JP2019046507A - Information processing device, information processing system, control method, and program - Google Patents

Abstract

To suppress unauthorized use and authentication accuracy deterioration of a system in the system that requires periodical personal authentication.SOLUTION: A face recognition area is provided so as to surround a face tracking area with an area for performing teleworker authentication provided at a middle position at which a face is reflected well. Recognition of a face that appears in the area is always performed in the face recognition area and authentication is performed only when a face appears for the first time in the face tracking area. Thus, in the face recognition area, spoofing is suppressed, and in the face tracking area, erroneous authentication is suppressed by performing authentication only when the face appears for the first time.SELECTED DRAWING: Figure 7

Description

  The present invention particularly relates to an authentication method using face authentication technology when performing user authentication.

  In recent years, interest in teleworking has increased in each company. Telework has problems such as third-party access to confidential information and labor management, which must be solved in order to introduce telework.

  At present, in order to solve these problems, a telework management support system using face recognition technology is emerging, and this system is used to authenticate a person from a web camera image and to spoof or screen a third party. It will be possible to detect the inclusion. In addition, because it is possible to know the presence time of the person, it is possible to manage the working hours appropriately.

  When performing identity verification in the above system, it is important to improve impersonation detection and accuracy.

  Therefore, as a technique for detecting impersonation, in order to detect impersonation by using a person projected on a recording medium such as a photograph, whether the person is the person or a person from the direction of the line of sight to the camera provided in the device There is disclosed a technique for determining impersonation by determining whether a person is projected on a recording medium (see, for example, Patent Document 1).

  Also, as a technique for improving authentication accuracy, when the reliability of face recognition is lower than a certain value due to lack of light intensity, etc., person authentication is performed by recognizing the answer contents to the question and the voice thereof. There is disclosed a technique for improving authentication accuracy by a combination of face recognition and voice recognition (see, for example, Patent Document 2).

JP 2008-015800 A JP 2007-156688 A

  However, in the telework management support system described above, there is a problem that false detection of spoofing occurs due to the decrease in accuracy of the personal authentication under the following two situations.

  The first situation is false detection of spoofing on faces other than the front. In this system, webcam images adjacent to a display are used to periodically detect spoofing by user authentication.

  At the time of personal identification, if facing the front of the web camera, it can be recognized with relatively high accuracy even in the present situation, but in reality the teleworker should look at not only the display but other places Many, it is less likely to face the webcam.

  Especially in the work while looking at the documents at hand, it is often done in a state of facing down. As a result, the accuracy of the user authentication decreases, and false detection of spoofing occurs.

  The second situation is false detection of impersonation when part of the face is missing when wearing a mask, etc. In the face recognition process used in this system, if the nose area is missing, the accuracy of personal identification will be extreme. The false detection of spoofing occurs.

  With respect to such a problem, the technique described in Patent Document 1 distinguishes between a person and a person projected on a photograph or the like. It can not prevent the decline.

  Further, the technology described in Patent Document 2 deals with the case where the reliability of the face authentication process is low, and uses the contents of the answer to the question and the information of the voice recognition. Although it is suitable for application, application to a system for periodically authenticating a person such as a teleworker management system is not suitable because it is necessary to answer a question for each authentication.

  Therefore, an object of the present invention is to provide an information processing apparatus, an information processing system, a control method, and a program for preventing unauthorized use of the system and deterioration in authentication accuracy in a system that requires user authentication.

  A first invention for achieving the above object is an information processing apparatus for performing user authentication by performing face recognition of the user by shooting a user, and the user is not allowed to obtain an image obtained by shooting. Storage means for storing a first area and a second area indicating an area surrounding the first area, a range in which the face of the user is often photographed, an acquisition means for acquiring an image obtained by photographing, The position of the face is stored using the face information acquisition means for acquiring face information including the face and the position of the face relative to the image from the image acquired by the acquisition means, and the face information acquired by the face information acquisition means When the position of the face is located in the second area by the area determining means for determining whether or not it is located in the first area of the means or the second area of the storage means, and the area determining means , Regularly It authenticates the face, while the position of the face, when located in the first area, characterized by comprising an authentication means for performing authentication in fewer than the authentication.

  A second invention for achieving the above object is an information processing system in which a client terminal, an administrator terminal, and a server are connected via a network, and among images obtained by photographing, A storage unit for storing a first area and a second area indicating an area surrounding the first area; a range in which the user's face is often photographed; and an acquisition for acquiring an image obtained by photographing The position of the face is determined using the means, the face information acquisition means for acquiring face information including the face and the position of the face relative to the image from the image acquired by the acquisition means, and the face information acquired by the face information acquisition means An area determination unit that determines whether or not the storage unit is located in a first area or a second area of the storage unit; and the area determination unit determines the position of the face in a second area. Locate In the case, the face authentication is periodically performed, and when the position of the face is located in the first area, the authentication means performs authentication with a smaller number of times than the authentication; When impersonation occurs as a result of face recognition in area 2, the information processing apparatus is characterized by further comprising: notification means for notifying that effect.

  A third invention for achieving the above object is a control method of an information processing apparatus which performs user authentication by performing face recognition of the user by photographing a user, and the information processing apparatus performs photographing. An acquisition step of acquiring an obtained image, a face information acquisition step of acquiring face information including a face and a position of the face relative to the image from the image acquired in the acquisition step, and the face information acquired in the face information acquisition step A second area in which the position of the face indicates a first area and an area surrounding the first area in a range in which the user's face is often photographed among images obtained by photographing. The position of the face is determined by an area determining step of determining whether or not it is located in a first area of the storage means storing the image data or a second area of the storage means, and the area determining step An authentication step of performing authentication of the face periodically when located in the second area, and performing authentication less frequently than the authentication when the position of the face is located in the first area; , And is characterized in that.

