JP2020119585A - Information processing system, information processor, control method, and program - Google Patents

Abstract

To provide an information processing system, an information processor, a control method, and a program for providing an efficient monitoring method by reducing a labor related to the monitoring of a user, a manager or the like when photographing any person other than the principal is not regarded as unauthorized use under the monitoring environment of the user.SOLUTION: After a user logs in a trace transmission terminal 100, a trace management server 120 distributes the featured value data of the user to the other trace transmission terminals 100 at the same base point, and each trace transmission terminal 100 performs monitoring by using the distributed featured value data of the other user, and the monitoring is performed by sharing information on the state of the user from each trace transmission device 100.SELECTED DRAWING: Figure 4

Description

The present invention relates to an authentication technique performed in a telework management system, and particularly to a distribution method of authentication information used in the authentication technique.

In recent years, with the development of broadband and information security technology, attention to business continuity and power saving measures at the time of disaster, and the like, interest in telework is increasing in each company.

When introducing telework, it is difficult for the administrator to see the situation of the person himself, so there is a risk that confidential information will be leaked due to access to the information processing terminal by a third party including family members, and labor management will be difficult. ..

As a means for preventing leakage of confidential information, when the user operates the information processing terminal, the user's face is photographed and personal authentication is performed using face recognition technology. A system is introduced to lock the.

However, in such a system, the content displayed on the information processing terminal may be viewed by a third party, which may cause a risk of information leakage.

Therefore, as a result of photographing the front of the information processing terminal, if the number of faces in the image obtained by photographing is one, personal authentication is performed, but if there are two or more faces, the information processing terminal A technique for discontinuing the use of is disclosed (for example, see Patent Document 1).

JP, 2009-212381, A

However, the telework management system that uses face recognition focuses on the preventive function, and when it is applied to the situation such as when working at a satellite office, the preventive function will work even if the face of a colleague who works at the same base appears. , The convenience of the user is impaired.

Even if this preventive function is replaced with a notification function to the monitoring person, this time, the monitoring person is troubled to confirm the situation.

An object of the present invention is to reduce the monitoring effort of a user or an administrator when a person other than the person himself/herself is photographed and is not regarded as an unauthorized use according to the monitoring environment of the user. An object is to provide an information processing system, an information processing device, a control method, and a program that provide an efficient monitoring method.

A first aspect of the present invention for solving the above-mentioned problems is to monitor a plurality of information processing devices for monitoring unauthorized access by performing face recognition of the user by photographing the user, and monitoring information for monitoring unauthorized access. An information processing system including a server that manages the monitoring information, the requesting means requesting the monitoring information including the monitoring information used in another information processing device, and the requesting means. The monitoring information is used to detect the unauthorized access from the relationship between the person and the person who uses the other information processing apparatus.

A second invention for solving the above-mentioned problem is a server for managing monitoring information for monitoring unauthorized access, comprising a request receiving means for receiving a request for the monitoring information from an information processing device, An information processing apparatus that receives the monitoring information request from the information processing apparatus and the monitoring information used by another information processing apparatus different from the information processing apparatus when the request receiving section receives the monitoring information request from the request receiving section. And a transmitting means for transmitting to.

A third invention for solving the above-mentioned problem is a plurality of information processing devices for monitoring unauthorized access by performing face recognition of the user by photographing the user, and monitoring information for monitoring unauthorized access. A method of controlling an information processing system comprising a server for managing the information processing system, wherein the information processing system requests the monitoring information including the monitoring information used in another information processing apparatus, Using the monitoring information obtained by the request in the requesting step, a detecting step of detecting that unauthorized access has been made is executed based on the relationship between the person and the person using the other information processing apparatus. It is characterized by

A fourth invention for solving the above-mentioned problem is a plurality of information processing devices for monitoring unauthorized access by performing face recognition of the user by photographing the user, and monitoring information for monitoring unauthorized access. A program that can be read and executed by an information processing system including a server that manages the information processing system, and requests the information processing system to include the monitoring information used by another information processing apparatus. And a detection means for detecting unauthorized access from the relationship between the person himself/herself and a person who uses another information processing device, using the monitoring information obtained by the requesting means. It is characterized by making it function.

A fifth invention for solving the above-mentioned problem is a method of controlling a server for managing monitoring information for monitoring unauthorized access, wherein the server requests the monitoring information from an information processing device. When a request receiving step for receiving and a request for monitoring information are received by the request receiving step, the monitoring information of the information processing apparatus and the monitoring information used by another information processing apparatus different from the information processing apparatus are requested. And a transmitting step of transmitting the information to the information processing device accepted by the accepting step.

A sixth invention for solving the above-mentioned problem is a program that can be read and executed by a server that manages monitoring information for monitoring unauthorized access, wherein the server is changed from an information processing device to the monitoring information. Request reception means for receiving the request for monitoring information, and when the request for monitoring information is received by the reception means, the monitoring information of the information processing apparatus and the monitoring information used by another information processing apparatus different from the information processing apparatus are displayed. It is characterized by functioning as transmitting means for transmitting to the information processing device accepted by the request accepting means.

According to the present invention, according to the monitoring environment of a user, in the case where a person other than the person himself/herself is photographed and is not regarded as an unauthorized use, the use of the information processing apparatus used by the user is not controlled. Further, by suppressing the notification to the administrator or the like, it is possible to realize the efficient monitoring method by reducing the labor related to the monitoring of the user or the administrator.

It is a system block diagram which shows an example of a structure of the telework management system which concerns on embodiment of this invention. It is a block diagram which shows the hardware constitutions of the information processing apparatus applicable to the trail transmission terminal, the trail audit terminal, and the trail management server according to the embodiment of the present invention. It is a block diagram which shows the function structure of the telework monitoring system which concerns on embodiment of this invention. 6 is a flowchart showing a flow of a series of processing from login to logout in the embodiment of the present invention. 6 is a flowchart showing a flow of processing for updating feature amount data for users at the same location in the embodiment of the present invention. 6 is a flowchart showing a flow of processing relating to an unauthorized access notification in the embodiment of the present invention. 6 is a flowchart showing a flow of processing for calculating an unauthorized access state in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of a screen for selecting a base in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of a screen for confirming the movement in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of a screen for confirming the movement in the embodiment of the present invention. FIG. 3 is a configuration diagram showing a configuration of a user information table in the embodiment of the present invention. FIG. 4 is a configuration diagram showing a configuration of a terminal information table in the embodiment of the present invention. FIG. 3 is a configuration diagram showing a configuration of a base information table in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of a team information table in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of a login information table in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of a feature amount information table in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of an authentication contribution level information table in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of a motion information table in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of an unauthorized access information table in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of a trail information table in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of a face recognition result table in the embodiment of the present invention. It is a block diagram which shows the function structure of the telework monitoring system which concerns on embodiment of this invention. 6 is a flowchart showing a flow of a series of processing from login to logout in the embodiment of the present invention. 6 is a flowchart showing a flow of processing for updating feature amount data for users at the same location in the embodiment of the present invention. 6 is a flowchart showing a flow of processing relating to an unauthorized access notification in the embodiment of the present invention. 6 is a flowchart showing a flow of processing for calculating an unauthorized access state in the embodiment of the present invention. FIG. 6 is a configuration diagram showing a configuration of a superior information table in the embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
[First Embodiment]

FIG. 1 is a system configuration diagram showing an example of the configuration of a telework management system of the present invention.

