JP2011108048A - Biometric authentication device and network distribution service system of content - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent spoofing when a pattern of a fingerprint is copied in fingerprint biometric authentication or the like. <P>SOLUTION: A CPU 42 reads a program or data for authentication from a ROM 43, records image data output from a fingerprint detection slit 41 in a RAM 44, and then executes image conversion and feature point extraction according to a predetermined rule, or the like, transmits information identifying an individual via a communication interface 45, and receives an authentication result. The CPU 42 stores the number of knocks in addition to normal straight movement of a finger, and extracts a feature point while obliquely reading an image and generating a rotated image to achieve individual authentication by adding the movement of the finger of the user in fingerprint scanning. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a biometric authentication apparatus and a content network distribution service system, and more particularly, to a system including means for verifying the identity or authority of a user of the system.

The following techniques are known for biometric authentication.
Patent Document 1 discloses a technique for performing network distribution of content more safely. More specifically, in claim 1 and paragraphs 0049 to 0051, “The user terminal uses the fingerprint sensor to acquire the biometric information of the user and transmits the encrypted fingerprint data to the server. In paragraph 0081, “It can also be used to restrict use when used by a plurality of families at home.” And paragraph 0139 contains “Palmprint, face, iris, retina in addition to fingerprints”. Blood vessel patterns, palm shapes, handwriting, voiceprints, etc. can be used. "

That is, a user's biometric information is acquired using a fingerprint sensor and used for parental restrictions.
Patent Document 2 discloses a technology that uses biometric authentication for content distribution without depending on an external business operator. More specifically, in paragraph 0020, “Acquire biometric information such as fingerprints, veins, and irises in a terminal device and manage it together with user information.”, The biometric information is acquired and used as user information. Yes.
Patent Document 3 discloses a technique for preventing use of a device by an inappropriate user in a home. More specifically, in claim 1, paragraphs 0016 to 0018, and FIG. 2, “Perform biometric authentication at the time of power-on of the device and perform content use rank determination by personal authentication”. In paragraph 0020, fingerprints and vein patterns are listed as biometric information. That is, biometric authentication is performed using a fingerprint or vein pattern.

Patent Document 4 discloses a technique that enables imaging of a wide range of vein images. More specifically, the importance of personal authentication in the network society is cited as paragraph 0002 and background art. In paragraph 0013, when biometric authentication is performed, authentication is performed based on both fingerprint and vein layer images.
Patent Document 5 discloses a technique for simultaneously obtaining a fingerprint and a blood vessel image using a two-dimensional image sensor. More specifically, in the biometric authentication apparatus, both images are obtained simultaneously using illumination for fingerprints and blood vessel images.

  Alternatively, the basic configuration of a conventional IPTV or the like that does not perform such biometric authentication is performed by using MarineBB or a security card.

JP 2001-312284 A JP 2006-072709 A JP 2007-305263 A JP 2009-165630 A JP 2007-299085 A

In biometric authentication such as fingerprints, there is a problem that if the pattern itself is copied, the person can be camouflaged.
On the other hand, when biometric authentication is not performed, it has not been possible to simply perform personal identification in the home. As a result, parental control corresponding to violent scenes and adult content was insufficient.
The present invention makes it easy and reliable to set a content security gateway in a basic configuration of IPTV as a content network distribution service.

The present invention is a biometric authentication device having a fingerprint authentication means for detecting a user's fingerprint and performing personal authentication, and used for a content network distribution service, which can operate a user's individual finger during fingerprint scanning As a configuration, second authentication support means capable of personal authentication corresponding to the operation is provided.
In such a configuration, the biometric authentication device used for the content network distribution service has fingerprint authentication means, and can perform personal authentication by detecting the fingerprint of the user. In addition to this, the second authentication support means enables the user's individual finger operation during fingerprint scanning and performs personal authentication corresponding to the operation.
That is, a finger action (action) that only the person remembers at the time of reading is added, and authentication is not established only by copying the fingerprint pattern. Therefore, camouflaging becomes difficult.

As an example of the operation of the finger, the second authentication support means is configured to perform authentication by an operation in which the user knocks the fingertip during fingerprint scanning.
More specifically, the number of knocks individually input during fingerprint scanning is compared with the number of knocks stored in advance, and authentication is performed based on whether or not they match.

  For example, before the fingerprint scan starts, the user knocks three times and then scans the fingerprint. Keep this count secret. Then, every time the same number of times of knocking is performed, fingerprint scanning is performed. In movie scenes, a copy of a fingerprint may be read to impersonate the person. However, since the number of knocks is used for authentication as the second authentication support means, it is impossible to impersonate the person simply by copying.

