JP2003337926A - Access control system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an access control system which updates stored information of an information storage card used for identification at a proper period as the face of the user changes. <P>SOLUTION: The access control system comprises a card issuing unit 2 which issues a contactless IC card 1, an identification unit 3 which identifies the user by using the stored information of the card 1 that the user bears, an access control unit 4 which controls user's access according to the identification result and the stored information of the card 1, an update decision unit 5 which decides whether information regarding the face which is stored on the card 1 of the identified user reaches an update period on the basis of the matching result in the identification, and an update processing unit 6 which at least updates the information regarding the face which is stored on the card 1 having reached the update period and information in imaging. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for controlling access of a user by using information stored in an information storage card, and more particularly, an access control system for authenticating the user based on image data of a user's face. Regarding

[0002]

2. Description of the Related Art In general, in access control, users try to use the resources in the system.
This is a control to check whether or not the user has the use right and use the user within the right that the user has. The conventional access control system is realized by, for example, a user's property, confidential information, biometrics, or the like alone or in combination. Specifically, there is a method using a physical key, a card, or the like as access control by a property. Further, as a method of access control using secret information, there is a method using a personal identification number or the like. Further, as an access control by biometrics, there is a method using a fingerprint, an iris, a face and the like.

In the conventional access control system, in order to improve the security, it is necessary to combine a plurality of various methods as described above, but the convenience may be impaired accordingly. Therefore, in order to improve security without impairing convenience as much as possible, for example, in the technology disclosed in Japanese Patent Laid-Open No. 2000-67188, information stored in an IC card or the like and a face image captured by a camera or the like are used. There has been proposed a method of authenticating a user by combining them.

In the conventional access control system as described above, it was not possible to know what the image was when the owner information was registered in the IC card or the like after the card was issued. Therefore, when performing personal authentication, the cardholder who has the right to use the IC card
If the facial expression is different from when the information was registered on the card, etc., access may be denied even if the person has the right to use it, or the authentication process may take time. . Further, if the authentication standard is loosened in order to avoid the above-mentioned situation, there is a possibility that an unauthorized user may be permitted to access, which is a problem.

In order to solve the above-mentioned problems, the applicant of the present invention stores the information at the time of registration at the time of registration in the information storage card so that the image information registered in the information storage card can be confirmed at the time of personal authentication. Has proposed an access control system which is to be recorded in (for example, Japanese Patent Application No.
1-274080). According to such a system, the user can make a facial expression similar to that at the time of registration by confirming the information at the time of imaging recorded for confirmation at the time of authenticating the person, and the person who has the proper authority. It becomes possible to certify the above surely and in a short time.

[0006]

However, the operation of the access control system of the prior application as described above is affected by the secular change or shaping of the user's face, and after a certain amount of time, the person himself / herself is affected. However, there is a drawback that the authentication accuracy of the item tends to decrease. In order to realize reliable personal authentication, it is necessary to update the image information and the image capturing information stored in the information storage card according to the deterioration of the authentication accuracy. It had no update function.

The present invention has been made by paying attention to the above points, and the information stored in the information storage card used for personal authentication is updated at an appropriate time according to the change of the face of the user. Therefore, it is an object of the present invention to provide an access control system that enables highly accurate personal authentication.

[0008]

In order to achieve the above object, the access control system of the present invention is capable of generating information about a face generated from face image data of an owner, information about an access right and the face image data. An image obtained by imaging the user and the storage information read from the information storage card possessed by the user who wishes to access, using an information storage card that stores at least the information at the time of capturing the captured image used. Whether or not the user is the cardholder himself or herself is verified by collating with the information on the face generated based on the above, and whether or not the user is permitted to access according to the result of the user authentication. In the access control system for controlling the, the information about the face stored in the information storage card of the user who is authenticated as the cardholder himself is updated at the time of update. It is configured to include means for determining whether or not based on the collation result at the time of the authentication, and at least updating the face information and the image capturing information stored in the information storage card corresponding to the update time. .

In the access control system having such a configuration, regarding the user who is authenticated as the owner of the card by using the stored information of the information storage card, the update time of the information about the face stored in the information storage card is set. For the information storage card that is determined based on the collation result at the time of personal authentication and corresponds to the update time, the face-related information and the image-taking-time information stored therein are updated to at least new information. As a result, it becomes possible to prevent the accuracy of personal authentication from being deteriorated due to the influence of the secular change of the user's face or the shaping.

In the above access control system, a card issuing means for issuing the information storage card, and an image obtained by picking up an image of a user carrying the information storage card issued by the card issuing means are generated. Identity verification means for verifying whether or not the user is the card owner himself by collating the information about the face with the information about the face read from the information storage card, and the authentication by the identity verification means Access control means for controlling whether or not to permit access of the user according to the result and the stored information of the information storage card, and the information storage possessed by the user who has been authenticated by the user by the personal authentication means. The update determination means for determining whether or not the information on the face stored in the card is in the update time based on the collation result at the time of authentication, and the update determination means for updating. It may be the determined information and the imaging-time information on the information stored in the memory card faces and in time be configured to include an update processing means for at least updated.

In such a configuration, a user who desires access uses the information storage card issued by the card issuing means to undergo personal authentication by the personal authentication means, and obtains the desired access permission by the access control means. For the user who has been authenticated as the person by the personal authentication means, the update determination means determines the update time of the information about the face stored in the information storage card, and the information about the face of the information storage card corresponding to the update time and The image capturing time information is updated by the update processing means.