In the telework management system shown in FIG. 1, one or more trail transmission terminals 100, one or more trail audit terminals 110, one or more trail management servers 120, a local area network (LAN) 130, a router 140, and the Internet. It is configured to be connected via 150.

The trail transmitting terminal 100 detects the movement and unauthorized access of the user (teleworker) to be used, and transmits the trail information to the trail management server 120. Further, the feature amount data of the user used for detecting the movement or the like is transmitted to the trail management server 120.

The trail auditing terminal 110 allows the administrator to approve the feature amount data recorded in the trail management server 120 and to audit the trail recorded in the trail management server 120.

The trail audit terminal 110 may have the same function as the trail transmission terminal 100 in order to notify the teleworker of the movement of the administrator or to notify the administrator of the movement and unauthorized access when the teleworker performs the telework. is there.

The trail management server 120 records the characteristic amount data received from the trail transmitting terminal 100, and processes the approval operation of the trail auditing terminal 110 for the characteristic amount data.

Then, the trail received from the trail transmitting terminal 100 is recorded, the audit operation of the trail auditing terminal 110 for the trail is processed, and the trail transmitting terminal 100 uses it based on the connection source base information of the trail transmitting terminal 100. Determine feature amount data.

The hardware configuration of the information processing apparatus applicable to the trail transmitting terminal 100, the trail auditing terminal 110, and the trail management server 120 shown in FIG. 1 will be described below with reference to FIG.

FIG. 2 is a block diagram showing a hardware configuration of an information processing apparatus applicable to the trail transmission terminal 100, the trail inspection terminal 110, and the trail management server 120 shown in FIG.

In FIG. 2, reference numeral 201 denotes a CPU, which centrally controls each device and controller connected to the system bus 204.

Further, the ROM 203 or the external memory 212 is necessary to realize a control program of the CPU 201, such as a BIOS (Basic Input/Output System), an operating system program (hereinafter, OS), and a function executed by each server or each PC. Various programs to be described later are stored. A RAM 203 functions as a main memory and a work area of the CPU 201.

The CPU 201 implements various operations by loading a program or the like required for executing the processing from the ROM 203 or the external memory 212 into the RAM 202 and executing the loaded program.

An input controller 205 controls inputs from a keyboard (KB) 209, a camera device 210 such as a web camera for photographing a user in front of the trail transmission terminal 100, and a pointing device such as a mouse (not shown).

A video controller 206 controls display on a display such as a CRT display (CRT) 211. In addition, although it is described as CRT 211 in FIG. 2, the display device is not limited to the CRT and may be another display device such as a liquid crystal display. These are used by the administrator as needed.

A memory controller 207 is installed in an external storage device (hard disk (HD)) for storing a boot program, various applications, font data, user files, edit files, various data, a flexible disk (FD), or a PCMCIA card slot. It controls access to an external memory 212 such as a CompactFlash (registered trademark) memory connected via an adapter.

A communication I/F controller 208 connects and communicates with an external device via a network (for example, the LAN 130 shown in FIG. 1) and executes communication control processing on the network. For example, communication using TCP/IP is possible.

The CPU 201 enables display on the CRT 211 by executing outline font rasterization processing in a display information area in the RAM 202, for example. Further, the CPU 201 enables a user instruction with a mouse cursor or the like (not shown) on the CRT 211.

Various programs to be described later for implementing the present invention are recorded in the external memory 212 and are executed by the CPU 201 by being loaded into the RAM 202 as necessary.

Furthermore, the definition file and various information tables used when the above program is executed are also stored in the external memory 212, and a detailed description thereof will be described later.

Next, a functional block diagram of the trail transmission terminal 100, the trail inspection terminal 110, and the trail management server 120 of the present invention will be described with reference to FIG. Detailed control that each functional block processes will be described with reference to a flowchart described later.

First, the functional configuration of the trail transmission terminal 100 will be described.

The authentication information input unit 301 receives input of authentication information by the user. The authentication information transmission unit 302 transmits the authentication information received by the authentication information input unit 301 to the authentication information reception unit 501 of the trail management server 120 via the communication I/F controller 208 to log in to the system. If the login is successful, the site selection unit 303 requests the site selection.

The site selection unit 303 acquires a site list available to the login user from the user information management unit 504 of the trail management server 120 via the communication I/F controller 208, and selects the current site from the list.

As the selection method, there are a method of displaying a base list on the CRT 211 and allowing the user to select it, and a method of estimating the address of the present location from the nearby Wifi network and automatically determining it.

The characteristic amount data updating unit 304 acquires the characteristic amount data of the user and the login user who connects from the same base as the user from the characteristic amount data acquisition unit 507 of the trail management server 120 via the communication I/F controller 208, and The data in the quantity data storage unit 305 is updated. The feature amount data storage unit 305 stores face feature amount data used for face recognition.

The user information display update unit 306 acquires user movement information from the user information management unit 504 of the trail management server 120 via the communication I/F controller 208, and displays it on the CRT 211.

The user information display update unit 306 also has a function of displaying the site list and the team list acquired from the user information management unit 504, and changing the user to be selected by the user to display the movement information.

Further, when the user information display updating unit 306 receives the update notification from the update notification receiving unit 315, the user information display updating unit 306 retakes the user movement information from the user information management unit 504 and updates the display.

The video input unit 307 acquires a video from the camera device 210 and transmits the video to the feature amount data extraction unit 308 and the state detection unit 311.

The feature amount data extraction unit 308 extracts feature amount data for identifying the user when the feature amount data is not registered or when the user is not identified successfully.

The feature amount data extraction unit 308 extracts the user's face from the video received from the video input unit 307, and asks the user whether to identify using the face. If the confirmation is obtained, the feature amount data is extracted from the face and transmitted to the feature amount data transmitting unit 310. The face recognition unit 309 is requested to extract the face and the feature charge data.

The face recognition unit 309 extracts a face from the video received from the feature amount data extraction unit 308, and further extracts feature amount data that can be used for identification from the face. In addition, a face is extracted from the image received from the state detection unit 311, and the similarity between the feature amount data extracted from each face and the feature amount data received from the state detection unit 311 is calculated.

The characteristic amount data transmitting unit 310 transmits the characteristic amount data received from the characteristic amount data extracting unit 308 to the characteristic amount data receiving unit 509 of the trail management server 120. Also, the identification contribution rate stored in the characteristic amount data storage unit 305 before logout is transmitted to the characteristic amount data receiving unit 509.

The state detection unit 311 uses the image received from the image input unit 307 and the feature amount data stored in the feature amount data storage unit 305 to determine whether the regular login user is “present”, “leaves”, or logs in at the same location. Unauthorized access by user "Spoofing", "Peeping", Unauthorized access by third party outside the site "Spoofing", "Peeping" status is detected.

The image and the feature amount data are transmitted to the face recognition unit 309, and the current state is calculated from the obtained face recognition result. The detected stillness, unauthorized access and face recognition result, and the camera image at that time are transmitted to the trail control unit 312.

The trail control unit 312 stores, in the trail storage unit 313, the camera image and the result of motion/unauthorized access and face recognition received from the state detection unit 311. At that time, the screen shot obtained from the video controller 206 is also stored.

