JP2017207978A - Authentication device, authentication method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication technique using action feature amount of an organism capable of improving the authentication accuracy.SOLUTION: When a first action feature amount based on a first action made by a user 11 as a person to be authenticated corresponds to a first registration feature amount, the authentication device 1 presents a piece of information which represents a model of a second action corresponding to a second registration feature amount associated with the first registration feature amount. The authentication device 1 further determines whether the second action feature amount based on the second action made by the user 11 corresponds to the second registration feature amount.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an authentication technique, and more particularly to an authentication technique using behavioral characteristics of a living body.

  An authentication method (hereinafter, “conventional method”) using behavioral characteristics of a living body has been proposed (for example, Non-Patent Document 1). In the conventional method, it is determined whether the person to be authenticated is a pre-registered user by using the action feature quantity based on the action of the authenticated person and the action feature quantity based on the previously registered user action. To do.

Aditi Roy, Tzipora Halevi, Nasir Memon, “An HMM-based multi-sensor approach for continuous mobile authentication,” Military Communications Conference, MILCOM 2015-2015 IEEE, 26-28 Oct. 2015, pp. 1311-1316.

  The conventional method has a problem that authentication accuracy is low. That is, even if an action is performed by a user who is registered in advance, there is a large variation in action feature values based on the action. For this reason, if the degree of strictness of determination is increased in the conventional method, the person exclusion rate increases. Further, in the conventional method, since the person exclusion rate and the other person permission rate are in a trade-off relationship, if the degree of strictness of determination is lowered, the person exclusion rate is lowered but the other person permission rate is increased.

  An object of the present invention is to improve the authentication accuracy of an authentication method that uses behavioral characteristics of a living body.

  When the first action feature amount based on the first action performed by the person to be authenticated corresponds to the first registered feature quantity, the second action corresponding to the second registered feature quantity associated with the first registered feature quantity Present information that represents the model. Further, it is determined whether the second behavior feature amount based on the second behavior performed by the person to be authenticated corresponds to the second registered feature amount.

  Thereby, the authentication accuracy of the authentication method using the behavioral characteristics of the living body can be improved.

FIG. 1 is a block diagram illustrating a functional configuration of the authentication device 1 according to the embodiment. 2A and 2B are conceptual diagrams for illustrating a display screen of the authentication device 1 according to the embodiment. FIG. 3 is a conceptual diagram for illustrating behavior feature amounts based on the behavior of the embodiment. FIG. 4 is a conceptual diagram for illustrating behavior feature amounts based on the behavior of the embodiment. 5A and 5B are conceptual diagrams for illustrating the display screen of the authentication device 1 according to the embodiment. FIG. 6 is a flowchart for explaining the registration process of the embodiment. FIG. 7 is a flowchart for explaining the authentication processing of the embodiment. FIG. 8 is a flowchart for explaining the authentication processing of the embodiment.

Embodiments of the present invention will be described below.
[Overview]
First, an outline of the embodiment will be described. In this embodiment, when the “first action feature value” based on the “first action” performed by the “authenticated person” corresponds to the “first registered feature value”, it corresponds to the “first registered feature value”. Information representing an example of “second behavior” corresponding to the attached “second registered feature amount” is presented. On the other hand, when the “first action feature value” based on the “first action” performed by the “authenticated person” does not correspond to the “first registered feature value”, the information indicating the model of the “second action” is Not presented. Further, it is determined whether the “second behavior feature amount” based on the “second behavior” performed by the “authenticated person” corresponds to the “second registered feature amount”. If it is determined that the “second behavior feature value” corresponds to the “second registered feature value”, the authentication of the “authenticated person” is successful, and otherwise, the authentication of the “authenticated person” is unsuccessful. .

  When the “first action feature value” based on the “first action” performed by the “authenticated person” corresponds to the “first registered feature value”, it is highly likely that the “authenticated person” is valid. In such a case, information representing an example of the “second action” is presented. Since the “authenticated person” can perform “second action” by imitating this information, the variation of the “second action feature” in this case is presented with information representing an example of “second action”. Smaller than if not. Therefore, even if the other person's allowable rate is lowered by increasing the strict degree of determination as to whether the “second behavior feature amount” corresponds to the “second registered feature amount”, the person exclusion rate does not decrease so much. On the other hand, if the “first action feature value” based on the “first action” performed by the “authenticated person” does not correspond to the “first registered feature value”, it is highly likely that the “authenticated person” is not valid. In such a case, information indicating an example of the “second action” is not presented. In this case, the variation in the “second behavior feature amount” is larger than that in the case where information representing an example of the “second behavior” is presented. Therefore, the other person tolerance rate can be lowered. As described above, the authentication accuracy of the authentication method using the behavioral characteristics of the living body can be improved.

  The “second action” is preferably an action performed in a state where the “first action” is performed. Accordingly, authentication can be performed based on behavioral characteristics in which “first behavior” and “second behavior” by “authenticated person” are organically combined, and authentication accuracy can be further improved. . Multiple sets of “first registered feature value” and “second registered feature value” may be associated with the same “registered user”. That is, for each of a plurality of “first actions” performed by the same “registered user”, the “first registered feature amount” based on the “first action” and the “first action” are performed. The “second registered feature value” based on the “second action” performed in the state may be associated. Accordingly, authentication can be performed based on behavioral characteristics of “second behavior” corresponding to various “first behavior” of “authenticated person”, and convenience of “authenticated person” can be improved.

