JP2002342862A - Access control system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve the resistance to forgery of organism information, the acceptability of a user, a collation time, the accuracy, and a system construction cost of an identification system using the user's inherent organism information. SOLUTION: A face of a person entering into a building 114 is photographed by a camera 104. When the picture is agreed with a person registered in advance, a personal identification device 103 records the personal ID, a result of collation, and the entry date and time as logs, and outputs a command for unlocking a door of the building 114. A fingerprint input device 104 acquires the fingerprint of the person entering into a computer room 100 in the building 114. The personal identification device 103 collates the acquired fingerprint with the characteristic amount of the recorded registered fingerprint of the person who is about to enter. Further the entitlement of the person entering in the room is comprehensively determined on the basis of a result of the collation of the face of the person entering in the room and a result of the collation of the fingerprint. When the person is entitled to enter, the command for unlocking the door of the computer room 100 is outputted.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an access management technique for permitting a user who has been previously qualified to access.

[0002]

2. Description of the Related Art The following are known examples related to access management technology. (1) Access control system using fingerprints As described in Japanese Patent Application Laid-Open No. H11-053666, this is a system for managing access to and from a management area using a user's fingerprint. The extracted features are registered in advance, and when the user enters the management area,
By comparing the fingerprint feature amount registered in advance with the newly input fingerprint image, it is confirmed that the user is permitted to enter, and it is possible to enter the management area. (2) Multi-modal identity authentication system using face and fingerprint "Biometrics," A. Jain et al., Kluwer Academic Publisher
As described in s, 1999, pp327-344, two types of biometric information features, a user's face and a fingerprint, are registered in advance, and the face and fingerprint of the user who requests identity verification are registered separately. The identity of the person is comprehensively confirmed from the result of collation with the feature amount of (1).

[0003]

The method of the known example (1) has the following two problems.・ Since identity verification is performed based on a single piece of biometric information, there is a possibility that the accuracy of identity verification (rejection rate and acceptance rate of others) required by the system may not be satisfied. -Since personal identification is performed based on a single piece of biometric information, resistance to forgery of biometric information is weak, and unauthorized entry by impersonation may not be prevented.

When the method of the known example (2) is used in place of the fingerprint of the known example (1), the above two problems can be addressed by using a plurality of pieces of biometric information. Is an issue.・ Since identity verification is performed using multiple pieces of biometric information, security may be more robust than necessary, and the convenience of the user may be reduced. Also, the system construction cost increases. -When identifying a user, the calculation time increases because all of a plurality of registrants are to be compared with a plurality of pieces of biometric information.・ Since the face image is acquired using an existing visible light source such as illumination light or natural light, the position of the light source is not fixed, and the image obtained from the same face changes greatly, resulting in deterioration in recognition accuracy. I do. There is a need for an access management system or personal recognition device for the same that has improved the above.

[0005]

An object of the present invention is to provide an access management system or personal identification system which satisfies the required accuracy of identity verification, has high resistance to forgery of biometric information, and can prevent unauthorized access by spoofing. Provide equipment.

Further, the present invention performs appropriate access control according to a required security level,
An access management system capable of realizing high convenience, low system construction cost, and short calculation time, or a personal recognition device therefor.

According to one aspect of the present invention, an access management system according to the present invention is an access management system for performing multiplex access control, wherein a first access control is performed by a person who intends to obtain a first access permission. Acquire and output various types of biological information,
A first type of biological information acquisition device, a second type of biological information acquisition device that acquires and outputs a second type of biological information of a person who intends to obtain a second access permission, A personal recognition device for determining whether the first access and the second access are permitted,
A device for controlling the first access according to the determination result of the personal recognition device;
A device for controlling the second access.

[0008] The above-mentioned personal recognition device, for a person to whom the first access is permitted, stores the first person stored in the storage device.
Collation processing for collating the first type of biometric information output by the first type of biometric information acquisition device with the first type of biometric information of a person attempting to obtain the first access permission Unit, a first determination processing unit that determines whether or not access by a person who intends to obtain the first access permission is possible, using a comparison result of the first comparison processing unit; and a first determination process. The second type of biological information stored in the storage device and the second type of biological information output from the second type of biological information The second access processing unit obtains the second access permission by using a second matching processing unit that matches the second type of biometric information of the person who intends to obtain permission, and a matching result obtained by the second matching processing unit. A second judgment processing unit for judging whether or not the access by the person who intends to access is possible; According to the judgment result notified to the device for controlling the first access, and an access management unit for notifying the determination result by the second determination processing unit to the device for controlling the second access.