The trail control unit 312 comprehensively looks at the static and unauthorized access stored in the trail storage unit 313, and infers which state the static and unauthorized access are currently in, and when it was switched to that state. The trail information (static or unauthorized access, face recognition result, camera image, screen shot) at the time of switching is transmitted to the trail transmitting unit 314.

When the same motion and unauthorized access continue, the end date and time is updated at any time and transmitted to the trail transmission unit 314. In addition, the camera image and the screen shot of the end date and time are transmitted to the trail transmission unit 314. Old trail information that is no longer used for state determination is discarded from the trail storage unit 313 at any time.

The trail storage unit 313 stores trail information (movement, unauthorized access, face recognition result, camera image, screen shot).

The trail transmission unit 314 transmits the trail information received from the trail control unit 312 to the trail reception unit 513 of the trail management server 120 via the communication I/F controller 208.

The update notification receiving unit 315 receives the update notification from the user information update notification unit 506 of the trail management server 120 via the communication I/F controller 208.

The update notification receiving unit 315 requests the feature amount data extracting unit 308 to extract the feature amount when the feature amount data registration notification is received, and the feature amount data updating unit 304 when the feature amount data update notification is received. To update. Further, when the movement update notification is received, the user information display update unit 306 is requested to update the display.

Next, the functional configuration of the trail inspection terminal 110 will be described.

The user information display update unit 401 acquires user information from the user information management unit 504 of the trail management server 120 via the communication I/F controller 208, similarly to the user information display update unit 306 of the trail transmission terminal 100, It is displayed on the CRT 211.

It is possible to display not only the movement information similar to the user information display updating unit 306 but also the audit information capable of confirming the number of unauthorized access occurrences and the number of characteristic data waiting for approval. The user information display updating unit 401 receives the update notification from the update notification receiving unit 402 and updates the display.

The update notification receiving unit 402 receives the update notification from the audit information update notifying unit 510 of the trail management server 120 via the communication I/F controller 208.

The update notification receiving unit 402 requests the user information display updating unit 401 to update the display when there is a motion update notification, and displays the feature information update notification and the unauthorized access occurrence notification on the user information display updating unit 401. Is requested and the information notification unit 403 is requested to notify the administrator of the information.

The information notification unit 403 warns the administrator so that the approval processing of the characteristic amount data and the audit processing of the unauthorized access can be immediately performed.

The feature amount data approval operation unit 404 displays the feature amount data acquired from the feature amount data approval operation processing unit 512 of the trail management server 120 via the communication I/F controller 208 on the CRT 211, and the feature not approved by the administrator. Approve or reject quantity data. The approval result is transmitted to the feature amount data approval operation processing unit 512.

The trail audit operation unit 405 displays the trail of unauthorized access acquired from the trail audit operation processing unit 515 of the trail management server 120 via the communication I/F controller 208 on the CRT 211, and the administrator has a problem of unauthorized auditing. Have it audited. The audit result is transmitted to the trail audit operation processing unit 515.

The camera image and the screen shot during the period of the unauthorized access are displayed as a material for determining whether there is any problem. It also has a function of acquiring and displaying the history of user movements and displaying statistical information. The trail inspection terminal 110 may have the function of the trail transmission terminal 100 at the same time.

Finally, the functional configuration of the trail management server 120 will be described.

The authentication information receiving unit 501 compares the authentication information received from the authentication information transmitting unit 302 of the trail transmitting terminal 100 with the information in the user storage unit 502, and if there is matching user information, the login information storage unit 503 stores the login information. Memorize The user storage unit 502 stores user information, and the login information storage unit 503 stores user login information.

The user information management unit 504 receives the selection of the current site from the site selection unit 303 of the trail transmission terminal 100, changes the site information of the record of the corresponding user of the login information storage unit 503, and logs in to the user information update notification unit 506. It requests the users at the same location retrieved from the information storage unit 503 to transmit the feature amount data update notification.

In addition, the user information management unit 504 transmits, to the user information update notification unit 506, the movement update notification to the user of the same base searched from the login information storage unit 503 and the user of the same team searched from the team storage unit 511. Request.

Further, the user information management unit 504 requests the audit information update notification unit 510 to notify the administrator of the motion update. Further, in response to a request from the user information display updating unit 306 of the trail transmitting terminal 100 and the user information display updating unit 401 of the trail auditing terminal 110, a list of available bases of the user (all information of the base information storage unit 505 and the user) If the home authority of the user is TRUE (which will be described later in detail), the address of the user is included), the list of the team to which the user belongs, and the movement information of the user who belongs to the base or the team (movement of the user storage unit 502 and the login information storage unit 503). (Merged information) is returned.

In addition, in response to a request from the user information display updating unit 401 of the trail auditing terminal 110, the audit information of the users who belong to the base (the movement information of the user storage unit 502 and the login information storage unit 503 and the unaudited fraud of the trail storage unit 514). A merged number of access records and the number of unapproved records in the feature amount data storage unit 508 are returned. The base information storage unit 505 stores the base information.

The user information update notification unit 506 moves to the update notification reception unit 315 of the trail transmission terminals 100 of all logged-in users belonging to the connection source base of the user when the user logs in and out, and when the user's movement changes. Send update notification.

In addition, the user information update notification unit 506 is an update notification reception unit of the trail transmission terminals 100 of all login users belonging to the connection source site of the user when the user logs in and out, and when the feature amount data is approved. A feature quantity data update notification is transmitted to 315.

The feature amount data acquisition unit 507 returns the feature amount data of the user and the feature amount data of the login user at the same location.

The feature amount data storage unit 508 stores the feature amount data used for face recognition. Further, the identification contribution degree indicating the degree for identifying whether or not the user is the user of each feature amount data is stored.

The characteristic amount data receiving unit 509 receives the characteristic amount data from the characteristic amount data transmitting unit 310 of the trail transmitting terminal 100, and stores the characteristic amount data in the characteristic amount data storage unit 508. At that time, the audit information update notification unit 510 is requested to notify the registration of the feature amount data. Further, the identification contribution degree is received from the characteristic amount data transmitting unit 310 of the trail transmitting terminal 100 and stored in the characteristic amount data storage unit 508.

Upon receiving the feature amount data and the unauthorized access occurrence notification request, the audit information update notification unit 510 sends the update notification to the update notification receiving unit 402 of the trail auditing terminal 110 of the administrator of the sending user. The team storage unit 511 stores team information that defines a user's audit relationship.

The feature amount data approval operation processing unit 512 receives the update information of the feature amount data from the feature amount data approval operation unit 404 of the trail auditing terminal 110, and updates the feature amount data of the feature amount data storage unit 508.

The trail receiving unit 513 receives the trail information transmitted from the trail transmitting unit 314 of the trail transmitting terminal 100, and stores it in the trail storage unit 514. Further, when a new unauthorized access is received, the audit information update notifying unit 510 is requested to notify the unauthorized access occurrence.

The trail storage unit 514 stores, as trail information, movement information, unauthorized access information, camera images, and screenshots.

The trail audit operation processing unit 515 receives the update information of the feature amount data by the feature amount data approval operation unit 404 of the trail inspection terminal 110, and updates the feature amount data of the feature amount data storage unit 508.

The function of performing login authentication required for the administrator to use the system is omitted because it is out of the scope of the present invention.

Hereinafter, with reference to FIG. 4, in the telework management system according to the present embodiment, a series of flows from the user performing the telework logging in to the trail transmitting terminal 100 to logging out will be described.

