JP2005115485A - Authentication system and computer readable storage medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication system and a computer readable storage medium by which a person to be authenticated can be clearly grasped at the time of authentication by storing the face information of the person to be authenticated and the unauthorized use or the like of a target device can be prevented. <P>SOLUTION: Since the face information of a person to be authenticated which is photographed by a camera 11 at the time of authentication or the face information of a device user at the operation of the device or the occurrence of an event after authentication is stored in a history file as a history, an authentication trouble at the time of authentication or the substitution of a person after authentication can be clearly grasped and a suppression effect to the unauthorized use can be also generated. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an authentication system for authenticating whether a person who uses a device is a user who is permitted to use the device in advance, and a computer-readable storage medium used in the authentication system.

  Generally, when using a device having highly confidential information such as a computer system, use permission is given only to a user specified in advance from the viewpoint of security. In this case, an authentication system is required to authenticate whether or not the user who intends to use the device (hereinafter referred to as a user) is an authorized user. Various authentication methods have been proposed and implemented for this type of authentication system.

  Until now, a password authentication method has generally been used as an authentication method at the time of logon in a computer system. However, with the password method, there is a problem that a password is stolen or a simple password (such as a person's name or date of birth) is easily broken.

  Therefore, as another method, so-called face authentication is performed, in which face image information of the person to be authenticated is registered and verified against the face image information captured by the camera at the time of authentication. A method has come to be adopted (for example, see Patent Document 1).

  This face authentication method is effective as personal authentication means, but image information may change depending on the face shooting environment. If the authentication threshold is set low to increase the authentication rate, another person is authenticated as the person. There is a possibility of accepting so-called others. In addition, when using the device after authentication, another person may perform an operation on behalf of the user, or the device user at the time of the event may be another person other than the user.

Conventionally, even if such a situation occurs, it is difficult to grasp in a clear form, and if any problem occurs, it may be difficult to investigate the cause.
JP-A-11-316836

  As described above, it is difficult to grasp in a clear form even if another person is accepted at the time of authentication or a change in the identity of the person after the authentication occurs.

  An object of the present invention is to store an authentication target person's face information as a history so that the authentication target person can be grasped in a clear form and the unauthorized use of the target device can be prevented and a computer-readable It is to provide a storage medium.

  The authentication system according to the present invention is an authentication system for authenticating whether a person who uses a device is a user who is permitted to use the device in advance, and the face information of the user who is permitted to use the device is registered in advance. Authentication is performed by comparing a registered dictionary, a camera that captures the face of the device use target person to obtain face information, and the face information of the device use target person captured by the camera and the face information registered in the face registration dictionary The authentication processing means for outputting the result, and the history for storing at least the authentication time and the face information of the device use target person photographed by the camera in the history file regardless of the authentication result when the authentication processing means performs the authentication. And storage means.

  In the present invention, the face registration dictionary registers a plurality of pieces of face information for each user photographed in different environments in association with pattern names representing the photographing environment, and the history storage means includes authentication processing means. The pattern name corresponding to the face information of the user specified in (1) may also be stored in the history file.

  Further, in the present invention, the history storage means, when authenticated by the authentication processing means, when an operation is performed on a preset item among the operation items for the device, the device user who is shooting the camera during this operation The face information may be stored in the history file together with the operation time and the operation item name.

  In addition to the authentication by the authentication processing means, the history storage means, when a preset event occurs among the events occurring in the device, the face information of the device user photographed by the camera when the event occurs is You may make it preserve | save in a history file with generation | occurrence | production time and event title.

  Furthermore, the history storage means can arbitrarily select the timing for storing the face information of the device user photographed by the camera in the history file.

  A computer-readable storage medium according to the present invention is a computer-readable storage medium used in an authentication system for authenticating whether a user of a device is a user who is permitted to use the device in advance, and constitutes the authentication system. The computer that registers the face information of the user permitted to use in the face registration dictionary in advance, and collates the face information of the device usage target photographed by the camera with the face information registered in the face registration dictionary. When the authentication result is output and authentication is performed, a program is stored that stores at least the authentication time and the face information of the device usage target photographed by the camera in the history file regardless of the authentication result.

  In addition, the program stored in the storage medium is registered in a face registration dictionary realized by a computer in which a plurality of pieces of face information per user photographed in different environments are associated with pattern names representing the photographing environment. The history storage also stores the pattern name corresponding to the face information of the user specified by the verification authentication in the history file.

  The program stored in the storage medium is stored in the history realized by the computer, when authentication is performed by collation authentication, and when an operation is performed on a preset item among the operation items for the device, The face information of the device user who is shooting with the camera is stored in the history together with the operation time and the operation item name.