Further, according to another aspect, the second determination processing section includes a comparison result obtained by the first comparison processing section,
The access result may be determined based on a result of the comparison performed by the second comparison processing unit according to a predetermined determination criterion. The access in the present invention means access to a target object or use of the target object. For example, the former refers to entering a restricted area, and the latter refers to using an information system.
Further, the present invention may have a function of deleting the record of the accessor when a predetermined time has elapsed from the date and time when access to the restricted access area was started. Second and third access restricted areas may be provided in the first access restricted area, and access restrictions may be performed using different biological information. Note that even the same type of biological information can be used as different types of biological information if the information sources are different. Specifically, even if the same fingerprint information is used, different fingers can be used as different biometric information. In addition, the present invention performs appropriate access control in accordance with the security level by simultaneously using access control using other biometric information in a management area requiring a higher security level, thereby achieving high convenience and Low system construction costs can be realized.

[0010] The present invention also provides a personal identification device,
It has a function of illuminating the identification target with infrared light and acquiring an infrared image as a reflection of the infrared light. Further, by maintaining a constant positional relationship between the infrared light source and the function of acquiring the image, visible light can be obtained. Personal identification can be performed without being affected by the position of the light source. In order to further improve the identification accuracy, a filter for cutting visible light may be used in combination.

[0011]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS As a first embodiment, a description will be given of an example of entry control to a computer room where higher security is required in a building where entry is restricted. In this embodiment, a user's face and fingerprint are used as biometric information used for personal identification. However, the present invention is not limited to the face and the fingerprint, and other biometric information can be used. The input, registration and collation of the fingerprint in this embodiment
A method described in JP-A-10-149446 may be used. In addition, face input, registration and collation in this embodiment
The method described in JP-A-2000-132675 may be used.

FIG. 1 is a diagram for explaining the outline of the first embodiment. In this embodiment, a building 114, a door 101 thereof, and a computer room 100 where higher security is required in the building 114, and a door 1 thereof, to which only authorized persons can enter.
15, a door management device 102 for unlocking and locking the door 101 and the door 115, and a personal identification device 103 for judging whether or not a person who intends to enter is previously permitted to enter are installed. The personal identification device 103 includes a camera 104 for acquiring a face image of a person who intends to enter the building 114, and a computer room 100.
Fingerprint input device 10 that obtains the fingerprint of the person trying to enter
5 is connected.

A person who wants to enter the building 114
Enter the face image at 04. The personal identification device 103 collates the feature amount of the face of the individual registered in advance with the newly input face image. If it is determined that the individual is a registered individual, the individual ID, the similarity as the collation result, After recording the date and time as a log, a command to unlock the door 101 is issued to the door management device 102. The door management device 102 receives the unlocking command and
Unlock 01. A person who wants to enter the computer room 100 in the building 114 inputs a fingerprint using the fingerprint input device 105. The personal identification device 103 is one of the visitors recorded by the log.
For those whose elapsed time from the date and time of entering the building is equal to or less than a predetermined time, the inputted fingerprint is compared with the feature amount of the fingerprint registered in advance. Further personal identification device 10
In the method 3, the individual is comprehensively identified from the similarity as the result of face matching of the visitors recorded in the log and the similarity as the result of fingerprint matching. When the individual can be identified, the personal identification device 103 issues an unlocking command for the door 115 to the door management device 102. The door management device 102 receives the unlock command and unlocks the door 115.