  A third invention for achieving the above object is a program that can be read and executed by an information processing apparatus that performs user authentication by performing face recognition of the user by photographing the user, the information processing apparatus comprising: Acquisition means for acquiring an image obtained by photographing, face information acquisition means for acquiring face information including the face and the position of the face relative to the image from the image acquired by the acquisition means, and the information acquired by the face information acquisition means The position of the face indicates the first area and the area surrounding the first area in the image obtained by photographing using the face information, in which the face of the user is often taken. The position of the face is determined by an area determination unit that determines whether or not the first area of the storage unit that stores the area 2 or the second area of the storage unit, and the area determination unit Authentication means for performing authentication of the face periodically when located in the area 2 and performing authentication less frequently than the authentication when the position of the face is located in the first area; And make it function.

  A fourth invention for achieving the above object is a control method of an information processing system in which a client terminal, an administrator terminal, and a server are connected via a network, the information processing system comprising Acquisition means for acquiring an image obtained by photographing, face information acquisition means for acquiring face information including the face and the position of the face relative to the image from the image acquired by the acquisition means, and the information acquired by the face information acquisition means The position of the face indicates the first area and the area surrounding the first area in the image obtained by photographing using the face information, in which the face of the user is often taken. The position of the face is determined by an area determination unit that determines whether or not the first area of the storage unit that stores the second area or the second area of the storage unit, and the area determination unit Authentication means for performing authentication of the face periodically when located in the area, and an authentication means for performing authentication less frequently than the authentication when the position of the face is located in the first area; When impersonation occurs as a result of face authentication in the second area by the authentication means, the method is characterized by performing notification means for notifying that effect.

  The fifth invention for achieving the above object is a program that can be read and executed by an information processing system in which a client terminal, an administrator terminal, and a server are connected via a network. A face information acquisition means for acquiring face information including the face and the position of the face with respect to the image from the image acquired by the acquisition means; In the image obtained by photographing using the acquired face information, the first area and the area surrounding the first area are the areas in which the user's face is often taken in the image obtained by photographing. An area determination unit that determines whether the first area of the storage unit storing the second area to be shown or the second area of the storage unit, and the area determination unit If the position of is located in the second area, the face is periodically authenticated, while if the position of the face is located in the first area, the authentication is performed less frequently than the authentication. When impersonation occurs as a result of face authentication in the second area by the authentication means to be performed and the authentication means, it is made to function as a notification means to notify of that effect.

  According to the present invention, in a system requiring personal authentication, an area for performing face authentication for suppressing impersonation, and an area for suppressing authentication frequency more than the area for suppressing erroneous authentication are provided. This has the effect of being able to prevent unauthorized use of the system and degradation of authentication accuracy.

It is a system configuration figure showing an example of composition of a telework management support system concerning an embodiment of the present invention. It is a block diagram which shows the hardware constitutions of the information processing apparatus applicable to the management server which concerns on embodiment of this invention, a database server, PC for teleworkers, and PC for administrators. FIG. 2 is a functional block diagram of a management server, a database server, a teleworker PC, and a management PC in the telework management support system according to the embodiment of the present invention. It is a flowchart which shows an example of the authentication procedure in the telework management support system which concerns on embodiment of this invention. It is a flowchart which shows an example of the determination process of a face recognition area and a face following area in the telework management support system which concerns on embodiment of this invention. It is a description example of a setting file in the telework management support system according to the embodiment of the present invention. It is an explanatory view for explaining a relation of a face recognition area and a face following area in a telework management support system concerning an embodiment of the present invention. It is an explanatory view for explaining a range of face following area judging in a telework management support system concerning an embodiment of the present invention. It is an explanatory view for explaining a range of face following area judging in a telework management support system concerning an embodiment of the present invention. It is an explanatory view for explaining a range of face following area judging in a telework management support system concerning an embodiment of the present invention. It is an explanatory view for explaining a range of face following area judging in a telework management support system concerning an embodiment of the present invention. It is a block diagram which shows the structure of the web management console screen in the telework management support system which concerns on embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a system configuration diagram showing an example of the configuration of a telework management support system to which the person authentication process of the present invention is applied.

  The telework management support system 100 has a configuration in which one or more management servers 101, one or more database servers 102, one or more teleworker PC 111, one or more administrator PCs 121 are connected via the Internet 130. It has become.

  The management server 101 is a server that centrally manages, as telework information, teleporter's absence status, peering data by others, or impersonation trail data, and is constructed on the service environment network 104.

  When the teleworker PC 111 and the administrator PC 121 connect to the management server 101 by authentication processing using an account ID and a password, and the management server 101 receives telework information from the teleworker PC 111, the database server 102 receives the telework information. Store. Further, when there is an acquisition request for telework information from the administrator PC 121, the necessary telework information is extracted from the database server 102.

  The database server 102 is a server for storing telework information based on the operation of the management server 101, and is constructed on the service environment network 104. The database server 102 is connected to the management server 101 in addition to the telework information. Also store account ID and password for Note that the database server 102 can permit connection only from the management server 101 and can not connect from the outside.