In addition to the finger movement that only the person remembers, the action of moving the finger diagonally and zigzag is possible.
For this reason, the second authentication support means performs the scanning of the fingerprint with a slit-shaped fixed line sensor, and when the user moves perpendicularly to the line sensor when registering the fingerprint, the width of the line sensor It is registered by performing oblique reading that moves the finger horizontally along the direction, and at the time of authentication, it performs oblique reading that moves horizontally along the width direction of the line sensor in the same way as during registration, and the personal information based on the fingerprint at the time of registration The authentication may be performed by comparing personal information based on the fingerprint at the time of authentication.

In executing this, a configuration having a predetermined range of tolerance as the angle deviation at the time of oblique reading may be employed.
At that time, in order to allow the angle deviation, the image of the fingerprint scanning at the time of authentication is converted into an image, the image is obliquely distorted within a predetermined deviation angle range, and the authentication is performed with the personal information based on the converted fingerprint image. It is good also as a structure to perform.
As such tolerance, the angle of deviation may be ± 10%.
Usually, in fingerprint scanning having a slit-shaped line sensor, a finger is moved straight. However, by moving this diagonally or zigzag, the fingerprint image is distorted according to certain rules. This operation is also kept secret. When authenticating, it is always moved diagonally or zigzag in the same way, but since this movement is known only by the person himself, even if a fingerprint image is copied, the fingerprint scan for authentication can be performed correctly unless this operation is known. Absent.
In addition to this, the biometric authentication may be configured to perform still pattern authentication in addition to the fingerprint authentication.
Fingerprint authentication and still print authentication are biometric authentications from completely different viewpoints, but fingerprint scanning and still print shooting are targeted at the same finger, so that the authentication system can be improved in addition to the convenience of being able to authenticate at once. Connected.

  As a specific example of the content network distribution service system using the biometric authentication device as described above, the following application is possible. That is, it consists of a content distribution side, a content reception side, and a communication network between them. The reception side connects to the content server on the distribution side via the communication network, and from the content server Corresponding to the reception of content, connection approval for reception from the content server, and personal authentication for reception restriction as parental restriction, the distribution side distributes the content with the content server , A network distribution service system for content that supports distribution of content to authorized users and distribution restrictions according to personal authentication as parental restrictions, with the user's fingerprint scanning fixed in a slit shape In addition to having fingerprint authentication means for personal authentication detected by a line sensor, fingerprint scanning A second authentication support means capable of performing individual finger movements of the user at the time and capable of performing personal authentication corresponding to the movements. When moving perpendicularly to the sensor, it is registered by performing oblique reading that moves the finger laterally along the width direction of the line sensor, and at the time of authentication, it follows the width direction of the line sensor as at the time of registration. The camera is authenticated by comparing the personal information based on the fingerprint at the time of registration with the personal information based on the fingerprint at the time of authentication, and the angle deviation at the time of oblique reading is ± 10%. In addition to the above-described fingerprint authentication, biometric authentication is performed by performing still print authentication.

According to the present invention, in the authentication by fingerprint, an action that only the person himself / herself remembers at the time of reading the fingerprint is added. Therefore, the authentication is not established only by copying the pattern, and it becomes difficult to impersonate.
And since it is fingerprint authentication, the content security gateway setting becomes easy in the network distribution service system of the content including the IPTV network. And since it is simple, parental control in the home is facilitated, and as a result, commercial transactions are also facilitated.

1 is a schematic system diagram of an IPTV network. It is a figure which shows the parental control screen as a parental restriction. It is a hardware block diagram for fingerprint authentication. It is a flowchart which implement | achieves the 2nd authentication corresponding | compatible means corresponding to the frequency | count of knock. It is a flowchart which implement | achieves the 2nd authentication corresponding | compatible means corresponding to diagonal reading. It is a figure which shows image conversion as a countermeasure of the angle shift at the time of diagonal reading. It is a figure which shows the other example of image conversion. It is a hardware block diagram in the case of performing a static print authentication in addition to a fingerprint authentication.

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.
FIG. 1 is a schematic system diagram of an IPTV network in which the biometric authentication device of the present invention is used. IPTV is a type of network distribution service that distributes content via a network, and a system that provides this service is called a network distribution service system.

This IPTV network includes a content distribution side, a content reception side, and a communication network between them.
The distribution side 10 distributes the content itself via the open Internet 11, and content viewing restrictions and the like are realized by communication via the core network 12. That is, the content server 13 on the distribution side is connected to the open Internet 11, but the IPTV service is used to approve the connection for reception from the content server 13 and permit the distribution of the content to the approved user. 15 can be connected to the service platform 14 via the core network 12.