The processing of the trail transmitting terminal 100 is executed by the CPU 201 by storing the program and data acquired from the ROM 203 in the RAM 202. Further, the processing of the trail management server 120 is executed by the CPU 201 by storing the program and data acquired from the ROM 203 in the RAM 202.

In step S101, when the user logs in to the trail transmission terminal 100, the trail transmission terminal 100 activates the resident application and transmits the account ID and password to the trail management server 120 in the background.

The trail management server 120 compares the user information (see FIG. 11) stored in the user storage unit 502, and if they match, permits the login. The account ID and password are set by the user when the resident application is first started, and the set values are used thereafter.

The user information table shown in FIG. 11 includes a user ID that uniquely identifies the user, a user account name, a user name, a phonetic alphabet for the user name, a user type indicating whether the target user is an individual or a group, and the user is located. A profile image showing an address, an image for identifying the person such as the face image of the person, an object for viewing the movement showing the whereabouts to be monitored for movement, an object for the inspection showing a range (group) to be inspected, a user has a monitoring authority. There is a monitoring authority (whether TRUE, there is a monitoring authority) indicating whether or not there is, and a telecommuting authority (when TRUE is possible) indicating whether or not the user can work from home.

In step S102, it is confirmed whether the feature amount data (FIG. 16) that the login user has approved is stored in the feature amount data storage unit 508. If there is no registration such as at the time of first use, or if there is only registration but not approved or rejected, a registration notification of feature amount data is transmitted to the trail transmission terminal 100 (to step S103). If the approved feature amount data is registered, the process proceeds to step S105.

The feature amount data table shown in FIG. 16 is configured to include an ID for uniquely identifying the feature amount data, a user ID, and feature amount data used for specifying the user as the user.

In step S103, the trail transmission terminal 100 registers the feature amount data of the logged-in user.

In this step, the face image is extracted from the camera image by face recognition, the login user confirms the registration, and the feature amount data is extracted from the face image and transmitted to the trail management server 120.

In the trail management server 120, the received feature amount data is stored in the feature amount data storage unit 508, and the trail inspection terminal 110 used by the administrator who monitors the user retrieved from the monitoring information (FIG. 14) in the team storage unit 511. A feature quantity data registration notice is sent to.

FIG. 14 shows a monitoring information table. The monitoring information table includes an ID for uniquely identifying the audit target, a name for identifying the audit target, and a pseudonym of a name for identifying the audit target. The configuration includes a reading ID, a monitoring person ID list indicating an ID for specifying an administrator who monitors the audit target, and a monitored person ID list indicating a user ID to be monitored.

In step S104, the trail inspection terminal 110 receives the feature amount data registration notification and gives an alert notification to the administrator so that the feature amount data is approved.

Then, when the administrator approves or rejects the feature amount data at the trail inspection terminal 110, the trail management server 120 advances the processing to step S105 when it is approved and proceeds to step S103 when it is rejected. ..

In step S105, the trail transmission terminal 100 acquires the user's characteristic amount data from the trail management server 120 and stores it in the characteristic amount data storage unit 305.

The trail management server 120 does not return all the feature amount data, but uses the feature contribution data (FIG. 17) stored in the feature amount data storage unit 305 to identify the feature amount data effective for identifying the user. Is selected and returned (details will be described in the description of FIG. 5).

In step S106, the trail transmission terminal 100 performs face recognition on the camera image using the acquired feature amount data, and starts monitoring the user (details will be described in the description of FIG. 6). User monitoring is processed in the background, and the process proceeds to step S107 without waiting for the end.

The user monitoring is started before the site selection in step S107, even when a third party logs in to the trail transmission terminal 100 and uses the terminal without selecting the site, spoofing is detected and the trail management server. This is because it is stored in 120.

In step S107, the base to which the trail transmission terminal 100 is connected is selected from the bases acquired from the trail management server 120.

The trail management server 120 returns all the base information (FIG. 13) stored in the base information storage unit 505 as the bases available to the user.

FIG. 13 shows a base information table. The base information table is configured to include an ID for uniquely identifying the base, a name indicating the name of the base, a pseudonym of the base name, an address of the base, and the like. Has been done.

When the home right of the user information of the user storage unit 502 is TRUE, the base information of the name of the home is generated from the user's address and returned.

For the base information to be returned, the final login date and time at each base is acquired and merged from the login information (FIG. 15) stored in the login information storage unit 503.

FIG. 15 shows a login information table. The login information table includes an ID for uniquely identifying the login itself, a user ID, a terminal ID for uniquely identifying the logged-in trail transmission terminal 100, It is configured to include a base ID that indicates the ID of the base that logged in, a home (in the case of TRUE, home) that indicates whether or not the base where the login is made is the home of the user, the movement of the user, the date and time of login, and the date and time of logout. ing.

Such base information is displayed on a screen for allowing the user to select a base, for example, as shown in FIG. 8, and the base information desired by the user is selected from the displayed base information.

In the trail transmission terminal 100, when the neighborhood address can be acquired from the WiFi network or the like and the connection source site can be specified from the acquired site list, the connection source site is automatically determined and confirmed to the user.

For example, the site confirmation screen 601 shown in FIG. 8 is displayed, and information on the identified connection source site is displayed.

If it is incorrect, the site list is displayed in order from the nearest address, and the user is allowed to select it (the one with the latest last login date and time is displayed first).

As an example, when the user presses the Cancel button 602 on the site confirmation screen 601, a work site selection screen 604 is displayed as shown in the upper part of FIG. 8, and site information is displayed in order from the nearest address. And let the user select.

When the neighborhood address has been acquired but the location cannot be specified, the base list is displayed in order from the neighborhood address and the user is allowed to select it.

Similarly, when the user presses the Cancel button 602 on the site confirmation screen 601, a work site selection screen 604 is displayed as shown in the upper part of FIG. 8, and site information is displayed in order from the nearest address. The user to select.

When the neighborhood address cannot be acquired, the site list is displayed in the order of the latest login date and time, and the user is allowed to select it (if there are sites with the same address, they are displayed together).

As an example, when the user presses the Cancel button 602 on the site confirmation screen 601, a work site selection screen 604 is displayed as shown in the lower part of FIG. 8, and site information is displayed in order of the latest login date and time. Display (if there are sites with the same address, they are displayed together) and let the user select.

When the OK button 605 is pressed while the site is selected on the work site selection screen 604, the selected site information is transmitted to the trail management server 120, and the login of the user registered in the login information storage unit 503 is performed. Registered at the information base.

In step S108, the feature amount data update notification is transmitted to the trail transmission terminal of the user at the same location searched from the login information storage unit 503.

In step S109, the trail transmission terminal 100, which has received the feature quantity data update notification, acquires the feature quantity data to be used from the trail management server 120 and replaces the data in the feature quantity data storage unit 305.

At that time, the trail management server 120 returns not only the user but also the feature amount data of the user at the same location. At this time, similar to step S105, instead of returning all the feature amount data, the feature amount data stored in the feature amount data storage unit 305 is used to identify the feature amount data effective for the user identification from the identification contribution degree of each feature amount data. Select and return (details will be described in the explanation of FIG. 5).

In step S110, the movement update notification is transmitted to the user of the same location searched from the login information storage unit 503 and the member (monitored person ID list) of the team to which the user searched from the team storage unit 511 belongs.