  An example of “first action” is an action that involves holding an electronic device including a touch panel, an example of “second action” is an input operation to the touch panel, and an example of information indicating an example of “second action” is This is information representing an input operation to the touch panel. Examples of electronic devices including a touch panel include a smartphone terminal device, a tablet terminal device, a notebook personal computer device, and an electronic book terminal device. Examples of “behavior involving holding of an electronic device” include an action of maintaining a state of holding the electronic device, an action of holding and lifting the electronic device, and an action of moving while holding the electronic device. Examples of “input operation to the touch panel” include “swipe”, “tap”, “double tap”, “long press”, “drag”, “flick”, “pinch in”, “pinch out”, or a combination thereof. Examples of “information representing input operations on the touch panel” include image information representing the start position, end position, locus, or part of “swipe”, “flick”, “pinch in”, and “pinch out”, “tap” For example, the position of “double tap” and “long press”, image information indicating the time of “long press”, and the like. However, these are only examples and do not limit the present invention. For example, the “first action” is an action involving gripping a member such as a car handle or a golf club, the “second action” is an operation or use of the member, and information indicating a model of the “second action” May be information representing how to move the member. In addition, the “first action” is an action accompanied by wearing of a member such as clothes, the “second action” is a movement of the living body wearing the member, and information indicating an example of the “second action” is the member. It may be information indicating how to move the living body wearing the. The presentation of the information representing the model of “second action” may be an image or video display, may be emission of laser light or other visible light, may be sound output, It may be a presentation of force or acceleration.

  The “first behavior feature amount” is a feature amount based on the “first behavior” performed by the “authenticated person” during the authentication process, and the “second behavior feature amount” is “ The feature amount is based on the “second action” performed by the “authenticated person”. The “first registered feature value” is a feature value based on the “first action” performed by the “registered user” during the registration process, and the “second registered feature value” is “ The feature amount is based on the “second action” performed by the “registered user”. The authentication process is a process performed before the registration process. The feature quantity based on the “first action” means a feature quantity according to a change in physical quantity associated with the “first action”. For example, when the “first action” is “an action involving gripping an electronic device”, an example of the feature amount based on the “first action” is a feature amount corresponding to the inclination of the electronic device with respect to a reference coordinate, These are feature quantities according to changes in the coordinates of the equipment, feature quantities according to changes in the speed and acceleration of the electronic equipment, and the like. The feature quantity based on the “second action” means a feature quantity according to a change in physical quantity associated with the “second action”. For example, when the “second action” is an input operation to the touch panel, examples of the feature amount based on the “second action” are features based on the start position, end position, locus, and “tap” position of the “swipe”. Amount, feature amount based on “swipe” speed and acceleration, feature amount based on “tap” range and strength, and the like. “Variation” is statistical variation, and “variation measure” is a measure of statistical variation such as variance and standard deviation.

Preferably, when the index indicating the degree of difference of the “first behavior feature amount” with respect to the “first registration feature amount” is equal to or less than the “first allowable value”, the “first behavior feature amount” is the “first registration feature amount”. When the index indicating the degree of difference of the “second behavior feature amount” with respect to the “second registered feature amount” is equal to or less than the “second allowable value”, the “second behavior feature amount” It is determined that it corresponds to “2 registered feature amount”. The “index indicating the degree of difference of β with respect to α” is a scale indicating how much β is different from α. Examples of “an index indicating the degree of difference of β with respect to α” include the distance between α and β (for example, the difference, the Euclidean distance, the Manhattan distance, etc.) and the α with respect to the magnitude of α (for example, an absolute value, norm, etc.) And β, the number of elements β _{n where} α _n ≠ β _n for the ratio (ratio) of vectors α = (α ₁ ,..., Α _N ) and β = (β ₁ ,..., Β _N ) E ( However, n is an integer of 2 or more, n∈ {1, ..., n }), the vector alpha, the ratio of the number of elements n for α _n ≠ _{β n} become elements beta _n of the number E of beta (percentage), etc. It is. At least one of the “first allowable value” and the “second allowable value” may be zero. When the “first allowable value” is zero, the “first behavior feature value” corresponds to the “first registered feature value” only when the “first behavior feature value” matches the “first registered feature value”. Determined. When the “second allowable value” is zero, the “second behavior feature value” corresponds to the “second registered feature value” only when the “second behavior feature value” matches the “second registered feature value”. Determined. The “first tolerance value” may be larger than the “second tolerance value”, the “first tolerance value” may be equal to the “second tolerance value”, or the “first tolerance value” may be “the first tolerance value”. It may be smaller than “2 tolerance”. Thus, there is no limitation on the “first allowable value” and the “second allowable value”. However, in order to improve the authentication accuracy, it is desirable that the “first allowable value” is larger than the “second allowable value”. The reason will be described below.

  The larger the “first permissible value”, the more “first action feature value” based on “first action” performed by “authenticated person” other than “registered user” corresponds to “first registered feature value”. Then, the other person permission rate (hereinafter referred to as “first other person permission rate”) determined is increased. Further, as the “first allowable value” is larger, the “first action feature value” based on the “first action” performed by the “authenticated person” who is the “registered user” becomes the “first registered feature value”. The person exclusion rate (hereinafter referred to as “first person exclusion rate”) that is determined not to correspond is lowered. Similarly, as the “second allowable value” increases, the “second action feature value” based on the “second action” performed by the “authenticated person” other than the “registered user” becomes the “second registered feature value”. The other person's allowable rate determined to correspond to "(the second second person's allowable rate") is increased. Further, as the “second allowable value” is larger, the “second behavior feature amount” based on the “second behavior” performed by the “authenticated person” who is the “registered user” becomes the “second registered feature amount”. The person exclusion rate (hereinafter referred to as “second person exclusion rate”) that is determined not to correspond is lowered.