Hereinafter, this embodiment will be described in detail. FIG. 2 shows a functional configuration example of the personal identification device 103. The personal identification device 103 has the following functions. That is, a camera 104 for obtaining a face image of a person who wants to enter a building and a face image input function 211, a face feature amount database 201 which holds in advance the face feature amount of a person who is permitted to enter the building, A face matching function 213 that matches a face image with a feature amount of a face and outputs a similarity between the two, an individual is identified based on the similarity of the face, and an individual I is identified.
Face judgment function 217 that outputs similarity to D, computer room 10
Fingerprint input device 1 that obtains a fingerprint image of the person trying to enter 0
05 and a fingerprint input function 212, a fingerprint feature database 203 that holds in advance the features of fingerprints of persons who are permitted to enter the computer room 100, and collates fingerprint images with fingerprint features, and compares the two. Fingerprint matching function 214, which compares the fingerprint image with the newly input fingerprint image and outputs the similarity between the two.
A fusion judgment function that identifies a person who is going to enter the computer room 100 using the similarity obtained from the face matching function 213 and the fingerprint matching function 214 and the judgment criterion data 204, and outputs a personal ID.
The visitor management function 215 that receives the personal ID output by the face determination function 216, the face determination function 217, or the fusion determination function 216, updates the access log 202, and outputs an unlock command to the door management device 102.
Consists of In the present embodiment, the feature amount database is installed in the personal identification device. However, the present invention is not limited to this. The feature database can be installed outside the building 114 and connected to the network.

[0015] As shown in FIG.
This can be realized by using a general computer including a PU 1801, a memory 1802, a fixed storage device 1803, and an external interface 1804. Further, each function (also called a processing unit) constituting the personal identification device 103 is implemented by the above-described computer.
This can be realized by the CPU 1801 executing a program stored in the fixed storage device 1803 on the memory 1802.
Each program may be introduced from an external storage device such as an FD or a CDROM or a network 1805 such as the Internet to the fixed storage device 1803 or the memory 1802 via the external interface 1804. The camera 104, the fingerprint input device 105, and the door management device 102
Connected to 04.

FIG. 3 shows an example of a face feature database 201 of a person who is permitted to enter a building. In the database, personal IDs and facial features are stored in association with each other. Individual
The ID can be anything that is unique to all individuals. In this embodiment, it is assumed that ten people are allowed to enter the building in advance, but this is not a limitation. FIG. 4 shows an example of the fingerprint feature amount database 203 of a person who is permitted to enter the computer room 100. The database stores the personal ID and the fingerprint template in association with each other. The personal ID can be anything that is unique to all individuals. Further, in the present embodiment, it is assumed that seven out of ten persons permitted to enter the building are permitted to enter the computer room 100, but this is not a limitation. In this example, one fingerprint is registered for one person, but a plurality of fingerprints may be registered. FIG. 5 is an example of the criterion data 204. In this example, a coefficient to be applied to the similarity and a threshold value for determining whether or not the user is the identity after the coefficient is applied are recorded. The criterion method and criterion data are not limited to this example. FIG. 6 is an example of the access log 202. In this example, the date and time when a person enters a building, the personal ID of the person, and the similarity of the result of face matching are recorded. This figure shows an example where three people are entering.

FIG. 7 shows a schematic flow of entrance management to a building according to this embodiment. Step 705: The face image input function 211 takes in the face image of the person who is going to enter and extracts the feature amount. Step 710: The face matching function 213 matches the feature amount of each individual registered in the face feature amount database 201 with the captured face image, associates the matching result (similarity) with the personal ID, and Remember temporarily. Step 715: Attempt to identify a person who matches the face image from the similarity. That is, the face determination function 217 uses the temporarily stored similarity value to determine which individual
Determine whether it corresponds to the ID. For example, if the one having the largest value among all the similarities exceeds a preset threshold, the personal ID having this similarity is identified as a person who intends to enter. If the threshold is not exceeded,
It is assumed that the person who intends to enter cannot be identified. Step 720: In accordance with the result of step 715, if a person who is going to enter can be specified, the process proceeds to step 725, otherwise, the process ends. Step 725: The face judgment function 217 transmits the personal ID of the specified person and the similarity thereof to the visitor management function 215. Step 730: The visitor management function 215 adds the date and time to the transmitted personal ID and similarity and records it in the access log 202. When the same personal ID already exists in the access log 202, the similarity and the date and time are updated, and when the personal ID does not exist, it is added. Step 735: The visitor management function 215 is the outside door 101 of the building 114
An unlock command is transmitted to the door management device 102 so as to unlock. Step 740: The door management device unlocks the outer door 101 of the building 114 according to the command transmitted from the visitor management function 215.