In step S111, the trail transmission terminal 100 that has received the movement update notification acquires the movement information of the user of the currently displayed team or base from the trail management server 120 and displays it.

Similarly, the static update notification is transmitted to the trail inspection terminal 110 of the administrator of the user retrieved from the team storage unit 511. The trail auditing terminal 110, which has received the motion update notification, acquires and displays the motion of the users belonging to the currently displayed team.

FIG. 9 shows an example of a screen that displays the user's movement information on the trail transmission terminal 100 when receiving the movement update notification.

The movement confirmation screen 701 is a screen that displays the movement information of the user at the selected base at present, and as shown in the upper left of FIG. 9, two persons, Hanako Tanaka and Ichiro Suzuki, are in the seated state, and the movement confirmation is confirmed. Although it is displayed on the screen 701, when Sato Motoko comes to the site and Ichiro Suzuki leaves the company, as shown in the upper right of FIG. 9, Hanako Tanaka and Motoko Sato are in an existing state. And is displayed as an offline state indicating that Ichiro Suzuki has made another company.

In step S112, triggered by the user logging out from the trail transmitting terminal 100, the user monitoring in step S106 is terminated, and the trail managing server 120 is logged out.

In step S113, when the user monitoring is ended, the identification contribution rate stored in the feature amount data storage unit 305 is transmitted to the trail management server 120, and the trail management server 120 uses the received identification contribution rate in the feature amount data storage unit. It is stored in 508.

At the time of logout, the trail management server 120 registers the logout date and time of the latest login information of the user of the login information storage unit 503, and sets the status to offline. Then, in step S114, a motion update notification is issued to each trail inspection terminal 110.

Hereinafter, with reference to FIG. 5, the flow until the feature amount data is updated using the update notification of S104 and S108 of FIG. 4 as a trigger, and the trail transmitting terminal 100 can identify the user and the user at the same location. Will be explained.

The processing of the trail transmitting terminal 100 is executed by the CPU 201 by storing the program and data acquired from the ROM 203 in the RAM 202. Further, the processing of the trail management server 120 is executed by the CPU 201 by storing the program and data acquired from the ROM 203 in the RAM 202.

In step S201, the trail transmission terminal 100 requests the trail management server 120 to acquire feature amount data for face recognition.

The timing of the request is when the user successfully logs in to the trail management server 120 through the trail transmission terminal 100, or when the trail transmission terminal 100 receives a feature quantity data update notification from the trail management server 120.

In step S202, the login information storage unit 503 is searched for a user connected from the same site as the user.

At the time of step S204, since the base should not be set in the latest login information of itself, only itself is acquired as the login user of the same base.

At the time of step S207, the user of the login information having the same value as the base of the latest login information of the user (not logged out) is acquired.

From step S203 to step S208, the characteristic amount data effective for identifying all the users at the same location acquired in step S202 is extracted.

In step S204, X pieces of identification contribution degree information of the user stored in the feature amount data storage unit 508 (FIG. 17) are acquired from the newest registered items, and among them, the number of identification required times (this feature amount data is If not, the number of times of failure in identification) is 1 or more is acquired.

FIG. 17 shows an identification contribution degree information table. The identification contribution degree information table includes an ID for uniquely identifying the identification contribution degree information, a feature amount data ID for uniquely identifying a feature amount, It is configured to include the date and time when the identification contribution degree information is registered, the number of times of recognition indicating the number of times of authentication, the average degree of similarity indicating the average value of the degrees of similarity obtained as a result of the authentication, and the number of times of required authentication. (Details will be described later).

In step S205, if the number of cases acquired in step S204 exceeds the maximum value N, the process proceeds to step S206. If not, the process proceeds to step S207.

The maximum value is set here because there is a possibility that another person's acceptance rate (probability of recognizing a third party as the user himself) may increase even if too much feature amount data is used.

Further, since the target of identification is mainly the user himself, N'(<N) cases may be set to the maximum value in the case of other users at the same base.

Face recognition technology is a technology that detects the face of a person who took a picture and reads the attribute information of the face.Personal identification using face recognition technology uses a discriminator that has learned the features calculated from face images to identify other faces. This is a technique for calculating the similarity with the feature amount calculated from the image and identifying the person with that face.

At the time of this learning, the same person is learned by associating it with the same identifier, but if too many features of the person are learned, it will be rejected depending on the performance of the classifier (the registrant cannot be identified as a registrant. ) The rate or the allowance of others (identifying an unregistered person as a registrant) may be deteriorated.

In step S206, the top M (<N) items having the largest number of required identifications are acquired from those acquired in step S204. Further, the top (NM) cases with the highest average similarity are acquired, and a total of N pieces of feature amount data are acquired.

In step S207, the obtained feature amount data is added to the list returned to the trail transmission terminal 100.

In step S209, the characteristic amount data acquired by the trail management server 120 is returned to the trail transmitting terminal 100, and the trail transmitting terminal 100 stores the acquired characteristic amount data in the characteristic amount data storage unit 305.

As described above, the trail transmission terminal 100 can identify the user and the login user at the same location.

By the way, the method of searching the feature amount data effective for identification in steps S204 to S207 is an example, and a comprehensive score is calculated from each parameter to select a higher one, or a new data for the above score is selected. Various correction methods can be considered, such as upward correction to make selection easier.

Hereinafter, with reference to FIG. 6, description will be given of a flow of detecting user movement and unauthorized access in the user monitoring in step S106 of FIG. 4, and performing unauthorized access registration notification to the monitor when the unauthorized access occurs.

This processing is executed by the CPU 201 of the trail transmission terminal 100 storing the program and data acquired from the ROM 203 in the RAM 202.

In step S301, the current motion and unauthorized access are initialized. The movement is a state where there is nothing at first, and the unauthorized access is a state where it is normal.

In step S302, face recognition is applied to the camera image, and the face recognition result (FIG. 21), motion (FIG. 18) and unauthorized access (FIG. 19) obtained from the face recognition result, and the camera image or screen shot at that time (FIG. 20) is stored in the trail storage unit 313. The state of motion and unauthorized access is detected from the camera image (details will be described in the description of FIG. 7).

FIG. 21 shows a face recognition result table. The face recognition result table uses an ID for uniquely identifying the result of face recognition and an image of a camera image on which face recognition is performed. The image ID, the coordinates indicating the position of the face in the camera image on which the face detection is performed, the degree of similarity as a result of the face detection, and the user ID of the identified user as a result of the face recognition are provided. There is.

FIG. 18 shows a motion information table. The motion information table includes an ID for uniquely identifying motion information, a user ID, a terminal ID, a state indicating the motion of the user (attended, leaving), and monitoring. It is configured to include a start date and time and a monitoring end date and time.

FIG. 19 shows an unauthorized access table. The unauthorized access table shows an ID for uniquely identifying an unauthorized access, a user ID, a terminal ID, and a state showing the determination result of the monitored user's unauthorized access, Includes the date and time when this state started, the date and time when this state ended, the audit status indicating whether the administrator has audited this unauthorized access, and the auditor who indicates the administrator who performed the audit. It is configured.

FIG. 20 shows a trail image table. The trail image table includes an ID for uniquely identifying an image to be a trail target, a type of whether the image is a camera image or a screenshot, It is configured to include a terminal ID that acquires an image, the acquired image data, and a shooting date and time indicating the acquisition date and time.