As a specific configuration of the access control system, the personal identification means collates information about a face read from the information storage card with information about a face generated based on the captured image. The similarity is calculated, and when the similarity is higher than the authentication threshold value, the user is authenticated as the card owner himself, and the update determination means is
When the similarity calculated by the person authenticating unit is lower than the update threshold set higher than the authentication threshold, it may be determined that the information about the face stored in the information storage card is at the update time. Good. In such a configuration,
The update time of the information storage card can be determined using the similarity calculated at the time of personal authentication.

Further, in the access control system, the information storage card is capable of storing information regarding the degree of similarity calculated by the personal authentication means.
The update determination means creates similarity transition data based on the information regarding the similarity stored in the information storage card,
The update time may be determined by comparing the current similarity estimated according to the similarity transition data with the update threshold. With this configuration, the update time of the information storage card can be determined using the transition data from the past to the present of the similarity calculated at the time of personal authentication.

As a concrete mode of the above-mentioned access control system, there is provided a card issuing device having the card issuing means, a personal authentication terminal device having the personal authentication means and the access control means, and the update judging means. May be provided in the personal authentication terminal device, and the update processing means may be provided in the card issuing device. Alternatively, the personal authentication means, the update determination means, and the update processing means may be provided in the card issuing device. Alternatively, the update determination means and the update processing means may be provided in the personal identification terminal device. According to this aspect, in the system configuration including the card issuing device and the personal authentication terminal device, the determination of the update time of the information storage card and the update process can be performed by either device.

As another specific mode of the above access control system, a card issuing device having the card issuing means, a personal authentication terminal device having the personal authentication means and the access control means, and the update An update terminal device having a processing means may be provided, and the update determination means may be provided in the personal authentication terminal device. Furthermore, the personal authentication means and the update determination means may be provided in the update terminal device. In this aspect, the update processing of the information storage card is performed in the update terminal device independent of the card issuing device and the personal authentication terminal device.

[0016]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing the configuration of an access control system according to an embodiment of the present invention. In FIG. 1, the present access control system includes, for example, a contactless IC card 1 as an information storage card, a card issuing unit 2 as a card issuing means for issuing a contactless IC card to a user, and a contactless possessed by a user who desires access. An identity authentication unit 3 as an identity authentication means for performing identity authentication using the IC card 1, an access control unit 4 as an access control means for performing access control of a user based on an authentication result at the identity authentication unit 3, An update determination unit 5 as an update determination unit that determines the update timing of the information stored in the information storage card 1 owned by the user who has been authenticated as the user, and the update determination unit 5
The update processing unit 6 as update processing means for updating the stored information of the non-contact IC card 1 determined to be in the update time.

Here, each of the above units constitutes a card issuing device, a personal authentication terminal device, and an updating terminal device, for example, by a combination as shown by a dotted line in the figure. The issuing unit 2 is provided in the card issuing device, and the personal authentication unit 3, the access control unit 4, and the update determination unit 5 are provided.
Is provided in the personal authentication terminal device, and the update processing unit 6 is provided in the update terminal device.

As shown in FIG. 2, for example, the card issuing unit 2 includes a camera 21 for picking up a face image of a user who is authorized to use the card as an object at the time of issuing the card, and a camera 21 for picking up the image. The display unit 22 for displaying the displayed image to the user of the subject, and, for example, facial feature amount data is generated as information about the face of the cardholder based on the captured image captured by the camera 21, and
For example, the image information generating unit 23 that generates a face image based on the captured image for generating the face feature amount data to be printed on the card surface as the image capturing time information to be recorded for confirmation at the time of authentication and the image information generating unit 23. Non-contact IC for facial feature data
The card reader / writer 24 integrally includes an information writing unit 24A to be written on the card 1 and an information printing unit 24B for printing the face image generated by the image information generation unit 23 on the non-contact IC card 1.

The display unit 22 is a general display device such as a CRT or a liquid crystal display, and has a camera 21.
The image captured in is input, and the input image is displayed. The image information generation unit 23 detects the face image portion of the subject from the captured image of the camera 21, generates face image data,
The generated face image data is compared with the face image data of a large number of other people stored in advance to calculate an evaluation value indicating the degree of dissimilarity, and the face image data is determined by comparing the evaluation value with a preset threshold value. The image data processing unit 23A, the feature amount creating unit 23B that generates face feature amount data to be stored in the non-contact IC card 1 based on the face image data determined by the image data processing unit 23A, and the image data processing unit 23A. A print image creating unit 23 that creates a confirmation face image to be printed on the surface of the non-contact IC card 1 based on the determined face image data.
With C and.

The image data processing unit 23A determines whether or not an image portion corresponding to a face exists in the image pickup area of the camera 21 from the input picked-up image by using a well-known image processing technique, and determines that a face image exists. If it is determined, the face image data determination process based on the evaluation value as shown in the flowchart of FIG. 6 or FIG. 7 described later is executed using the face image data. The facial feature amount data generated by the feature amount creating unit 23B is specifically, for example, the positional relationship among the eyes, nose, ears, and mouth of a valid user,
It consists of the outline of the face. Note that the face image data determined by the image data processing unit 23A may be directly stored as the face information stored in the non-contact IC card 1. In this case, the face image data may be directly output from the image data processing unit 23A to the card reader / writer 24,
The feature quantity creating unit 23B can be omitted.

The face image generated by the print image creating unit 23C is a face image that has been subjected to image processing such as dither diffusion or the like so that the user cannot be authenticated even if the printed image is captured as it is. The image capturing information printed on the non-contact IC card 1 may be any information as long as it can inform the user in what state the image was captured when the card was issued. It may be character information or the like suggesting such as. Further, when the face image is printed, the face image data determined by the image data processing unit 23A may be printed as it is. However, if security is taken into consideration, as in the present embodiment, the dither diffusion or the like is performed. It is desirable to print a face image that has undergone various image processing, that is, image processing in which the person is not recognized even if the image is captured as it is.