The receiving side 20 is connected to the open Internet 11 and the core network 12 via an access network 21 for access, and has a WAN gateway 22 for connecting to the access network 21.
Further, the ID management control unit 23 manages the approval of the connection for reception from the content server 13, connects to the IPTV service 15, and obtains the approval by the ID and password. In addition, content is received from the content server 13 via the IP media service gateway 24 and the application gateway 25.

  In distributing contents, parental restrictions can be used, and the personal authentication unit 26 is used for each user in order to identify the user. The personal authentication unit 26 provides various parental restrictions in cooperation with the IPTV service 15 by specifying a user by biometric authentication. That is, the personal authentication unit 26 corresponds to personal authentication for reception restriction as parental restriction, and the IPTV service 15 corresponds to distribution restriction according to personal authentication as parental restriction.

FIG. 2 is a diagram showing a parental control screen.
Parental restriction is a function that disables viewing in advance depending on the content contained in the content, or restricts the output of video and audio during viewing, and sets the content content to be restricted in advance on the parental control screen To do. In the example of this figure, it is possible to limit a movie as content and a television program as content. If the content is a movie, G, PG, PG-13, and R rates are set. If the content is a television program, TV-Y, TV-Y7, TV-G, TV-PG, TV- 14, TV-MA rate is set. Whether or not the user can set the parental control screen is authenticated by the personal authentication unit 26.

FIG. 3 is a block diagram showing a hardware configuration used for fingerprint authentication as biometric authentication.
Fingerprint scanning is performed using a fingerprint detection slit 41 that is disposed with a line sensor exposed in a slit-like opening. The line sensor is fixed, and the user moves his / her finger in a direction orthogonal to the line sensor to read the fingerprint pattern. The CPU 42 reads an authentication program and data from the ROM 43, records the image data output from the fingerprint detection slit 41 in the RAM 44, and then performs image conversion, feature point extraction according to a predetermined rule, and the like to identify an individual. Information is transmitted via the communication interface 45 and an authentication result is received. This hardware configuration corresponds to fingerprint authentication means.

Hereinafter, two patterns for performing personal authentication by fingerprint scanning will be described.
FIG. 4 is a flowchart corresponding to the authentication fingerprint scanning (1) program used for personal authentication. In this personal authentication, in addition to matching the pattern of fingerprint scanning, the number of knocking operations of knocking the fingertip prior to fingerprint scanning is also used for authentication. That is, the user knocks the fingerprint detection slit 41 a plurality of times before scanning the fingerprint. This number of knocks is registered in advance by the IPTV service 15 at the time of fingerprint registration, and should be kept secret like the personal identification number. Therefore, when performing fingerprint authentication, it is preferable to cover the periphery of the fingerprint detection slit 41 with a cover so that the number of times the user has knocked cannot be seen from the outside.

  First, in step 51, the CPU 42 inputs a knock operation by the user based on the output image data from the fingerprint detection slit 41, and in step 52, the number of knocks is temporarily stored in the RAM 44. Subsequently, in step 53, the result of fingerprint scanning by the user is received from the fingerprint detection slit 41 as a fingerprint image. In step 54, feature points of the fingerprint are extracted from the fingerprint image. If the required number of feature points can be extracted, the number of knocks temporarily stored in step 55 and the information on the extracted feature points are transmitted to the authentication destination, here, the IPTV service 15 via the communication interface 45 in step 55. Note that fingerprint scanning in step 53 and feature point extraction in step 54 are performed until the necessary number of feature points can be extracted.

  In step 56, the CPU 42 receives the authentication result via the communication interface 45, and in step 57, reflects the authentication result. Specifically, if the user who performed the fingerprint scan is a person who can set the parental restrictions registered in advance in the IPTV service 15, the user opens the parental control screen according to the operation to open the parental control screen. Can be set. However, when a child or the like has performed mischief, he is not a person who can set parental restrictions. Therefore, even if the parental control screen is opened, the parental control screen is not opened. Therefore, the parental restriction set by the parent cannot be changed by the child.

From another viewpoint, when a user authenticates himself / herself during viewing, a parental restriction set as corresponding to the user can be applied. For example, an adult user is set as a state where no parental restrictions are applied, and a child user is set as a state where parental restrictions are applied. When viewing, personal authentication is performed with the fingerprint detection slit 41, and if the child views, the parental restriction can be viewed with the parental restriction for the child. If the parent watches, the parental restriction is lifted. You can watch IPTV.
In this way, the number of knocks individually input during fingerprint scanning is compared with the number of knocks stored in advance, and authentication is performed based on whether or not they match. Therefore, the user's individual finger operation at the time of fingerprint scanning, here, the second authentication support means that enables the input of the number of knocks individually input at the time of fingerprint scanning and enables personal authentication corresponding to the operation Is realized.