In step S303, the latest movement (new movement) is calculated based on the movement information stored in the trail storage unit 313.

As the simplest calculation method, of the past several pieces of movement information, the most frequent state is the new movement state, and the oldest movement information is the movement state.

Similarly, the latest unauthorized access (new unauthorized access) is calculated based on the unauthorized access information stored in the trail storage unit 313.

In step S304, it is confirmed whether the moving state and the new moving state are different (that is, whether the state has changed). If they are different, the process proceeds to step S305, and if they are the same, the process proceeds to step S307.

In step S305, the movement is replaced with the new movement, and the movement information is transmitted to the trail management server 120. In step S306, the trail management server 120 stores the received movement information in the trail storage unit 514.

Also, the movement of the latest login information of the user stored in the login information storage unit 503 is updated.

Further, the login information storage unit 503 is searched for users at the same location, and the team storage unit 511 is searched for users (monitoring persons and monitored persons) who belong to the same team as users' motion references. The movement update notification is transmitted to the transmission terminal 100 and the trail inspection terminal 110.

At this time as well, the movement confirmation screen 701 shown in FIG. 9 is displayed on the trail transmission terminal 100 as described above, but the trail inspection terminal 110 displays the whole movement confirmation screen 702 shown in the lower part of FIG.

Regarding the movement confirmation screen 701, it is possible to confirm the movements of the users within the same base, but regarding the overall movement confirmation screen 702, it is possible to confirm the movements of the users within all the bases. Mainly different. On the whole movement confirmation screen 702, it is also possible to confirm the presence or absence of unauthorized access.

As for the motion confirmation screen 701 and the whole motion confirmation screen 702, it is possible to adopt a mode in which the name corresponding to the terminal ID for uniquely identifying the trail inspection terminal 110 is displayed.

In this case, the name is displayed using the terminal information table shown in FIG. The terminal information table has a configuration including an ID for uniquely identifying the trail inspection terminal 110 and a description indicating the name of the trail inspection terminal 110.

That is, the explanation corresponding to the ID of the terminal information table corresponding to the terminal ID of the login information storage unit 503 is displayed on the movement confirmation screen 701 or the movement confirmation entire confirmation screen 702.

In step S307, the end date and time of the movement is updated with the current time and transmitted to the trail management server 120. If a certain period of time has passed since the registration, the latest camera image and screenshot are also sent. The trail management server 120 registers or updates the received trail information in the information in the trail storage unit 514.

In step S308, if the movement is still seated, the process proceeds to step S309; otherwise (step away), the process proceeds to step S310.

In step S309, the identification contribution degree in face recognition of each feature amount data of the monitoring target is calculated from the similarity of the face recognition result with respect to the camera image when the latest motion information stored in the trail storage unit 313 is calculated. , And the feature amount data storage unit 305. This is only performed when the latest motion information is in the presence status.

The average similarity in the identification contribution is the average of all the similarities recorded in the feature amount data when it is determined that the person is present. The required number of times of identification in the contribution degree of identification is the number of times when it is determined that there is the feature amount data when it is determined that the person is present, that is, the person cannot be identified as the person without the feature amount data.

In the case of simply identifying whether or not the similarity exceeds a threshold value (0.7), when the feature amount data 1 is 0.78 and the feature amount data 2 is 0.65, the identification contribution of the feature amount data 1 Increase the number of times the degree must be identified by 1.

In step S310, it is determined whether or not the state of the unauthorized access is different from the state of the new unauthorized access (that is, whether the state has changed). If determined to be different, the process proceeds to step S311 and it is determined that they are the same. In this case, the process proceeds to step S316.

In step S311, the unauthorized access is replaced with the new unauthorized access, and the new unauthorized access information is transmitted to the trail management server 120. In step S312, the trail management server 120 stores the received unauthorized access information in the trail storage unit 514.

In step S313, it is confirmed whether the state of unauthorized access is normal. If it is not normal, the new unauthorized access information is transmitted to the trail management server 120, the process proceeds to step S314, and if normal, the process proceeds to step S318. Proceed with processing.

In step S314, the trail management server 120 stores the received unauthorized access information in the trail storage unit 514.

In step S315, if the received unauthorized access status is “peep (colleague)”, the process proceeds to step S318. If not, it is determined that notification to the administrator is necessary and the process proceeds to step S316. Proceed.

In step S316, the trail management server 120 searches the team storage unit 511 for a supervisor of the team to which the user belongs, and sends an unauthorized access registration notice to the trace audit terminal 110 of each supervisor.

The trail auditing terminal 110, which has received the unauthorized access registration notification, prompts the monitoring person to audit the unauthorized access and updates the display of the user information.

Again, as described above, the trail inspection terminal 110 displays the entire movement confirmation screen 702 shown in the lower part of FIG. 9, and the presence/absence of unauthorized access can be confirmed on the entire movement confirmation screen 702.

Further, this example will be described with reference to FIG. In the motion confirmation screen 701 shown on the left side of the upper part of FIG. 10, two persons, Hanako Tanaka and Ichiro Suzuki, are in the seated state and displayed on the motion confirmation screen 701. In 703, a person other than Hanako Tanaka is photographed on the trail transmission terminal 100 of Hanako Tanaka who is present, but this person is photographed other than Ichiro Suzuki who is present at the same location. Therefore, the unauthorized access registration is notified.

On the other hand, in 704 shown second from the left in the lower part of FIG. 10, a person other than Hanako Tanaka is photographed on the trail transmission terminal 100 of Hanako Tanaka who is in the seated state, but this person is present at the same base. Since Ichiro Suzuki in the seated state is photographed, the unauthorized access registration notification is not issued and the process ends.

Further, as shown in the upper left of FIG. 10, when two children, Hanako Tanaka and Ichiro Suzuki, are present, Motoko Sato joins the site and Ichiro Suzuki leaves. As shown on the right side of the upper row, Hanako Tanaka and Motoko Sato are displayed as being in the presence status, and are displayed as an offline status indicating that Ichiro Suzuki has left the company.

In this state, at 705 shown third from the left in the lower part of FIG. 10, a person other than Hanako Tanaka is photographed on the trail transmission terminal 100 of Hanako Tanaka who is in the seated state, but this person has joined the company. , Sato Motoko, who is present at the same base, is photographed, so the unauthorized access registration notification is not issued and the process ends.

On the other hand, in 706 shown at the far right in the lower part of FIG. 10, a person other than Hanako Tanaka is photographed on the trail transmission terminal 100 of Hanako Tanaka who is in a seated state, but this person is photographed by Ichiro Suzuki who left the company. Therefore, the unauthorized access registration is notified.

In step S317, the end date and time of the unauthorized access is updated with the current time and transmitted to the trail management server 120. If a certain period of time has passed since the registration, the latest camera image and screenshot are also sent. The trail management server 120 registers or updates the received trail information in the information in the trail storage unit 514.

In step S318, if a command such as logout has been received, the flow ends, otherwise, the process returns to step S302, and the processes of steps S302 to S317 are repeated.

Hereinafter, with reference to FIG. 7, a flow of performing face recognition on a camera image in step S302 of FIG. 6 and calculating a user's motion and unauthorized access state from the result will be described. This processing is executed by the CPU 201 of the trail transmission terminal 100 storing the program acquired from the ROM 203 in the RAM 202.