  In addition, the program stored in the storage medium is stored in the history realized by the computer, when authentication is performed by verification authentication, and when a preset event occurs among the events occurring in the device, the camera is The face information of the device user who is photographing is stored in the history together with the event occurrence time and the event title.

  Furthermore, the program stored in the storage medium can arbitrarily select the timing when the history saving realized by the computer saves the face information of the device user photographed by the camera in the history.

  In these inventions, the face information of the person to be authenticated at the time of authentication photographed by the camera or the device user at the time of device operation or event occurrence after authentication is stored in the history file as a history. It is possible to grasp the authentication failure and the change after authentication in a clear form, and the deterrent effect is also produced.

  According to the present invention, authentication target person face information or authenticated device user face information is stored as a history, so that it is possible to grasp in a clear manner an authentication failure or change of person.

  Hereinafter, an embodiment of an authentication system according to the present invention will be described with reference to the drawings.

  In this embodiment, a personal computer (hereinafter referred to as a personal computer) is exemplified as a specification target device, and a case where authentication of a target user at the time of logon is performed will be described as an example. It is assumed that the authentication system is programmed in a personal computer that is a logon target device with package software or the like.

  In FIG. 1, 11 is a camera, and 12 is a signal processing unit, which captures a face 13 of a device use target person (authentication target person) and outputs image information based on a command from the controller 14. As the camera 11, a commercially available camera such as a USB camera may be used. The camera 11 is attached to a position where a front image of the face of the personal computer user can be taken, such as an upper part of the personal computer display.

  The controller 14 is constituted by a control unit of a personal computer, and is connected to an input means 15 such as a keyboard for inputting various information. This input means 15 is used to input a user name and a password for confirming that the user is an authentication person when registering face information of a user (authentication person) who is permitted to use the device in advance.

  Reference numeral 16 denotes a face registration dictionary for holding and specifying user face information as authentication data, which is created in advance prior to authentication. In the face registration dictionary 16, a plurality of pieces of face information taken by a user (authenticating person) in a plurality of different environments are registered per user. That is, the image information (face information) captured by the camera 11 and output from the signal processing means 12 in a plurality of different environments for each user, for example, indoors, company offices, outdoors, conference rooms, etc. Based on the control of No. 14, the pattern names 16a, 16b, 16c,.

  An authentication processing unit 18 operates at the time of authentication based on the control of the controller 14, and is read from the face registration dictionary 16 and the image information of the face 13 of the person to be authenticated that is captured by the camera 11 and output from the signal processing unit 12. It is a collation engine which collates with the user's face information made. The face information read from the face registration dictionary 16 is a plurality of pieces of face information that are photographed in patterns different from each other for each user and registered together with the pattern name, and the authentication processing means 18 has the highest similarity among them. Identify high face information.

  Reference numeral 19 denotes use permission means for specifying the user based on the face information specified by the authentication processing means, specifying the password, and logging on the personal computer.

  Here, in the face registration dictionary 16, a plurality of pieces of face information photographed in a plurality of different environments are registered for each user for the following reason. That is, when the personal computer is a portable computer, it is used in different environments such as outdoors as well as indoors. For example, since the ambient light environment differs greatly between indoors and outdoors, there is a difference in the captured image information. For this reason, when face information photographed indoors is registered, there is a case in which even if it is collated with face information photographed outdoors, there is a difference between both pieces of image information, and it may not be possible to authenticate the same person.

  However, if face information photographed under a plurality of different environments is registered in the face registration dictionary 16 as face information of the authentication person, it is input from the camera at the time of authentication regardless of where the authentication is performed. It is possible to compare the face information of the person to be authenticated with the face information of the authentication person photographed in the same environment, and authentication errors such as acceptance of others are reduced. For this reason, a plurality of pieces of face information taken in different environments are registered for one authentication person.

  A history storage unit 20 stores the face information of the device usage target photographed by the camera 11 and output from the signal processing unit 12 in the history file 21. The timing for storing the face information is when authentication by the authentication processing means 18 is performed, when an operation is performed on the personal computer after the authentication, or when an event occurs on the personal computer due to an external factor or the like. It is. For this purpose, the history storage unit 20 performs an operation to store a history for the authentication storage function 20a, the operation storage function 20b and the event storage function 20c, and the operation storage function 20b and the event storage function 20c. And a storage timing selection function 20d for selecting events.

  Here, the information stored in the history file by the authentication storage function 20a stores at least the authentication time, in addition to the face information of the person using the personal computer (person to be authenticated) photographed by the camera 11 at the time of authentication. In addition, if necessary, the pattern name (corresponding to the shooting environment) of the face information specified by the authentication processing means 18 is also saved. The history storage at the time of authentication is executed regardless of the authentication result. That is, even when the authentication result by the authentication processing unit 18 cannot identify the authentication person (when authentication fails), the face information of the person to be authenticated is stored.

