JP2011070611A - Electronic apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve the harmful effects of user authentication processings at electronic apparatus. <P>SOLUTION: The electronic apparatus 1 includes an imaging section 15, an operating section 12 that receives operation from outside, a storing section 19 that stores a key image, a function executing section 33 that executes or stops a predetermined function, and an authenticating section 31 that makes the imaging section 15 take an image and performs authentication processing, based on the taken image and the key image. When the function executing section 33 receives execution operation of the predetermined function from the operating section 12, and if authentication can be obtained within a predetermined time period, when taking an image by the imaging section 15 and the authentication processing by the authenticating section 31 are executed, the function executing section maintains execution of the predetermined function, after the predetermined time period has passed; and if the authentication cannot be obtained within the predetermined time period, the function executing section stops the predetermined function, after the predetermined time period has passed. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an electronic device that can be used by user authentication.

Patent document 1 discloses a portable terminal device.
The portable terminal device of Patent Literature 1 authenticates the user with the captured image of the user and releases the lock.

JP 2009-159542 A

  However, when the authentication process is executed as in Patent Document 1, the user cannot use the portable terminal device until the authentication process is completed.

  An electronic apparatus according to a first aspect of the present invention includes an imaging unit, an operation unit that receives an operation from the outside, a storage unit that stores a key image, a function execution unit that executes or stops a predetermined function, and the imaging unit A recognition unit that performs an authentication process based on the captured image and the key image. When the function execution unit receives an execution operation of the predetermined function from the operation unit, the imaging unit performs imaging. And when executing the authentication process by the authentication unit, if the authentication is obtained within a predetermined time, the execution of the predetermined function is maintained even after the predetermined time, and the authentication is performed within the predetermined time. Is not obtained, the predetermined function is stopped after the predetermined time.

  Preferably, the display unit may further include a display unit, and the recognition unit may authenticate the captured image without causing the display unit to display the captured image of the imaging unit.

  Preferably, the display unit may display a screen based on the predetermined function while the captured image is being authenticated by the recognition unit.

  Preferably, the function execution unit may cause the imaging unit to perform tracking imaging until the authentication is obtained within the predetermined time.

  Preferably, the recognition unit authenticates when a coincidence rate between the captured image and the key image exceeds a predetermined value within the predetermined time, and the function execution unit responds to the predetermined function to be executed. The predetermined value may be changed.

  Preferably, the function execution unit may change the predetermined time according to the predetermined function to be executed.

  Preferably, the storage unit further stores user personal information, and the recognition unit may shorten the predetermined time when the predetermined function is a function using the user personal information. .

  Preferably, a position measuring unit is further provided, and the recognizing unit may lengthen the predetermined time when its own position measured by the position measuring unit is a predetermined position.

  In the present invention, the adverse effect of the user authentication process can be improved.

FIG. 1 is an external view of a mobile phone according to an embodiment of the present invention. FIG. 2 is a hardware configuration diagram of the mobile phone of FIG. FIG. 3 is a block diagram showing functions realized at the start of use of the mobile phone. FIG. 4 is a transition diagram of the operation mode of the mobile phone. FIG. 5 is a flowchart of the update process of the authentication result data by the mode control unit of FIG. FIG. 6 is an explanatory diagram of an example of the data structure of the safe area data of FIG. FIG. 7 is a flowchart of the authentication process of the authentication unit of FIG. FIG. 8 is a flowchart of the program activation process by the manager unit of FIG. FIG. 9 is a flowchart of a series of processing examples when the mobile phone is activated.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

FIG. 1 is an external view of a mobile phone 1 according to an embodiment of the present invention.
The mobile phone 1 includes an upper housing 101, a lower housing 102, and a hinge portion 103.
The upper housing 101 and the lower housing 102 have rectangular shapes that are substantially the same size.
The upper housing 101 and the lower housing 102 are connected by a hinge portion 103 so as to be opened and closed.
FIG. 1 shows a state in which the upper housing 101 and the lower housing 102 are opened.
The upper housing 101 is provided with a display unit 13.
The lower casing 102 is provided with an operation unit 12.
The hinge unit 103 is provided with an imaging unit 15. The imaging unit 15 is an in-camera exposed between the opened upper casing 101 and lower casing 102.

