JP2008146449A - Authentication system, authentication method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication technique capable of securing security while reducing burdens on a user in an authentication system for authenticating a plurality of persons. <P>SOLUTION: The authentication system 1 comprises: a card authentication apparatus 10 (first authentication means) for performing authentication on the basis of first authentication information; a face authentication apparatus 20 (second authentication means) for performing authentication on the basis of second authentication information including biometrics information; and an authentication control part 30 for permitting an authentication operation by the second authentication means to a permission object person who is a person satisfying a prescribed condition among authentication experienced persons who have succeeded in the authentication by the first authentication means before. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an authentication technique.

  There is an authentication technique for granting permission to use a certain device.

  For example, there is an authentication technique that uses a user ID and a password for authentication. An authentication system using such an authentication technique can ensure relatively high security, but is not sufficiently easy to use because an input operation such as a password is required every time the device is used. .

  On the other hand, an authentication system that performs an authentication operation using biometric information (biometric information) such as a face has been proposed (see, for example, Patent Document 1). In such an authentication system, it is not necessary to input a user ID, a password, or the like, so that the input work at the time of authentication can be reduced.

JP 2005-146709 A

  However, in an authentication technique using biometric information such as a face, when performing an authentication operation for a large number of registrants, the authentication accuracy is lowered, and accordingly, it is difficult to ensure security. There is a problem.

  For example, in face authentication technology, it is possible to perform authentication with relatively high accuracy in a so-called one-to-one authentication operation (authentication operation for determining whether input data matches one registered authentication data). is there. However, in the one-to-N authentication operation (authentication operation for determining which input data matches or does not match any of the N authentication data registered in advance), the number of registered persons (for authentication) As the number of data N) increases, the accuracy decreases.

  In the above-mentioned Patent Document 1, all authenticators who have been successfully authenticated at the time of the first authentication are permitted to perform authentication operations by face authentication for the second and subsequent times, so that a substantial number of people are targeted. Thus, a face authentication operation (1 to N) is performed. Accordingly, the above-described problem also occurs in the technique of Patent Document 1.

  Accordingly, an object of the present invention is to provide an authentication technique capable of ensuring security while reducing a user's burden in an authentication system for authenticating a plurality of persons.

  In order to solve the above-mentioned problem, the invention of claim 1 includes a first authentication means for performing authentication based on the first authentication information, and a second for performing authentication based on the second authentication information including biometric information. The authentication operation by the second authentication means is permitted to the person to be permitted who is the person who satisfies the predetermined condition among the authentication means and the authentication experienced person who has been successfully authenticated by the first authentication means. And a control means.

  According to a second aspect of the present invention, in the authentication system according to the first aspect of the invention, the first authentication information includes a user ID, and the first authentication means is a user ID registered as information relating to a regular user. And the user ID related to the authentication target person, it is determined whether or not the authentication target person is a regular user.

  According to a third aspect of the present invention, in the authentication system according to the second aspect of the present invention, the first authentication means includes a reader unit that reads information stored in an ID card possessed by the person to be authenticated, and a user related to an authorized user. By comparing a first database in which IDs are stored in advance, a user ID related to the authentication target read by the reader unit and a user ID related to a regular user registered in the first database, the authentication target And a comparison processing unit for determining whether or not the person is a regular user.

  According to a fourth aspect of the present invention, in the authentication system according to any one of the first to third aspects of the present invention, the second authentication means is configured such that the biometric information related to the authentication target person is the authorized person among the authorized users. However, it is characterized by determining whether the said authentication subject person is a regular user by determining whether it corresponds with the regular biometric information regarding one of the persons.

  According to a fifth aspect of the present invention, in the authentication system according to the fourth aspect of the present invention, an imaging means for photographing an authentication target person existing in the authentication target space, and a face relating to the authentication target person in the photographed image taken by the imaging means. Image analysis means for calculating a feature value, wherein the second authentication means determines the identity between the face feature value of the authentication target person and the regular face feature value of the permission target person, It is characterized by determining success or failure of authentication.

  According to a sixth aspect of the present invention, in the authentication system according to the fifth aspect of the present invention, the facial feature amount extracted from a photographed image relating to an operator who is authenticated and logged in by the first authenticating means Registration means for registering as a regular face feature amount.

  According to a seventh aspect of the present invention, in the authentication system according to any of the first to sixth aspects, the control means determines that the logged-in operator no longer exists in the tracking target area. The authentication for the operator is canceled, and the person whose authentication is canceled is determined as the permission target person.

  The invention according to claim 8 is the authentication system according to any one of claims 1 to 7, wherein the control means determines the person to be permitted according to an operating state of the apparatus to be authenticated. To do.

  According to a ninth aspect of the present invention, in the authentication system according to the eighth aspect of the present invention, when a predetermined abnormality relating to the authentication target device occurs, the control means authenticates an operator who has logged in at the time of occurrence of the abnormality. In addition to canceling, the person whose authentication has been canceled is determined as the person to be permitted.

  A tenth aspect of the present invention is the authentication system according to any one of the first to ninth aspects, wherein the control means determines the person to be authorized according to a use history of the apparatus to be authenticated. To do.

  The invention of claim 11 is the authentication system according to the invention of claim 10, wherein the control means determines a person whose authentication success frequency within a predetermined period is higher than a predetermined level as the permitted person. To do.

  According to a twelfth aspect of the present invention, in the authentication system according to the tenth or eleventh aspect of the present invention, the control means has an experience of logging in on the same day as the day including the time of the authentication by the second authentication means. It is characterized in that the person who has it is determined as the person to be permitted.

  According to a thirteenth aspect of the present invention, in the authentication system according to any one of the tenth to twelfth aspects, the control means determines a person who has logged out last as the person to be permitted.

  According to a fourteenth aspect of the present invention, in the authentication system according to any one of the first to thirteenth aspects, when the control means shifts to the suspend state, the control means logs in at the time of transition to the suspend state. The operator is determined as the authorized person.

  According to a fifteenth aspect of the present invention, in the authentication system according to the fourteenth aspect of the invention, the control unit determines an operator who has been shifted to the suspended state by a predetermined operation as the authorized person. .