The non-contact IC card 1 issued by the card issuing unit 2 as described above is, for example, an IC card having a wireless communication function, and is the user the card owner himself who has the proper use authority? As information for authenticating whether or not the personal identification terminal device side is provided, at least a memory capable of writing personal identification information Ic and access right information Ia is provided, and a face image, characters, etc. as imaging information are displayed on the card surface. It has a printable structure.
Further, the non-contact IC card 1 uses information Is related to the similarity calculated at the time of personal authentication, which will be described later, specifically, a transition of the past similarity as information for determining the update time of the personal authentication information Ic. It is possible to store the indicated data and the like. The information storage card of the present invention is not limited to a non-contact type IC card, and known information storage cards such as a contact type IC card and a magnetic card can be used. A printing area may be provided on the surface of the.

The personal identification information Ic includes necessary information capable of identifying a valid cardholder, and includes at least information on a face generated from an image, for example, the above-mentioned face feature amount data. Is. The access right information Ia is, for example, information about a use right given to an authorized user by being input by an operator or the like who operates the card issuing unit 2 by operating a data input unit (not shown) or the like, and is a resource in the system. This is information indicating the range in which use is permitted. Specifically, for example, when used for access control in doors,
The access right information Ia is the identification information or the like about the room that is permitted to enter. Further, when used for access control at a ticket gate of a station, for example, well-known commuter pass data corresponds to the access right information Ia. In addition,
The access right information Ia in the present invention is not limited to the above specific example, and can be set appropriately according to the required access control.

The personal authentication unit 3 has a card information read / write section 31 for reading / writing information stored in the non-contact IC card 1 owned by the user and a card information read / write section 31 as shown in the left and center portions of FIG. 3, for example. The card information processing unit 32 that distinguishes the personal authentication information Ic, the access right information Ia, and the similarity transition data Is included in the storage information read in step 3 and outputs them to the corresponding units, and the face image data generation that generates the face image data. Section 33, an image display section 34 using a general display device such as a CRT or a liquid crystal display for displaying an image actually captured by the face image data generation section 33 to the user, and card information. A personal authentication processing unit 35 that authenticates the user based on the personal authentication information Ic from the processing unit 32 and the face image data from the face image data generation unit 33. Configured to include a.

The card information read / write unit 31 receives stored information transmitted from the non-contact IC card 1 held by the user via an antenna or the like (not shown), and outputs the received information to the card information processing unit 32. At the same time, the writing information sent from the card information processing unit 32 is sent to the non-contact IC card 1 via an antenna or the like. The card information processing unit 32 distinguishes various information included in the stored information in the non-contact IC card 1 received by the card information reading / writing unit 31, and outputs the personal authentication information Ic as the personal authentication processing unit 3
5, and outputs the access right information Ia to the access right processing unit 41 of the access control unit 4. The card information processing unit 32 also updates the similarity determination data Is included in the storage information of the non-contact IC card 1 to the update determination unit 5.
And the new similarity transition data obtained by the similarity estimation processing unit 51 are input, and the data is sent to the non-contact IC card 1 via the card information reading / writing unit 31.

The face image data generation unit 33 includes, for example, a camera 33A for capturing a face image of a user, an image input unit 33B for capturing an image captured by the camera 33A, and a face image captured by the image input unit 33B. A face detection unit 33C that detects an image portion corresponding to the user's face based on the above, and face feature amount data of the user is created based on the face image detected by the face detection unit 33C. Authentication processing unit 3
5 has a feature quantity creating unit 33D.

The camera 33A has a preset image pickup area, and the contactless IC card 1 is connected to the card information read / write section 3
An image pickup apparatus capable of picking up an image of the face of a user who holds it up to 1, and outputs the picked-up images to the image input unit 33B and the image display unit 34, respectively. As the image pickup area of the camera 33A, a fixed area designed so that the angle of view is narrowed so that the user's face can be taken large and accurate authentication processing is possible is set. The camera 33A may be provided with a function (for example, auto focus) for appropriately capturing an image in a fixed image capturing area. Regarding the arrangement configuration of the camera 33A and the image display unit 34, for example, a half mirror or the like not shown is arranged between the user and the camera 33A, and the image displayed on the image display unit 34 is reflected by the half mirror or the like and used. It is configured so that it can be seen by a person. Further, at the time of personal authentication, the non-contact IC card 1 and the display image that is viewed by the user through a half mirror or the like are displayed.
So that the print information of is in the same field of view of the user,
A card information read / write unit 31 and an image display unit 34 are arranged. The camera 33 in the personal identification unit 3
The arrangement configuration of A, the image display unit 34, and the card information read / write unit 31 is not necessarily limited to the above example.

The image input unit 33B temporarily accumulates the image data sent from the camera 33A and stores it in the face detection unit 33.
Output to C. The face detection unit 33C uses the image data of the image input unit 33B to determine whether or not an image portion corresponding to the user's face exists in the image pickup area of the camera 33A using a known image processing technique. . If there is an image portion corresponding to the face of the user, the face image is sent to the feature quantity creating unit 33D. The feature amount creation unit 33D includes a face detection unit 33C.
User's eyes, using the face image sent via
Information relating to the positional relationship between the nose, ears, and mouth, the contour of the face, and the like is extracted and used as the facial feature amount data of the user to identify the person.
Output to.