  Thus, as the “first allowable value” increases, the “first other person allowable rate” increases, and not only the “registered user” “authenticated person” but also “registered user” other than “registered user”. The frequency at which information indicating the example of the “second action” is also presented to the “person” is increased. However, by presenting information representing a model of “second behavior”, variation in “second behavior feature amount” based on “second behavior” performed by “authenticated person” who is “registered user” is small. Become. For this reason, even if the “second allowable value” is reduced, the “second person exclusion rate” and the “second other person allowable rate” do not increase so much, and high authentication accuracy can be realized. That is, increasing the “first allowable value” has a small effect on the final decrease in authentication accuracy. In addition, since the “first person exclusion rate” increases as the “first allowable value” decreases, it is not preferable to make the “first allowable value” too small. On the other hand, even if the variation in the “second behavior feature amount” can be reduced by presenting information indicating the model of the “second behavior”, the “second other person tolerance rate” increases as the “second tolerance value” increases. ”Increases and authentication accuracy decreases. Further, since the variation of the “second behavior feature amount” can be reduced, even if the “second allowable value” is reduced, the “second person exclusion rate” does not decrease so much, and high authentication accuracy can be realized. Therefore, it is desirable that the “second allowable value” is small. As described above, it is desirable that the “first tolerance” is somewhat large, and it is desirable that the “second tolerance” is small. Preferably, the “first allowable value” is larger than the “second allowable value”. For example, the “index indicating the degree of difference in the first behavior feature amount relative to the first registered feature amount” and the “index indicating the degree of difference in the second behavior feature amount relative to the second registered feature amount” are the same type, It is desirable that the “first tolerance value” is larger than the “second tolerance value”.

  Preferably, the variation of the “first action feature amount” based on the “first action” performed by the same living body is performed by the same living body without being presented with information indicating an example of the “second action”. It is smaller than the variation of the “second behavior feature value” based on the “second behavior”. If the variation of the “first behavior feature amount” is small, both the “first other person allowable rate” and the “first person exclusion rate” can be reduced, and the authentication accuracy can be improved. Therefore, it is preferable that the variation in the “first behavior feature amount” is small. For example, it is desirable that the variation in the “first behavior feature amount” is small even if information indicating a model of the “first behavior” is not presented. On the other hand, if the variation of the “second behavior feature amount” based on the “second behavior” performed by the same living body is small without presenting the information indicating the example of the “second behavior”, the “second behavior” The difference in the variation of the “second behavior feature amount” due to the presence / absence of the information indicating the model of “the” is reduced. If the variation in the “second behavior feature amount” changes greatly depending on whether or not the information indicating the model of the “second behavior” is presented, the “second other person allowable rate” and the “second person exclusion rate” can be reduced. For this reason, it is preferable that the variation in the “second behavior feature amount” based on the “second behavior” performed by the same living body is larger without providing information indicating the model of the “second behavior”. For example, the variation of the “first action feature amount” based on the “first action” performed by the same living body is presented by the same living body without being presented with information indicating the example of the “second action”. It is desirable that the variation is smaller than the variation of the “second behavior feature amount” based on the “second behavior”. Further, it is preferable that the variation of the “second action feature amount” based on the “second action” performed by the living body presented with the information indicating the model of the “second action” is as small as possible. At least the variation of the “second action feature amount” based on the “second action” performed by the living body presented with the information indicating the example of the “second action” indicates the information indicating the example of the “second action”. It is smaller than the variation of the “second behavior feature amount” based on the “second behavior” performed by the living body that is not presented. For example, the variation of the “second behavior feature amount” based on the “second behavior” performed by the same living body presented with the information representing the example of the “second behavior” is the “first behavior” performed by the same living body. It is smaller than the variation of the “first behavior feature amount” based on the “behavior”.

  If it is not determined that the “second action feature value” corresponds to the “second registered feature value”, “password authentication” is performed, and if this is successful, “authenticated person” is successfully authenticated. Also good. Further, when the “password authentication” is successful, the “authenticated person” is set as the “registered user”, and the feature quantity based on the “first action” performed by the “authenticated person” is set as the “first registered feature quantity”. The registration process may be performed in which the feature amount based on the “second action” performed by the “authenticated person” is set as the “second registered feature amount”.

  The “private exclusion rate” means the probability that the “authenticated person” who is the “registered user” will fail in the authentication when the authentication process is performed. The “other person allowable rate” means a probability that authentication is successful when “authenticated person” other than “registered user” performs authentication processing.

[First Embodiment]
Next, embodiments will be described with reference to the drawings. In this embodiment, the “first action” is an action that involves holding an electronic device including a touch panel, the “second action” is an input operation to the touch panel, and information indicating a model of the “second action” is displayed on the touch panel. A case where the information represents the input operation will be described as an example. However, this does not limit the present invention.

<Configuration>
As illustrated in FIG. 1, the authentication apparatus 1 according to the present embodiment includes a man machine unit 101, a sensor unit 102, a feature amount extraction unit 103, a registration unit 104, a storage unit 105, a calculation unit 106, authentication units 107 and 108, communication A unit 109 and a control unit 110, and performs registration and authentication of the user 11 and transmission of an authentication result to the server device 12 (such as a Web server device that performs a Web service). The authentication device 1 includes, for example, a processor (hardware processor) such as a central processing unit (CPU), a memory such as a random-access memory (RAM) and a read-only memory (ROM), an input device such as a touch panel, and a mobile phone. A general-purpose or dedicated computer that includes a communication device that can communicate with a communication line, a wireless LAN, or the like executes a predetermined program. The computer may include a single processor and memory, or may include a plurality of processors and memory. This program may be installed in a computer, or may be recorded in a ROM or the like in advance. In addition, some or all of the processing units are configured using an electronic circuit that realizes a processing function without using a program, instead of an electronic circuit (circuitry) that realizes a functional configuration by reading a program like a CPU. May be. In addition, an electronic circuit constituting one device may include a plurality of CPUs. The authentication device 1 of the present embodiment is an electronic device including a touch panel, and an example thereof is a smartphone terminal device.