In step S401, a camera image input from the camera device 210 is accepted. In step S402, face detection and face identification are performed on the camera image to obtain a plurality of face recognition results (FIG. 21).

The face detection is a process of detecting a face area existing in the camera image, and the face identification extracts the feature amount data from the detected face and compares the feature amount data with the feature amount data stored in the feature amount data storage unit 105. This is a process of performing matching and calculating the degree of similarity with each feature amount data, and based on the calculated degree of similarity, it is identified who the face is.

The simplest identification method is to identify the user of the feature amount data that has recorded the highest degree of similarity exceeding a certain threshold. There are many other existing techniques as identification methods, and any technique may be applied.

In step S403, if a face cannot be detected in step S402, the process proceeds to step S404. If only one face can be detected, the process proceeds to step S405. The process proceeds to S408.

In step S404, since no one is shown on the camera device 210, the motion of “leaving” and the unauthorized access of “normal” are stored in the trail storage unit 313. It also stores camera images, screen shots, and face recognition results.

In step S405, it is determined whether or not the detected face is identified as the user. If it is determined that the face is identified, the process proceeds to step S406. If it is determined that the face is not identified, the process proceeds to step S407.

In step S406, since only one user is shown in the camera device 210, the "moving" status and the "normal" unauthorized access are stored in the trail storage unit 313. It also stores camera images, screen shots, and face recognition results.

In step S407, since only one person other than the user is shown on the camera device 210, the movement of “leaving” and the unauthorized access of “spoofing” are stored in the trail storage unit 313. It also stores camera images, screen shots, and face recognition results.

In step S408, it is determined whether or not there is a face identified as the user among the detected faces. If it is determined that the face has been identified, the process proceeds to step S409. If it is determined that the face has not been identified, the process proceeds to step S409. The process proceeds to S410.

In step S409, since the user is shown in the camera device 210, the movement of “attended” is stored in the trail storage unit 313. It also stores camera images, screen shots, and face recognition results.

In step S410, since the user is not displayed on the camera device 210, the movement of "leaving" is stored in the trail storage unit 313. It also stores camera images, screen shots, and face recognition results.

In step S411, it is confirmed whether or not all the faces are identified as the faces of the users at the same base. If they are identified, the process proceeds to step SS412. If not identified, the process proceeds to step S413. The user determination at the same location can be performed using the information regarding the user retrieved from the login information storage unit 503.

In step S412, since the user himself/herself and the user at the same location are shown in the camera device 210, the unauthorized access of “peeping (colleague)” is stored in the trail storage unit 313.

In step S413, since a third party other than the user at the same location is shown on the camera device 210, the unauthorized access of “peeping” is stored in the trail storage unit 313.
[Second Embodiment]

Next, a second embodiment will be described. In the first embodiment, processing relating to user monitoring is mainly performed in the trail transmission terminal 100, but in the second embodiment, main processing relating to user monitoring is performed. The trail management server 120 performs the processing.

In addition, in the first embodiment and the second embodiment, when the same configuration is provided or when the same processing is performed, detailed description is omitted and the same reference numerals are used for the description, and different The detailed description will be given only if

Next, a functional block diagram of the trail transmission terminal 100, the trail inspection terminal 110, and the trail management server 120 of the present invention will be described with reference to FIG. Detailed control that each functional block processes will be described with reference to a flowchart described later.

First, the functional configuration of the trail transmission terminal 100 will be described.

The characteristic amount data updating unit 902 acquires the characteristic amount data of the user and the login user who is connected from the same base as the user from the characteristic amount data acquiring unit 507 of the trail management server 120 via the communication I/F controller 208, and The data in the quantity data storage unit 907 is updated. The feature amount data storage unit 907 stores face feature amount data used for face recognition.

The video input unit 801 acquires a video from the camera device 210 and outputs the video to the video transmission unit 802, and the video transmission unit 802 transmits the video output from the video input unit 801 to the video reception unit 901 of the trail management server 120. To do.

Finally, the functional configuration of the trail management server 120 will be described.

The video reception unit 901 receives the video transmitted from the video transmission unit 802, and transmits the video to the feature amount data extraction unit 903 and the state detection unit 905.

The characteristic amount data updating unit 902 acquires the characteristic amount data of the user and the login user who connects from the same site as the user from the characteristic amount data acquiring unit 507, and updates the data of the characteristic amount data storage unit 907. The feature amount data storage unit 907 stores face feature amount data used for face recognition.

The feature amount data extraction unit 903 extracts the feature amount data for identifying the user when the feature amount data is not registered or when the user identification is not successful.

The feature amount data extraction unit 903 extracts the face of the user from the video received from the video reception unit 901, and asks the user whether to identify using the face. When the confirmation is obtained, the feature amount data is extracted from the face and stored in the feature amount data storage unit 508. At that time, the audit information update notification unit 510 is requested to notify the registration of the feature amount data. The face recognition unit 904 is requested to extract the face and the feature charge data.

The face recognition unit 904 extracts a face from the video received from the feature amount data extraction unit 903, and further extracts feature amount data that can be used for identification from the face. A face is extracted from the image received from the state detecting unit 905, and the similarity between the feature amount data extracted from each face and the feature amount data received from the state detecting unit 905 is calculated.

The identification contribution degree acquisition unit 906 stores the identification contribution degree stored in the feature amount data storage unit 907 before logout in the feature amount data storage unit 508.

Based on the image received from the image receiving unit 901 and the feature amount data stored in the feature amount data storage unit 907, the state detecting unit 905 determines whether the regular login user is in motion “attended”, “away”, or logged in at the same location. Unauthorized access by user "Spoofing", "Peeping", Unauthorized access by a third party outside the site "Spoofing", "Peeping" status is detected.

The image and the feature amount data are transmitted to the face recognition unit 904, and the current state is calculated from the obtained face recognition result. The detected motion, unauthorized access, and face recognition result, and the camera image at that time are transmitted to the trail control unit 908.

The trail control unit 908 stores the moving image/unauthorized access and face recognition result received from the state detection unit 905 and the camera image in the trail storage unit 909. At that time, the screen shot obtained from the video controller 206 is also stored.

The trail control unit 908 comprehensively looks at the static and unauthorized access stored in the trail storage unit 909, and infers which state the static and unauthorized access states are currently in, and when it was switched to that state. The trail information at the time of switching (static or unauthorized access, face recognition result, camera image is transmitted to the trail acquisition unit 910.

When the same motion and unauthorized access continue, the end date and time is updated at any time and transmitted to the trail acquisition unit 910. In addition, the camera image of the end date and time is transmitted to the trail acquisition unit 910. The old trail information that is no longer used for state determination is discarded from the trail storage unit 909 as needed.

The trail storage unit 909 stores trail information (movement, unauthorized access, face recognition result, camera image).

The user information update notification unit 911 moves to the update notification reception unit 315 of the trail transmission terminals 100 of all logged-in users who belong to the connection source site of the user when the user logs in and out and when the user's movement changes. Send update notification.

Further, the user information update notification unit 911 is an update notification reception unit of the trail transmission terminals 100 of all login users belonging to the connection source site of the user when the user logs in and out and when the feature amount data is approved. A feature quantity data update notification is transmitted to 315.

The characteristic amount data acquisition unit 507 returns the characteristic amount data of the user and the characteristic amount data of the login user at the same location to the characteristic amount data updating unit 902.