FIG. 8 shows a schematic flow of entry control to the computer room 100 according to this embodiment. Step 805: The fingerprint input function 212 is executed by the computer room 100
A fingerprint image of a person who is going to enter is taken in and a feature amount is extracted. The extracted feature amount is passed to the fingerprint matching function 214. Step 810: The fingerprint matching function 214 requests the visitor management function 215 for the personal ID of the person who has already entered the building 114 and the similarity of the face matching. The visitor management function 215 compares the date and time of entry of the person who has already entered the access log 202 with the current date and time, and if the predetermined time has elapsed, the personal ID is used as the access log. Delete from 202. The fingerprint matching function compares the personal ID remaining as a result and the similarity of face matching at the time of entry with the personal ID.
Answer to 214. Step 813: If there are no visitors, the process ends, and if there are visitors, the process continues. Step 815: The fingerprint matching function 214 captures the fingerprint features of those who have already entered the building 114, which were answered by the visitor management function 215 among those registered in the fingerprint feature database 203. Check with fingerprint image. Further, the ID of the collated person, the similarity of the result of collating the fingerprint image, and the similarity of collating the face image are passed to the fusion determination function 216. This data may be described, for example, as shown in FIG.
The person with the personal ID of A010 is not permitted to enter the computer room 100 and has not been registered in the fingerprint, and thus is not described in the data of FIG. Step 817: The fusion judgment function 216 receives, from the fingerprint matching function 214, data on the similarity of the person entering the building by face matching and the similarity by fingerprint matching. Further, using the passed similarity data and determination criterion data 204, it is determined which personal ID the person who intends to enter corresponds to. For example, the similarity of fingerprint matching in each personal ID is multiplied by the coefficient of similarity of fingerprint matching of the criterion data, and the similarity of face matching is multiplied by the coefficient of similarity of face matching. What is necessary is just to make it the evaluation value of determination.

FIG. 10 shows an example of the evaluation value of the fusion judgment. Figure 5
The coefficient of face similarity was calculated as 0.8, and the coefficient of fingerprint similarity was calculated as 1.2. If the evaluation value having the highest similarity exceeds a preset threshold value, the personal ID having the similarity is identified as a person who is going to enter. If the threshold is not exceeded, it is assumed that the individual corresponding to the person attempting to enter cannot be identified. Step 820: In accordance with the result of step 817, if it can be specified, the process proceeds to step 825; otherwise, the process ends. Step 825: The personal ID and similarity of the specified person are transmitted to the visitor management function 215. Step 835: Visitor Management Function 215 is Computer Room 100
An unlock command is transmitted to the door management device 102 so as to unlock the door 115. Step 840: The door management device 102 performs the visitor management function 215
The door 115 of the computer room 100 is unlocked according to the instruction transmitted from the computer.

In the above embodiment, the visitor management function 21
5 compares the date and time when the first accessing person (entering the building 114) started accessing with the current date and time described in the access log 202 to obtain the second access ( At the time of admission to the computer room), the person to be verified is selected. In the present embodiment, more reliable security management can be achieved by using a fingerprint that provides higher determination accuracy than using a face image for access control to an area that requires higher security. In the above embodiment, as described in step 810, if the elapsed time from the time when a person enters the building is equal to or less than a predetermined value, it is determined that the person is still entering the building. Has been determined. As an alternative, a method may be used in which a person entering the building is identified again by face identification when the person exits the building, and the exiting person is deleted from the access log to identify the person entering the building. . This method may be used in combination with the method based on elapsed time.