FIG. 2 is a hardware configuration diagram of the mobile phone 1 of FIG.
The mobile phone 1 includes, for example, a wireless communication unit (RF) 11, an intensity detection unit 23, an operation unit (KEY) 12, a display unit (DISP) 13, a timer (RTC) 14, and an imaging unit (CAM) 15. A voice modem unit (MODEM) 16, a GPS (Global Positioning System) unit 17, a CPU (Central Processing Unit) 18, a storage unit (MEM) 19, and a system bus 20 that connects them.

The wireless communication unit 11 establishes a communication channel with the wireless communication unit 11 of a base station (not shown), and transmits / receives communication data to / from the base station.
Then, the wireless communication unit 11 wirelessly transmits communication data included in the input signal from the CPU 18 to the base station.
The wireless communication unit 11 outputs a signal including communication data received from the base station to the CPU 18.
Communication data received by the wireless communication unit 11 from the base station includes, for example, the CSID of the base station.

Further, the wireless communication unit 11 outputs a signal based on the received radio wave to the intensity detection unit 23.
The strength detection unit 23 detects a received signal strength indicator (RSSI) value of a signal input from the wireless communication unit 11.
The intensity detection unit 23 outputs a signal including the detected electric field intensity value to the CPU 18.

The operation unit 12 has a plurality of operation keys.
Examples of the plurality of operation keys include a function key, a power key, a call key, a numeric key, a character key, and a call key.
As shown in FIG. 1, the operation keys are arranged on the front surface of the mobile phone 1.
Then, the operation unit 12 outputs a signal corresponding to the operation key operated by the user to the CPU 18.

The display unit 13 includes an LCD (Liquid Crystal Display Device), an organic EL (Electro-Luminescence) device, and the like that are not shown.
The LCD or organic EL device is disposed on the front surface of the mobile phone 1 as shown in FIG.
The display unit 13 displays display data included in the signal input from the CPU 18. Thereby, the display part 13 displays the web page etc. which contain a link, for example.

The timer 14 measures time and elapsed time.
For example, the timer 14 measures an elapsed time (for example, 5 seconds) after the operation unit 12 is operated.
The timer 14 outputs an interrupt signal to the CPU 18 when the set time or the elapsed time included in the input signal from the CPU 18 is reached.

The imaging unit 15 includes a charge coupled device (CCD) or a CMOS sensor.
As shown in FIG. 1, the CCD or CMOS sensor is disposed on the hinge portion 103 of the mobile phone 1. The CCD or CMOS sensor is an in-camera exposed between the operation unit 12 and the display unit 13 with the cellular phone 1 opened. That is, the imaging direction of the imaging unit 15 is substantially the same as the direction in which the display light of the display unit 13 is emitted.
Then, the imaging unit 15 outputs a signal including the captured image data to the CPU 18.
The operation of the imaging unit 15 is controlled by control data included in a signal input from the CPU 18. Specifically, for example, the imaging unit 15 can control the focus (focal length), the size of the imaging area (pan, zoom), and the like by control data.

The voice modem unit 16 is connected to the speaker 21 and the microphone 22.
The voice modem 16 samples the voice input to the microphone 22 and outputs a signal including voice data to the CPU 18.
The voice modem unit 16 drives the speaker 21 with voice data included in an input signal from the CPU 18.
As a result, sound corresponding to the sound data is output from the speaker 21.

The GPS unit 17 receives radio waves including satellite position information from a plurality of GPS satellites.
The GPS unit 17 calculates the position of the mobile phone 1 from the position information of a plurality of satellites by trigonometry or the like.
Then, the GPS unit 17 outputs a signal including the calculated position information of the mobile phone 1 to the CPU 18.

The storage unit 19 includes a program that can be read and executed by the CPU 18, data used by the CPU 18, and the like.
The program that can be read and executed by the CPU 18 stores a basic program of the mobile phone 1, an application program 46 shown in FIG.
The application program 46 is stored in the program area 45 of the storage unit 19.
In FIG. 3, the program area 45 stores a first application program (API1) 46_1 and a second application program (API2) 46_2.
Examples of the application program 46 include a program for browsing and selecting data and programs in the mobile phone 1, a program for changing settings of the mobile phone 1, a calling program, an e-mail program, a browser program, an electronic money program, and the like. .
When these programs are executed, these programs use the operation unit 12 and the display unit 13 as user interfaces.
The program stored in the storage unit 19 may be a program installed on a computer-readable recording medium such as a CD-ROM (Compact Disc Read Only Memory).
Further, the program stored in the storage unit 19 may be a program installed via a download medium such as the Internet.