≪Man machine part 101≫
The man machine unit 101 is a man machine interface that receives input from the user 11 and displays (presents) information to the user 11. The man-machine unit 101 of this embodiment includes a touch panel including a touch sensor, and input information to the touch panel is sent to the sensor unit 102, the authentication unit 108, or the registration unit 104. Details of the processing will be described later (the same applies hereinafter).

≪Sensor part 102≫
The sensor unit 102 measures the inclination of the authentication device 1 while the user 11 inputs to the man-machine unit 101 or immediately after the input, and information indicating the inclination obtained thereby, and the man-machine unit Input information to the touch panel sent from 101 is sent to the feature amount extraction unit 103.

<< Feature Extraction Unit 103 >>
The feature amount extraction unit 103 converts the information sent from the sensor unit 102 into a feature amount, and sends the obtained feature amount to the registration unit 104, the calculation unit 106, or the authentication unit 107.

≪Registration unit 104≫
The registration unit 104 presents a screen for registration processing from the man-machine unit 101, or performs registration processing based on information sent from the man-machine unit 101 and the feature amount extraction unit 103.

<< Storage unit 105 >>
The storage unit 105 stores at least a database (DB) described later, and returns a search result in response to a search request from the calculation unit 106.

<< Calculation unit 106 >>
The calculation unit 106 searches the DB of the storage unit 105 based on the feature amount sent from the feature amount extraction unit 103, performs determination according to the search result, and outputs information according to the determination result. Information output from the calculation unit 106 is sent to the man-machine unit 101 or the authentication unit 107.

≪Authentication unit 107≫
The authentication unit 107 performs an authentication process using the feature amount sent from the feature amount extraction unit 103 and the information sent from the calculation unit 106. The authentication result is sent to the communication unit 109.

≪Authentication unit 108≫
The authentication unit 108 performs password authentication. The authentication result is sent to the communication unit 109.

≪Communication part 109≫
The communication unit 109 transmits the authentication result to the server device 12.

<< Control unit 110 >>
The control unit 110 controls each unit described above.

<Registration process>
A registration process for registering the user 11 as a “registered user” will be described with reference to FIG. The registration process is performed with the user 11 holding the authentication device 1. When starting the registration process, the control unit 110 sends an instruction to that effect to the registration unit 104. Upon receiving the instruction, the registration unit 104 sends image information of an initial screen for registration processing to the man-machine unit 101. Based on this, the man machine unit 101 presents an initial screen (step S101). A registration button is displayed on the initial screen of the registration process. When the user 11 taps this registration button, the detection information is sent to the registration unit 104. The registration unit 104 determines whether or not the registration button has been tapped, and if not tapped, continues to present the initial screen (step S102).

  When the registration button is tapped, the registration unit 104 sends image information of an ID / password input screen 1011 for inputting an ID (identifier) and a password to the man-machine unit 101. Based on this, the man machine unit 101 presents an ID / password input screen 1011 (FIG. 2A). As illustrated in FIG. 2A, the ID / password input screen 1011 includes a message part 1011a for displaying “Please enter ID and password”, an ID input field 1011b, a password input field 1011c, and a confirmation button 1011d. Included (step S103). When the user 11 inputs an arbitrary ID (for example, arbitrary alphanumeric characters) in the ID input field 1011b, inputs an arbitrary password (for example, arbitrary alphanumeric characters) in the password input field 1011c, and taps the confirmation button 1011d The detection information is sent to the registration unit 104. The registration unit 104 determines whether the input of the ID and password and the tap of the confirmation button 1011d have been performed. If these have not been performed, the ID / password input screen 1011 is continuously presented (step S104).

  When the ID and password are input and the confirmation button 1011d is tapped, the registration unit 104 stores the input ID and password in the DB of the storage unit 105 (step S105). Using this as a trigger, the registration unit 104 then sends image information of a swipe input screen 1012 (FIG. 2B) for swiping input to the man-machine unit 101. The man machine unit 101 presents the swipe input screen 1012 based on this. As illustrated in FIG. 2B, the swipe input screen 1012 includes a message part 1011a and a swipe input field 1012b for displaying “Please swipe input” (step S106). When the user 11 swipes the swipe input field 1012b in an arbitrary direction, the detection information is sent to the registration unit 104. The registration unit 104 determines whether or not the swipe input field 1012b has been swiped. If the swipe is not performed, the registration unit 104 continues to present the swipe input screen 1012 (step S107).