  When an operation is performed on a preset item among the operation items for the personal computer (operation target device), the save operation time function 20b displays the face information of the personal computer user photographed by the camera 11 at the time of the operation. And the history file 21 is stored together with the operation item name. The operation items for storing the face information include, for example, when the screen saver is released, when the computer is unlocked, when the application is started / closed, when accessing a confidential document, when accessing the Internet, when logging off, when the specified hardware , When disconnecting specific hardware, when starting / ending access to a specific server, when performing printout, when registering and updating face information, and so on.

  When an event set in advance occurs among events that occur in the personal computer (operation target device), the event save function 20c displays the face information of the personal computer user photographed by the camera 11 when the event occurs, Save to event history file along with event name. The event items for storing the face information are when an error occurs, when processing due to a timeout is completed, when an incoming mail is received, when power is cut off, and the like.

  The storage timing selection function 20d arbitrarily selects an item (timing) for storing face information in the history file 21 from the operation items or event items described above.

  Next, the operation of this embodiment will be described with reference to the flowchart shown in FIG. The flowchart of FIG. 2 is roughly divided into a face registration flow and a face matching flow.

  First, the face registration flow will be described. In face registration, a user who is permitted to use a personal computer is registered prior to authentication. When the registration process is started, the registered user inputs a user name and password as confirmation information of the authentication person and a registered pattern name corresponding to the shooting environment by the input means 15 shown in FIG. 201).

  If there are a plurality of users, the user names may be the same. In this case, a domain (for example, the organization name of the user) is also input to enable identification. Also, the reason for entering the password is that other people who are not the user are not registered by mistake for security reasons.

  Next, face information is captured and registered in the face registration dictionary 16 (step 202). 1 is registered in the face registration dictionary 16 with the registered pattern names 16a, 16d,... 16n as keys.

  When the face information is registered, the user name and password corresponding to the registered face information are stored in the user name-password dictionary 19a of the use permission means 19 in FIG. 1 (step 203). Since this registration operation is also one of operations for the personal computer, the user name, the registrant's face information, and the operation item name (face registration) are saved in the history file 21 when the registration is completed (step 204). finish.

  Next, the face matching flow will be described. When the authentication starts, first, the person to be logged on (person to be authenticated) makes the face 13 face the front of the camera 11. Since the camera 11 captures the face 13, the authentication processing means 18 captures the captured face information by the camera 11, the face information of the person to be authenticated, and the face information of the user registered in the face registration dictionary 16. And face information with the highest similarity is selected and specified (steps 205 and 206).

  When collation fails (when face information with a high degree of similarity cannot be identified), the collation failure history is stored in the history file together with the authentication time (step 207) to prepare for the next authentication.

  In the case of collation OK (when face information with a high degree of similarity can be specified), a password is specified from the user name corresponding to the specified face information by the user name-password dictionary 19a, and logon is executed (step 208). .

  In this way, the face information photographed by the camera at that time and the user name (only face information in the case of collation failure) are obtained for each of the case where the logon is successful and the case where the logon fails due to the collation failure. Then, each history is stored in the history file 21 together with the authentication time (step 209), and the authentication is terminated.

  In addition to the face information, user name, and authentication time described above, the history at the time of successful logon stores the pattern name (corresponding to the shooting environment) at the time of face information registration, if necessary.

  Although the above explanation relates to the history storage at the time of authentication, although not shown in the flowchart even after authentication, when an operation is performed on the personal computer or when an event occurs on the personal computer due to external factors, The face information of the personal computer user at that time is stored in the history file 21 together with the time and the operation item name or event item name.

  In this way, the personal computer user's face information is saved as a history at the time of logon to the computer, various operations after logon, or when various events occur, so the usage history for the computer can be grasped clearly. This makes it easy to prevent unauthorized use of a personal computer and to investigate the cause when a problem occurs.

  For example, it is possible to know who has failed to log on from the history information (face information) at the time of logon failure, and it is possible to reliably prevent logon due to impersonation of a user or leakage of a password.

  In addition, after logging on, if an unauthorized person uses a computer by switching to a user, the operation history and event history will reveal who the computer user is at that time. Can be. For example, it becomes easier to investigate the cause and clarify the responsibility when a problem occurs due to an erroneous operation of a personal computer.

  Furthermore, taking a history based on face information itself has a deterrent effect against unauthorized use of a personal computer.

  Since all the face information of the person using the personal computer is stored in the history file 21 in this way, if anyone can see this face information, a privacy problem may occur. Therefore, from the viewpoint of privacy protection, it is preferable that a person who can access the history file is specified in advance so that only a person having a certain authority such as an administrator can access.

