the maximum value among them.

  When the autocorrelation intensity values of Example 1 and Comparative Example 1 are compared, the intensity value of Example 1 is high for 90% of the subjects. Moreover, when the cross correlation intensity value of Example 1 and Comparative Example 1 is compared, the intensity value of Example 1 is high with respect to 65% of the subjects. Therefore, it can be said that the face authentication system according to the present invention that captures a face image with two reference points is effective.

  The difference in error rate between Example 1 and Comparative Example 1 was verified under the same conditions as described above. As an error rate, evaluation was performed using an individual rejection rate (FNMR), which is a ratio of rejecting the principal, and an acceptance rate (FMR), which is a ratio of recognizing a person other than the principal as the principal. FIG. 8 shows the results of obtaining the FNMR and FMR for each intensity threshold. FIG. 8 (1) is based on Example 1, and FIG. 8 (2) is based on Comparative Example 1. In FNMR, as the intensity threshold value is raised, the intensity values that do not reach the threshold value relatively increase, and the probability of being rejected as a person increases, and shows a rising curve. As the intensity threshold value is raised, others with intensity values exceeding the threshold value also decrease relatively, and the probability of accepting others decreases, and shows a downward-sloping curve. When face image authentication at an ideal authentication rate is performed, a region where the FNMR curve and the FMR curve do not intersect is formed, and by providing an intensity threshold in this region, FNMR 0% and FMR 0% can be achieved. Comparing Example 1 in FIG. 8A and Comparative Example 1 in FIG. 8B, the FNMR curve and the FMR curve intersect each other. However, Example 1 crosses at a lower error rate than Comparative Example 1. By providing a threshold value at this intersection point, it is possible to perform face image authentication with a low error rate for both FNMR and FMR. Therefore, it can be said that the face authentication system according to the present invention that captures a face image with two reference points is effective.

  Moreover, in the face authentication system constructed by the verification test, the time required for transmitting the authentication face image from the face authentication device and receiving the password from the control server is 6 seconds on average, high speed, and It was verified that the face authentication system has a high authentication rate.

  The face authentication system according to the present invention is simple even in a mobile environment, and can be used to provide various contents such as highly secure e-learning contents.

It is the schematic of one form of the face authentication apparatus which concerns on this embodiment. FIG. 2 is a face image taken by a face authentication device, (1) is a face image using the face authentication device according to the present embodiment, and (2) is a face image using a conventional face authentication device. It is a conceptual diagram of the face authentication system which concerns on this embodiment. It is a flowchart which shows the flow of the information of the face authentication system which concerns on this embodiment. It is the schematic which shows the optical parallel correlation process part of this embodiment. These are images and data obtained in the calculation process of the correlation processing of this embodiment, (a) is a display image on the ESLM plane, (b) (1) is a JPS image on the OSLM plane, (b) (2) is a frequency and The relationship of intensity is shown. (C) The correlation signal of the CCD camera surface is shown. It is a figure showing the intensity value at the time of the auto correlation of Example 1 and Comparative Example 1 and a cross correlation. It is a graph which shows the relationship of the error rate with respect to the intensity | strength threshold value of Example 1 and Comparative Example 1.

Explanation of symbols

1, camera 2, display unit 3, reference point superimposing unit 4, reference point 5, face image 10, first face authentication device 11, second face authentication device 12, communication terminal 13, control server 14, authentication server 15 , Information distribution server 16, face image preprocessing unit 17, correlation calculation processing unit 19, normalization processing unit 20, communication network 30, optical parallel correlation processing unit 31, light source LD
32, collimating lens 33, beam splitter 34, ESLM
35, MLZPA
36, 37, mirror 38, OSLM
39, 40, mirror 41, half mirror 42, MLZPA
43, condenser lens 44, CCD camera 100, face authentication device 200, face authentication system

Claims (11)