  Data stored in the storage unit 19 includes authentication data 41, authentication result data 44, a restriction table (LIM_TBL) 99, program data 48, temporary data 50, and the like, as shown in FIG.

The program data 48 is stored in the program data area 47 of the storage unit 19.
In FIG. 3, the program data area 47 stores data (DAT1) 48_1 of the first application program 46_1 and data (DAT2) 48_2 of the second application program 46_2.
The program data 48 stored in the program data area 47 is data generated by a normally started application program 46 as will be described later.
The normally started application program can access the program data area 47 to save, update, and delete the program data 48.

The temporary data 50 is stored in the temporary data area 49 of the storage unit 19.
In FIG. 3, the temporary data area 49 stores temporary data (T_DAT1) 50_1 of the first application program 46_1 and temporary data (T_DAT2) 50_2 of the second application program 46_2.
As will be described later, the temporary data 50 stored in the temporary data area 49 is data generated during the restricted period by the application program 46 that has been activated in a restricted manner.
The limitedly activated application program 46 can access the temporary data area 49 to save, update, and delete the temporary data 50.
However, the limitedly activated application program 46 cannot be used for the program data 48 in the program data area 47. Or it can only be referenced.

The authentication result data 44 has a value corresponding to the user authentication result by the mobile phone 1.
In the authentication result data 44, a value corresponding to the authentication result is written.
Then, the authentication result data 44 has any one of the value of the user unauthenticated state, the value of authenticating the user by the authentication process, and the value of not authenticating the user by the authentication process according to the authentication state. .

The CPU 18 is a computer that executes a program.
And the control part of the mobile telephone 1 is implement | achieved because CPU18 runs the program memorize | stored in the memory | storage part 19. FIG.
The control unit controls the operation of the mobile phone 1.

FIG. 3 is a block diagram illustrating functions implemented in the mobile phone 1 when the user starts using the mobile phone 1.
When the use of the mobile phone 1 is started, the CPU 18 implements a face recognition unit 31, a mode control unit 32, a manager unit 33, a recovery unit 34, and a reflection unit 35.

The mode control unit 32 sets the operation mode of the mobile phone 1.
FIG. 4 is a transition diagram of the operation mode of the mobile phone 1.
The operation mode of the mobile phone 1 in FIG. 1 includes a start mode 61 and a standby mode 62.
The activation mode is a mode in which the CPU 18 can execute the application program 46 and the like.
The standby mode 62 is a mode in which the application program 46 is not executed by the CPU 18.
The standby mode 62 is a kind of standby mode in which the power consumption of the mobile phone 1 is suppressed.
Further, when the state of the standby mode 62 continues for a predetermined elapsed time, the mobile phone 1 enters a locked state.
The mode control unit 32 then updates the operation mode of the mobile phone 1 from the start mode 61 to the standby mode 62 when, for example, a state where the operation unit 12 is not operated continues for a predetermined time.
For example, when the operation unit 12 is operated or the mobile phone 1 is opened, the mode control unit 32 updates the operation mode of the mobile phone 1 from the standby mode 62 to the activation mode 61.

FIG. 5 is a flowchart of the update process of the authentication result data 44 by the mode control unit 32.
In the update process of the authentication result data 44, the mode control unit 32 determines the operation mode of the mobile phone 1 (step ST1).
When the mobile phone 1 is in the standby mode 62, the mode control unit 32 updates the value of the authentication result data 44 to a value in the user unauthenticated state (step ST2).
When the mobile phone 1 is in a mode other than the standby mode 62, the mode control unit 32 ends the process of FIG. 5 without updating the value of the authentication result data 44 in step ST2.

The authentication data 41 is data used by the face recognition unit 31 for authentication processing.
The authentication data 41 includes key image data 42 and safe area data 43.

  The key image data 42 is, for example, user face image data captured in advance by the imaging unit 15 of the mobile phone 1. The key image data 42 is compared with authentication captured image data that the face recognition unit 31 acquires from the imaging unit 15 during authentication.

The safe area data 43 is data indicating a range of spots where the mobile phone 1 can be used safely.
An example of the safety area is a user's home.
The safe area data 43 is stored in advance in the storage unit 19 by a pre-operation of the operation unit 12 of the mobile phone 1.