An alternative to the acquisition of the user's face image in step 705 is described below. FIG. 11 shows a detailed functional configuration of the face image input function 211 in FIG. The face image input function 211 shown in FIG.
3. Connected to an infrared camera that acquires only infrared light reflected from the face, and a face matching function 213 that performs face image matching using visible light. At this time, the relative positions of the infrared camera 1102 and the infrared light 1103 are fixed, and the geometric relationship between the two is always the same. In addition, face image input function 211
Is an image input function 1104 that controls the infrared camera 1102 and the infrared light 1103, an image conversion function 1105 that converts an infrared image of the face into a visible light image, and a brightness conversion table used when converting the infrared image into a visible light image. Consists of 1106. FIG. 12 shows an example of the luminance conversion table 1106. In FIG. 12, the relationship between the luminance of the infrared image and the luminance of the visible light image is maintained. The contents of the brightness conversion table 1106 can be calculated by experimentally obtaining the reflectance of human face skin with respect to visible light and infrared light, respectively.

FIG. 13 shows a flow of face collation using infrared light. Step 1305: The image input function 1104 irradiates the face of the person who is going to enter with infrared rays using an infrared camera. Irradiation with infrared rays may be performed all the time, but when the timing of face photographing is instructed from outside, it is also possible to irradiate for a short time in accordance with the instruction. Step 1310: The image input function 1104 fetches an infrared image of the face of the person who is going to enter in conjunction with the irradiation of infrared rays. The captured infrared image is passed to the image conversion function 1105. Step 1315: The image conversion function 1105 converts the infrared image of the person's face into a visible light image using the luminance conversion table.
In the present embodiment, conversion into a visible light image is performed by changing the luminance of the infrared image according to the luminance conversion table. The visible light image is passed to the face matching function 213. Step 1320: The face matching function 213 performs matching using the visible light image.

In this embodiment, the infrared image is converted into a visible light image using the luminance conversion table. For example, the same conversion is performed by giving the luminance of the visible light image as a function of the luminance of the infrared image. be able to. As described above, a device that irradiates a user with infrared light and a device that obtains an infrared image of the user are always installed in a fixed positional relationship, and the infrared image is converted into an image using visible light. High-accuracy collation can be performed without being affected by the intensity and position of the light source due to visible light.

In the present embodiment, entry control to the computer room 100 in a building where entry is restricted and further security is required is described, but the present invention is not limited to this. For example,
As described in the second embodiment, the present invention can be applied to access management to an information system in a building where entrance is controlled.

As a second embodiment, a system for restricting access (login) to a terminal in an office where entry is restricted will be described. FIG. 14 is a diagram for explaining the outline of the second embodiment. In this embodiment, an office 1400 to which only a previously authorized person can enter, a door 101 thereof, a door management device 102 for opening and closing the door 101, a person to enter and a terminal 1
A personal identification device 1403 for determining whether or not a person who tries to log in to 408 is a person who has been permitted in advance is installed. Connected to the personal identification device 1403 are a camera 104-1 for acquiring a face image of a person who intends to enter the office 1400 and a fingerprint input device 105 for acquiring a fingerprint. Further, a camera 104- for acquiring a face image of a person who attempts to log in to the terminal 1408
2 is also connected.

FIG. 15 shows an example of the functional configuration of the personal identification device 1403. In FIG. 15, the functions assigned the same numbers as those of the personal identification device 103 in FIG. 2 operate in the same manner. Access management function
1515 receives the judgment result of the merge judgment function 216, updates the access log 202, and permits access. The personal identification device 1503, like the personal identification device 103, can be realized using a general computer as shown in FIG. A person who wants to enter the office 1400 places his finger on the fingerprint input device 105. The personal identification device 1403 detects that the finger is placed on the fingerprint input device 105, acquires a fingerprint image, and extracts a feature amount. Next, the personal identification device 1403 checks the extracted feature amount against the fingerprint feature amount of each individual registered in the fingerprint feature amount database 203 in advance, and specifies the individual. As shown in FIG. 4, the fingerprint feature amount database 203 records in advance the ID numbers and fingerprint feature amounts of persons who are permitted to enter.
Further, the personal identification device 1403 fetches the face image of the person who is going to enter from the camera 104-1, extracts the feature amount of the face, and temporarily records it in the face feature amount database 201. Next, the ID and fingerprint verification result of the person who is going to enter are recorded in the access log 202, and the door 101 is unlocked. When a visitor logs in to the terminal 1408, the personal identification device 1403
Acquires the face image of the visitor from the camera 104-2 and extracts the feature amount of the face. The personal identification device 1403 identifies the person to be collated from the personal ID input and transmitted from the keyboard or the like of the terminal 1408, and compares the face image by the camera 104-2 with the face feature amount previously recorded in the face feature amount database 201. Are compared to obtain a similarity. Next, face similarity and access log 20
Using the similarity of the fingerprint of the person recorded in 2, the personal authentication is performed by fusion judgment. Terminal if you can identify yourself
The use permission is transmitted to 1408. The terminal 1408 receives this and accepts the login of the person who intends to log in.