  Further, when face information in a plurality of environments is registered in the face registration dictionary 16 together with a pattern name, the same name can be obtained by storing the pattern name together with the specified face information in the history of successful logon. It is possible to know in which pattern authentication has been performed for a person, and to statistically grasp the number of successful logons (authentication success) of each pattern.

  That is, as described above, when authentication is performed using face information registered in a plurality of patterns, it is difficult to determine which face information has been authenticated, but by storing the pattern name of face information at the time of successful authentication, authentication is performed. As a result, it is possible to prevent erroneous registration.

  Further, by statistically grasping the number of successful logons (authentication successes) of each pattern, it can be used for tuning the registered image of each pattern. For example, the fact that face information having the same pattern name is always specified in any use environment indicates that the collation threshold of this face information is too low. On the contrary, the fact that the face information of each pattern name is specified in a certain usage environment indicates that there is no difference in the face information of each pattern. In this way, since the matching status of each pattern can be grasped from the statistical result, the face information of each pattern can be appropriately tuned from the result.

  Further, by storing a program for realizing the above-described series of functions such as face registration, authentication and history storage in a computer-readable storage medium, the authentication system can be realized by an arbitrary computer.

  Moreover, although authentication at the time of logon of a personal computer has been illustrated as an authentication target, the present invention is not limited to this, and may be used for authentication of various devices with limited users for security reasons.

1 is a system configuration diagram showing an embodiment of an authentication system according to the present invention. It is a flowchart explaining operation | movement of one Embodiment same as the above.

Explanation of symbols

DESCRIPTION OF SYMBOLS 11 Camera 13 Face 15 Input means 16 Face registration dictionary 16a, 16b, 16c, ... 16n Registration pattern name 18 Authentication processing means 20 History storage means 21 History file

Claims (10)

An authentication system that authenticates whether the target user of the device is a user who is permitted to use the device in advance,
A face registration dictionary in which face information of a user permitted to use is registered in advance;
A camera that captures the face of the device user and obtains face information;
Authentication processing means for collating the face information of the device use target photographed by this camera with the face information registered in the face registration dictionary and outputting an authentication result;
When authentication is performed by the authentication processing unit, a history storage unit that stores at least the authentication time and the face information of the device usage target photographed by the camera in a history file regardless of the authentication result;
An authentication system characterized by comprising: In the face registration dictionary, multiple pieces of face information per user photographed in different environments are registered in association with pattern names representing the photographing environment.
The authentication system according to claim 1, wherein the history storage unit also stores a pattern name corresponding to the user face information specified by the authentication processing unit in the history file. The history storage means, in addition to authentication by the authentication processing means, when an operation on a preset item among the operation items for the device is performed, the face information of the device user photographed by the camera at this operation The authentication system according to claim 1, wherein the authentication system is stored in a history file together with a time and an operation item name. In addition to the authentication by the authentication processing means, the history storage means, when a preset event occurs among the events occurring in the device, the face information of the device user photographed by the camera at the time of this event occurrence, the event occurrence time The authentication system according to claim 1, wherein the authentication system is stored in a history file together with an event name. 5. The authentication system according to claim 3, wherein the history storage unit can arbitrarily select a timing at which the face information of the device user photographed by the camera is stored in the history file. A computer-readable storage medium used in an authentication system for authenticating whether a user who uses a device is a user who is permitted to use the device in advance,
A computer constituting the authentication system is
Pre-register face information of users allowed to use in the face registration dictionary,
Compare the face information of the device usage target photographed with the camera with the face information registered in the face registration dictionary, and output the authentication result.
A computer-readable storage medium storing a program that, when authentication is performed, stores at least the authentication time and the face information of the device usage target photographed by the camera in a history file regardless of the authentication result. In claim 6, the program is:
A face registration dictionary realized by a computer registers a plurality of pieces of face information per user photographed in different environments in association with pattern names representing the photographing environment,
A computer-readable storage medium, wherein the history storage stores a pattern name corresponding to the user's face information specified by verification authentication in a history file. The program according to claim 6 or 7, wherein:
The history storage realized by the computer is not limited to verification authentication, but when an operation is performed on a preset item among the operation items for the device, the face information of the user of the device captured by the camera during this operation Is stored in the history together with the operation time and the operation item name. The program according to any one of claims 6 to 8, wherein:
When the history storage realized by the computer is authenticated by verification authentication, when a preset event occurs among the events that occur in the device, the face information of the device user that the camera is shooting when this event occurs, A computer-readable storage medium characterized by being stored in a history together with an event occurrence time and an event title. In claim 9, the program is:
A computer-readable storage medium characterized in that the history saving realized by a computer can arbitrarily select the timing of saving the face information of the device user photographed by the camera in the history.

Images