The personal authentication processing unit 35 collates the face characteristic amount data of the personal authentication information Ic from the card information processing unit 32 with the characteristic amount data created by the characteristic amount creating unit 33D of the face image data generating unit 33. Then, the degree of similarity is calculated, and only when the degree of similarity is equal to or higher than a predetermined authentication threshold (matching match), the contactless IC card 1 is read by the card information reading / writing unit 3
The user who holds up to 1 authenticates with the card holder who has the right to use the right, and the authentication result is the access right processing unit 4
Tell 1.

Whether the access control unit 4 gives an access right according to the access right information Ia from the card information processing unit 32 and the authentication result in the personal authentication processing unit 35, as shown in the upper right of FIG. 3, for example. An access right processing unit 41 for determining whether or not the access right processing unit 41 and an access control unit 42 for performing required access control according to the determination result of the access right processing unit 41.

The access right processing unit 41 determines whether the access right information Ia from the card information processing unit 32 corresponds to the access control performed by the access control unit 42. Then, when it is determined that the access right information Ia corresponds, the identity authentication processing unit 35.
The access control unit 42 is instructed to permit access only to the user who has been authenticated as the user according to the authentication result. On the other hand, in cases other than the above, the access control unit 42 is instructed to disallow the user's access.

The access control unit 42 follows the instruction from the access right processing unit 41 to contactless IC card 1
The access control for the user holding the card information reading / writing unit 31 is performed. Update determination unit 5
For example, as shown in the lower right of FIG. 3, similarity estimation that creates new similarity transition data using the similarity transition data Is from the card information processing unit 32 and the similarity from the person authentication processing unit 35. Processing unit 51 and similarity estimation processing unit 51
An update determination unit 52 that determines the update time by comparing the current similarity estimated based on the similarity transition data created in 1. with a preset update threshold.

The similarity estimation processing unit 51 receives the past similarity transition data Is stored in the non-contact IC card 1 via the card reading / writing unit 31 and the card information processing unit 32 of the personal authentication unit 3 here. At the same time, the current similarity calculated in the personal authentication processing 35 is received, and the current similarity is added to the past similarity transition data Is to newly create the similarity transition data Is. This new similarity transition data Is is output to the update determination unit 52 and also to the card information processing unit 32, and the non-contact IC card 1 is output.
The data stored in the memory is rewritten.

The update determination unit 52 is a similarity estimation processing unit 51.
The current similarity is estimated based on the similarity transition data created in 1. When the estimated similarity becomes lower than the update threshold, the personal authentication information Ic stored in the non-contact IC card 1
It is determined that (specifically, the face feature amount data) is at the update time. Then, the update determination unit 52 uses the display unit 34 of the personal authentication unit 3 here, for example,
Information that prompts the user to update the stored information of the C card 1 is displayed to the user.

As shown in FIG. 4, for example, the update processing unit 6 uses a camera 61 for picking up a face image of a user who receives the update of the non-contact IC card 1 and a subject for which the image picked up by the camera 61 is used. Based on the display unit 62 displayed to the user and the captured image captured by the camera 61, image information for generating face feature amount data as information related to the face of the cardholder himself and a confirmation face image as capturing time information. The generation unit 63, a stored information update unit 64A that updates the facial feature amount data stored in the non-contact IC card 1 to the facial feature amount data generated by the image information generation unit 63, and confirmation printed on the non-contact IC card 1. The card reader / writer 64 integrally includes a print information updating unit 64B that erases the face image for use and reprints the face image generated by the image information generating unit 23.

The camera 61, the display section 62 and the image information generating section 63 have the same configurations as the camera 21, the display section 22 and the image information generating section 23 of the card issuing unit 2 described above, respectively. In addition, the card reader / writer 64
Storage information update unit 64A and print information update unit 64B
Corresponds to the information writing unit 24A and the information printing unit 24B of the card reader / writer 24 in the card issuing unit 2 described above, respectively, and has a function of updating stored information and print information. Are different.

Next, the operation of the access control system of this embodiment will be described. First, the card issuing processing operation by the card issuing unit 2 will be described based on the flowcharts of FIGS. The operation of the card issuing unit 2 when issuing a card is performed by, for example, an operator. In step 1 (indicated by S1 in the figure and the same applies hereinafter), the power of the camera 21 and the display unit 22 is turned on by the operator's startup operation of the card issuing unit 2. The user who receives the card is the camera 2
When standing (or sitting) in front of 1, the camera 21 starts imaging the user as shown in steps 2 and 3, and the display unit 22 starts displaying the image of the user. Thereby, the user can adjust the posture so that the face moves while looking at the screen of the display unit 22. The image captured by the camera 21 is input to the image data processing unit 23A.

In step 4, the image data processing unit 23A
At, it is determined whether or not a face is detected from the input image. If a face is detected, the process proceeds to step 5. If the face is not detected, the display unit 22 displays a guide for prompting the user to adjust the posture, and the operations of steps 2 to 4 are repeated until the face is detected. Step 5
Then, an evaluation value indicating the degree of dissimilarity with another person is calculated for the obtained face image data, and the non-contact IC is calculated based on the evaluation value.
Face image data determination processing as shown in the flow charts of FIGS. 6 and 7 for determining whether or not to adopt as face image data to be stored and printed in the card 1 is executed. This face image data determination processing operation will be described later. here,
The adopted face image data is output to the feature amount creating unit 23B and the print image creating unit 23C, respectively.

Then, as shown in Steps 6 and 7, the feature amount creating section 23B creates face feature amount data such as the positional relationship between the eyes, nose, ears, and mouth of the user, the contour of the face, etc., and creates a print image. The unit 23C performs image processing such as dither diffusion on the face image data to generate a print image, and outputs the print image to the card reader / writer 24, respectively. In step 8, the contactless IC card 1 inserted into the card reader / writer 24 by the operator
, The information writing unit 24A writes the face feature amount data generated in step 6, and the information printing unit 24B
The print image generated in step 7 is printed. At this time, required personal authentication information and access right information Ia other than the face image that can identify the user are simultaneously written by an operator's input operation or the like. The non-contact IC card 1 on which the personal identification information Ic and the access right information Ia have been written and the face image has been printed is handed to a user who has a proper use right.