  The teleworker's PC 111 is a terminal that creates trail data that is the basis of telework information, exists on the home network 110, trail data is created by a dedicated application, and is generated via the router 112, the Internet 130, and the router 103. It is sent to the management server 101. The person authentication process of this embodiment operates as a function in the dedicated application.

  The administrator's PC 121 is a terminal for confirming telework information, exists on the in-house network 120, and uses a web management console (operating on a web browser) to confirm the telework information. 130, and connects to the management server 101 via the router 103.

  The hardware configuration of the information processing apparatus applicable to the management server 101, the database server 102, the teleworker PC 111, and the administrator PC 121 shown in FIG. 1 will be described below with reference to FIG.

  FIG. 2 is a block diagram showing a hardware configuration of an information processing apparatus applicable to the management server 101, the database server 102, the teleworker PC 111, and the administrator PC 121 shown in FIG. Each device has the same configuration, and therefore, the description will be made using the same reference numerals.

  In FIG. 2, reference numeral 201 denotes a CPU, which centrally controls devices and controllers connected to the system bus 204. Further, the ROM 202 or the external memory 212 is required to realize a BIOS (Basic Input / Output System) which is a control program of the CPU 201, an operating system program (hereinafter referred to as OS), and functions executed by each server or each PC. The various programs described later are stored.

  A RAM 203 functions as a main memory, a work area, and the like of the CPU 201. The CPU 201 loads programs necessary for execution of processing from the ROM 202 or the external memory 212 into the RAM 203 and executes the loaded programs to realize various operations.

  An input controller 205 controls inputs from a keyboard (KB) 209, a web camera 210, and a pointing device such as a mouse (not shown). A video controller 206 controls display on a display such as a CRT display (CRT) 211 or the like. Although FIG. 2 describes the CRT 211, the display may be not only a CRT but also another display such as a liquid crystal display. These are used by the administrator as needed.

  Reference numeral 207 denotes a memory controller, which is an external storage device (hard disk (HD)) for storing a boot program, various applications, font data, user files, editing files, various data, etc., a flexible disk (FD), or a PCMCIA card slot. It controls access to an external memory 212 such as a Compact Flash (registered trademark) memory connected via an adapter.

  A communication I / F controller 208 connects and communicates with an external device via a network (for example, the network 104 shown in FIG. 1), and executes communication control processing in the network. For example, communication using TCP / IP is possible.

  The CPU 201 enables display on the CRT 211 by executing, for example, outline font rasterization processing on a display information area in the RAM 203. Further, the CPU 201 enables user's instruction with a mouse cursor (not shown) on the CRT 211 or the like.

  Various programs to be described later for realizing the present invention are stored in the external memory 212, and are executed by the CPU 201 by being loaded into the RAM 203 as necessary. Furthermore, setting files and the like used at the time of execution of the program are also stored in the external memory 212, and a detailed description of these will be described later.

  Hereinafter, a functional block diagram showing main functions in the management server 101, the database server 102, the teleworker PC 111, and the administrator PC 121 in the telework management support system 100 to which the personal identification process of the present invention is applied using FIG. explain.

  The teleworker PC 111 includes an imaging unit 301, a communication connection unit 302, and a camera image acquisition unit 303. The imaging unit 301 represents a camera for photographing a teleworker as a subject, and the above-described web camera 210 The communication connection unit 302 has a function of establishing communication so as to be connectable with the management server 101 triggered by the start of photographing of the web camera 210, and the camera image acquisition unit 303 includes an imaging unit. Data acquired by photographing at 301 is acquired as an image. However, the trigger for starting imaging is not limited to this mode, and may be triggered by activation of the personal identification process, or may be triggered by another condition as long as it is a timing suitable for connection.

  The teleworker PC 111 further includes a storage unit 304, a face information acquisition unit 305, a detection area determination unit 306, and an authentication unit 307.

  The storage unit 304 includes a setting file (see FIG. 6; details will be described later), and the camera image obtaining unit 303 obtains the setting file, and the parameters recorded in the setting file in each process. Is used.

  The face information acquisition unit 305 detects the face of a person who is the subject from the image acquired by the camera image acquisition unit 303, and further acquires face information such as the number of faces and the position of the face with respect to the image The unit 306 uses the face information acquired by the face information acquisition unit 305 to determine which of a face following area or a face recognition area (details will be described later) the face is.

  Furthermore, the teleworker PC 111 includes an authentication unit 307, an authentication information management unit 308, an event notification unit 309, and a control unit 310.

  The authentication unit 307 determines whether the face of the appearing person is the teleworker in the face following area or the face recognition area, and the authentication information management unit 308 determines whether the teleworker is the person, That is, it manages the authentication state as to whether or not authentication has been performed. For example, if authenticated by the authentication unit 307, it is determined as "authenticated", and if the number of faces is 0 in the face information acquisition unit 305, it is determined that "away" is performed, and "unauthenticated" is set. If there are two or more of the above, it is possible to manage an authentication state such as "unauthenticated" on the assumption that "deep-in" has occurred.

  The event notification unit 309 has a function of notifying the management server 101 of an event that occurs to the teleworker PC 111, and as described above, “Away” by the number of faces detected by the face information acquisition unit 305. Or detects a “peeping” event, notifies the management server 101 of that with the image acquired by the camera image acquisition unit 303, or detects an “spoofing” event by the authentication unit 307, The management server 101 is notified of this together with the image acquired by the camera image acquisition unit 303.