Next, a second pattern for performing personal authentication by fingerprint scanning will be described.
FIG. 5 is a flowchart corresponding to the authentication fingerprint scanning (2) program used for personal authentication. In this personal authentication, when a fingerprint scanning pattern matches, fingerprint scanning is intentionally performed obliquely and used for authentication. In other words, when a user moves perpendicularly to the line sensor when registering a fingerprint, the user performs registration by performing oblique reading in which the finger is moved laterally along the width direction of the line sensor, and at the time of registration during authentication. In the same manner as described above, oblique reading is performed by moving the line sensor horizontally along the width direction of the line sensor.

How much the finger is moved sideways should be kept private, like a personal identification number. During fingerprint authentication, the fingerprint detection slit 41 is also covered with a cover and cannot be seen from the outside. It is preferable to do so.
In step 61, fingerprint scanning is performed, and the user performs oblique reading in which the user moves laterally along the width direction of the line sensor, as in registration. Although the horizontal movement itself is a user operation, it is expected that the movement will be uneven. Therefore, in step 62, image conversion for rotating the obtained fingerprint image is performed.

FIG. 6 shows the state of this image conversion. The scanned image is read obliquely so that the base of the finger flows to the left as a whole. Since it is difficult to expect this diagonal movement to match the exact registration, it is rotated by + 10% (9 °) clockwise as shown in the figure to give a certain range of tolerance. The converted image and the image rotated counterclockwise by −10% (9 °) are obtained by image conversion. It is assumed that this image conversion program is also stored in the ROM 43.
In this way, if the image of the fingerprint scan at the time of authentication is image-converted, the image is obliquely distorted within a predetermined deviation angle range, and authentication is performed with the personal information based on the converted fingerprint image, It is possible to tolerate a deviation of the angle.

  In addition to the oblique reading that moves only in one direction, zigzag reading that changes the moving direction in the middle is also possible. FIG. 7 shows an example of a fingerprint image that has been zigzag read. In this case as well, it is considered that there is unevenness in the way of movement, so it is effective to prepare a rotated image as shown in FIG. Further, in order to cope with such unevenness, image conversion may be performed by extending 10% in the length direction or reducing the image by 10%. By doing in this way, it is possible to obtain an image in which unevenness that occurs during oblique reading including zigzag reading is artificially corrected, and it is possible to reduce false detection during authentication.

In step 63, the CPU 42 extracts the feature points of the fingerprint for each of the obtained plurality of images, and in step 64, the feature points are transmitted to the IPTV service 15 via the communication interface 45.
The IPTV service 15 receives a plurality of results as feature point extraction results for one fingerprint scan result and compares them with those of a user registered in advance. Here, if any one result matches more than the required number of feature points of the fingerprint, it is determined that the authentication is successful. There is no need to average.
The authentication result is received at step 65, and the CPU 42 reflects the authentication result at step 66 in the same manner as before.

In this example as well, in addition to the operation of moving the finger straight, normally, it is possible to perform lateral movement, which is the individual finger operation of the user during fingerprint scanning, and the personal authentication corresponding to the operation can be performed. Implements two authentication measures. Of course, even if only the fingerprint pattern can be copied, as long as the user's individual finger operation is secret, authentication cannot be established and impersonation cannot be performed.
In addition, the tolerance of about ± 10% is set as the angle deviation at the time of oblique reading, but this value is changed according to the experimental result, or the number of rotated images generated at different angles is increased. Is also possible.

In the personal authentication described above, only the fingerprint is used. However, as shown in FIG. 8, it is also possible to combine still print authentication in addition to fingerprint authentication. In the figure, in addition to the fingerprint scanning unit 71, a static pattern photographing unit 72 is provided, and an authentication circuit 73 including a CPU, ROM, RAM, and the like, and a communication interface 74 are provided.
Fingerprints are used for both fingerprint scanning and static print photography, and static print photography can be performed simultaneously with fingerprint scanning. For this reason, as described above, the individual fingerprint of the user at the time of fingerprint scanning is added, and still-print authentication is also performed in parallel, so that extremely high-precision personal authentication can be performed.