A specific example of the above-mentioned face image data determination processing in the image data processing unit 23A will be described. The face image data determination processing is performed by calculating the evaluation value of a plurality of face image data and then selecting the most suitable image from among the evaluation values, and whether or not to adopt it each time the evaluation value of one face image data is calculated. A method of judging can be considered.

An example of the former method will be described with reference to the flowchart of FIG. In step 11, the process waits until face image data is input. When it is determined that there is face image data, in step 12, face feature amount data is generated from the face image data. In step 13, the evaluation value of the generated facial feature amount data is calculated. For example, the generated facial feature amount data of the user is individually compared with the facial feature amount data of a large number of other persons registered in advance, the ratio (%) of the dissimilarity degree is calculated for each, and all calculated values are added. Then, the added value is used as the evaluation value of the face image data.

In step 14, it is determined whether or not the number of face image data has reached a predetermined number (for example, 20) which has been set in advance. Select. In step 16, the evaluation value and the threshold value are compared, and if the evaluation value> the threshold value, step 1
7, the face image data is saved. If the evaluation value is not greater than the threshold value, a message such as "Please change your facial expression" is displayed on the display unit 22 although not shown, or the user is prompted to make a different facial expression. After the input of a different predetermined number of face image data, the operations of steps 11 to 16 are repeated.
This operation is repeated until the determination in step 16 becomes YES.

In this way, if the face image data that most easily identifies the person is selected after the evaluation values of the plurality of face image data are calculated, the person authentication accuracy in the person authentication unit 3 can be improved. It is possible to improve security. Next, an example of the latter method will be described with reference to the flowchart of FIG. The operations of steps 21 to 23 are the same as the operations of steps 11 to 13 in the former method of FIG.

In the next step 24, the evaluation value and the threshold value are immediately compared, and if the evaluation value> the threshold value, in step 25,
The face image data is saved, output to the feature amount creating unit 23B and the print image creating unit 23C, and the process ends. If the evaluation value is not greater than the threshold value, a message such as "Please change your facial expression" is displayed on the display unit 22 as in the case of FIG. 6, or the user is given a different facial expression according to the operator's instruction. And waits for the input of different face image data, and repeats the operations of steps 21 to 24 again. This operation is repeated until the determination in step 24 becomes YES.

As described above, if it is determined whether or not to adopt the face image each time the evaluation value of one face image data is calculated, the processing time of card issuance can be shortened as compared with the processing method of FIG. It can be shortened. However, step 24
If the number of repetitions until the determination of YES is made is too large, on the contrary, the card issuing process may take a long time. Therefore, it is desirable to set the upper limit of the number of repetitions in advance.

Next, a personal authentication unit 3 for performing personal authentication with the non-contact IC card 1 created as described above.
And the operation of the access control unit 4 that performs access control according to the result of personal authentication will be described based on the flowchart of FIG. In step 31,
Flag F1 = F2 when the personal authentication unit 3 is turned on
Initialize to = 0. In addition, the card information read / write unit 31
Also, the power of the camera 33A is turned on, and it stands by in a state where information can be read and images can be captured at all times.

At step 32, it is detected whether or not there is a user who wants to be authenticated. When the presence is detected, at step 33 the display unit 34 is turned on. When the user's image is displayed on the display unit 34, the user looks like the printed image while comparing the printed image of the non-contact IC card 1 with the screen. At this time, if the image pickup by the camera 33A and the image display by the display unit 34 are coaxially performed for the user by using a half mirror or the like, the user can easily and accurately adjust the facial expression. You can Further, the camera 21 and the display unit 22 on the card issuing unit 2 side, and the camera 33A and the display unit 3 on the personal authentication unit 3 side.
4 has the same layout and has no contact with the captured image I
If the card information read / write unit 31 is arranged so that the print information of the C card 1 exists within the same field of view of the user so that the image pickup screen and the print image can be confirmed without moving the line of sight during personal authentication, the card It becomes easy for the personal authentication unit 3 to capture an image of the same posture and expression as the image captured on the issuing unit 2 side, and the facial feature amount data registered in the non-contact IC card 1 and the personal authentication unit 3 side are generated. The accuracy of collation with the facial feature amount data that is obtained increases, and the security can be improved by improving the accuracy of personal authentication. It should be noted that the card information read / write unit 31 determines whether or not there is a user by the contactless IC card
Is determined or whether or not the camera 33A has captured an image of the user.

When the determination of YES in step 32 is made by the camera 33
When the captured image is input from A, the determination in step 34 is YES, and in step 35, the user sets the camera 33.
The flag F1 = 1 is set to store that the image was captured in A. In step 36, it is determined whether or not a face is detected from the input image by the image processing similar to that in the card issuing processing, and if detected, the process proceeds to step 37. When the face is not detected, the display unit 34 displays guidance for prompting the user to adjust the posture, and then waits until the face is detected.

In step 37, the flags F1 and F2 are judged. In this case, the flag F1 == 1, but the flag F2 = 0. Therefore, the determination is NO, and the contactless IC card 1 owned by the user is stored in the card information read / write unit 31.
A guide for prompting the user to move closer to is displayed on the display unit 34, and the process proceeds to step 38. In step 38, it is determined whether the card information read / write unit 31 has communicated with the non-contact IC card 1. When the communication is made, the flag F2 = 1 is set to store the fact that the card information read / write unit 31 has made communication with the non-contact IC card 1 in step 39, and step 4
Go to 0. If no communication is made, the flag F1 is determined in step 46. In this case, since the user is previously imaged by the camera 33A, F1 = 1, so the process returns to step 38.