  The control unit 310 has a function of controlling each processing or device executed in the teleworker PC 111, and performs, for example, sleep processing for adjusting the load on the CPU 201, termination processing of the personal identification processing, and the like.

  Hereinafter, the overall flow of the telework management support system 100 in the present embodiment will be described.

  In the telework management support system 100, labor monitoring by personal identification processing is performed by the teleworker PC 111, management of monitoring information is performed by the management server 101 and the database server 102, and monitoring information is displayed by the administrator PC 121.

  The teleworker PC 111 performs an identity authentication process using an image based on data obtained by shooting with the web camera 210 using a dedicated application. The dedicated application establishes a communication connection with the management server 101 using the account ID and password.

  After establishing a connection with the management server 101, labor monitoring of the teleworker is performed by the personal identification process. During labor monitoring, leaving the seat or looking at the display by others, the identity of the person is detected as an event. When an event is detected, the teleworker PC 111 transmits trail data of the event to the management server 101.

  When the trail data of the event is received from the teleworker PC 111, the management server 101 stores it as telework information in a table storing telework information on the database server 102. Also, at the time of receiving the trail data, the management server 101 transmits a detection notification email to the administrator PC 121.

  The administrator PC 121 can check trail data of the teleworker event on the management server using the web management console. The web management console can be used by accessing a dedicated URL from a web browser. In the management console, in addition to the time and image when an event is detected, it is possible to confirm the communication status to the management server 101 of the teleworker PC 111 used for the personal authentication process and the teleworker PC 111. An example of a management screen in the web management console will be described later in the description of FIG.

  Hereinafter, with reference to FIG. 4, the person authentication process in the telework management support system 100 of the present embodiment will be described.

  In FIG. 4, the personal identification process in the teleworker PC 111 will be described. In this process, it is determined from the image of the web camera 210 provided on the teleworker PC 111 whether or not it is the teleworker itself. If it is determined that the user is away from the seat, spoofed, or peeped in, the trail data is transmitted to the management server 101.

  As the point of this processing, when authenticating the user, the image obtained by photographing with the web camera 210 is divided into a face recognition area and a face following area and discriminated, and the processing content is changed depending on which face is detected. To be mentioned.

  Although the details will be described later, the face recognition area is an area in which the face recognition process is always performed. The face following area is an area where the face recognition process is skipped depending on the authentication state.

  There are "unauthenticated" and "authenticated" as the authentication status, and the status transitions according to the face detection status and the face recognition status. In the “non-approved” state, the face recognition process is performed regardless of which area the face is detected. In the “approved” state, the face recognition process is skipped only when a face is detected in the face following area.

  Hereinafter, each step of the personal identification process of the present embodiment will be described with reference to FIG.

  In step S401, the camera image acquisition unit 303 reads various parameters from the setting file (see FIG. 6; details will be described later) of the storage unit 304. The parameters include a camera image size, a face tracking area, a threshold for similarity of face recognition, and parameters related to the processing cycle.

  The camera image size parameter is used to define the size of the image obtained from the webcam 210. The pixel value is designated as 640 × 480, and used in steps S402, S403, and S408 described later.

  The parameters of the face tracking area are used to define the face tracking area. The horizontal direction is an X axis, the vertical direction is a Y axis, upper and lower limit values are designated by pixel values, and are used in step S408 described later.

  The threshold for similarity of face recognition is used to determine whether the teleworker is the person himself. For example, it designates in the range of 0.5-1.0, and uses by step S412 mentioned later.

  The parameters of the processing cycle are used to define the processing cycle of identity authentication. For example, the unit is specified in milliseconds and is used in step S417 described later.

  Each parameter read is stored in the RAM 203 and referred to when necessary.

  In step S402, the communication connection unit 302 establishes a communication connection with the management server 101 so that an event can be notified to the management server 101 in steps S406, S407, and S415 described later. To establish the connection, an account ID and password for system login of the teleworker registered in advance in the management server 101 are used.

  In step S403, the camera image acquisition unit 303 acquires, as an image, data obtained by imaging with the imaging unit 301 (web camera 210). The acquired image is stored in the RAM 203 and used in steps S404 and S412.

  In step S404, the face information acquisition unit 305 detects a face from the image acquired in step S403. An external library is used for face detection (application of existing technology), and the number of faces and the position on the image are specified. The detection result is stored in the RAM 203 and used in steps S405 and S409.

  In this step, the number and position of faces are calculated for both the face recognition area and the face following area.

  In step S405, the face information acquisition unit 305 determines the result of face detection in step S404. If the number of detected faces is 0 (not detected), trail data of the “Away” event is transmitted to the management server 101 in step S406 described later, and if the number of detected is one, the detection area in step S409 described later If it is determined that the number of detections is two or more, trail data of a "peep in" event is transmitted to the management server 101 in step S407 described later.

  In step S406, the event notification unit 309 transmits the image acquired in step S403 and the current time to the management server 101 as trail data of an “Away” event.

  In step S <b> 407, the event notification unit 309 transmits the image acquired in step S <b> 403 and the current time to the management server 101 as trail data of the “peeping in” event.

  In step S408, the authentication information management unit 308 causes the authentication state to transition to "unapproved" as processing when the "away" event and the "looking in" event occur. The authentication status is stored in the RAM 203 and used in step S411.

  In step S409, the detection area determination unit 306 determines which of the face recognition area and the face following area the detected face is.