FIG. 6 is an explanatory diagram of an example of the data structure of the safe area data 43.
The safe area data 43 includes a plurality of records for each base station received by the wireless communication unit 11 existing in the safe area.
The record of each base station includes the CSID of the base station and the reception strength value (RSSI value).
6 includes the CSID and RSSI values of the three base stations.
Note that the wireless communication unit 11 receives CSIDs of a plurality of base stations by open search processing. At this time, the intensity detector 23 detects the intensity of the received radio wave from each base station.
Then, when the user operates the operation unit 12 while the mobile phone 1 is present in the safe area, the safe area data 43 is stored in the storage unit 19. That is, the location of the safe area is specified based on the reception strength from a plurality of base stations.

The face recognition unit 31 in FIG. 3 authenticates the user of the mobile phone 1.
When the operation unit 12 is operated and the mobile phone 1 enters the activation mode 61, the face recognition unit 31 starts an authentication process based on face recognition.
In the authentication process, the face recognition unit 31 stores the captured face image data for authentication acquired from the imaging unit 15, the elapsed time of the timer 14, current position information such as the CSID received by the wireless communication unit 11, and storage. The face authentication data 41 stored in the unit 19 is used.
Further, the face recognition unit 31 acquires captured image data a plurality of times from the imaging unit 15 in one authentication process.
The face recognition unit 31 authenticates the user by itself without using the operation unit 12 and the display unit 13 every time new captured image data is acquired.
The face recognition unit 31 compares the image of the captured image data with the image of the key image data 42 to obtain a degree of coincidence.
Further, the face recognition unit 31 updates the value of the authentication result data 44 in accordance with the result of the authentication process.
As described above, the face recognition unit 31 authenticates the user by itself without using the operation unit 12 and the display unit 13, so that the application function can use the operation unit 12 and the display unit 13 during the authentication process.

FIG. 7 is a flowchart of the authentication process of the face recognition unit 31 in FIG.
In the authentication process, the face recognition unit 31 determines whether the user has operated the operation unit 12 (step ST11).
When there is a user operation, the face recognition unit 31 acquires captured image data for authentication from the imaging unit 15 (step ST12).
The face recognition unit 31 reads the key image data 42 and calculates the degree of coincidence between the key image data 42 and the captured image data (step ST13).
In the calculation of the degree of coincidence between images, various types of calculation processing used for general matching determination processing can be used.
For example, the face recognizing unit 31 extracts feature points of each image, and calculates the degree of coincidence of the images based on the similarity relationship between the distributions of the feature points.

After calculating the degree of coincidence, the face recognition unit 31 performs chase focus processing (step ST14).
The chase focus process refers to a process for controlling the imaging by the imaging unit 15 in order to improve the accuracy of the next image captured by the imaging unit 15.
For example, when the captured image data includes a part of the feature points of the key image data 42, the face recognition unit 31 causes the next captured image data to include all of the feature points of the key image data 42. 15 to enlarge or shift the imaging area.
As a result, the imaging unit 15 follows the user's face so that the user's face is suitably imaged independently of the user's operation. As a result, there is no need to display an image or an imaging frame for matching the face on the display unit 13.

After the chase focus process, the face recognition unit 31 determines whether or not the mobile phone 1 is located in the safety area.
Specifically, the face recognition unit 31 acquires current position information such as CSID received by the wireless communication unit 11 (step ST15).
The face recognition unit 31 reads the safe area data 43 and compares the current position information with the position information of the safe area data 43 (step ST16).
For example, when the CSID and RSSI value of one base station included in the current position information match those included in the safe area data 43, the face recognition unit 31 causes the mobile phone 1 to be within the safe area. Judge that it is located.
When located in the safety area, the face recognition unit 31 sets the determination level value to be compared with the value of the matching level to a low level (step ST17).
This is because it is unlikely that anyone other than the user will use the mobile phone 1 in the safe area.

Further, when the CSID and RSSI value of any base station included in the current position information are not included in the safe area data 43, the face recognition unit 31 determines that the mobile phone 1 is not located in the safe area. To do.
The face recognizing unit 31 sets the determination level value to be compared with the coincidence value to a normal high level (step ST18).

After the process of determining the position of the mobile phone 1, the face recognition unit 31 compares the calculated degree of coincidence with the set determination level value (step ST19).
If the degree of coincidence is greater than or equal to the determination level value, the face recognition unit 31 updates the determination result data to a value obtained by authenticating the user by the authentication process (step ST20).