In step 40, the card information read / write unit 31 waits until the reading of the stored information in the non-contact IC card 1 is completed, and when the reading is completed, step 41.
Then, the flag F1 and F2 are determined. In this case, the flag F1 = F2 = 1, so the routine proceeds to step 42.
In step 42, the facial feature amount data of the user generated based on the image captured by the camera 33A and the non-contact IC card 1
Authentication processing is performed by matching with the face feature amount data of the card owner himself read from the.

The face authentication processing of the user in the personal authentication processing section 35 is performed by specifically using the face characteristic amount data of the user based on the captured image and the face characteristic amount data read from the non-contact IC card 1. The degree of similarity is obtained by collation, and it is determined whether or not the degree of similarity exceeds a preset authentication threshold value. If the degree of similarity exceeds the threshold value, the user is authenticated as the cardholder himself.

If the collation result in step 42 is authenticated as the person in question, the determination in step 43 is YES, and the authentication result is the access right processing section 41 of the access control unit 4.
And the similarity degree obtained by the personal authentication processing section 35 is transmitted to the similarity degree estimation processing section 51 of the update determination unit 5. Then, the access right processing unit 41 determines whether or not the access right information Ia read from the non-contact IC card 1 corresponds to the access control performed by the access control unit 42, and the user has a valid access right. Is confirmed to have step 4,
At 4, a permission output of a predetermined process is generated.

On the other hand, the personal identification processing section 35 judges that the user is not the cardholder himself, or
If the access right processing unit 41 determines that the user does not have a valid access right, the access of the user is denied. In addition, YES in step 32 described above.
If the determination is based on the communication between the card information read / write unit 31 and the non-contact IC card 1, step 34, step 4
5, step 38, and step 39, and the flag F2 = 1 is set in step 39. After that, the process proceeds to step 40 and step 41, and the flags F1 and F
Judgment of 2. In this case, since the flag F2 = 1 but the flag F1 = 0, the determination is NO, and the display unit 34 is provided with a guide or the like for urging the user to adjust the posture so that the user is positioned toward the front of the camera 33A. Display and step 3
Go to 4.

In step 34, the user uses the camera 33A.
It is determined whether or not the image has been captured in step.
Proceed to step 36 and step 37 in order, and flag F
The determination of 1 and F2 is performed. In this case, the flag F1 = F2 =
Since it is 1, the operations after step 42 are executed. If not, the flag F2 is determined in step 45. In this case, since the communication with the non-contact IC card 1 has been made earlier, F2 = 1, so the process returns to step 34.

Next, the operation of the update judgment unit 5 for judging whether the stored information of the non-contact IC card 1 of the user who has been authenticated as the card holder himself is in the update time will be explained based on the flowchart of FIG. . In step 51, it is determined whether or not the past similarity transition data Is from the card information processing unit 32 and the similarity from the person authentication processing unit 35 are input to the similarity estimation processing unit 51 of the update determination unit 5, When it is determined that each input is present, the process proceeds to step 52.

In step 52, the similarity estimation processing section 51
In, new similarity transition data Is is created using the past similarity transition data Is and the current similarity. This similarity transition data Is is specifically, for example, as shown in FIG.
As shown in the conceptual diagram of No. 3, each of the degrees of similarity (each circle in the figure) obtained after the personal authentication information Ic (face feature amount data) is registered in the non-contact IC card 1 to the present The data is data (solid line in the figure) in which the change is estimated by performing statistical processing such as moving average.

In step 53, the similarity estimation processing section 51
The similarity transition data Is created in (4) is sent to the update determination unit 52, and the current estimated value of the similarity is determined based on the similarity transition data Is. Then, in step 54, the current estimated value of the degree of similarity and the update threshold value are compared, and if the estimated value is lower than the update threshold value, it is determined that the update time is reached, and the process proceeds to step 55. If is greater than or equal to the update threshold, it is determined that the update time has not been reached, and the routine proceeds to step 56. Note that the above determination of the update time is based on the assumption that the current estimated value of the degree of similarity is higher than the authentication threshold value. This is, for example, another person's non-contact IC card 1
Non-contact with users etc. who have authenticated themselves by using I
This is for avoiding urging to update the stored information of the C card 1. Therefore, the determination of the update time is conditional on the current estimated value of the similarity being equal to or higher than the authentication threshold and lower than the update threshold, as shown by the dotted line in FIG. 10.

At step 54, the information for prompting the user to update the stored information of the non-contact IC card 1 is displayed on the personal identification unit 3 here. It is displayed using the section 34. At the same time, in step 55, the new similarity transition data Is obtained by the similarity estimation processing unit 51.
Is transmitted to the card information processing unit 32, and rewriting processing of the similarity transition data stored in the non-contact IC card 1 is performed via the card information reading / writing unit 31.

The user who is urged to update the stored information of the non-contact IC card 1 as described above is the non-contact I here.
The user carries the C card 1 and goes to the update terminal device to update the stored information. Hereinafter, the update processing unit 6
The operation will be described with reference to the flowchart of FIG.
In step 61, the power of the camera 61 and the display unit 62 is turned on by the detection of the user who desires the update process or the startup operation of the update processing unit 6 by the operator.
N. The user who receives the update process is the camera 6
When standing (or sitting) in front of 1, in the same manner as the operation of the card issuing unit 2 described above, step 62,
As shown at 63, the image pickup of the user by the camera 61 is started, the display of the image of the user by the display unit 62 is started, and in step 64, the face detection processing from the input image is performed. In step 65, an evaluation value for the obtained face image data is calculated, and the non-contact I is calculated based on the evaluation value.
A process of determining whether or not to adopt as face image data to be stored and printed in the C card 1 is executed. The face image data determination processing is also the same as in the case of the card issuing unit 2 described above.