  When the swipe input field 1012 b is swiped, information for specifying the input content of the swipe (second action) is sent to the sensor unit 102. Examples of information for specifying the swipe input content are the swipe start position, end position, and locus coordinates. FIG. 3 illustrates a swipe start position 1010a, an end position 1010c, and a locus 1010b from the start position 1010a to the end position 1010c. FIG. 3 shows the xy coordinates of the swipe input field 1012b. In FIG. 3, first, the finger of the user 11 comes into contact with the start position 1010a of the swipe input field 1012b, and by sliding the finger as it is, a trajectory 1010b is drawn, and at the end position 1010c, the swipe is released from the swipe input field 1012b. This is an example. In this case, the x and y coordinates (start point coordinates) of the start position 1010a, the x and y coordinates (end point coordinates) of the end position 1010c, the x and y coordinates (trajectory coordinates) of the locus 1010b, etc. It may be set as “information for identifying“. The trajectory coordinates may be all the coordinates of the trajectory 1010b, or may be a part of the coordinates (for example, coordinates that maximize the speed, coordinates that maximize the acceleration, etc.). In addition, the time (swipe time) elapsed from when the finger of the user 11 touches the start position 1010a until it is released at the end position 1010c, the time at each coordinate of the trajectory 1010b (swipe time), and the finger at the trajectory 1010b Speed (swipe speed), acceleration (swipe acceleration), and the like may be used as “information for specifying swipe input content”. The man-machine unit 101 may sequentially send “information for specifying the swipe input content” to the sensor unit 102 immediately after the start of the swipe, or “specify the swipe input content after the swipe is completed”. Information to do ”may be collectively sent to the sensor unit 102.

  The sensor unit 102 uses the above swipe input as a trigger, measures the inclination of the authentication device 1 held by the user 11 (the first action is performed), and acquires “inclination information” representing the inclination. . This trigger may be that a swipe has been started, that a predetermined time has elapsed since the swipe was started, or that a swipe has ended. For example, the sensor unit 102 includes an acceleration sensor, a geomagnetic sensor, a gyro sensor, and the like, and at least a part of them is used to measure the inclination of the authentication device 1 with respect to the reference x-axis, y-axis, and z-axis. Get information. The “inclination information” may be, for example, an angle (an angle θx with respect to the x axis, an angle θy with respect to the y axis, an angle θz with respect to the z axis) that represents the inclination of the authentication device 1 with respect to each of the axis, the y axis, and the z axis. In addition, information indicating changes in these angles (for example, angular velocity and angular acceleration) may be used, or both of them may be used. The sensor unit 102 sends “information for specifying the swipe input content” and “inclination information” to the feature amount extraction unit 103 (step S108).

  The feature amount extraction unit 103 extracts a feature amount based on the sent “tilt information” (a feature amount based on the “first action” performed by the “registered user”) as a “first registered feature amount”. Output. The “first registered feature amount” is, for example, information representing changes in the angles θx, θy, θz and the angles θx, θy, θz representing the inclinations of the authentication device 1 with respect to the x-axis, y-axis, and z-axis (for example, A vector including at least a part of (such as angular velocity and angular acceleration) as an element, a function value of at least a part of these, or a vector including the function value as an element. (Step S109). Further, the feature amount extraction unit 103 converts the feature amount based on the sent “information for specifying the input content of the swipe” (the feature amount based on the “second action” performed by the “registered user”) into the “first order”. “2 registered feature values” are extracted and output. The “second registered feature amount” may be, for example, a vector including at least a part of start point coordinates, end point coordinates, trajectory coordinates, swipe time, swipe time, swipe speed, and swipe acceleration as elements, or at least of these It may be a partial function value or a vector including the function value as an element. The function value is, for example, the time elapsed from when the swipe is started until the swipe speed is maximized (maximum speed time), the time elapsed after the swipe is started until the swipe acceleration is maximized (maximum acceleration) Time), the coordinate where the swipe speed is maximum (maximum speed coordinate), the coordinate where the swipe acceleration is maximum (maximum acceleration coordinate), the distance between the start point coordinate and the end point coordinate, and the movement distance from the start point coordinate to the end point coordinate Along the path), the movement width from the start point coordinate to the end point coordinate (movement width in the x-axis direction, movement width in the y-axis direction), the angle between the straight line passing the start point coordinate and the end point coordinate and the x-axis or y-axis, etc. Yes (step S110).

The “first registered feature value” and “second registered feature value” are sent to the registration unit 104. The registration unit 104 stores the sent “first registered feature value” and “second registered feature value” in the DB in association with the ID and password stored in the DB of the storage unit 105 in step S105. For example, a DB having the following data table is stored for each set of ID and password.

The second registered feature value stored in the DB is information (for example, start point coordinates, end point coordinates, etc.) for specifying the input content of the swipe (second action) performed by the user 11 on the swipe input field 1012b. In the case of including at least a part of the trajectory coordinates or the like, at least a part of this information may be “information indicating an example of swipe (second action)” in the authentication process. Alternatively, apart from the “second registered feature value”, “information indicating an example of swipe” may be stored in the DB in association with the ID and the password. For example, a DB having the following data table may be stored for each ID / password pair.

Alternatively, apart from the “second registered feature value”, “additional information” that is at least part of “information for specifying the input content of the swipe (second action)” is associated with the ID and password in the DB. At least a part of the “second registered feature value” and “additional information” may be stored as “information indicating a model of swipe”. For example, a DB having the following data table may be stored for each ID / password pair.

  In addition, a plurality of (first feature value, second feature value), a plurality of (first feature value, second feature value, information indicating an example of swipe), or a plurality of ( The first feature value, the second feature value, and the additional information) may be associated (step S111).

  Thereafter, the registration unit 104 sends image information of a registration completion screen indicating that registration has been completed to the man-machine unit 101. Based on this, the man machine unit 101 presents a registration completion screen (step S112). This completes the registration process.

