JP2009042802A - Authentication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication system that increases a genuine acceptance rate while increasing authentication accuracy and reduces a false acceptance rate by rejecting impostors' login when biometric authentication results in authentication errors and eliminating password leakage. <P>SOLUTION: The authentication system comprises a biometric information reacquisition means for matching biometric information acquired by an imaging means against registered biometric information registered in advance in a storage means to permit the use of an apparatus requiring personal authentication if the similarity is within an allowable range or to notify an error, permit only the start of a biometric information registration application and reacquire biometric information if the similarity is outside the allowable range, and a registration means for matching the reacquired biometric information against the registered biometric information registered in advance in the storage means to register the reacquired biometric information in the storage means as biometric information for using the apparatus requiring personal authentication if the similarity is within the allowable range. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an authentication system that performs personal authentication using biometric information related to a human finger vein, and more particularly to registration processing of alternative login information used when login is impossible due to an authentication error.

Recently, in biometric identification devices, not only biometric authentication using human fingerprints and retinas, but also vein authentication devices that identify and authenticate using finger vein pattern images have become widespread.
This vein authentication device has come to be used when entering a bank ATM, condominium, detached house, or the like in order to improve the security level.
Peripheral devices connected to personal computers and servers are also used so that vein patterns can be registered in advance when logging into a computer system or computer network, and login can be made with vein patterns instead of conventional IDs and passwords. ing.

FIG. 10 is a diagram illustrating an example of a vein authentication device that is conventionally used.
10, 1001 is a perspective view of the vein authentication device, and 1002 is a view as seen from above.
The vein authentication apparatus shown in FIG. 10 is connected to a personal computer with a USB cable, and stores the finger vein information read and information (ID, password) necessary for login of the personal computer by using a dedicated vein pattern registration application, If you want to log in to a personal computer, when you start the personal computer, a vein authentication login screen 1101 called JINA shown in FIG. 11A is displayed. Do.
An apparatus for performing vein authentication is disclosed in Patent Document 1 below.

JP 2002-14926 A

Conventionally, when logging in to a personal computer or computer network, it is known to log in by displaying a login screen 1102 shown in FIG. 11B and inputting an ID and password.
The above-described finger vein authentication apparatus displays a vein authentication login screen 1101 (JINA) as shown in FIG. 11A and performs vein authentication so that login can be performed without inputting an ID or password. become.

However, when authentication is performed using biometric information such as fingerprints or vein information, the biometric information changes due to the person's health condition or sudden injury, and official authentication is performed despite the identity of the person. It may not be obtained and an authentication error may occur.
As a result, problems may occur if you cannot log in to the computer system or computer.
In order to cope with these emergency situations, the biometric authentication apparatus can usually log in to a system or a computer using an alternative password or a bypass password.

FIG. 12 is an example of an alternative password or an avoidance password.
When it is determined that the computer cannot be logged in due to an authentication error due to several failed finger vein authentications, a normal login screen 1201 is displayed by a preset command operation, and a preset bypass password 1202 is displayed. To log in to the desktop screen 1203.
The password input screen set in the BIOS screen at the time of computer startup may be called instead of the window screen. These passwords are called alternative passwords.
However, an alternative password is usually common to one group of devices, and everyone may know it. If the password is leaked, it is easy to log in to the computer. Become.
For example, even if the password is not shared by the device group, in order to prevent the password from being leaked, it is possible to ensure the legitimacy of the login to the computer system and the computer by logging in using only the biometric information possessed by the principal. This is the purpose of the authentication apparatus using biometric information, and it is considered that logging in to a computer system or computer with an alternative password is different from the original purpose of the biometric authentication apparatus.

  The present invention has been made in view of the above problems, and even if an authentication error occurs when performing biometric authentication, an alternative password is not used, and a password can be leaked without allowing login by anyone other than the user. An object of the present invention is to provide an authentication system that can prevent the above problem, improve the authentication accuracy, and at the same time increase the authentication rate of the person and reduce the acceptance rate of others.