The face image data adopted in step 65 is output to the feature quantity creating section 63B and the print image creating section 63C, respectively, and as shown in steps 66 and 67, the feature quantity creating section 63B creates face feature quantity data. Then, the print image creation unit 63C generates print images by performing image processing such as dither diffusion on the face image data, and outputs the print images to the card reader / writer 64, respectively.

In step 68, the non-contact I inserted in the card reader / writer 64 by the user or operator.
The stored information update unit 64A rewrites the face feature amount data generated in step 66 on the C card 1, and the face image printed on the non-contact IC card 1 is temporarily displayed by the information printing unit 24B. After being erased, the print image generated in step 67 is reprinted. The non-contact IC card 1 for which the update of the facial feature amount data and the print image has been completed is handed to a user who has an authorized use right.

Although a case has been described here where the update processing unit 6 performs only the update processing of the facial feature amount data and the print image, the present invention is not limited to this. For example, the update processing as described above is performed. In the same manner as when the card is issued, according to the operator's operation, it is possible to update the information for personal authentication other than the face feature amount data and the access right information Ia at the same time.

As described above, according to the present embodiment, the access control system is provided with the update determination unit 5 and the update processing unit 6 to automatically determine and use the update time regarding the stored information of the non-contact IC card 1. By urging a person to update and updating the facial feature amount data stored in the non-contact IC card 1 and the print image for confirmation, the user's face may change with time or be reshaped. Since it is possible to prevent deterioration of the personal authentication accuracy, it is possible to realize reliable access control by personal authentication.

In the above-described embodiment, regarding the update timing determination processing in the update determination unit 5, the similarity transition data Is is created by statistical processing to estimate the current similarity. However, the present invention is not limited to this. Not limited to this, for example, the similarity calculated at the time of personal authentication may be used as it is and compared with an update threshold to determine the update time. In this case, the accuracy of determining the update time may be affected by the variation in the degree of similarity at the time of personal authentication, but it is not necessary to sequentially store the information regarding the degree of similarity in the past in the non-contact IC card 1. The processing speed can be improved.

Further, in the configuration example of the access control system shown in FIG. 1 described above, the contactless I by the update terminal device independent of the card issuing device or the personal authentication terminal device.
Although the update processing of the C card 1 is performed, for example, as shown in FIG.
As shown in FIG. 2, the update processing unit 6 may be provided side by side with the card issuing device without separately providing the update terminal device so that the contactless IC card 1 is issued and updated by the common card issuing device. Good. In the configuration of the card issuing device in this case, for example, as shown in FIG. 13, the card issuing unit 2 and the update processing unit 6 can have a common configuration having the same function. Specifically, the camera 21, the display unit 22, and the image information generation unit 23 of the card issuing unit 2 are shared with the update processing unit 6, and the card reader / writer 24 of the card issuing unit 2 has an information writing update function having an update function. Card reader / writer 24 'having section 24A' and information print update section 24B '
By applying, it becomes possible to share with the update processing unit 6.

Further, regarding the system configuration shown in FIG. 12 described above, for example, as shown in FIG. 14, a personal authentication unit 3 and an update determination unit 4 similar to the personal authentication terminal device are installed in the card issuing device. You may In this case, for example, before the user who has not used the non-contact IC card 1 for a long period of time or the user who has performed shaping or the like goes to the personal authentication terminal device and receives access control, the memory of the non-contact IC card 1 is stored. This is convenient because the necessity of update processing can be determined on the spot when the card issuing device checks whether the information is valid or not. The configuration in which the identity authentication unit 3 and the update determination unit 5 are provided together with the update processing unit 6 is also effective when the update terminal device as shown in FIG. 1 described above is provided independently. A configuration example is shown in FIG.

Further, the update processing of the non-contact IC card 1 is as follows.
This is not limited to the case where the update terminal device or the card issuing device is used, and as shown in FIG. 16, for example, a contact processing unit 6 is provided in the personal authentication terminal device, and the update determination unit 5 determines that the update time is reached. The stored information of the IC card 1 may be updated on the spot. In addition, regarding the application example of the system configuration of FIG. 1 shown in each of FIGS. 12 to 16 as described above, a combination of the configurations, that is, at least two of the card issuing device, the update terminal device, and the personal authentication terminal device. Non-contact in one or more devices I
The system configuration may be such that the C card 1 can be updated.

[0068]

As described above, the access control system of the present invention stores the information stored in the information storage card for the user who is authenticated as the card owner himself using the stored information in the information storage card. The update time of the face information is determined based on the collation result at the time of personal authentication, and the face information and the imaging information stored in the information storage card corresponding to the update time are updated to at least new information. As a result, it is possible to prevent the accuracy of the personal authentication from being deteriorated due to the change of the user's face over time, the influence of shaping, etc. Therefore, it is possible to realize the reliable access control by the personal authentication.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of an access control system according to an embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration example of a card issuing unit in the above embodiment.

FIG. 3 is a block diagram showing a configuration example of a personal authentication unit, an access control unit, and an update determination unit in the above embodiment.

FIG. 4 is a block diagram showing a configuration example of an update processing unit in the above embodiment.

FIG. 5 is a flowchart illustrating an operation of the card issuing unit in the above embodiment.