  According to a sixteenth aspect of the present invention, in the authentication system according to the fourteenth or fifteenth aspect of the present invention, the control means determines that the logged-in operator is no longer in the tracking target area and shifts to the suspended state. Then, the operator who has logged in at the time of transition to the suspended state is determined as the permission target person.

  According to a seventeenth aspect of the present invention, in the authentication system according to any one of the fourteenth to sixteenth aspects, the control means shifts to the suspended state in response to occurrence of a predetermined abnormality related to the authentication target device. Is executed, the operator who has logged in at the time of transition to the suspended state is determined as the authorized person.

  According to an eighteenth aspect of the present invention, in the authentication system according to any one of the first to seventeenth aspects, the control means sets an expiration date to be determined as the permission subject.

  The invention of claim 19 is an authentication method, wherein a first authentication step for performing authentication based on the first authentication information, and a second for performing authentication based on the second authentication information including biometric information. A second authentication step that is permitted to a person to be authorized who is a person who satisfies a predetermined condition among authentication persons who have been successfully authenticated by the first authentication step. It is characterized by that.

  The invention of claim 20 is a first authentication step of performing authentication on a computer based on the first authentication information, and a second authentication step of performing authentication based on second authentication information including biometric information. And a second authentication step that is permitted for a person to be authorized who is a person who satisfies a predetermined condition among authentication experienced persons who have been successfully authenticated in the first authentication step. It is a program.

  According to the first to twentieth aspects of the invention, the authentication operation based on the second authentication information including the biometric information is predetermined among authentication experienced persons who have been successfully authenticated by the first authentication means. Therefore, security is ensured while reducing the burden on the user.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

<1. First Embodiment>
<1-1. Configuration>
FIG. 1 is a schematic diagram showing an overall configuration of an authentication system 1A according to an embodiment of the present invention, and FIG. 2 is an external perspective view of the authentication system 1A.

  As shown in FIGS. 1 and 2, the authentication system 1 </ b> A includes a card authentication device 10, a face authentication device 20, a controller (authentication control unit) 30, and an information device main body 40. The authentication system 1A is configured to be incorporated in an information device (authentication target device) 50, and performs an authentication operation regarding whether or not the information device 50 (specifically, the information device main body 40) can be used. The information device 50 is a device that can be used by a plurality of pre-registered persons. In the authentication system 1A, whether the operator of the information device 50 corresponds to any of a plurality of registered persons. The authentication operation is executed by determining whether or not. In the present embodiment, a case where, for example, a multi-function peripheral (hereinafter abbreviated as “MFP”) is used as the information device 50 is illustrated.

  The MFP 50 is a multifunction device having a copy (copy) function, a scan function, a print function, a facsimile communication (FAX) function, an information storage (box) function, and the like. As illustrated in FIG. 2, the MFP 50 includes an operation input unit 41. As shown in FIG. 3, the operation input unit 41 includes a display (display unit) 43 and various input keys (input unit) 45, an instruction menu for the user, display of information about the acquired image, and the user Accepts instruction operations from. The display 43 is configured as a liquid crystal panel incorporating a contact sensor or the like, and can detect a position touched by an operator's finger or the like in the display 43. Therefore, the operator can input various instructions by pressing various virtual buttons or the like displayed in the display 43 with a finger or the like. The input key 45 has a plurality of keys. A logout button 45a is provided as one of the plurality of keys, and a normal logout process is executed in response to a pressing operation of the logout button 45a.

  Here, the copy function is a function for copying a document on the document table and outputting it to a paper medium. The scan function is a function of reading a document on a document table as image data and transferring the generated image data to a predetermined storage unit or another information device. For example, the generated image data is transferred to a desired computer and stored. The facsimile communication function includes a transmission function for reading a document on a document table to generate image data, transmitting the image data to a transmission destination by facsimile communication, and a reception function for receiving image data from the transmission source. The print function is a function for performing print output based on data in a storage unit of another computer or data in the hard disk of the MFP 50. The box function is a function for storing the generated image data and the like in the hard disk of the MFP 50. The MFP 50 is connected to a network NW (see FIG. 1), and can transmit and receive various types of data to and from other information devices (for example, computers) via the network NW.

  As described above, the MFP 50 is configured as an information device capable of copying, storing, retrieving, receiving, and transmitting information.

  The authentication system 1A has an authentication function for the operator of the MFP 50, and restricts access to various information managed by the MFP 50. In this authentication system 1A, the authentication operation regarding the operator of the MFP 50 is performed by appropriately using the two authentication methods M1 and M2.

  As the first authentication method M1, an authentication method having relatively high security, for example, an authentication method using a user ID or the like is employed. Here, it is assumed that an authentication method using the card authentication device 10 and the ID card 19 in which the user ID is stored is adopted.

  Further, as the second authentication method M2, an authentication method with a relatively small operation burden, for example, an authentication method using biometric information (biological information) is employed. Here, it is assumed that a face authentication method using the face authentication device 20 is employed.

  In the authentication system 1A, the second authentication method is applied only to those who satisfy the predetermined condition (specifically, some of the persons) who have been successfully authenticated by the first authentication method M1. The authentication operation by the authentication method M2 is permitted. A person who satisfies the predetermined condition is also a person who is permitted an authentication operation by the second authentication method M2, and is also referred to as a “permitted person”. In addition, for an authentication target person other than the permission target person, the authentication operation by the first authentication method M1 is permitted, but the authentication operation by the second authentication method M2 is not permitted.

  According to this, when the operator (user) who is the “permitted person” logs in, the authentication operation by the second authentication method M2 becomes possible, so the burden on the operator can be reduced. is there. In addition, since the number of persons permitted for the authentication operation by the second authentication method M2 is limited, it is possible to secure security by suppressing a decrease in accuracy in the second authentication method M2.

  The card authentication device 10 determines whether or not the authentication target person is a regular user by comparing a regular user ID registered as information about the regular user and a user ID related to the authentication target person.

  The card authentication device 10 includes a reader unit 11 that reads information (specifically, a user ID) stored in an ID card 19 possessed by the person to be authenticated, and various types of registration information (registered users) related to authorized users (authorized users). A card authentication database (also referred to as a user ID database) 13 in which ID information is stored, and a card authentication processing unit 15 that performs an authentication operation using an ID card are provided. The card authentication processing unit 15 performs a comparison process between the information (user ID) read by the reader unit 11 and the information (user ID) stored in the card authentication database 13 to match (match). It is determined whether information (user ID) exists. If there is matching ID information, it is determined that the operator who is the owner of the ID card 19 is a regular user (regular user).