  In order to achieve the above object, an authentication system according to the present invention is an authentication system that performs personal authentication using biometric information related to a vein of a human finger, and is acquired by an imaging unit that acquires biometric information and the imaging unit. The biometric information that has been registered in advance with the storage means, and if the similarity is within the permissible range, the use of a device that requires personal authentication is permitted, and the permissible range. If it is outside, after notifying an error, only the biometric information registration application is allowed to start, and the biometric information reacquisition means for executing the bioacquisition reacquisition process, the reacquired biometric information and the storage means The biometric information registered in advance is compared with the registered biometric information, and if the similarity is within the allowable range, the re-obtained biometric information is used as biometric information for using a device that requires personal authentication. in front Characterized in that it comprises a registration means for registering in the storage means.

According to the authentication system of the present invention, when an authentication error occurs, only the registration application for vein authentication is permitted to be activated, biometric information is reacquired again, and preregistered in the reacquired biometric information and storage means. The registered biometric information is collated, and if the similarity is within an allowable range, the reacquired biometric information is registered in the storage means as biometric information for using a device that requires personal authentication. .
As a result, when the device requiring personal authentication is a computer, it is possible to prevent login to a computer other than the user, improve the authentication accuracy, and at the same time increase the personal authentication rate and reduce the acceptance rate of others. .

Hereinafter, an embodiment in which the authentication system according to the present invention is applied to login authentication to an OS at the time of startup on a computer will be described.
FIG. 1 is an explanatory diagram showing the overall configuration of the authentication system according to the first embodiment.
The authentication system according to the present embodiment performs authentication based on finger information based on the body of a registrant who operates the computer 120 when the computer 120 is activated, for example, inside a computer 120 that is a general information processing apparatus. A vein authentication device 100 is provided. Here, the finger information is information including image information showing a blood vessel pattern of a finger vein acquired by imaging from a surface such as a ventral side of a finger of a registrant's body.
The computer 120 includes an I / F 121 that transmits and receives signals and information to and from the vein authentication apparatus 100, a CPU 122 that controls operations of each component and performs various operations, and the CPU 122 performs operations such as operations. A memory 123 that temporarily stores information such as the results of the operation, an HDD 124 that registers and stores information such as finger information based on the registrant's body, and a registrant who operates the computer 120 performs an input operation such as character information. And a keyboard 125 for performing a selection operation, a liquid crystal display 126 which is a display means for displaying a processing result, information and data of a program executed by the CPU 122, and a speaker 127 which outputs an error sound during operation of the computer 120. And.

  The CPU 122 has a function of temporarily storing the image information transmitted from the vein authentication apparatus 100 in the memory 123, extracting finger information from the image information, obtaining the information, and encrypting the information, and storing the information in the HDD 124. Further, it has a function of calculating luminance based on the image information and performing processing for adjusting the amount of infrared light emitted from an infrared light source 101 (to be described later) in the vein authentication apparatus 100 according to the luminance.

  The vein authentication apparatus 100 includes a finger placement unit 103 for placing the finger 105 at a predetermined position, an infrared light source 101 for irradiating the finger 105 with infrared light, and an infrared light source 101 for authenticating the finger 105 of the registrant. The camera 102 images the vein of the finger 105 projected by emitting and emitting infrared rays, the photo sensor 104 for detecting that the finger 105 is placed on the finger placement unit 103, and the camera 102 From an A / D converter 106 that converts analog data of an image into digital data, an image input unit 107 that generates digital image information using the digital data converted by the A / D converter 106, and the CPU 122 A light emission control unit that controls the operation of the infrared light source 101 in accordance with a light emission control signal transmitted via the I / F 121.

FIG. 2 is a diagram showing the relationship between the vein registration application (APP) 201 and the OS 202.
When logging in by vein authentication, the OS 202 calls the vein authentication login screen (JINA) 204 based on the information of the BIOS 203 and calls the JINA 204 to the vein registration application (APP) 201 to prepare for login. I have been informed.

FIG. 3 is a diagram illustrating a procedure for performing a temporary login after vein authentication login has failed.
A vein authentication login screen (JINA) is displayed on the computer screen, and an instruction is displayed to place a finger used for authentication on the authentication device (step 301). In biometric authentication, the correct authentication result cannot always be obtained even by the person himself / herself depending on the health condition. Therefore, there are cases where access is denied due to an authentication error. If the authentication is not successful as a result of repeated processing (step 302), a temporary login screen (JINA) for performing vein pattern temporary login is displayed (step 303). If the vein pattern login is performed, an application for re-registering the vein pattern is activated and a display for starting the registration is displayed (step 304).