6 is a flowchart illustrating an example of a face image data determination processing operation in the card issuing processing operation of FIG.

7 is a flowchart illustrating another example of the face image data determination processing operation in the card issuing processing operation of FIG.

FIG. 8 is a flowchart illustrating the operations of the personal authentication unit and the access control unit in the above embodiment.

FIG. 9 is a flowchart illustrating an operation of the update determination unit in the above embodiment.

10 is a conceptual diagram showing an example of similarity transition data in the update timing determination operation of FIG.

FIG. 11 is a flowchart illustrating an operation of the update processing unit in the above embodiment.

FIG. 12 is a block diagram showing an example of a system configuration in which an updating process is performed by a card issuing device in relation to the above embodiment.

13 is a configuration diagram showing a specific example of a card issuing device in the configuration example of FIG.

FIG. 14 is a block diagram showing another system configuration example in which the card issuing device performs the update processing in relation to the above embodiment.

FIG. 15 is a block diagram showing an example of a system configuration in which an update terminal device performs personal authentication and determination of update time in relation to the above embodiment.

FIG. 16 is a block diagram showing an example of a system configuration in which a personal authentication terminal device performs update processing in relation to the above embodiment.

[Explanation of symbols]

1 Non-contact IC card 2 card issuing units 3 Personal authentication unit 4 Access control unit 5 Update judgment unit 6 Update processing unit 21, 33A, 61 camera 22, 34, 62 Display 23, 63 Image information generator 23A, 63A image data processing unit 23B, 63B feature quantity creation unit 23C, 63C print image creation unit 24, 64 card reader / writer 24A Information printing section 24A 'information writing / updating unit 24B Information writing section 24B 'information printing update unit 31 Card information read / write section 32 Card Information Processing Department 33 Face Image Data Generation Unit 33 35 Personal Authentication Department 41 Access Right Processing Unit 42 Access control section 51 similarity estimation processing unit 52 Update determination unit 64A storage information update unit 64B Print information update unit

Front page continuation (51) Int.Cl. ⁷ Identification code FI theme code (reference) G06T 1/00 340 G06K 19/00 S (72) Inventor Masamaru Maruyama 1836-1 Otani, Emi, Kuki City, Saitama Prefecture This signal F term in Kuki office (reference) 5B035 AA13 AA14 BB09 BC01 CA11 CA31 5B057 DA11 DB02 DC16 DC34 DC36 DC39 5B058 CA01 KA02 KA08 KA11 KA31 KA38 YA02 YA03 5B085 AE12 AE25

Claims (9)

[Claims] 1. An information storage card that stores at least information about a face generated from face image data of an owner, information about an access right, and information at the time of image capturing of a captured image used to generate the face image data, The stored information read from the information storage card possessed by the user who desires access is collated with the information about the face generated based on the image obtained by capturing the user, and the user owns the card. In an access control system that authenticates whether the user is the person himself or not, and controls whether or not the access of the user is permitted according to the result of the person authentication, Whether or not the information about the face stored in the information storage card is at the update time is determined based on the verification result at the time of the authentication, and the information storage card corresponding to the update time is determined. An access control system comprising a means for updating at least information on a stored face and information on imaging. 2. Card issuing means for issuing the information storage card, information about a face generated based on an image obtained by capturing an image of a user who possesses the information storage card issued by the card issuing means, A personal authentication means for verifying whether or not the user is the card owner himself by collating with the information about the face read from the information storage card, an authentication result by the personal authentication means, and the information storage card. Access control means for controlling whether or not to permit the user's access according to the stored information of the face, and the face stored in the information storage card possessed by the user authenticated by the person authenticating means. Update determining means for determining whether or not the information regarding the update time is based on the collation result at the time of the authentication, and the information storage card determined to be in the update time by the update determining means. The access control system according to claim 1, further comprising update processing means for updating at least the stored face-related information and image-capturing information. 3. The personal authentication means collates information about a face read from the information storage card with information about a face generated based on the captured image to calculate a similarity,
When the degree of similarity is higher than the authentication threshold, the user is authenticated as the cardholder himself, and the update determination means is similar to the similarity calculated by the person authentication means higher than the update threshold set higher than the authentication threshold. The access control system according to claim 2, wherein when the frequency is low, it is determined that the information about the face stored in the information storage card is at the time of update. 4. The information storage card is capable of storing information regarding the degree of similarity calculated by the personal identification means, and the update determining means is based on the information regarding the degree of similarity stored in the information storage card. Create similarity transition data,
The access control system according to claim 3, wherein the update time is determined by comparing the current similarity estimated according to the similarity transition data with the update threshold. 5. A card issuing device having the card issuing means, and a personal authentication terminal device having the personal authentication means and the access control means, wherein the update determining means is provided in the personal authentication terminal device,
The access control system according to claim 2, wherein the update processing unit is provided in the card issuing device. 6. A card issuing device having the card issuing means, and a personal authentication terminal device having the personal authentication means and the access control means, wherein the personal authentication means, the update judging means and the update processing means are provided. The access control system according to any one of claims 2 to 4, wherein the access control system is provided in the card issuing device. 7. A card issuing device having the card issuing means, and a personal authentication terminal device having the personal authentication means and the access control means, wherein the update judging means and the update processing means are the personal authentication terminals. The device is provided in the device.
4. The access control system according to any one of 4. 8. A card issuing device having the card issuing means, a personal authentication terminal device having the personal authentication means and the access control means, and an update terminal device having the update processing means, the update determining means. The access control system according to claim 2, wherein the access control system is provided in the personal authentication terminal device. 9. The access control system according to claim 8, wherein the personal authentication means and the update determination means are also provided in the update terminal device.