  As described above, the CPU 42 reads the authentication program and data from the ROM 43, records the image data output from the fingerprint detection slit 41 in the RAM 44, performs image conversion, feature point extraction according to a predetermined rule, and the like. Information identifying the individual is transmitted via the communication interface 45 and the authentication result is received. In addition to the normal movement of the finger in a straight line, the number of knocks is memorized and the rotated image is generated while being read obliquely. As described above, feature points are extracted, and personal authentication is realized by adding the actions of individual fingers of the user during fingerprint scanning.

Needless to say, the present invention is not limited to the above embodiments. It goes without saying for those skilled in the art,
・ Applying mutually interchangeable members and configurations disclosed in the above embodiments by appropriately changing the combination thereof.− Although not disclosed in the above embodiments, it is a publicly known technique and the above embodiments. The members and configurations that can be mutually replaced with the members and configurations disclosed in the above are appropriately replaced, and the combination is changed and applied. It is an embodiment of the present invention that a person skilled in the art can appropriately replace the members and configurations that can be assumed as substitutes for the members and configurations disclosed in the above-described embodiments, and change the combinations and apply them. It is disclosed as.

DESCRIPTION OF SYMBOLS 10 ... Distribution side, 11 ... Open internet, 12 ... Core network, 13 ... Content server, 14 ... Service platform, 15 ... IPTV service, 20 ... Receiving side, 21 ... Access network, 22 ... WAN gateway, 23 ... ID management control , 24 ... IP media service gateway, 25 ... application gateway, 26 ... personal authentication unit, 41 ... fingerprint detection slit, 42 ... CPU, 43 ... ROM, 44 ... RAM, 45 ... communication interface, 71 ... fingerprint scanning unit, 72 ... Shizumon photography unit, 73 ... Authentication circuit, 74 ... Communication interface.

Claims (9)

A biometric authentication device having fingerprint authentication means for detecting a user's fingerprint and performing personal authentication, and used for a content network distribution service,
A biometric authentication device comprising a second authentication support unit that enables a user's individual finger operation during fingerprint scanning and enables personal authentication corresponding to the operation. The biometric authentication apparatus according to claim 1, wherein the second authentication support unit performs authentication by an operation in which a user knocks a fingertip during fingerprint scanning. The biometric authentication device according to claim 2, wherein the number of knocks individually input during fingerprint scanning is compared with the number of knocks stored in advance, and authentication is performed based on whether or not they match. The second authentication support means is
Fingerprint scanning is performed with a slit-shaped fixed line sensor,
When the user moves perpendicularly to the line sensor when registering a fingerprint, the user performs oblique reading to move the finger horizontally along the width direction of the line sensor,
In addition, at the time of authentication, as in the case of registration, an oblique reading is performed by laterally moving along the width direction of the line sensor, and the personal information based on the fingerprint at the time of registration is compared with the personal information based on the fingerprint at the time of authentication. The biometric authentication device according to any one of claims 1 to 3, wherein: The biometric authentication device according to claim 4, wherein the biometric authentication device has a predetermined range of tolerance as an angle shift during the oblique reading. In order to allow an angle shift, the image of the fingerprint scan at the time of authentication is converted into an image, the image is skewed obliquely within a predetermined shift angle range, and authentication is performed using personal information based on the converted fingerprint image. The biometric authentication device according to claim 5. The biometric authentication device according to claim 5 or 6, wherein the angle of deviation is ± 10%. The biometric authentication device according to any one of claims 1 to 7, wherein biometric authentication is performed by performing still print authentication in addition to the fingerprint authentication. It consists of a content distributor, a content receiver, and a communication network between them.
The receiving side connects to the content server on the distributing side via the communication network, receives content from the content server, approves connection for reception from the content server, and parental restrictions. Corresponding to personal authentication to restrict the reception of
The distribution side is provided with a content server, distributes the content, and permits distribution of the content to authorized users and distribution of the content according to personal authentication as parental restrictions A system,
It has fingerprint authentication means that performs personal authentication by detecting the user's fingerprint scan with a slit-shaped fixed line sensor, and enables the user's individual finger operation during fingerprint scan, and personal authentication corresponding to the operation is performed. Possible second authentication support means,
The second authentication response means
When the user moves perpendicularly to the line sensor when registering a fingerprint, the user performs oblique reading to move the finger laterally along the width direction of the line sensor and registers it.
At the time of authentication, as in the case of registration, an oblique reading is performed by laterally moving along the width direction of the line sensor, and authentication is performed by comparing personal information based on the fingerprint at the time of registration with personal information based on the fingerprint at the time of authentication. And, it has a tolerance of about ± 10% as the angle deviation at the time of oblique reading,
A content network distribution service system, wherein biometric authentication is performed by performing still print authentication in addition to the fingerprint authentication.

Images