<Authentication process>
An authentication process in which the user 11 is “authenticated” will be described with reference to FIGS. 7 and 8. The authentication process is performed with the user 11 holding the authentication device 1. When starting the authentication process, the control unit 110 sends an instruction to that effect to the calculation unit 106. Receiving the instruction, the arithmetic unit 106 sends the image information of the initial screen of the authentication process to the man machine unit 101. Based on this, the man machine unit 101 presents an initial screen (step S121). An authentication button is displayed on the initial screen of the authentication process. When the user 11 taps this authentication button, the detection information is sent to the calculation unit 106. The calculation unit 106 determines whether or not the authentication button has been tapped, and if not tapped, the initial screen continues to be presented (step S122).

  When the authentication button is tapped, the sensor unit 102 measures the inclination of the authentication device 1 in a state of being gripped by the user 11 (a state in which “first action” involving gripping an electronic device including a touch panel is performed) “Inclination information” representing this inclination is acquired. The type of “inclination information” acquired here is the same as the type of “inclination information” acquired in step S108 of the registration process, for example. However, more types of information than the “tilt information” type acquired in step S108 may be acquired. The sensor unit 102 sends “inclination information” to the feature amount extraction unit 103 (step S123).

  The feature amount extraction unit 103 extracts the feature amount based on the sent “tilt information” (the feature amount based on the “first action” performed by the “authenticated person”) as the “first action feature amount”. Output. The type of “first behavior feature amount” is the same as the type of “first registration feature amount” extracted in step S109 of the registration process. For example, if the “first registered feature value” is a vector (θx, θy, θ) whose elements are angles θx, θy, and θz representing the inclination of the authentication device 1, the “first action feature value” is step S123. Is a vector (θx, θy, θ) whose elements are the angles θx, θy, θz specified by the “tilt information” acquired in (1). The feature amount extraction unit 103 sends the “first behavior feature amount” to the calculation unit 106 (step S124).

  The calculation unit 106 searches the DB stored in the storage unit 105 using the sent “first action feature value” (step S125), and the “first registered feature value” corresponding to the “first action feature value”. Is present (step S126). When the index indicating the degree of difference of the “first behavior feature amount” with respect to the “first registration feature amount” is equal to or less than the “first allowable value”, the calculation unit 106 sets the “first behavior feature amount” to “first registration”. It is determined that it corresponds to “feature amount”. Otherwise, it is determined that “first action feature amount” does not correspond to “first registered feature amount”. For example, when the “first permissible value” is zero, the calculation unit 106 determines that the “first action feature value” is “first registration” only when the “first action feature value” matches the “first registration feature value”. It is determined that it corresponds to “feature amount”. For example, the “index indicating the degree of difference” is the ratio ERR of the distance between the “first registered feature value” and the “first action feature value” with respect to the size of the “first registered feature value”, When the “value” is 0.1, the calculation unit 106 determines that the “first action feature value” corresponds to the “first registered feature value” when ERR ≦ 0.1, and otherwise, the “first action feature value”. It is determined that “one action feature amount” does not correspond to “first registered feature amount”.

  When it is determined in step S126 that the “first registered feature value” corresponding to the “first action feature value” exists (OK), the arithmetic unit 106 selects the “first action feature value” corresponding to the “first action feature value”. “Information representing a model of swipe (second action)” corresponding to “second registered feature value” associated with “registered feature value” is extracted from the DB (step S127). The calculation unit 106 presents (displays) “information indicating a model of swipe” and sends image information on the swipe input screen 1013 for accepting the swipe input to the man-machine unit 101. Based on this, the man-machine unit 101 (information presenting unit) presents the swipe input screen 1013 (FIG. 5A) (step S128). A swipe input screen 1013 illustrated in FIG. 5A includes a message portion 1013a for displaying “Please swipe input”, and a swipe image 1013b (information indicating an input operation to the touch panel) that is “information indicating a model of swipe”. (Guideline)), and a swipe input field 1013c for accepting a swipe input. An example of the swipe image 1013b is an image representing a swipe start point (Start), a swipe end point (End), and a swipe trajectory connecting them, which are specified by “information indicating a swipe example”. However, this is an example, and only the start point (Start) and the end point (End) specified by “information indicating a model of swipe” may be displayed as the swipe image 1013b.

  On the other hand, when it is determined in step S126 that the “first registered feature value” corresponding to the “first action feature value” does not exist (NG), the calculation unit 106 presents “information indicating a model of swipe”. Instead, the image information on the swipe input screen 1014 for accepting the swipe input is sent to the man-machine unit 101. Based on this, the man-machine unit 101 presents the swipe input screen 1014 (FIG. 5B) (step S128). The swipe input screen 1014 illustrated in FIG. 5B includes a message part 1013a that displays “Please swipe input” and a swipe input field 1013c that accepts the swipe input. A swipe image 1013b (information representing an input operation on the touch panel) that is “information representing a model of swipe” is not displayed.

  The calculation unit 106 determines whether or not the swipe input field 1013c of the swipe input screen 1013 or 1014 has been swiped (step S129), and continues to present the swipe input screen 1013 or 1014 if the swipe input has not been performed. . On the other hand, when a swipe input is performed in the swipe input field 1013c of the swipe input screen 1013 or 1014, information for specifying the input content of the swipe ("second action" which is an input operation to the touch panel) is input to the sensor unit 102. Sent. This swipe (second action) is an action performed in a state where the authentication device 1 is held by the user 11 (a state in which the first action is performed). The type of “information for specifying the swipe input content” is the same as that of the registration process, for example. The sensor unit 102 sends “information for specifying the swipe input content” to the feature amount extraction unit 103.