  The security may be further enhanced by using a password together. For example, the user ID read from the ID card 19 inserted in the reader unit 11 is checked, and a password operation input is accepted, and the input password and the card authentication database 13 correspond to the user ID. The determination operation may be performed on condition that the password registered in advance matches.

  As described above, the card authentication apparatus 10 can execute the first authentication method M1 for performing authentication based on authentication information such as a user ID.

  Further, the face authentication apparatus 20 determines whether or not the authentication target person is a regular user by comparing the biometric information regarding the authentication target person and the normal biometric information regarding the normal user.

  The face authentication device 20 includes an imaging device (CCD camera or the like) 21, an image analysis unit 22, a face authentication database 23, a registration processing unit 24, and a face authentication processing unit 25.

  The imaging device 21 is installed at a position and posture that enables photographing the face of a subject person existing in the authentication target space around the operation input unit 41 and the card authentication device 10. Specifically, the imaging device 21 is disposed in the upper space of the card authentication device 10 and is disposed so as to photograph a diagonally upper front side of the card authentication device 10 (and the operation input unit 41). The imaging device 21 repeatedly performs shooting at predetermined intervals (for example, every 1/15 seconds) during the power-on period of the MFP 50. By analyzing the photographed image (moving image), the face authentication device 20 can acquire the state of the vicinity region of the MFP 50.

  The image analysis unit 22 is a processing unit that analyzes an image captured by the imaging device 21. The image analysis unit 22 analyzes a photographed image by the imaging device 21 to detect a face portion (face region) of the person HB existing in the photographed image, and relates to the face of the person HB based on the image of the face portion. Feature information (face feature amount) is calculated. Specifically, the image analysis unit 22 analyzes a plurality of time-series frame images (moving images in short) acquired by the imaging device 21 and detects the face portion of the person HB in each frame image. And a face tracking function for tracking the face portion of the person HB that moves from moment to moment, and a feature amount calculation function for calculating a feature amount (face feature amount) related to the face of the person HB in each frame image. As the facial feature amount extracted from the face image, position information of feature points relating to characteristic parts (such as eyes and nose) and / or texture information in the face image can be employed.

  The face authentication processing unit 25 includes the feature information (face feature amount) of the person (authentication target) HB acquired by the image analysis unit 22 and the regularity of the person (registrant) HA registered in the face authentication database 23. By comparing the feature information (face feature amount) of the authentication target person HB and determining whether or not the authentication target person HB is the registrant HA, that is, the identity of the authentication target person HB and the registrant HA. decide.

  As described above, the face authentication apparatus 20 can execute the second authentication method M2 that performs authentication based on authentication information including biometric information.

  Here, the face authentication method is an authentication method that can reduce the burden on the user in that the ID card 19 is not required to be carried as compared with the authentication method using the ID card 19.

  However, as described above, a 1-to-N face authentication operation (a face for determining which input data matches or does not match any of N pieces of previously registered authentication data) In the authentication operation), the accuracy may decrease as the number N of authentication data increases.

  On the other hand, in the present embodiment, all registrants HA who can use the MFP 50 are not subject to determination of identity with the person to be authenticated HB, but face authentication among all registrants HA. Only a part of registrants (permitted persons) (also referred to as HR) who are permitted to perform the authentication operation by the method M2 are permitted to perform the authentication operation by the face authentication method M2. Specifically, the success or failure of authentication is determined by determining the identity between the facial feature quantity of the authentication target person HB and the regular facial feature quantity of the face authentication permission target person HR. In other words, by determining whether or not the biometric information related to the authentication target person (operator) HB matches the normal biometric information related to any of the authorized users HR among the authorized users, It is determined whether or not the person to be authenticated is a regular user.

  For example, even if the face feature amounts of all the registrants HA (number of persons NA) who can use the MFP 50 are registered in the face authentication database 23, the face authentication processing unit 25 sets one determination target. The identity with the person to be authenticated HB is determined only for the registered person (permitted person) HR (number of persons NR). By suppressing the number N of data to be compared, specifically by suppressing the value NR (<NA) instead of the value NA, it is possible to suppress a decrease in accuracy in face authentication and suppress false authentication, thus ensuring security. Is possible.

  In addition, the face authentication device 20 (image analysis unit 22 or the like) according to the present embodiment captures the authentication target person (that is, the logged-in operator) authenticated by the first authentication method M1 at the time of the authentication. Is also executed to analyze and register the face image G1 (specifically, the feature amount) (see FIG. 11) of the person to be authenticated. This registration process is executed by the registration processing unit 24. The face image G1 (specifically, the feature amount) is registered in the face authentication database 23 as the normal feature information of the person HA in a state associated with the user ID of the person HA authenticated by the authentication method M1. This is used for the authentication operation in the second authentication method M2 described above.

  In consideration of the case where there are a plurality of persons in the camera field of view, in order to correctly register the regular person HA from among the plurality of persons, a relatively narrow area in the vicinity of the card authentication device 10 is used. It is preferable to execute the registration process related to the person HA on the condition that the person HA exists in a certain detection target region R1 (see FIG. 4 (top view)). Since the holder of the ID card 19 normally inserts the ID card 19 into the card authentication apparatus 10 while standing near the card authentication apparatus 10, the person in the detection target area R1 that is the vicinity area of the card authentication apparatus 10 Is likely to be a legitimate person HA. Therefore, if registration processing relating to the person HA is performed only for the person existing in the detection target region R1 among the subject persons of the captured image, erroneous registration can be prevented. Furthermore, by executing the registration process on the condition that only one person exists in the detection target region R1, it is possible to prevent erroneous registration and execute a more accurate registration process. If the face feature amount related to the person HA cannot be registered due to circumstances such as any one of the conditions is not satisfied, the authentication itself by the first authentication method M1 fails or the second authentication method at the time of re-login What is necessary is just not to permit the authentication operation by M2.