FIG. 16 illustrates an entry flow to the office 1400. Step 1605: The fingerprint input function 212 captures the fingerprint image of the person who is going to enter the office from the fingerprint input device 105. Step 1610: The fingerprint collating function 1514 collates the fingerprint characteristic of the person who has been permitted to enter and registered in the fingerprint characteristic database 203 in advance with the fingerprint image obtained in step 1605, and calculates the similarity. Step 1620: If the largest value among the similarities obtained in step 1610 exceeds a predetermined threshold, the process proceeds to the next step assuming that the individual has been identified.
Otherwise, the process ends. Step 1625: The face image input function 211 takes in the face image of the person who is going to enter the office from the camera 104-1. Step 1630: The face matching function 1513 extracts a feature amount from the face image obtained in step 1625, and the face feature amount database 201
To record. Step 1 in the face feature database 201
The personal ID specified in 620 and the extracted face feature amount are stored as shown in FIG. Step 1632: The access management function 1515 records in the access log 202 the personal ID and fingerprint matching similarity of the person who has been permitted to enter in step 1620. The access log 202 has a personal ID, a similarity of collation, and the like as shown in FIG. Step 1635: Access Management Function 1515 is Door Management Device 10
Step 1640: The door management device 102 unlocks the door 101.

FIG. 17 illustrates a processing flow when the terminal 1408 is used. Step 1702: Person trying to use terminal 1408 has personal ID
Enter Step 1705: The face image input function 211 captures a face image of a person who intends to use the terminal 1408 from the camera 104-2, and extracts a feature amount. Step 1710: The face matching function 1513 compares the face feature amount corresponding to the personal ID input in step 1702 among the persons recorded in the face feature amount database 201 with the feature amount of the face image extracted in step 1705. Then, the similarity is calculated. Step 1720: The fusion determination function 215 determines the similarity of the face obtained in step 1710 and the similarity of the fingerprint of the personal ID recorded in the access log 202 in step 1632. Step 1725: If the evaluation value of the fusion judgment is larger than the predetermined threshold value, the fusion judgment function 215 recognizes the above-mentioned log-in person as a person who has the use qualification,
Proceed to the next step. Otherwise, the process ends. Step 1735: The access management function 1515 transmits the use permission to the terminal 1408. Step 1737: The terminal 1408 receives the use permission and performs a login acceptance process.

In this embodiment, the personal ID of the person who intends to make the second access (use of the terminal 1408) input from the terminal 1408 is used for selection. Further, in the present embodiment, at the time of the first access (entering the building 114), the biometric information (face feature amount) database 201 used for matching at the time of the second access (use of the terminal 1408) is created. However, similarly to the fingerprint feature database 203 in the first embodiment, a biometric information (face feature) database 201 may be provided in advance. In the above embodiment, a method of not inputting a personal ID when logging in to the terminal 1408 can be adopted. In this case, step 1702 is omitted, and in step 1710, matching is performed with all persons recorded in the face feature amount database 201, and the ID number of the person having the highest similarity may be adopted. In this embodiment, the fingerprint is used for the entrance management and the face image is used for the login management of the terminal. However, the present invention is not limited to this. For example, as in the first embodiment, it is possible to use a fingerprint that provides higher determination accuracy than using a face image for login management of a terminal that requires higher security.
Instead of the fingerprint feature database 203 of the present embodiment, an IC in which the fingerprint feature of each individual is recorded in advance for each individual
A card may be held, and the fingerprint feature value may be read into the personal identification device and collated. In each of the above embodiments, double access control has been described as an example. However, triple or more access control can be similarly performed.
It is also possible to perform a plurality of, the same or different access controls on the inner access control in parallel. In the above embodiment, the fingerprint and the face image are exemplified as the biological information. The biological information is not limited to these,
Palm shape, palm print, iris pattern, retinal pattern, ear shape, keystroke characteristics (keystroke such as keystroke interval and keypress time when typing specific words such as login name and password), smell, DNA, etc. It is also possible to use specific information that an individual has or generates.