  The feature amount extraction unit 103 converts the feature amount based on the sent “information for specifying the input content of the swipe” (the feature amount based on the “second action” performed by the “authenticated person”) to the “second”. Extracted and output as “behavior feature amount”. The type of feature quantity extracted here is the same as the feature quantity extracted in step S110 of the registration process. For example, if the vector having the swipe time, the start point coordinate, the end point coordinate, the maximum acceleration coordinate, the maximum acceleration time, and the movement width as elements is set as the “second registered feature amount” in step S110, the “second action feature amount” Is also a vector having these as elements. The “second behavior feature amount” is sent to the authentication unit 107 (step S130).

  The authentication unit 107 sends the “second behavior feature amount” to the calculation unit 106, and whether or not the “second registered feature amount” corresponding to the “second behavior feature amount” exists in the DB stored in the storage unit 105. To search. However, if the result of step S126 is OK, the calculation unit 106 obtains the “second registered feature value” associated with the “first registered feature value” determined to correspond to the “first action feature value” from the DB. It is extracted and it is determined whether this corresponds to the “second behavior feature amount”. On the other hand, in the case of NG in step S126, the calculation unit 106 determines whether the “second behavior feature amount” corresponds to any “second registered feature amount” in the DB. Alternatively, when the result is NG in step S126, the calculation unit 106 obtains the “second registered feature value” associated with the “first registered feature value” closest to the “first action feature value” from the DB. It is extracted and it is determined whether this corresponds to the “second behavior feature amount” (step S131). Accordingly, the authentication unit 107 determines whether the “second behavior feature amount” corresponds to the “second registered feature amount” (step S132). Note that the authentication unit 107 determines that the “second behavior feature value” is “first” when the index indicating the degree of difference of the “second behavior feature value” with respect to the “second registered feature value” is equal to or less than the “second allowable value”. It is determined that it corresponds to “2 registered feature value”. Otherwise, it is determined that “second action feature value” does not correspond to “second registered feature value”. For example, when the “second allowable value” is zero, the authentication unit 107 determines that the “second behavior feature value” is “second registration” only when the “second behavior feature value” matches the “second registered feature value”. It is determined that it corresponds to “feature amount”. For example, the “index indicating the degree of difference” is the ratio ERR of the distance between the “second registered feature value” and the “second action feature value” with respect to the size of the “second registered feature value”, When the “value” is 0.05, the authentication unit 107 determines that the “second action feature value” corresponds to the “second registered feature value” when ERR ≦ 0.05. It is determined that “2 behavior feature amount” does not correspond to “second registered feature amount”. As described above, it is desirable that the “first allowable value” is larger than the “second allowable value”.

  If it is determined in step S132 that the “second behavior feature amount” corresponds to the “second registered feature amount” (OK), the authentication unit 107 sends information indicating that the authentication is successful to the communication unit 109. The communication unit 109 transmits information indicating that the authentication is successful to the server device 12 (step S139). As a result, the authentication process ends, and the user 11 logs in to the server device 12.

  On the other hand, when it is not determined in step S132 that the “second behavior feature amount” corresponds to the “second registered feature amount” (NG), the authentication unit 108 performs password authentication. First, the authentication unit 108 sends image information of an ID / password input screen 1011 for inputting an ID and a password to the man-machine unit 101. Based on this, the man-machine unit 101 presents the ID / password input screen 1011 (FIG. 2A) (step S133). The authentication unit 108 determines whether an ID is input to the ID input field 1011b, a password is input to the password input field 1011c, and the confirmation button 1011d is tapped. The presentation of the ID / password input screen 1011 is continued (step S134).

  When the ID and password are input and the confirmation button 1011d is tapped, the authentication unit 108 searches the DB stored in the storage unit 105 (step S135) and matches the input ID and password pair. It is determined whether a set of ID and password exists (step S136). Here, when there is no ID and password pair that matches the input ID and password pair in the DB (when password authentication fails), the authentication unit 108 ends the processing as an authentication failure. In this case, the authentication result is not transmitted to the server device 12 (step S137).

  On the other hand, when there is an ID / password pair that matches the input ID / password pair in the DB (when the password authentication is successful), the authentication unit 108 sends information indicating that the authentication is successful to the communication unit 109. . The communication unit 109 transmits information indicating that the authentication is successful to the server device 12. As a result, the user 11 logs in to the server device 12. (Step S140). In this case, the “first behavior feature amount” extracted in step S124, the “information for specifying the swipe input content” input in step S129, and the “second behavior feature value” extracted in step S130. Amount "and the ID and password input in step S134 are sent to the registration unit 104. The registration unit 104 sets the user 11 who is the “authenticated person” as the “registered user”, the “first behavior feature value” as the “first registered feature value”, and the “second behavior feature value” as the “second user”. “Registration feature amount” is obtained, and “information indicating an example of swipe” is obtained from “information for specifying input content of swipe”. Further, the registration unit 104 associates the “first registration feature value”, “second registration feature value”, and “information indicating a swipe model” with the ID and password input in step S134, and the storage unit 105. Stored in the DB. When the “second registered feature value” includes “information indicating a swipe example”, it is not necessary to store “information indicating a swipe example” in the DB other than the “second registered feature value” ( Step S141).

<Features of this embodiment>
In this embodiment, only when it is determined that the “first registered feature value” corresponding to the “first action feature value” exists (step S126), “information indicating a model of swipe” is presented. Accordingly, effective swipe (second action) control is given only to the user 11 estimated to be a registered user. Thereby, the dispersion | variation in the swipe by the user 11 estimated to be a registered user is reduced, and the person exclusion rate is reduced.