  In the area determination process, a process (see FIG. 5; details will be described later) is performed using the image size and the face tracking area parameter read in step S401.

  In step S410, the detection area determination unit 306 determines the determination result of the area in which the face is detected in step S409. If the detected area is a face following area, the authentication state is determined in step S411 described later, and if the detected area is a face recognition area, face authentication processing is performed in step S412 described below.

  In step S411, the authentication information management unit 308 determines the current authentication state. If the authentication status is "unauthenticated", face authentication processing is performed in step S412 described later, and if the authentication status is "authenticated", it is determined in step S418 described later whether the application is to be ended.

In step S412, the authentication unit 307 calculates the degree of similarity as to whether the face shown in the image and the teleworker are the same person by the face authentication process. Use external library for authentication process (apply existing technology).

  In step S413, the authentication unit 307 compares the result of similarity of face authentication processing with the threshold of similarity read in step S401, and determines whether the teleworker is the person. If the similarity is equal to or higher than the threshold, it is determined that the person is the person, and the authentication state is transitioned to “authenticated” in step S414 described later. If the similarity is less than the threshold, it is determined to be another person. Send trail data of "spoofing" events.

  In step S414, the authentication information management unit 308 causes the authentication state to transition to “authenticated” based on the result of step S413. The authentication status is stored in the RAM 203 and used in S411.

  In step S415, the event notification unit 309 transmits the image acquired in step S403 and the current time to the management server 101 as trail data of the "spoofing" event.

  In step S416, the authentication information management unit 308 causes the authentication state to transition to “unapproved” as processing when an “spoofing” event occurs. The authentication status is stored in the RAM 203 and used in S411.

  In step S417, the control unit 310 performs sleep processing for load adjustment of the CPU 201. The sleeping time uses the parameters of the processing cycle read in step S401.

  At step S418, control unit 310 determines whether or not to terminate the user authentication process. In order to end the person authentication process, the process is ended by explicitly receiving a command from the menu or the like. If the personal identification process is to be terminated, it is terminated. If the personal identification process is not ended, the process returns to the process of S403.

  Hereinafter, the face detection area determination process of the present embodiment will be described with reference to FIG. This process is executed by the detection area determination unit 306.

  In FIG. 5, it is determined which of a face recognition area and a face following area a face detected from an image obtained by photographing with the web camera 210 is present.

  Here, the face recognition area and the face following area will be described with reference to FIG.

  The face recognition area indicates an area where face recognition is performed to determine whether the person is the person or not by using face recognition technology, and face recognition that appears in this area is always performed, face recognition is performed, and the area Calculate the number of faces appearing in.

  The face following area indicates an area for checking whether a face is present or not. The number of faces present in the area is always calculated. Face recognition is performed only when it appears, and face recognition is performed.

  Since the area is usually set assuming that the face of the teleworker is within the range of the face following area, even if the face turns to something other than the front, etc., the area is faced for the first time Since the face authentication is performed only when C. has appeared, it is possible to prevent the false authentication.

  In addition, if only the face following area is set, face authentication is performed only when a face first appears in the area, so if a third party successfully replaces the face, face authentication is not performed and spoofing An act will occur.

  Therefore, in the present invention, by setting the face recognition area surrounding the outline of the face following area, in the face recognition area, the number of faces is calculated while face authentication is always performed, and thus occurrence of spoofing occurs. It becomes possible to suppress. However, the face recognition area may be set only on the upper and lower sides, only on the upper and lower sides, only on the left and right, only on the left, or only on the right of the face tracking area.

  For example, even if the face is properly replaced in the face recognition area, in order to always perform face authentication, even if the number of faces is calculated as one in the face recognition area and the face following area, spoofing may be detected. It becomes possible.

  Here, although the number of faces is described, as described above, for example, when two or more faces are detected in the face recognition area and the face following area, it is detected that the peeping has occurred. Alternatively, when the number of faces is zero, it can be used to determine whether a person is leaving or not.

  The range of the face tracking area refers to the camera image size and the face tracking area parameter from the RAM 203 among the parameters read in step S401. Further, the face detection position refers to the position information calculated in step S404 from the RAM 203.

  The face following area is set in the image obtained by photographing with the web camera 210, and is up to the image size at the maximum. For example, if the image size is 640 × 480, the range of upper and lower limit values in the X direction is 0 to 640, and the range is 0 to 480 in the Y direction. If a value outside the range is set, it is automatically corrected to the value within the range.

  The process of each step will be described below.

  In step S501, the detected position of the face (referred to as the center of the face) in the image is compared with the lower limit value in the X direction of the face following area to determine whether or not the detected position is within the range. In the above case, the upper limit value in the X direction is compared in S502 described later. If the detected position is less than the lower limit value in the X direction, the face recognition area is determined in S506 described later.

  As an example of this determination, as shown in FIG. 8, for the user A at the lower left, when the face detection position (center of face) is compared with the lower limit value in the X direction of the face following area, it is determined to be less than the lower limit value. And the process proceeds to step S506.

  On the other hand, for user B on the upper right, when the face detection position (the center of the face) is compared with the lower limit value in the X direction of the face tracking area, it is determined that the lower limit value is exceeded, and the process proceeds to step S502.