FIG. 4 shows a display example for inputting an avoidance password when an authentication error occurs.
A vein authentication login screen (JINA) is displayed on the computer screen, and an instruction is displayed to place a finger used for authentication on the authentication device (step 401). A correct authentication result cannot always be obtained. Therefore, there are cases where access is denied due to an authentication error. As a result of repeating several times, when the authentication cannot be performed (step 402), an application for re-registering the vein pattern is activated and a display for starting the registration is displayed (step 403).
Next, in order to check whether you were logged in or a legitimate user, enter a bypass password prepared in advance to determine whether you are a legitimate user by entering a bypass password prepared in advance. A screen is displayed (step 404).

FIG. 5 is a diagram showing an application group that can be used depending on the difference between a valid login and a temporary login.
As can be seen from FIG. 5, in the case of a valid login, it is possible to use all the applications installed in the computer that has logged in, but in the case of a temporary login, only the activation of the application 501 for vein registration is permitted. I am doing so.
Of course, not only the application but also the access to the essential components in the computer such as the control panel, and the stored data are restricted. In this grouping, the setting cannot be changed arbitrarily, and it can be assumed that setting change is not permitted except by the administrator of the computer.

FIG. 6 is a flowchart showing a processing procedure until provisional login is performed.
When the computer is turned on and the computer is activated (step 601), a finger vein login screen (JINA) as shown in FIG. 3 is displayed on the computer activation screen (step 602). Therefore, the user inserts a finger with a finger vein pattern registered in advance into the finger vein authentication device based on the displayed JINA instruction (step 603).
Then, the finger vein authentication device performs imaging for reading the vein pattern from the input finger, and performs a comparison process with a finger vein pattern registered in advance (step 604). If the inserted finger vein pattern matches the registered vein pattern (step 905), the computer is logged in (step 606).
However, if the authentication processing results do not match in step 604 (step 607), the login is not immediately rejected, but the finger vein authentication device again displays that re-authentication is performed, and the finger is inserted again. And re-authentication is performed (step 608). In addition, when a finger is first inserted and authentication cannot be performed, the history is held as the inserted count.
The number of histories of whether or not it has been inserted several times is checked, and it is determined whether or not the predetermined number has been exceeded (step 609). If the authentication exceeds the specified number and authentication fails, the temporary login function is activated (step 610).

FIG. 7 is a flowchart showing processing after the provisional login function is activated.
In step 609 of FIG. 6, if the authentication is not completed within the specified number of times, the temporary login function starts operating. First, a startup screen for starting the temporary login function is displayed (step 701).
Since the prescribed number of finger vein authentication processes has already been exceeded at this stage, only the application for registering the vein pattern is activated (step 702).
Again, in order to log in, a finger is inserted into the finger vein authentication device, and imaging and provisional registration processing is started (step 703).
Next, an image of the inserted finger vein is captured (step 704), and the captured image is registered as a temporary authentication image (step 705). Next, the temporary authentication image is compared with the already registered vein pattern registration image, and the similarity (approximation) is determined (step 706).
If the similarity is within the allowable range (step 707), it is determined whether or not to replace the existing registered image (step 708). For this determination, the registration date of the existing registration image (how long has passed) and the age of the person with the vein pattern (infant, child, student, adult) Since the growth rate of the finger itself varies depending on the age of the child, make a decision according to the situation).
If the existing vein pattern already registered is old or not suitable for the next data determination according to the above criteria, the registered image is deleted (step 709), and there is no need for replacement yet. The newly registered image is deleted (step 710), and login is permitted by each vein pattern (step 711).
For the login permitted here, all registered applications and data can be accessed as they are, or the application and data range that can be used is restricted even if it is not confirmed with the user. Good. For example, if the degree of similarity determined in step 706 matches by 90% or more, all the permissions may be granted because the person is clearly the person. If it is close to the reference point of the acceptable range (when it exceeds the reference point of about 10% of the reference), it is still not confirmed that it is the person in question, and the use of data and network It may be set to restrict the login and the like. It may be possible to take a procedure of confirming whether the user is the person himself / herself, if a predetermined password or the like is separately entered and matched.