  In the case of the user 11 other than the registered user, since the registered user and the way of holding the authentication device 1 are different, there is no “first registered feature value” corresponding to the “first action feature value” in step S126. It is determined (NG), and “information indicating an example of swipe” is not presented. For this reason, the other-party tolerance rate does not increase. In addition, even if the user 11 who is not a registered user is erroneously estimated to be a registered user (OK in step S126) and the “information indicating the example of swipe” is presented, the musculoskeletal system of the fingers is different. A swipe operation similar to that of the user is difficult. In other words, even if another person imitates the registered user's behavioral characteristics (here, how to hold the authentication device 1) and performs a swipe operation based on “information indicating a model of swipe”, other factors such as pressure and speed Since identification is possible based on behavioral features, safety is not reduced. Therefore, even in this case, the other person's allowable rate does not decrease.

  In this way, it is possible to improve the authentication accuracy by reducing the person exclusion rate without increasing the others permission rate.

  Further, even if the password is determined to be NG in step S132, if the password authentication is successful, the “first behavior feature amount”, “second behavior feature amount”, and the like input during the authentication process are newly registered (step S141). This improves user convenience.

[Other variations]
The present invention is not limited to the embodiment described above. For example, in the first embodiment, the DB is stored in the storage unit 105 of the authentication device 1. However, the DB may be stored in a device external to the authentication device 1 (for example, a Web server device). Similarly, at least a part of the registration unit 104, the calculation unit 106, and the authentication units 107 and 108 of the authentication device 1 is provided in an external device of the authentication device 1, and the authentication device 1 communicates with the external device to Registration processing and authentication processing may be performed. Further, information (raw data) representing the inclination of the authentication device 1 measured by the sensor unit 102 may be used as a feature amount (first action feature amount, first registered feature amount) as it is or sent from the man-machine unit 101. The input information (raw data) to the touch panel may be used as the feature amount (second action feature amount, second registered feature amount) as it is. In this case, the feature quantity extraction unit 103 can be omitted.

  The various processes described above are not only executed in time series according to the description, but may also be executed in parallel or individually as required by the processing capability of the apparatus that executes the processes. Needless to say, other modifications are possible without departing from the spirit of the present invention.

  When the above configuration is realized by a computer, the processing contents of the functions that each device should have are described by a program. By executing this program on a computer, the above processing functions are realized on the computer. The program describing the processing contents can be recorded on a computer-readable recording medium. An example of a computer-readable recording medium is a non-transitory recording medium. Examples of such a recording medium are a magnetic recording device, an optical disk, a magneto-optical recording medium, a semiconductor memory, and the like.

  This program is distributed, for example, by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Furthermore, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.

  A computer that executes such a program first stores, for example, a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device. When executing the process, the computer reads a program stored in its own storage device, and executes a process according to the read program. As another execution form of the program, the computer may read the program directly from the portable recording medium and execute processing according to the program, and each time the program is transferred from the server computer to the computer. The processing according to the received program may be executed sequentially. The above-described processing may be executed by a so-called ASP (Application Service Provider) type service that realizes a processing function only by an execution instruction and result acquisition without transferring a program from the server computer to the computer. Good.

  In the above embodiment, the processing functions of the apparatus are realized by executing a predetermined program on a computer. However, at least a part of these processing functions may be realized by hardware.

1 Authentication device

Claims (8)

Corresponding to the second registered feature amount associated with the first registered feature amount when it is determined that the first behavior feature amount based on the first behavior performed by the person to be authenticated corresponds to the first registered feature amount An information presentation unit for presenting information representing an example of the second action to be performed;
An authentication unit that determines whether a second behavior feature amount based on the second behavior performed by the person to be authenticated corresponds to the second registered feature amount;
An authentication device. The authentication device according to claim 1,
It is determined that the first behavior feature amount corresponds to the first registered feature amount when an index representing a degree of difference of the first behavior feature amount with respect to the first registered feature amount is equal to or less than a first allowable value;
It is determined that the second behavior feature amount corresponds to the second registration feature amount when an index representing a degree of difference of the second behavior feature amount with respect to the second registration feature amount is equal to or less than a second allowable value;
The authentication apparatus, wherein the first tolerance value is greater than the second tolerance value. The authentication device according to claim 1 or 2,
The variation of the first action feature amount based on the first action performed by the same living body is
An authentication apparatus that is smaller than a variation in the second behavior feature amount based on the second behavior performed by the same living body without being presented with information representing an example of the second behavior. The authentication device according to any one of claims 1 to 3,
The authentication device, wherein the second action is an action performed in a state where the first action is performed. The authentication device according to any one of claims 1 to 4,
A third authenticating unit that performs password authentication when it is not determined that the second behavior feature value corresponds to the second registered feature value;
When the password authentication is successful, the person to be authenticated is the registered user, and a feature quantity based on the first action performed by the person to be authenticated is the first registered feature quantity. A registration unit that sets the feature amount based on the second action as the second registered feature amount;
An authentication device further comprising: The authentication device according to any one of claims 1 to 5,
The first action is an action involving holding an electronic device including a touch panel,
The second action is an input operation to the touch panel,
The information representing the example of the second action is an authentication device, which is information representing an input operation to the touch panel. When it is determined that the first behavior feature amount based on the first behavior performed by the person to be authenticated corresponds to the first registered feature amount, the information presenting unit performs the second associated with the first registered feature amount. An information presentation step for presenting information representing an example of the second action corresponding to the registered feature amount;
In the authentication unit, an authentication step of determining whether a second behavior feature amount based on the second behavior performed by the person to be authenticated corresponds to the second registered feature amount;
An authentication method.   A program for causing a computer to function as the authentication device according to claim 1.

Images