  That is, if the face is in a range surrounded by a dotted line indicating the outermost shell of the face recognition area and a vertical line in the Y-axis direction with the X direction lower limit value as the X coordinate value, the face detection position is the lower limit. The face detection position is determined if it is determined to be less than the value, and is within a range surrounded by a solid line indicating the outermost shell of the face recognition area and a vertical line in the Y axis direction with the X direction lower limit value as the X coordinate value. It is determined that it is not less than the lower limit value.

  In step S502, the face detection position is compared with the upper limit value in the X direction of the face tracking area to determine whether it is within the range. If the detection position is less than the upper limit value in the X direction, step S503 described later. Compare with the lower limit value in the Y direction. If the detected position is larger than the upper limit value in the X direction, it is determined in step S506 described later that it is a face recognition area.

  As an example of this determination, as shown in FIG. 9, for the user A at the upper right, when the face detection position (the center of the face) is compared with the upper limit of the face tracking area in the X direction, it is not less than the upper limit And the process proceeds to step S506.

  On the other hand, for the user B at the center, when the detected position of the face (referred to as the center of the face) is compared with the upper limit value in the X direction of the face tracking area,

  That is, the face is within the range in step S501, and is a range surrounded by a solid line indicating the outermost shell of the face recognition area and a vertical line in the Y axis direction with the X direction upper limit value as the X coordinate value. If the face detection position is lower than the upper limit value, the face detection area is surrounded by a dotted line indicating the outermost shell of the face recognition area and a vertical line in the Y axis direction with the X direction upper limit value as the X coordinate value. If it is within the range, it is determined that the face detection position is not less than or equal to the upper limit value.

  In step S503, the detected position of the face is compared with the lower limit value in the Y direction of the face tracking area to determine whether it is within the range. If the detected position is equal to or greater than the lower limit value in the Y direction, step S504 described later. Compare with the upper limit value in the Y direction. If the detected position is less than the lower limit value in the Y direction, it is determined in step S506 described later that it is a face recognition area.

  As an example of this determination, as shown in FIG. 10, for the user A at the center, comparing the face detection position (the center of the face) with the lower limit value in the Y direction of the face following area It is determined that there is not, and the process proceeds to step S506.

  On the other hand, for the user B below the center, when the face detection position (the center of the face) is compared with the lower limit of the face tracking area in the Y direction, it is determined that the lower limit is exceeded, and the process proceeds to step S504.

  That is, the face is within the range in step S502, and is a dotted line indicating the outermost shell of the face recognition area and a range surrounded by a vertical line in the X axis direction with the Y direction lower limit value as the Y coordinate value. It is judged that the face detection position is not more than the lower limit, and is surrounded by a solid line indicating the outermost shell of the face recognition area and a vertical line in the X axis direction with the Y direction lower limit as the Y coordinate value. If it is within the range, it is determined that the face detection position is equal to or more than the lower limit value.

  In step S504, the face detection position is compared with the upper limit value in the Y direction of the face following area to determine whether it is within the range. If the detection position is less than the upper limit value in the Y direction, step S505 described later. It is determined that the face following area is. If the detected position is larger than the upper limit value in the Y direction, it is determined in step S506 described later that it is a face recognition area.

  As an example of this determination, as shown in FIG. 11, for the user A below the center, comparing the face detection position (the center of the face) with the upper limit value in the Y direction of the face following area, It is determined that there is not, and the process proceeds to step S506.

  On the other hand, for the user B at the center, when the face detection position (the center of the face) is compared with the upper limit of the face tracking area in the Y direction, it is determined that the upper limit is not exceeded, and the process proceeds to step S505.

  That is, the face is within the range in step S503, and is a dotted line indicating the outermost shell of the face recognition area and a range surrounded by a vertical line in the X axis direction with the Y direction upper limit value as the Y coordinate value. If it is determined that the face detection position is not the lower limit value or more and it is in the range surrounded by the vertical line in the X-axis direction where the Y direction upper limit value is the Y coordinate value, the face detection is performed. It is determined that the position is below the upper limit value.

  In step S505, the face tracking area is stored in the RAM 203 as a determination result. The determination result is used in step S410.

  In step S506, the face recognition area is stored in the RAM 203 as a determination result. The determination result is used in step S410.

  Hereinafter, a description example of the setting file according to the present embodiment will be described with reference to FIG.

  FIG. 6 is a setting example of the size of the web camera image, the face following area, the threshold of the similarity at the time of personal authentication, and the cycle of the personal authentication process. In this example, each setting item is set surrounded by tags.

  The size of the webcam image is specified by the image_size tag 601. Designate in pixels in the form of "number of horizontal pixels x number of vertical pixels".

  The face tracking area is specified by the tracking_area tag 602. The upper left end of the image is set to 0, and the area range is specified by pixels in the horizontal and vertical upper and lower limit values.

  The lower limit value in the horizontal direction (X-axis direction) is specified by the X_loer tag 603 and the upper limit value is specified by the X_upper tag 604, the lower limit value in the vertical direction (Y-axis direction) is specified by the Y_loer tag 605, and the upper limit value is specified by the Y_upper tag 606.

  The range of values to be specified is within the range of the size of the image obtained by shooting with the web camera 210. For example, when the image size is 640 × 480, the upper and lower limit values of X are 0 to 640, and Y is 0 to 480. If it exceeds the image size range, it is automatically corrected to the image size range in step S409. The relationship with the face recognition area when the face tracking area is specified is as shown in FIG.

  The threshold of similarity at the time of identity authentication is designated by the similarity_threshold tag 607. If the degree of similarity calculated at the time of authentication processing falls below the threshold set here, it is determined that the other person. For example, from the viewpoint of false negative, the specifiable range is 0.5 to 1.0.