  On the other hand, if the similarity is outside the allowable range in step 707, the newly registered image registered by the temporary login is deleted (step 712), and the login is rejected (step 713).

FIG. 8 is a diagram showing the broken line data of the vein pattern used when the similarity is determined in step 707.
In the present embodiment, a bent vector processing is performed on the vein blood vessel pattern, the bent line data 801 is processed, the intersection points and the branch points of the bent line data 801 are further marked, and the number thereof is determined for each vein image data information. Store the data and compare the comparison data.

FIG. 9 is a flowchart for explaining an authentication algorithm using a polygonal vector processing of a finger vein image.
First, a vein portion of a vein is extracted from image data obtained by infrared transmitted light (step 901). As this extraction method, a tracking start point is provided and repeated until the automatic tracking of the line segment is completed.
Next, the extracted venous blood vessel data is subjected to a polygonal line vector process to convert the curve into a polygonal line vector (step 902).
Next, a fold line portion and a branch point of the vascularized image are extracted (step 903). For extraction of a broken line part and branch point, a tracking start point is designated for a blood vessel that has been subjected to broken line vector processing, automatic line segment tracking processing is performed, and the position and number of broken lines and branches are confirmed. When performing automatic tracking of line segments, it is only necessary to extract a branching point that is divided into multiple line segments, but when determining the position of a broken line, make sure that each line segment has a corner point. To extract the vertices of the broken line.
Separately, the processing from step 901 to step 903 is also performed on the registered image that is the basic pattern of authentication, and the number of broken lines and branch points are extracted.
Next, the basic pattern of authentication is compared with the number of broken lines and branch points of the vein pattern to be authenticated (step 904). When the number of broken line portions and the number of branch points coincide (step 905), the process proceeds to the next process (step 906).
If the number of broken lines and the number of branch points do not match (step 907), the authentication process is terminated as an authentication failure (step 908).

It is a whole lineblock diagram showing an embodiment of an authentication system concerning the present invention. FIG. 2 is a diagram illustrating a relationship between an OS, a vein authentication login screen, and an authentication vein pattern registration application in the embodiment of FIG. 1. 2 is a flowchart illustrating a procedure for logging in and logging a vein image again when an authentication error due to vein authentication occurs in the embodiment of FIG. 1. 2 is a flowchart illustrating a procedure for inputting an avoidance password and logging in when an authentication error due to vein authentication occurs in the embodiment of FIG. 1. It is a figure which shows the example of grouping of the application etc. which can be accessed corresponding to temporary login and regular login. It is a flowchart which shows the process which performs temporary login in embodiment of FIG. It is a flowchart which shows the process which registers a new finger vein image by temporary login. It is a figure which shows the broken line vectorization data of a vein pattern. It is a flowchart which extracts and compares the intersection of broken line vector data, and an intersection. It is explanatory drawing which shows the structure of the vein authentication apparatus used for an authentication system. It is a figure which shows the example of a vein authentication login screen. It is a flowchart which shows the procedure of logging in with an avoidance password when the authentication error by vein authentication arises.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Vein authentication apparatus 101 Infrared light source 102 Camera 103 Finger stand 104 Photo sensor 105 Finger 106 A / D converter 107 Image input part 108 Light emission control part 120 Computer 121 I / F
122 CPU
123 Memory 124 HDD
125 Keyboard 126 Liquid crystal display 127 Speaker

Claims (1)

An authentication system that authenticates a person using biometric information related to a human finger vein,
Imaging means for acquiring the biological information;
The biometric information acquired by the photographing means is compared with the registered biometric information registered in advance in the storage means, and if the similarity is within an allowable range, use of a device that requires personal authentication is used. If it is out of the allowable range, an error is notified, and only the biometric information registration application is allowed to start,
Biological information reacquisition means for executing the bioacquisition information reacquisition process, the reacquired biometric information and the registered biometric information registered in advance in the storage means, and the similarity is within an allowable range. An authentication system comprising: registration means for registering the re-obtained biometric information in the storage means as biometric information for using a device that requires personal authentication.

Images