  In addition, the face authentication device 20 (the image analysis unit 22 or the like) also executes a tracking process for tracking the person to be authenticated (the face) authenticated by the first authentication method M1 or the second authentication method M2. Specifically, a face image at the time of authentication is provisionally registered, and based on the temporarily registered face image, the presence position of a person corresponding to the face image is detected. Then, it is determined whether or not the detected position is within the tracking processing target area (also referred to as “tracking target area R2” (see FIG. 4)) in the vicinity area of MFP 50. When it is determined that the person to be authenticated (operator) does not exist in the tracking target area R2, the face authenticating device 20 executes logout processing (automatic logout processing) in cooperation with the authentication control unit 30.

  According to this, even when the person to be authenticated moves away from the MFP 50 without performing a normal logout operation (such as pressing the logout button 45a (see FIG. 3)), another person can operate the MFP 50. Can be avoided.

  In particular, since the photographing function for realizing the “automatic logout process” is realized by using the face authentication device 20 for realizing the face authentication process (that is, in common), a separate sensor is used. This is more efficient than a case where a separate camera or a separate person detection sensor is further provided.

  The tracking target area R2 is preferably set to be wider than the detection target area R1 (and a face authentication target area R3 described later) as shown in FIG. By setting the tracking target region R2 to be relatively wide, it is possible to track without losing sight of the operator even when the operator has moved a little. On the other hand, by setting the detection target region R1 to be relatively narrow as described above, it is possible to prevent erroneous recognition.

  In this embodiment, the authentication method M2 (face authentication method) described above is permitted as an authentication operation (also referred to as a return authentication operation) when a person who has automatically logged out logs in again. Therefore, the target person of the automatic logout process does not necessarily need to perform the authentication operation by the authentication method M1 at the time of re-login, and can use the authentication method M2 with a relatively simple operation. The burden can be reduced. In addition, the target person of the authentication operation by the authentication method M2 as described above is limited to a person who has automatically logged out (in particular, one person who has been automatically logged out last time). Accordingly, it is possible to ensure security because it is possible to suppress a decrease in accuracy in face authentication and suppress erroneous authentication.

  At the time of re-login, the face authentication device 20 executes face authentication processing for a person existing in the face authentication target area R3. The face authentication target area R3 may be the same as the detection target area R1, but here, a case where both the areas R1 and R3 are different from each other is illustrated (see FIG. 4).

  The face authentication target area R3 is set to be narrower than the tracking target area R2, similarly to the detection target area R1. By setting the face authentication target area R3 to be relatively narrow, it is possible to prevent face authentication processing for a person other than the operator to be authenticated. On the other hand, the face authentication target region R3 is exemplified as a region including the detection target region R1 and wider than the detection target region R1. Specifically, the face authentication target area R3 is wider on the front side (the side away from the MFP 50 (the lower side in FIG. 4)) than the detection target area R1, and the operation input unit 41 side than the detection target area R1. Especially wide on the left side. According to this, even when the operator is slightly away from the card authentication device 10 at the time of re-login, authentication is performed by face authentication, so that convenience for the operator is improved. More specifically, when the operator approaches the MFP 50, the face authentication can be started relatively from the near side, and the operation input arranged on the left side of FIG. Face authentication can also be executed when approaching the unit 41 directly.

  In the face authentication device 20, the monocular imaging device 21 is used, but a compound eye imaging device 21 may be used. For example, a three-dimensional shape recognition process may be performed using a plurality of cameras. According to this, distance information can be obtained accurately and more accurate recognition processing can be performed. However, even when the monocular imaging device 21 is used, it is possible to obtain distance information from the camera to the subject person.

  In this embodiment, using the fact that the approximate size of the human face is known, the distance information from the camera to the subject person is obtained based on the face size in the captured image and the focal length of the camera. To get. Then, based on the distance information from the camera to the subject person and the position of the subject person in the photographed image, the position of the subject person in the three-dimensional space (real space) is specified. As a result, whether or not the subject person exists in the detection target region R1, whether or not the subject person exists in the tracking target region R2, and whether or not the subject person exists in the face authentication target region R3, respectively. It is possible to determine.

<1-2. Operation>
5 and 6 are flowcharts showing an authentication operation and the like in the authentication system 1A. 7 to 10 are top views showing movements of the operator HM at different points in time. The authentication operation and the like will be described with reference to these drawings.

  For example, after the operator HM moves in the direction of the arrow AR1 as shown in FIG. 7 and approaches the MFP body 40, the ID card 19 is inserted into the card authentication device 10 (specifically, the reader unit) as shown in FIG. 11), the authentication operation by the first authentication method M1 is executed. Further, after successful authentication by the authentication technique M1, as shown in FIG. 9, when it is determined that the operator HM has moved in the direction of the arrow AR2 and has left the tracking target area R2, automatic logout processing is performed. After that, as shown in FIG. 10, when the operator HM moves in the direction of the arrow AR3, approaches the MFP main body 40 again, and returns to the face authentication target area R3, the authentication system 1A then An authentication operation by the second authentication method M2 is executed. According to the authentication system 1A of the present embodiment, the authentication operation as described above is realized.

  Specifically, first, in steps S11 to S13, the authentication method M1 described above is executed. Specifically, in step S11, it is detected whether or not the ID card 19 is inserted in the reader unit 11. If the insertion of the ID card 19 is detected, the process proceeds to step S12. In the authentication operation in step S12, there is an object that matches (matches) the ID information (user ID) read by the reader unit 11 for a plurality of registrants stored in the card authentication database 13. It is determined whether or not. If the corresponding ID information exists (YES in step S13), it is determined that the operator who is the owner of the ID card 19 is a legitimate user (ie, “authentication successful”), and step Proceeding to S17, the authentication is successful. On the other hand, if there is no matching ID information (NO in step S13), it is determined that the authentication has failed, and the process proceeds to step S14. Further, when the card insertion is not detected in step S11, the process proceeds to step S14.

  In steps S14 to S16, the second authentication method M2 (here, the face authentication method) is executed. However, as described above, the authentication operation by the second authentication method M2 is a part of the authentication target persons who have been successfully authenticated by the first authentication method M1 (“face authentication”). It is permitted only to the “permitted person”. Here, when it is determined that the operator (authenticator) who is authenticated and logged in by the first authentication method M1 or the like no longer exists in the tracking target area R2, authentication for the operator is temporarily canceled. The person who has been de-authenticated is determined as a “face authentication permitted person”.