If the degree of coincidence is not equal to or greater than the determination level value, the face recognition unit 31 checks the elapsed time of the timer 14 (step ST21).
If the elapsed time from step ST11 has not exceeded the predetermined timeout time, the face recognition unit 31 repeats the processing from step ST12 to step ST19.
The face recognition unit 31 repeatedly acquires the captured image data for authentication until a predetermined elapsed time is measured by the timer 14 in step ST21.
Further, in step ST21, when it is determined that the elapsed time from step ST11 has passed a predetermined timeout time (for example, a time of about several seconds), the face recognizing unit 31 receives the determination result data as a user through authentication processing. It is updated to a value that has not been authenticated (step ST22).

The manager unit 33 in FIG. 3 manages the execution of the application program 46 selected by the operation unit 12 and starts and stops the application program 46 selected by the operation unit 12. That is, the manager unit 33 controls execution and stop of a predetermined function in the mobile phone 1.
The manager unit 33 controls the activation and stop of the application program 46 using the authentication data 41 stored in the storage unit 19 and the restriction table 99.
When the application program 46 to be activated is selected by the operation unit 12, the manager unit 33 activates the application program 46 even if the authentication processing by the face recognition unit 31 is not completed.
At this time, the manager unit 33 reads the authentication result data 44 and determines whether or not the authentication process by the face recognition unit 31 has been completed.
In addition, the manager unit 33 determines whether the application program 46 is to be activated normally or restricted activation.
In the case of restricted activation, the manager unit 33 reads the restriction table 99 and determines the restriction state of the application program 46.
For example, when the application unit 46 is activated before the authentication processing by the face recognition unit 31 is completed, the manager unit 33 activates the application program 46 within the range of restriction contents in the restriction table 99.
When the application program 46 to be stopped is selected by the operation unit 12, the manager unit 33 stops the application program 46.

FIG. 8 is a flowchart of the program activation process by the manager unit 33 of FIG.
When an activation instruction for the application program 46 is input from the operation unit 12 (step ST31), the manager unit 33 executes a program activation process.
In the activation process, the manager unit 33 reads and determines the authentication result data 44 (step ST32).

When the authentication result data 44 is a value obtained by authenticating the user by the authentication process, the manager unit 33 causes the CPU 18 to execute the application program 46 instructed to start (step ST33).
In this case, the application program 46 is normally activated.
The application program 46 can directly access each program data 48 stored in the storage unit 19 and update or delete this data.

  When the authentication result data 44 is a value that does not authenticate the user by the authentication process, the manager unit 33 does not cause the CPU 18 to execute the application program 46 instructed to start (step ST34).

When the authentication result data 44 is a value of the user unauthenticated state, the manager unit 33 reads the restriction table 99 (step ST35).
Then, the manager unit 33 causes the CPU 18 to execute the application program 46 instructed to start under the restriction of the restriction table 99 (step ST36).
In this case, the application program 46 is restricted and activated.
The application program 46 can access temporary data 50 different from the program data 48 stored in the storage unit 19 and update or delete this data.
Further, the application program 46 that is activated in a limited manner cannot update or delete each program data 48 stored in the storage unit 19.

Further, when the authentication result data 44 read at the time of activation is a value of the user unauthenticated state, the manager unit 33 periodically checks the authentication result data 44.
The manager unit 33 periodically checks the authentication result data 44 until the authentication result data 44 becomes a value obtained by authenticating the user by the authentication process or a value obtained by not authenticating the user by the authentication process.
Then, when the value of the authentication result data 44 is updated to a value obtained by authenticating the user by the authentication process, the manager unit 33 changes the application program 46 that has been activated with restriction to normal activation.
As a result, the application program 46 that has been activated in a limited manner enters a normal activation state.
The normally started application program 46 can access each program data 48 stored in the storage unit 19 and update or delete this data.

In the restriction table 99 of FIG. 3, data for restricting the activation of the application program 46 before the authentication processing by the face recognition unit 31 is completed is stored for each program.
The restriction data for each program includes, for example, data indicating permission or disapproval of starting each program, data indicating permission or disapproval of use of each function of the program, and data indicating the content of the function restriction of each function. Including.