A camera to shoot the face,
A reference point superimposing unit that superimposes two reference points on the face image captured by the camera;
A display unit provided near the camera and displaying an image in which two reference points are superimposed on the face image;
A face authentication apparatus comprising:   The face authentication apparatus according to claim 1, wherein the two reference points are superimposed on both eyes of a face image photographed by the camera.   The camera is a camera installed in a camera-equipped mobile phone, and the reference point superimposing unit is the camera-equipped mobile phone that superimposes the two reference points on the face image by a downloaded application program, and the display The face authentication apparatus according to claim 1, wherein the unit is a liquid crystal monitor installed in the camera-equipped mobile phone. A first face authentication device using one of the face authentication devices according to claim 1;
A second face authentication device using any one of the face authentication devices according to claim 1;
A face authentication system comprising at least a communication terminal connected to a communication network, a control server connected to the communication network, an authentication server connected to the communication network, and an information distribution server connected to the communication network,
The first face authentication device captures a registration face image and transmits the registration face image to the authentication server via the communication network.
The second face authentication device captures an authentication face image and transmits the authentication face image to the communication terminal;
The communication terminal receives a registrant ID for identifying a registrant from the control server via the communication network, records the registrant ID, and receives the authentication face image from the second face authentication device. And transmitting the authentication face image to the control server via the communication network, and transmitting the recorded registrant ID as an authentication ID to the control server via the communication network, Receiving the authentication ID and password from the control server via the network, recording the password, transmitting the recorded authentication ID and password to the information distribution server via the communication network, and The control server receives predetermined information from the information distribution server via a communication network, the control server assigns the registrant ID corresponding to a registrant, and assigns the registrant ID via the communication network. To the communication terminal And transmits the registrant ID to the authentication server, receives the authentication face image and the authentication ID from the communication terminal via the communication network, and the authentication ID is the registrant ID. If the authentication ID is the registrant ID, the authentication face image and the authentication ID transmitted from the communication terminal are transmitted to the authentication server, and the image is transmitted from the authentication server. An authentication signal is received, the password for access to the information distribution server is assigned to the authentication ID, the authentication ID and the password are transmitted to the communication terminal via the communication network, and the authentication is performed. Transmitting the ID and the password to the information distribution server,
The authentication server acquires the registrant ID from the control server, receives the registration face image from the first face authentication device via the communication network, registers the registration face image, and The authentication face image and the authentication ID are received from a control server, the registration face image and the authentication face image are normalized and correlated, and the registration face image and the authentication face image are It is determined whether or not they are the same, and when the registration face image and the authentication face image are authenticated as the same, the image authentication signal is transmitted to the control server,
The information distribution server receives the authentication ID and the password from the control server, records the authentication ID and the password as a confirmation ID and a confirmation password, respectively, and transmits the communication terminal via the communication network. The authentication ID and the password are received from the server, the authentication ID and the password are confirmed to be the same as the confirmation ID and the confirmation password, respectively, and the authentication ID and the password are respectively confirmed. The face authentication system, wherein the predetermined information acquired as being identical to an ID and a confirmation password is transmitted to the communication terminal via the communication network.   5. The face authentication system according to claim 4, wherein the registrant ID and the authentication ID are IDs of camera-equipped mobile phones.   The face authentication system according to claim 4, wherein the communication terminal is a wireless communication terminal connected by a wireless communication network.   The face authentication system according to claim 4, wherein the authentication face image transmitted from the communication terminal to the control server via the communication network is encrypted.   7. The communication terminal, when transmitting the authentication face image to the control server via the communication network, deletes the authentication face image from the memory of the communication terminal. Or the face authentication system of 7.   9. The normalization process performed by the authentication server normalizes each face image with a distance between both eyes of the registration face image and the authentication face image. Face recognition system.   10. The face authentication system according to claim 4, wherein the information distribution server deletes or invalidates the password when the password is received from the control server and a predetermined time is exceeded. The information distribution server receives the password from the communication terminal via the communication network, and deletes or invalidates the password when transmitting the predetermined information. Face recognition system.

Images