  Therefore, first, in step S14, it is determined whether or not a face authentication permission target person exists. If the face authentication permission target person does not exist, the process returns to step S11 without performing the face authentication process, and if the face authentication permission target person exists, the process proceeds to step S15.

  In step S15, a person existing in the face authentication target area R3 near the MFP 50 at that time is selected as the “authentication target person”, and whether or not the authentication target person is included in the “face authentication permission target person” list. Is determined by the face authentication operation. Specifically, the match between the face feature amount of “person to be authenticated” and the face feature amount of “face authentication permission subject” is determined, and the face authentication operation is executed. Here, as described above, since the number of “face authentication permission target persons” is limited, the number of comparison target data N (here, 1) is suppressed in the face authentication operation, thereby improving the accuracy in face authentication. Reduction can be suppressed.

  If it is determined in step S16 that the face authentication is successful, the process proceeds to step S17 and shifts to an “authentication successful state”. In the authentication success state, the MFP 50 is permitted to be used by the authenticated operator.

  In the next step S20 (FIG. 6), certifier registration processing is performed. Specifically, the face image G1 (see FIG. 11) of the operator (authenticator) HM authenticated by the first authentication method M1 is registered. This registered image is used for the face authentication operation at the time of re-login. Further, this registered image is also used for the tracking process after step S21. As described above, since the registration process is performed on the subject person existing in the detection target area R1, the face images G2 and G3 (see FIG. 11) of persons existing outside the detection target area R1 are registered. Is excluded from.

  Thereafter, the tracking process is started in step S21. This tracking process is executed by determining whether or not the operator HM continues to exist in the tracking target area R2 based on the captured image. In this tracking process, it is possible to confirm that the person exists in the tracking target region R2 by continuously tracking the face portion of the person authenticated by the first authentication method M1, so that the face of the tracking target It is not necessary to recognize who is the face. Therefore, it is possible to perform relatively high-speed image processing with simplified processing.

  Further, as the logged-in operator (authenticator), both a person authenticated by the first authentication technique M1 and a person authenticated by the second authentication technique M2 are assumed. The tracking process here is executed for a person who is authenticated by either of the methods M1 and M2. If the authentication is performed by the second authentication method M2, the registration image for authentication may be re-registered in step S20, or the image at the time of the initial registration in step S20 is directly used as the registration image. You may make it utilize.

  When it is confirmed based on the captured image that the operator continues to exist in the tracking target region R2 in step S22 (see FIG. 11), the use permission state (in other words, the login state) is continued in principle. (Step S24).

  On the other hand, when it becomes impossible to confirm that the logged-in operator exists in the tracking target area R2 (see FIG. 12), the process proceeds to step S25, and automatic logout processing is executed. FIG. 12 is a diagram illustrating a captured image in a state where the operator is away from the tracking target region R2. As can be seen from comparison with FIG. 11, the operator HM does not exist in FIG. 12.

  In step S25, face authentication permission target person registration processing is also performed. For example, the operator HM is registered (set) as a “face authentication permission target person”. By this registration, the face authentication permission target person (specifically, the operator HM) can adopt the authentication operation by the second authentication method M2 at the time of re-login after the automatic logout process.

  If it is determined in step S23 that an explicit logout instruction has been input from the operator (specifically, the logout button 45a has been pressed), the process proceeds to step S26 to perform formal logout processing. Is done. In this embodiment, when an operator performs an explicit logout operation, the intention of the operator is respected, and only the first authentication method M1 can be used at the next login. Specifically, in step S26, the logout user is set as a user who is not a face authentication permission target (also referred to as a “non-face authentication permission target”). In this case, the logout user cannot use the second authentication method M2 at the time of re-login, but priority can be given to ensuring security.

  As described above, by executing the processes of steps S11 to S17 described above, as shown in FIGS. 7 and 8, first, the operator HM approaches the MFP main body 40 and contacts the reader unit 11 with the ID card 19. Is inserted, the authentication operation by the first authentication method M1 is executed. When it is confirmed that the operator HM is a registrant, the state shifts to an authentication success state. Note that, at the time of the first approach, the operator HM is not yet a face authentication permission target, and thus the authentication operation by the second authentication method M2 is not executed.

  On the other hand, after the automatic logout process (step S25) is executed, when the same operator HM approaches the MFP main body 40 again, the authentication system 1A now performs an authentication operation (face authentication operation) using the second authentication method M2. The process proceeds to the authentication success state (steps S14 to S16). Further, when an operator other than the operator HM approaches the MFP main body, only the authentication operation by the first authentication method M1 is possible. As described above, it is possible to suppress a decrease in accuracy in the face authentication process by limiting the number of persons to be authenticated by the second authentication method M2.

  Here, the case where only the last one who has automatically logged out is set as the face authentication permission target is illustrated, but the present invention is not limited to this, and a plurality of automatically logged out persons are set as the face authentication permission target. It may be. In an extreme case, all persons who have automatically logged out may be set as face authentication permission subjects. Even in this case, since the person who performs normal logout is excluded from the face authentication permission target persons, the number of face authentication permission target persons is limited. However, in order to avoid a decrease in authentication accuracy in the face authentication operation, it is preferable that the number of face authentication permission subjects is small. That is, it is preferable that the face authentication permission target person is limited to a predetermined number or less.

  Further, when performing authentication of a certain authentication target person with a plurality of persons as face authentication permission target, for example, the following method can be employed. First, a list in which a plurality of face authentication permission target persons are rearranged according to a predetermined standard is created, and an evaluation value of identity with each face authentication permission target person is calculated in the order of the list. This is a technique for determining that a person who is determined to have an identity of a predetermined level or more is the same person. Various criteria such as an ID number, usage frequency, and security level (access authority permission level) can be used as the predetermined criteria in the rearrangement. Alternatively, after all comparisons between the authentication target person and each face authentication permission target person are performed, it is determined that the identity with the authentication target person is the highest among face authentication permission target persons having a predetermined level or more. It is also possible to employ a technique for determining the person to be determined to be the same person. According to this, more accurate authentication is possible.

<2. Second Embodiment>
The second embodiment is a modification of the first embodiment. Below, it demonstrates centering around difference.