By the way, as an operation that the user may operate before authentication, for example, an operation of a function that is not subject to operation prohibition and has a high frequency of operation by the user, or is not subject to operation prohibition, and the user's operation urgency level is It may be a highly functional operation.
The restriction table 99 includes data on the contents of prohibition, function disapproval, or function restriction of the application program 46 other than A or B.
Specific examples are shown below.

For example, programs or functions that are subject to operation prohibition include user data deletion processing, processing for transmitting / transferring user data to the outside (email transmission, infrared transmission, Bluetooth data transmission, copying to an external device (microSD), browser upload), Wallet charging processing, browsing operation (data folder file / mail / phone book / call / call history / memo pad / bookmark / browser saved history / browser history, etc.), security password change, or camera operation during face authentication.
These programs or functions cannot be restored to the original state when the user is not authenticated, and it is desirable that these programs or functions be subject to operation prohibition from the viewpoint of security.
Further, the program or function that is the operation prohibition target may be a fixed setting by the manufacturer or may be changed by the operation of the operation unit 12 by the user.

  In addition, the manager unit 33 may manage the number of activations for each application program 46, and a function or program having a high user operation frequency (for example, the above five functions) may be activated before user authentication.

Further, the manager unit 33 may manage the number of activations immediately after activation for each application program 46, and a function or program having a high user operation frequency (for example, the above five functions) may be activated before user authentication.
As a result, a function that is desired to be used immediately after the user holds the mobile phone 1 can be activated before user authentication.
A specific example of the function is mail creation. However, it is not sent before authentication.
A specific example of the function is calling. However, if user authentication fails, disconnect at that point.
A specific example of the function is registration in a telephone directory. However, it is not stored in the application data before authentication.
A specific example of the function is creation of a notepad. However, it is not stored in the application data before authentication.
In addition to this, it is considered that the number of programs or functions that are subject to operation prohibition increases as functions installed in the mobile phone 1 increase.

The recovery unit 34 in FIG. 3 periodically reads the authentication result data 44.
For example, the restoration unit 34 periodically checks the authentication result data 44 until the authentication result data 44 becomes a value obtained by authenticating the user by the authentication process or a value obtained by authenticating the user by the authentication process.
Then, the restoration unit 34 deletes the temporary data 50 from the storage unit 19 when the authentication result data 44 is updated to a value that did not authenticate the user by the authentication process.
Thereby, the data memorize | stored in the mobile telephone 1 return to the state before a restriction | limiting start.

The reflection unit 35 periodically reads the authentication result data 44.
The reflecting unit 35 periodically checks the authentication result data 44 until, for example, the authentication result data 44 becomes a value obtained by authenticating the user by the authentication process or a value obtained by not authenticating the user by the authentication process.
Then, the reflection unit 35 updates the program data 48 with the contents of the temporary data 50 when the authentication result data 44 is updated to a value obtained by authenticating the user by the authentication process.
As a result, the contents of the temporary data 50 generated by the application program 46 that is being activated in a limited manner are reflected in the program data 48 for the application program 46.

Next, an example of the overall activation process of the mobile phone 1 in FIG. 1 will be described.
FIG. 9 is a flowchart of a series of processing examples when the mobile phone 1 is activated.

When the mobile phone 1 is locked in the standby mode (step ST41) and the operation unit 12 is operated (step ST42), the mobile phone 1 changes from the standby mode 62 lock state to the start mode 61.
Thereby, the lock | rock of the mobile telephone 1 is cancelled | released and the execution of the application program 46 is attained. Therefore, the application program 46 can be activated by the operation of the operation unit 12 by the user.
Note that the authentication result data 44 at this time is a value of the user unauthenticated state.

When the operation unit 12 is operated, the face recognition unit 31 executes an authentication process based on image determination of a face or the like (step ST43).
Moreover, the timer 14 measures the elapsed time since the operation part 12 was operated (step ST44).
In the authentication process, the face recognition unit 31 automatically controls the imaging unit 15 without using the operation unit 12 and the display unit 13 and executes the authentication process.

When the user operates the operation unit 12 during the authentication process, and the operation unit 12 instructs the activation of the application program 46, the manager unit 33 executes the activation process of the application program 46 (step ST45).
The manager unit 33 activates the application program 46 except when the restriction table 99 prohibits activation of the application program 46.
Further, the manager unit 33 activates the application program 46 in a restricted manner when a part of the function of the application program 46 is restricted by the restriction table 99.