[0030]

According to the present invention, it is possible to satisfy the accuracy of identity verification required by the access management system, have high resistance to forgery of biometric information, and prevent unauthorized access by spoofing. By performing appropriate access control according to the required security level, high convenience, low system construction cost, and short calculation time can be realized.

[Brief description of the drawings]

FIG. 1 is a diagram schematically illustrating a first embodiment.

FIG. 2 is a diagram illustrating an example of a functional configuration of a personal identification device according to the first embodiment.

FIG. 3 is an example of a face feature amount database 201 in the embodiment.

FIG. 4 is an example of a fingerprint feature amount database in the embodiment.

FIG. 5 is an example of determination reference data in the embodiment.

FIG. 6 is an example of an access log in the embodiment.

FIG. 7 is a flowchart showing an example of entrance management to a building according to the present invention in the embodiment.

FIG. 8 is a flowchart showing an example of entry control to a computer room according to the present invention in the embodiment.

FIG. 9 is an example of data passed to a determination function in the embodiment.

FIG. 10 is an example of an evaluation value of a fusion determination in the embodiment.

FIG. 11 is a diagram illustrating a functional configuration example of a face image input function according to the first embodiment.

FIG. 12 is an example of a luminance conversion table in the first embodiment.

FIG. 13 is a flowchart of face collation in the first embodiment.

FIG. 14 is a diagram illustrating an example of a functional configuration of entrance management to an office in the second embodiment.

FIG. 15 is a diagram illustrating an example of a functional configuration of a personal identification device according to a second embodiment;

FIG. 16 is a diagram illustrating an example of an office entrance management flow according to the second embodiment.

FIG. 17 is a diagram illustrating an example of a flow of login to a terminal according to the second embodiment.

FIG. 18 is a schematic configuration diagram of a computer that realizes a personal identification device in each embodiment.

[Explanation of symbols]

100: Computer room, 101: Outside door, 102: Door management device, 103: Personal identification device, 104: Camera, 114: Building, 11
5: Inside door, 202: Access log, 213: Face matching function, 21
4: Fingerprint collation function, 216: Fusion judgment function.

 ──────────────────────────────────────────────────続 き Continuing on the front page (72) Inventor Ichikichi Murata 216 Totsuka-cho, Totsuka-ku, Yokohama-shi, Kanagawa Prefecture F-term in the Communication & Social Systems Group, Hitachi, Ltd. 2E250 AA03 AA04 AA12 BB05 BB30 BB47 CC13 DD08 DD09 DD10 EE03 EE15 FF08 FF11 FF18 GG05 GG15 5B043 AA09 BA02 BA04 FA07 FA09 GA01 GA13 5C087 BB03 DD06 DD23 DD43 EE08 FF01 FF04 FF19 GG02 GG10 GG19 GG59

Claims (10)