  In the second embodiment, a case where the face authentication permission target person (permission target person) is determined according to the use history (specifically, history information HT) of the MFP 50 is exemplified. In the authentication system 1B according to the second embodiment, the tracking operation and automatic logout are not performed, and the face authentication permission target person is determined only in accordance with the use history. In the authentication system 1B, only the face authentication permission target determined as described above is permitted to perform the authentication operation by the face authentication technique M2.

  FIG. 13 is a diagram showing logout history information HT. The history information HT is stored in, for example, a nonvolatile memory in the MFP main body 40. Then, the authentication system 1A determines a face authentication permission target person using the history information HT.

  Specifically, a person who has a successful authentication experience at a frequency higher than a predetermined level can be determined as a face authentication permission target person. In other words, a person whose authentication success frequency within a predetermined period is higher than a predetermined level can be determined as a face authentication permission target person. For example, a person who has logged in three or more times in the past 24 hours can be determined as a “face authentication permission person”. Specifically, referring to the “3 times previous login time” column in FIG. 13, “3 times previous login time” is 24 from the current date and time (here, it is assumed that it is 18:00 on June 18). It is determined whether it is within the time. The determination result is shown in the rightmost column of FIG. The user with ID = “0001” has “3 times previous login time” (= 10: 45 on June 16) within 24 hours, so “NG” (that is, non-face authentication permitted person) The result is obtained. On the other hand, the user of ID = “0002” has “OK” (that is, face authentication permission target person) because the “login time three times before” (= June 18, 15:55) is within 24 hours. The result is obtained.

  Alternatively, for example, a person who has been used eight times or more within the past five days can be determined as a “face authentication permission target”. Specifically, referring to the column “8 times before login time” in FIG. 13, “8 times before login time” is 5 days from the current date and time (here, it is assumed that it is 18:00 on June 18). What is necessary is just to determine whether it is within. In this case, it is assumed that the user of ID = “0003” has the “8th previous login time” (= 15: 10 on June 14) as the current time (here, 18:00 on June 18). ) Within five days, it is determined that the person is a “face authentication permitted person”. On the other hand, the user with ID = “0005” has a time “8 times before login time” (= 10: 30 on June 5) which is a time earlier than the time five days before the current time. It is determined that the person is a non-face authentication permission target.

  Alternatively, a person who has successfully logged in today and who has logged in can be determined as a face authentication permission target person. In other words, a person who has logged in on the same day as the day including the current time may be determined as a face authentication permission target person. According to this, when a relatively small number of authorized users use the MFP 50 in the office at night or on holidays, the authorized users can be set as “face authentication permission target” and can use the MFP 50 for face authentication. Become. In particular, in a situation where a relatively large number (for example, about 100 people) normally uses the MFP 50 while a relatively small number of users (for example, only a few people) normally use the MFP 50 at night or on holidays, etc. The false recognition rate of authentication can be made very small.

  Specifically, among all registrants, a person whose face of the previous login time (latest login) is the same as the date at the time of authentication by the second authentication method M2 may be a face authentication permission target person. . For example, if today is June 18, three people with user ID = “0001”, “0002”, “0004” whose face of the previous login time is June 18 of the same day are faces. It is determined as a person who is permitted to be authenticated. In this case, based on the history information (see FIG. 14) that records only the presence / absence of today's login, not the history information HT, a person who has successfully logged in today is determined. You may do it.

  In the second embodiment, the tracking operation is not performed, and the face authentication permission target person is determined only according to the usage history. However, the present invention is not limited to this. For example, in the second embodiment, a tracking operation similar to that of the first embodiment is executed, and a person who automatically logs out according to the result of the tracking operation (specifically, a person who has been automatically logged out last) and the usage frequency Both of the persons determined in this way may be set as face authentication permission subjects.

<3. Third Embodiment>
The third embodiment is a modification of the first embodiment. Below, it demonstrates centering around difference.

  In the third embodiment, a case where the face authentication permission target person (permission target person) is determined according to the operating state of the MFP 50 (specifically, whether or not an abnormality has occurred) is illustrated.

  Specifically, when an abnormality such as “out of paper” and / or “paper jam” occurs while using the MFP 50 by a certain person, the authentication for the operator who is logged in at the time of the abnormality is canceled. In addition, the operator is set as a “face authentication permission target person” and the face authentication operation is permitted only for the face authentication permission target person. Here, on the condition that the MFP 50 has returned to a normal state after an abnormality such as paper out has been repaired, the user at the time of occurrence of the abnormality is set as a face authentication permission target and the face authentication operation is started. And

  FIG. 15 is a diagram illustrating an authentication system 1C according to the third embodiment. As shown in FIG. 15, the MFP main body 40 further includes a status management unit 48 that manages the status (operating status, etc.) of the apparatus (MFP). When the status control unit 48 detects that an abnormality such as running out of paper has occurred, the authentication control unit 30 cancels the authentication of the user in use and temporarily shifts to the logout state. Thereafter, when the situation management unit 48 detects that the abnormality has been repaired and has returned to the normal state, the situation management unit 48 transmits the detected content to the authentication control unit 30, and the authentication control unit 30 enters a login waiting state. Then, the face authentication operation is started. This face authentication operation is executed in a state where the user of the MFP 50 at the time of occurrence of the abnormality is set to “face authentication permission target person”.

  According to this, when the operator who has taken out the replenishment paper arranged at another place returns to the MFP 50 again and completes the replenishment, the authentication operation by the second authentication method M2 is performed. It becomes possible. On the other hand, when a user HZ other than the user HM in use at the time of abnormality approaches the MFP 50, only the authentication operation by the first authentication method M1 is permitted for the user HZ, and the authentication operation by the second authentication method M2 Is not allowed.

  In the third embodiment, the tracking operation is performed in the same manner as in the first embodiment, and the person who has automatically logged out according to the result of the tracking operation (specifically, the person who has been automatically logged out last) Both the operator and the operator are set as “face authentication permission target”. However, the present invention is not limited to this. For example, a person who has automatically logged out according to the result of the tracking operation (specifically, the person who has been automatically logged out last) is not set as an “authenticated person”, Only the operator may be set as “face authentication permission target”.