Thereafter, when the face recognition unit 31 authenticates the user, the face recognition unit 31 updates the authentication result data 44 to a value obtained by authenticating the user by the authentication process (step ST46).
The manager unit 33 releases the locked state of the mobile phone 1 and switches the application program 46 that has been limitedly activated to normal activation (step ST47).
The reflection unit 35 updates the program data 48 corresponding to each application program 46 with the temporary data 50.
As a result, the application program 46 that has been activated in a limited manner is executed without user function restriction using the program data 48 after user authentication.

When the face recognition unit 31 times out without authenticating the user (step ST48), the face recognition unit 31 updates the authentication result data 44 to a value that did not authenticate the user by the authentication process.
Further, the face recognition unit 31 displays an error indicating failure of face authentication on the display unit 13 (step ST49).
The manager unit 33 stops the application program 46 that is being activated in a limited manner (step ST50).
The recovery unit 34 deletes the temporary data 50 from the storage unit 19 (step ST51).
As a result, the data generated by the application program 46 that was started in the function restriction state before authentication is deleted from the mobile phone 1.
All operations performed during the authentication process are invalidated.
For example, if you are making a call, the call will be disconnected.
In addition to this, for example, when an operation of telephone directory registration is performed, all input registration data is deleted.
The display unit 13 returns to the standby screen.
The state of the mobile phone 1 returns to the locked state before the application program 46 is executed (step ST52).

As described above, in this embodiment, the user can use the function of the mobile phone 1 before user authentication.
The user does not have to wait for the use of the application program 46 until the application program 46 can be used after starting the operation of the mobile phone 1.

In the present embodiment, the user is authenticated by face authentication using the in-camera of the mobile phone 1. That is, since the imaging unit 15 performs face authentication on the face of the user who is operating the mobile phone 1, the user does not need to be aware of unlocking.
Therefore, it is not necessary for the user to release the security lock.
The user can use the mobile phone 1 without performing a security lock release operation.

In the present embodiment, when face authentication fails, the application program 46 is stopped and the data is restored to the original state.
Therefore, even if the mobile phone 1 becomes available before authentication, if the authentication becomes impossible after that, the data stored in the past is held as it is.

In the authentication process of this embodiment, automatic face authentication using an in-camera is executed.
For this reason, if there is a face in a range where the imaging unit 15 can shoot, face authentication is possible.
Further, it is not necessary for the user to change the orientation of the mobile phone 1 so that the face is reflected on the imaging unit 15.
Therefore, the user's operation using the display unit 13 and the operation unit 12 is not hindered.
Further, the face authentication process can be automatically executed simultaneously with the user's operation.

In the authentication process of the present embodiment, the face recognition matching rate is set low in the “safe area”.
Therefore, in the “safe area”, the authentication can be ended substantially earlier than the face authentication in the normal setting.
That is, it is unlikely to be used by others, such as at home, and in a safe place where the security may be relatively low, a problem does not easily occur even if the recognition rate of face recognition is slightly reduced.
In addition, by slightly reducing the recognition recognition rate of face recognition, it is possible to determine that face authentication is OK substantially early and end the authentication process.
Thereby, in the “safe area”, it is possible to shorten the time until the restriction of the application program 46 is released, and the usability is improved.

  The above embodiment is an example of a preferred embodiment of the present invention, but the present invention is not limited to this, and various modifications or changes can be made without departing from the scope of the invention.

For example, in the above embodiment, the face recognition unit 31 starts the authentication process by operating the operation unit 12.
In addition to this, for example, the mobile phone 1 is provided with an open / close detection unit that detects opening / closing of the upper housing 101 and the lower housing 102, and the face recognition unit 31 starts authentication processing by detecting the open / close detection unit. May be.

In the above-described embodiment, the face recognition unit 31 performs the face recognition determination process based on the predetermined condition until the degree of coincidence exceeds the determination level while performing the time-out time determination and the safety area position determination as illustrated in FIG. Is repeated.
In addition to this, for example, the face recognition unit 31 may execute a different determination process for each activated function (application program 46).
For example, the functions of the mobile phone 1 include a calculator function and an electronic money function.
The calculator function is realized in the mobile phone 1 by the manager unit 33 executing the calculator application program 46.
The electronic money function is realized in the mobile phone 1 by the manager unit 33 executing the application program 46 for electronic money.
In the calculator function, four arithmetic operations input from the operation unit 12 are executed and displayed on the display unit 13. The user's personal information is not used.
On the other hand, in the electronic money function, personal information of the user such as the remaining amount is used.
In such a case, the face recognizing unit 31 may acquire information on a function to be activated from the manager unit 33, and change the timeout period, the determination level, and the range of the safety area according to the activated function.
For example, when the electronic money function is activated, the time-out time is shortened, the determination level is increased, and the safety area is narrowed as compared with the case where the electronic calculator function is activated.
Thereby, it is possible to optimize both security and convenience according to the function.
In addition to this, as a function of using the user's personal information, there is an e-mail transmission / reception function.
Other functions that do not use the user's personal information include a new e-mail creation function.