  The cycle of the person authentication process is specified by the processing_cycle tag 608. The unit of the value to be specified is, for example, millisecond.

  Hereinafter, an example of a management screen by the web management console of the present embodiment will be described with reference to FIG.

  FIG. 12 shows a management screen 700 using the web management console on the administrator PC 121. In the management screen 700, in addition to the list of teleworkers to be managed, it is possible to confirm an image serving as a trail of detected events, date and time of event occurrence, and communication status of teleworkers.

  The management screen 700 includes a teleworker list panel 701, a calendar panel 702, and a trail confirmation panel 703.

  The teleworker list panel 701 displays a list of names of teleworkers to be managed and photographs for authentication. When you click a teleworker in the list, you can specify which teleworker you want to check the trail data. Further, when the teleworker in the list is displayed in blue, it indicates that the teleworker PC 111 is communicably connected to the management server 101.

  The calendar panel 702 can specify a date of trail data of an event to be confirmed. By clicking the date on the calendar panel 702, it is possible to specify the date of trail data to be confirmed. The specified date is displayed in blue.

  The trail confirmation panel 703 displays trail data of events related to the teleworker and the date designated by the teleworker list panel 701 and the calendar panel 702. Event trail data is composed of event classification, date and time of occurrence, and an image serving as a trail. Event classifications include "Away", "Spoofing", and "Warning", and these classifications are classified within the dedicated application of the teleworker PC 111.

  For the information displayed on the management screen 700, the telework information (including each event and corresponding trail data) transmitted from the teleworker PC 111 is referred to the database server 102 via the management server 101.

  In the present embodiment, the face recognition process in step S412 is performed only when the face tracking area appears for the first time, but in the process of step S411, the authentication state is “not approved” including the time of the first appearance. After that, the number is incremented, and if the number exceeds the predetermined number, face authentication processing is performed in step S412, and after the face authentication processing is completed, this number is cleared. Is also possible.

  As a result, face recognition can be performed at a predetermined timing and at a frequency less frequently than when face recognition processing is performed regularly, not only when it first appears in the face following area, and the accuracy of impersonation detection can be increased. Is also possible.

  Furthermore, the face recognition processing in step S412 is performed only when it first appears in the face following area, but in the process of step S411, after it is determined that the authentication status is “authenticated” when it first appears, in step S411 After the process of is executed a predetermined number of times while the authentication state continues and is "authenticated", the authentication state may be determined as "unauthenticated", and the face authentication process in step S412 may be performed.

  By this, it is possible to switch the frequency of performing authentication in the face following area and the face recognition area, so it is not limited to the case of appearing in the face following area for the first time, and it is possible to perform face authentication processing regularly. Face recognition can be performed with less frequency, and it is also possible to increase the accuracy of impersonation detection in the face following area.

  As described above, according to the present invention, in a system that requires periodical authentication, an area for performing face authentication for preventing impersonation and an area for suppressing authentication more than the area for suppressing false authentication are used. By providing an area, unauthorized use of the system and degradation in authentication accuracy can be suppressed.

  As mentioned above, although the example of an embodiment was explained in full detail, the present invention can take an embodiment as a method, a program, a storage medium, etc., for example, and, specifically, is a system comprised from a plurality of devices. It may be applied or may be applied to an apparatus consisting of one device.

  Further, the program in the present invention is a program that enables a computer to execute (read) a processing method, and the storage medium of the present invention stores a program that enables a computer to execute each processing method.

  The program in the present invention may be a program for each processing method of each device.

  As described above, the recording medium recording the program for realizing the functions of the above-described embodiments is supplied to the system or apparatus, and the computer (or CPU or MPU) of the system or apparatus stores the program stored in the recording medium. It goes without saying that the object of the present invention can be achieved also by reading and executing.

  In this case, the program itself read out from the recording medium realizes the novel function of the present invention, and the recording medium storing the program constitutes the present invention.

  As a recording medium for supplying the program, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, non-volatile memory card, ROM, EEPROM, silicon A disk etc. can be used.

  Further, by executing the program read by the computer, not only the functions of the above-described embodiment are realized, but also the OS or the like running on the computer performs a part of the actual processing or It goes without saying that the entire process is carried out and the process realizes the functions of the above-described embodiment.

  Furthermore, after the program read from the recording medium is written to the memory provided to the function expansion board inserted into the computer or the function expansion unit connected to the computer, the function expansion board is read based on the instruction of the program code. It goes without saying that the case where the CPU or the like provided in the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiment are realized by the processing.

  Further, the present invention may be applied to a system constituted by a plurality of devices or to an apparatus comprising a single device.

  It goes without saying that the present invention can also be applied to the case where it is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program for achieving the present invention into the system or apparatus, the system or apparatus can receive the effects of the present invention.

  Further, by downloading and reading out a program for achieving the present invention from a server on a network, a database or the like by a communication program, the system or apparatus can receive the effects of the present invention. In addition, the structure which combined each embodiment mentioned above and its modification is also contained in this invention altogether.