<4. Fourth Embodiment>
The fourth embodiment is a modification of the first embodiment. Below, it demonstrates centering around difference.

  In the fourth embodiment, as illustrated in FIG. 16, a case where a transition is made to the evacuation state (suspend state) ST3 in addition to the non-login state (logout state) ST1 and the login state ST2 is illustrated. FIG. 16 is a diagram illustrating state transition in the authentication system 1D according to the fourth embodiment.

  In the fourth embodiment, when it is not possible to confirm that the logged-in operator exists in the tracking target area R2 after the transition from the non-logged-in state ST1 to the logged-in state ST2, (as in the first embodiment, immediately Instead of logging out), the process first shifts to the evacuation state ST3. After that, if the logged-in user can be re-authenticated by the face authentication operation within a predetermined period TM (for example, 1 minute), the login state is restored. On the other hand, if the logged-in user cannot be reconfirmed within the predetermined period TM, the process proceeds to the unlogged state (logout state) ST1.

  In the fourth embodiment, the face authentication operation can be executed even in the retracted state ST3. In the face authentication operation in the evacuation state ST3, the user who is logged in at the time of transition from the normal state (login state) ST2 to the evacuation state (suspend state) ST3 is determined as a “face authentication permission target person”. . Then, the face authentication operation is performed on the “face authentication permission target person”. According to this, as described above, since the number of subjects of the authentication operation by the second authentication method M2 (face authentication method) is limited, it is possible to suppress a decrease in accuracy in the face authentication process.

  In the evacuation state ST3, the apparatus waits while maintaining the warm-up state of the apparatus or holding the user setting state on the high-speed memory. Therefore, there is an advantage that it is possible to shorten the time until the work is resumed as compared with the case where the user logs out and then logs in again.

<5. Variations>
Although the embodiments of the present invention have been described above, the present invention is not limited to the contents described above.

  For example, in the fourth embodiment, the user who has transitioned to the evacuation state ST3 in accordance with the result of the tracking operation and transitioned from the normal state (login state) ST2 to the evacuation state ST3 is designated as “face authentication permission target”. However, the present invention is not limited to this. For example, when the user (operator) performs a shift instruction operation for shifting to the evacuation state (suspend state) ST3, the user is set as a “face authentication permission target” and the face authentication operation is executed. You may do it. As such a transition operation, a pressing operation of the suspend button 45b as illustrated in FIG. 17 is exemplified. Note that such a transition instruction operation is also expressed as an operation for giving a “return standby instruction” indicating that a transition to a state of waiting for a return to the login state ST2 is to be made.

  In the third embodiment and the like, a case where the user logs out once when an abnormality occurs in the MFP 50 is exemplified, but the present invention is not limited to this. For example, when an abnormality occurs in the MFP 50, the transition process to the suspended state may be executed as in the fourth embodiment. Then, the operator who has logged in at the time of transition to the suspended state may be determined as the face authentication permission target person.

  In the first embodiment, the third embodiment, and the like, when a certain operator logs out once (or after transitioning to the suspended state), the operator is designated as a face authentication permission target person when obtaining authentication again. An “expiration date” to be determined may be set.

  For example, the setting of “face authentication permission target” can be canceled (cleared) when a predetermined period (for example, 3 hours) elapses after automatic logout (or when an abnormality occurs). Alternatively, when a certain time comes after automatic logout (or when an abnormality occurs) (for example, when the date changes), it is possible to set so that the setting of “face authentication permission target” is canceled (cleared). The cancellation of the setting of “face authentication permission target person” may be performed individually for each user, or may be performed collectively for all “face authentication permission target persons”.

  In the first embodiment, the case where the last person who “automatically logged out” is set as the face authentication permission target is exemplified, but the present invention is not limited to this. For example, the operator who “logged out normally” Of these, the person who logged out last may be determined as the face authentication permission target person. Further, regardless of whether the user has logged out normally or automatically, the “person who logged out last” may be determined as the face authentication permission target. These aspects correspond to aspects in which the face authentication permission target person is determined according to the use history.

  In the first embodiment, the automatic logout process is executed on the condition that the logout area R2 no longer exists. However, the present invention is not limited to this. For example, automatic logout may be performed on the condition that the operator's face cannot be confirmed in the captured image due to a change in the face orientation of the operator to be tracked (or transition to a suspended state). .

  In each of the above-described embodiments, the case where the authentication control unit 30 is provided outside the MFP main body 40 has been exemplified. However, the present invention is not limited thereto, and the authentication control unit 30 may be connected to the MFP main body 40, the face authentication device 20 or the card authentication. You may make it provide in the apparatus 10. FIG. Alternatively, the authentication control unit 30 may be configured separately from the information device (MFP) 50.

  Further, in each of the above embodiments, the imaging apparatus 21 has exemplified the case where the imaging operation is always performed at predetermined intervals over the entire power-on period of the MFP 50, but the present invention is not limited to this. For example, the photographing operation may be performed only within an appropriate part of the power-on period of the MFP 50 by using another sensor together. For example, a person detection sensor for detecting whether or not a person exists in the vicinity of a predetermined vicinity area (detection target area R1, face authentication target area R3, tracking target area R2, etc.) is provided separately. Imaging may be performed by the imaging device 21 only during a period in which the presence of the image is detected.

  Moreover, in each said embodiment, although the case where ID information was read by inserting the ID card 19 in the reader part 11 was illustrated, it is not limited to this, ID information by making the ID card 19 contact a reader part May be read.

  In each of the above embodiments, the case where the facial feature amount extracted from the captured image obtained by capturing the logged-in operator is registered as the regular information of the person HA is exemplified, but the present invention is not limited to this. For example, the regular face image (specifically, face feature amount) of the person HA may be acquired in advance by an apparatus separate from the face authentication apparatus 20 and registered in the face authentication database 23 or the like.

  In each of the above embodiments, whether or not the MFP 50 can access the apparatus is determined collectively, but the present invention is not limited to this. For example, the use of some or all of the plurality of functions of the MFP 50 may be restricted for each user according to the authentication operation. For example, for a certain user, all functions of the MFP 50 can be used in the login state of the user, and for one user, the copy function, the print function, and the FAX function can be used in the login state. Good.