[Claims] An access management system for performing multiplex access control, wherein a first type of biometric information of a person who intends to obtain a first access permission is obtained and output. A biological information acquisition device, a second type of biological information acquisition device that acquires and outputs a second type of biological information of a person who intends to obtain a second access permission, and a first access,
A personal recognition device that determines whether the second access is permitted, a device that controls the first access according to the determination result of the personal recognition device, and a second device that controls the first access according to the determination result of the personal recognition device.
A device for controlling access to the first type of biometric information stored in the storage device for a person who is permitted the first access. A first matching processing unit that matches the first type of biological information of the person trying to obtain the first access permission output by the biological information acquisition device, and a matching by the first matching processing unit Based on the result, a first determination processing unit that determines whether or not access is permitted by a person who intends to obtain the first access permission is performed. The stored second type of biometric information and the first type of biometric information obtained by the second type of biometric information acquisition device.
A second matching processing unit that matches with the second type of biometric information of a person who intends to obtain a second access permission during the access, and a matching result obtained by the second matching processing unit, A second determination processing unit that determines whether or not access is permitted by a person who intends to obtain the second access permission; and a determination result by the first determination processing unit to a device that controls the first access. An access management processing unit for notifying a result of the determination by the second determination processing unit to the device that controls the second access. 2. The access management system according to claim 1, wherein the second determination processing unit is configured to determine a comparison result by the first comparison processing unit and a comparison result by the second comparison processing unit. An access management system characterized in that the access permission / inhibition is determined according to a predetermined determination criterion. 3. The access management system according to claim 1, wherein the access management processing unit is configured to acquire the first biometric information from a person to whom the first determination processing unit has permitted access. Controlling the first determination processing unit so that the second matching processing unit matches a person whose time from when the second biological information is acquired to the second biological information is within a predetermined value. Access management system characterized by 4. The access management system according to claim 1, wherein the access management processing unit obtains the second access permission from those who have permitted the access by the first determination processing unit. An access management system for controlling the second matching processing unit so as to select a person to be matched using the identification information of the person to be matched 5. The access management system according to claim 4, wherein a second person who obtains the first access permission receives a second access permission.
Further comprising a third type of biological information acquisition device for acquiring and outputting the first type of biological information, wherein the first matching processing unit comprises:
A second type of biometric information is stored in the storage device for a person who intends to obtain permission for the first access, and the second matching processing unit stores the second type of biological information stored in the first matching processing unit. Access management system characterized by using two types of biometric information for verification 6. The access management system according to claim 1, wherein the device acquires a first type of biological information.
A device that acquires the type of biological information is a device that irradiates a person who intends to obtain access permission with infrared light and the positional relationship between the infrared irradiation processing unit does not change. A device for acquiring an infrared image of a part of the body of the person to be tried, wherein the personal recognition device includes a processing unit that converts the infrared image into a visible image,
An access management system, wherein the first or second matching processing unit performs the matching using the converted visible image. 7. The access management system according to claim 1, wherein said access is entry into a physical area or use of an information system. 8. The access management system according to claim 1, wherein said biological information is one of a face image and a fingerprint. 9. A personal identification device used in an access management system, wherein a first type of biometric information stored in a storage device is stored for a person who is permitted a first access.
A first matching processing unit that matches the first type of biometric information of a person who intends to obtain a first access permission; and a first matching processing unit that uses the matching result of the first matching processing unit. A first determination processing unit that determines whether or not an access is permitted by a person who intends to obtain an access to a second type, and a second type stored in a storage device for a person to whom the first determination processing unit has permitted the access. A second matching processing unit that matches the second type of biological information of a person who intends to obtain a second access permission during the first access, and the second matching processing A second determination processing unit that determines whether or not an access by a person who intends to obtain the second access permission using the collation result by the first unit; and a determination result by the first determination processing unit that is determined by the first determination processing unit. The result of the determination by the second determination processing unit is transmitted to the device controlling access to the second access device. A personal recognition device, comprising: an access management processing unit for notifying a device that controls access to each device. 10. A program for causing a computer to be processed as a personal recognition device used in an access management system, the first type being stored in a storage device for a person who is permitted a first access. Program code embodying a first matching processing unit that matches biometric information with the first type of biometric information of a person who intends to obtain a first access permission; and a first matching processing unit A program code that embodies a first determination processing unit that determines whether or not access is permitted by a person who intends to obtain the first access using the collation result by the first determination unit; The second person stored in the storage device for the authorized person
And a program code embodying a second matching processing unit that matches the second type of biological information of a person who intends to obtain a second access permission during the first access And a program code that embodies a second determination processing unit that determines whether or not access by a person who intends to obtain the second access is possible using the result of the comparison by the second comparison processing unit; The result of the determination by the first determination processing unit is sent to the device for controlling the first access by the second
And a program code embodying an access management processing unit for notifying each of the second access control devices of a determination result obtained by the determination processing unit.