Reference Signs List 100 telework management support system 101 management server 102 database server 103 router 104 service environment network 110 home network 111 teleworker PC
112 router 120 company network 121 PC 121 for administrator
122 Router 130 Internet 201 CPU
202 ROM
203 RAM
204 system bus 205 input controller 206 video controller 207 memory controller 208 communication I / F controller 209 KB
210 Webcam 211 CRT
212 External memory

Claims (9)

An information processing apparatus that performs user identification by performing face recognition of the user by photographing the user.
Storage means for storing a first area indicating an area to be subjected to the person authentication among images obtained by photographing, and a second area indicating an area outside the first area;
Acquisition means for acquiring an image obtained by photographing;
Face information acquisition means for acquiring face information including the face and the position of the face relative to the image from the image acquired by the acquisition means;
Area determination means for determining whether the position of the face is located in the first area of the storage means or in the second area of the storage means using the face information acquired by the face information acquisition means When,
The personal identification is performed on the face determined to be located in the second area by the area determining means, and the second on the face determined to be located in the first area. Authentication means for performing authentication while changing the frequency of performing personal authentication in the area;
An information processing apparatus comprising:

The face information acquisition means calculates the number of faces,
The information processing apparatus according to claim 1, wherein the authentication unit authenticates the face when the number of faces is one by the face information acquisition unit.   3. The information processing apparatus according to claim 2, further comprising: notification means for notifying that the occurrence of the peeping has occurred when the number of faces is two or more by the face information acquisition means.   4. The apparatus according to claim 2, wherein the authentication unit performs authentication of the face when the number of one face is acquired while the number of the face acquired by the face information acquisition unit is different from the previously acquired number. Information processing device. An information processing system in which a client terminal, an administrator terminal, and a server are connected via a network,
Storage means for storing a first area and a second area indicating an area surrounding the first area in a range in which a user's face is often photographed among images obtained by photographing;
Acquisition means for acquiring an image obtained by photographing;
Face information acquisition means for acquiring face information including the face and the position of the face relative to the image from the image acquired by the acquisition means;
Area determination means for determining whether the position of the face is located in the first area of the storage means or in the second area of the storage means using the face information acquired by the face information acquisition means When,
When the position of the face is located in the second area by the area determination means, authentication of the face is performed periodically, while when the position of the face is located in the first area, the face is identified. Authentication means for performing authentication less frequently than authentication;
In the case where impersonation occurs as a result of face authentication in the second area by the authentication means, a notification means for notifying that effect;
An information processing system comprising: A control method of an information processing apparatus, which performs user authentication by performing face recognition of the user by photographing the user.
The information processing apparatus is
An acquisition step of acquiring an image obtained by photographing;
A face information acquiring step of acquiring face information including a face and a position of the face relative to the image from the image acquired by the acquiring step;
In the image obtained by photographing using the face information acquired in the face information acquiring step, a range in which the user's face is often photographed among the images acquired by photographing is a first area, and a first area An area determining step of determining whether or not the first area of the storage means storing the second area indicating the area surrounding the area, or the second area of the storage means;
In the area determination step, when the position of the face is located in the second area, the face authentication is periodically performed, while when the position of the face is located in the first area, the face is identified. An authentication step of performing authentication less frequently than authentication;
And controlling the information processing apparatus. A program that can be read and executed by an information processing apparatus that performs user authentication by performing face recognition of the user by photographing the user,
The information processing apparatus
Acquisition means for acquiring an image obtained by photographing;
Face information acquisition means for acquiring face information including the face and the position of the face relative to the image from the image acquired by the acquisition means;
In the image obtained by photographing using the face information acquired by the face information acquiring means, the area where the face of the user is often photographed is a first area and a first area. Area determination means for determining whether or not the first area of the storage means storing a second area indicating the area surrounding the area, or the second area of the storage means;
When the position of the face is located in the second area by the area determination means, authentication of the face is performed periodically, while when the position of the face is located in the first area, the face is identified. Authentication means for performing authentication less frequently than authentication;
And a program characterized by having it function. A control method of an information processing system in which a client terminal, an administrator terminal, and a server are connected via a network,
The information processing system is
Acquisition means for acquiring an image obtained by photographing;
Face information acquisition means for acquiring face information including the face and the position of the face relative to the image from the image acquired by the acquisition means;
In the image obtained by photographing using the face information acquired by the face information acquiring means, the area where the face of the user is often photographed is a first area and a first area. Area determination means for determining whether or not the first area of the storage means storing a second area indicating the area surrounding the area, or the second area of the storage means;
When the position of the face is located in the second area by the area determination means, authentication of the face is performed periodically, while when the position of the face is located in the first area, the face is identified. Authentication means for performing authentication less frequently than authentication;
In the case where impersonation occurs as a result of face authentication in the second area by the authentication means, a notification means for notifying that effect;
A control method of an information processing system characterized by performing. There is a program that can be read and executed by an information processing system in which a client terminal, an administrator terminal, and a server are connected via a network,
The information processing system,
Acquisition means for acquiring an image obtained by photographing;
Face information acquisition means for acquiring face information including the face and the position of the face relative to the image from the image acquired by the acquisition means;
In the image obtained by photographing using the face information acquired by the face information acquiring means, the area where the face of the user is often photographed is a first area and a first area. Area determination means for determining whether or not the first area of the storage means storing a second area indicating the area surrounding the area, or the second area of the storage means;
When the position of the face is located in the second area by the area determination means, authentication of the face is performed periodically, while when the position of the face is located in the first area, the face is identified. Authentication means for performing authentication less frequently than authentication;
In the case where impersonation occurs as a result of face authentication in the second area by the authentication means, a notification means for notifying that effect;
And a program characterized by having it function.

Images