  In each of the above-described embodiments, the MFP 50 is exemplified as the authentication target device that restricts use according to the authentication operation. However, the present invention is not limited to this, and various devices can be used as the authentication target device. For example, a personal computer or the like may be used as the authentication target device.

It is the schematic which shows the whole structure of an authentication system. It is an external appearance perspective view of an authentication system. It is a figure which shows the external appearance of the operation input part. It is a figure which shows detection object area | region R1, tracking object area | region R2, and face authentication object area | region R3. It is a flowchart which shows authentication operation | movement etc. It is a flowchart which shows authentication operation | movement etc. FIG. 3 is a top view showing a state where an operator approaches an MFP. It is a top view which shows a mode that an operator authenticates using a card | curd authentication apparatus. It is a top view which shows a mode that an operator leaves | separates from a tracking object area | region. FIG. 6 is a top view showing a state where an operator approaches the MFP again. It is a figure which shows the picked-up image in the state in which an operator exists in a tracking object area | region. It is a figure which shows the picked-up image in the state where the operator left | separated from the tracking object area | region. It is a figure which shows the log information of logout. It is a figure which shows another log | history information. It is a figure which shows another authentication system. It is a figure which shows a state transition. It is a figure which shows the external appearance of another operation input part.

Explanation of symbols

1A to 1D Authentication System 10 Card Authentication Device 19 ID Card 20 Face Authentication Device 40 MFP Main Body 41 Operation Input Unit 43 Display 45a Logout Button 45b Suspend Button 50 Information Device (MFP)

Claims (20)

First authentication means for performing authentication based on the first authentication information;
Second authentication means for performing authentication based on second authentication information including biometric information;
Control means for permitting an authentication operation by the second authentication means for a person to be authorized who is a person who satisfies a predetermined condition among the authentication experienced persons who have been successfully authenticated by the first authentication means;
An authentication system comprising: The authentication system according to claim 1,
The first authentication information includes a user ID,
The first authentication means determines whether or not the authentication target person is a regular user by comparing a user ID registered as information about a regular user with a user ID related to the authentication target person. A featured authentication system. The authentication system according to claim 2,
The first authentication means includes
A reader unit for reading information stored in an ID card possessed by the person to be authenticated;
A first database in which user IDs related to regular users are stored in advance;
It is determined whether or not the authentication target person is a regular user by comparing the user ID related to the authentication target person read by the reader unit and the user ID related to the normal user registered in the first database. A comparison processing unit,
An authentication system comprising: In the authentication system according to any one of claims 1 to 3,
The second authentication means determines whether the biometric information related to the person to be authenticated matches the normal biometric information related to any one of the authorized users who are also authorized persons. An authentication system for determining whether or not an authentication target person is an authorized user. The authentication system according to claim 4,
An imaging means for photographing an authentication target person existing in the authentication target space;
Image analysis means for calculating a facial feature amount related to an authentication target person in a photographed image photographed by the imaging means;
Further comprising
The second authentication means determines success or failure of authentication by determining the identity of the face feature amount of the person to be authenticated and the regular face feature amount of the person to be authorized. . The authentication system according to claim 5,
Registration means for registering a facial feature amount extracted from a photographed image relating to an operator who is logged in after being authenticated by the first authentication means, as a regular facial feature amount of the permitted person;
An authentication system further comprising: The authentication system according to any one of claims 1 to 6,
When it is determined that the logged-in operator no longer exists in the tracking target area, the control means cancels authentication for the operator and determines a person whose authentication has been canceled as the permission target person. An authentication system characterized by that. The authentication system according to any one of claims 1 to 7,
The said control means determines the said permission object person according to the operating state of an authentication object apparatus, The authentication system characterized by the above-mentioned. The authentication system according to claim 8,
When a predetermined abnormality relating to the authentication target device occurs, the control means cancels authentication for an operator who has logged in at the time of occurrence of the abnormality, and determines a person whose authentication has been canceled as the permission target person An authentication system characterized by: The authentication system according to any one of claims 1 to 9,
The said control means determines the said permission object person according to the use log | history of an authentication object apparatus, The authentication system characterized by the above-mentioned. The authentication system according to claim 10,
The said control means determines the person whose authentication success frequency within a predetermined period is higher than a predetermined level as said permission object person, The authentication system characterized by the above-mentioned. In the authentication system according to claim 10 or claim 11,
The said control means determines the person who has the experience who logged in on the same day as the day containing the time of the authentication time by the said 2nd authentication means as said permission object person, The authentication system characterized by the above-mentioned. The authentication system according to any one of claims 10 to 12,
The said control means determines the person who logged out last as said permission object person, The authentication system characterized by the above-mentioned. The authentication system according to any one of claims 1 to 13,
When the control unit shifts to a suspend state, the control unit determines an operator who has logged in at the time of transition to the suspend state as the authorized person. The authentication system according to claim 14,
The said control means determines the operator who changed to the said suspend state by predetermined | prescribed operation as the said permission subject, The authentication system characterized by the above-mentioned. The authentication system according to claim 14 or claim 15,
When it is determined that the logged-in operator no longer exists in the tracking target area and the control unit shifts to the suspend state, the control unit sets the logged-in operator at the time of transition to the suspend state as the permission target. An authentication system characterized by being determined as a person. The authentication system according to any one of claims 14 to 16,
When the process for shifting to the suspend state is executed in response to the occurrence of a predetermined abnormality related to the authentication target device, the control unit displays the operator who has logged in at the time of transition to the suspend state as the person to be permitted An authentication system characterized by determining as. The authentication system according to any one of claims 1 to 17,
The said control means sets the expiration date which should be determined as the said permission subject, The authentication system characterized by the above-mentioned. An authentication method,
A first authentication step for performing authentication based on the first authentication information;
A second authentication step for performing authentication based on second authentication information including biometrics information, and a person who satisfies a predetermined condition among authentication-experienced persons who have been successfully authenticated by the first authentication step A second authentication step that is permitted to the authorized person,
An authentication method comprising: On the computer,
A first authentication step for performing authentication based on the first authentication information;
A second authentication step for performing authentication based on second authentication information including biometrics information, and a person who satisfies a predetermined condition among authentication-experienced persons who have been successfully authenticated in the first authentication step A second authentication step that is permitted to the authorized person,
A program for running

Images