In the above embodiment, the face recognition unit 31 determines whether or not it is within the safety area based on the CSID and RSSI value of the base station.
In addition to this, for example, the face recognizing unit 31 may determine the position of the mobile phone 1 based on position information from the GPS unit 17.
However, the GPS unit 17 generally executes position information acquisition processing based on an instruction from the face recognition unit 31 in the startup mode.
On the other hand, the wireless communication unit 11 receives the CSID of the base station in the standby state.
For this reason, the face recognizing unit 31 can immediately obtain the position information necessary for the authentication process by using the CSID of the base station rather than the position information by the GPS unit 17.

In the above embodiment, the application program 46 before authentication stores the generated data in the temporary data area 49.
In addition, for example, the application program 46 before authentication may store the generated data in the program data area 47.
In this case, the temporary data area 49 is not necessary.
When the user is not authenticated by the face recognition unit 31, the restoration unit 34 uses the program data changed by the activation of the application program 46 before the authentication process, for example, by the backup data at the time of update. Return to the data.

Further, in the above embodiment, when the authentication result data becomes “not yet” in the authentication result data determination step ST32, the process proceeds to the acquisition process of the restriction table 99 in step ST35.
In addition to this, for example, when the authentication result data becomes “not yet”, the process may proceed to a stop process in step ST34.

The above embodiment is an example of the mobile phone 1.
In addition, for example, the present invention can be applied to communication devices such as a PHS (Personal Handy phone System) terminal, a personal computer terminal, a PDA (Personal Data Assistance), and a portable game device.

DESCRIPTION OF SYMBOLS 1 ... Mobile telephone (electronic device), 11 ... Wireless communication part (position measurement part), 12 ... Operation part, 13 ... Display part, 14 ... Timer, 15 ... Imaging part, 19 ... Memory | storage part, 31 ... Face recognition part ( Authentication unit), 32 ... mode control unit, 33 ... manager unit (function execution unit), 42 ... key image data, 43 ... safety area data

Claims (8)

An imaging unit;
An operation unit that accepts operations from outside,
A storage unit for storing key images;
A function execution unit for executing or stopping a predetermined function;
A recognition unit that causes the imaging unit to perform imaging and performs an authentication process based on the captured image and the key image,
The function execution unit is
When an execution operation of the predetermined function is received from the operation unit, when the authentication is obtained within a predetermined time when performing the imaging by the imaging unit and the authentication process by the authentication unit, the predetermined function An electronic device that maintains the execution of the predetermined function even after the time and stops the predetermined function after the predetermined time if the authentication is not obtained within the predetermined time. The electronic device according to claim 1,
A display unit;
The recognition unit
An electronic apparatus that authenticates the captured image without causing the display unit to display the captured image of the imaging unit. The electronic device according to claim 2,
The display unit
An electronic device that displays a screen based on the predetermined function while the recognition unit authenticates the captured image. The electronic device according to any one of claims 1 to 3,
The function execution unit is an electronic device that causes the imaging unit to track and image a subject until the authentication is obtained within the predetermined time. The electronic device according to any one of claims 1 to 4,
The recognizing unit authenticates when a matching rate between the captured image and the key image exceeds a predetermined value within the predetermined time,
The function execution unit is an electronic device that changes the predetermined value according to the predetermined function to be executed. An electronic device according to any one of claims 1 to 5,
The function execution unit changes the predetermined time according to the predetermined function to be executed. The electronic device according to claim 6,
The storage unit further stores user personal information,
The recognition unit
An electronic device that shortens the predetermined time when the predetermined function is a function of using the user personal information. The electronic device according to any one of claims 1 to 7,
A position measurement unit;
The recognition unit
An electronic device that lengthens the predetermined time when the position measured by the position measuring unit is a predetermined position.

Images