The trail acquisition unit 910 receives the trail information transmitted from the trail control unit 908 and stores it in the trail storage unit 912. Further, when a new unauthorized access is received, the audit information update notifying unit 510 is requested to notify the unauthorized access occurrence.

The trail storage unit 912 stores, as trail information, movement information, unauthorized access information, and a camera image.

The trail audit operation processing unit 515 receives the update information of the feature amount data by the feature amount data approval operation unit 404 of the trail inspection terminal 110, and updates the feature amount data of the feature amount data storage unit 508.

Hereinafter, with reference to FIG. 23, in the telework management system according to the present embodiment, a series of flows from the user performing the telework logging in to the trail transmitting terminal 100 to logging out will be described. Basically, the same processing as the flowchart shown in FIG. 4 is performed, and therefore only different processing will be described.

In response to the trail management server 120 being monitored by the trail transmission terminal 100, the characteristic amount data of the trail transmission terminal 100 is acquired from the characteristic amount data storage unit 508 and stored in the characteristic amount data storage unit 907. ..

The trail management server 120 does not register all the feature amount data, but the feature amount effective for identifying the user from the identification contribution rate (FIG. 17) of each feature amount data stored in the feature amount data storage unit 508. Data is selected and registered (details will be described in the description of FIG. 24). It is assumed that the feature amount data storage unit 907 stores each information corresponding to the base ID to which the trail transmission terminal 100 to be monitored belongs, with respect to the table shown in FIG.

In step S502, the trail management server 120 performs face recognition on the camera image using the acquired feature amount data, and starts monitoring the user (details will be described in the description of FIG. 25). User monitoring is processed in the background, and the process proceeds to step S107 without waiting for the end.

In step S108, it is detected that the characteristic amount data has been updated in the trail transmission terminal 100 of the user at the same location searched from the login information storage unit 503.

In step S109, the trail management server 120 acquires the feature amount data to be used for the trail transmitting terminal 100 that has detected that the feature amount data has been updated, and replaces the data in the feature amount data storage unit 907.

At that time, the trail management server 120 registers not only the user but also the feature amount data of the user at the same location. At this time, similar to step S501, instead of registering all the feature amount data, the feature amount data stored in the feature amount data storage unit 508 is effective for identifying the user from the identification contribution rate of each feature amount data. To register (details will be described in the description of FIG. 24).

In step S112, triggered by the user logging out from the trail transmitting terminal 100, the user monitoring in step S106 is terminated, and the trail managing server 120 is logged out.

In step S113, when ending the user monitoring, the trail management server 120 stores the identification contribution rate stored in the feature amount data storage unit 907 in the feature amount data storage unit 508.

Hereinafter, with reference to FIG. 24, the flow until the feature amount data is updated by using the update notification of S104 and S108 of FIG. 23 as a trigger, and the trail transmitting terminal 100 can identify the user and the user at the same location. Will be explained. Basically, since the same processing as the flowchart shown in FIG. 5 is performed, only different processing will be described.

The processing of the trail transmitting terminal 100 is executed by the CPU 201 by storing the program and data acquired from the ROM 203 in the RAM 202. Further, the processing of the trail management server 120 is executed by the CPU 201 by storing the program and data acquired from the ROM 203 in the RAM 202.

In step S601, the trail management server 120 receives an instruction to register the feature amount data for the logged-in trail management server 120.

The instruction for registration is when the user successfully logs in to the trail management server 120 through the trail transmission terminal 100, or when the trail management server 120 detects that the feature amount data of the trail transmission terminal 100 has been updated. is there.

In step S207, the obtained feature amount data is added to the list registered in the feature amount data storage unit 907.

In step S602, the trail management server 120 stores the feature amount data added to the list in the feature amount data storage unit 907.

As described above, the trail transmission terminal 100 can identify the user and the login user at the same location.

In the following, with reference to FIG. 25, a flow of performing user detection in step S502 in FIG. 23, detection of user movement and unauthorized access, and notification of unauthorized access registration to a monitor when unauthorized access occurs will be described. Basically, the same processing as the flowchart shown in FIG. 6 is performed, and therefore only different processing will be described.

This processing is executed by the CPU 201 of the trail management server 120 storing the program and data acquired from the ROM 203 in the RAM 202.

In step S701, the current motion and unauthorized access are initialized. The movement is a state where there is nothing at first, and the unauthorized access is a state where it is normal.

In step S702, face recognition is applied to the camera image, and the face recognition result (FIG. 21), the motion (FIG. 18) and the unauthorized access (FIG. 19) obtained from the face recognition result, and the camera image at that time (FIG. 20). ) Is stored in the trail storage unit 909. The state of motion and unauthorized access is detected from the camera image (details will be described in the description of FIG. 26). It is assumed that each table in FIG. 18 to FIG. 21 stores each information corresponding to the base ID to which the trail transmission terminal 100 to be monitored belongs.

In step S703, the latest movement (new movement) is calculated based on the movement information stored in the trail storage unit 909.

As the simplest calculation method, of the past several pieces of movement information, the most frequent state is the new movement state, and the oldest movement information is the movement state.

Similarly, the latest unauthorized access (new unauthorized access) is calculated based on the unauthorized access information stored in the trail storage unit 909.

In step S704, it is confirmed whether the moving state and the new moving state are different (that is, whether the state has changed). If they are different, the process proceeds to step S705, and if they are the same, the process proceeds to step S707.

In step S705, the movement is replaced with the new movement, and in step S706 the movement information is stored in the trail storage unit 912.

Also, the movement of the latest login information of the user stored in the login information storage unit 503 is updated.

Further, the login information storage unit 503 is searched for users at the same location, and the team storage unit 511 is searched for users (monitoring persons and monitored persons) who belong to the same team as users' motion references. The movement update notification is transmitted to the transmission terminal 100 and the trail inspection terminal 110.

At this time as well, the movement confirmation screen 701 shown in FIG. 9 is displayed on the trail transmission terminal 100 as described above, but the trail inspection terminal 110 displays the whole movement confirmation screen 702 shown in the lower part of FIG.

In step S707, the end date and time of the movement is updated with the current time. If a certain period of time has passed since registration, the latest camera image is also registered. The trail management server 120 registers or updates the trail information in the trail storage unit 912.

In step S708, if the movement is still, the process proceeds to step S709; otherwise (leave), the process proceeds to step S710.

In step S709, the identification contribution in face recognition of each feature amount data of the monitoring target is calculated from the similarity of the face recognition result with respect to the camera image when the latest motion information stored in the trail storage unit 912 is calculated. , In the feature amount data storage unit 907. This is only performed when the latest motion information is in the presence status.

In step S710, it is determined whether or not the state of the unauthorized access is different from the state of the new unauthorized access (that is, whether the state has changed). If determined to be different, the process proceeds to step S711 and it is determined that they are the same. In this case, the process proceeds to step S716.

In step S711, the unauthorized access is replaced with the new unauthorized access, and in step S712, the unauthorized access information is stored in the trail storage unit 912.

In step S713, it is confirmed whether the unauthorized access state is normal. If not, the process proceeds to step S714, and if normal, the process proceeds to step S718.

In step S714, the unauthorized access information is stored in the trail storage unit 912, and in step S715, if the received unauthorized access status is “peep (colleague)”, the process proceeds to step S718. When it is determined that notification to the administrator is necessary, the process proceeds to step S716.

In step S716, a supervisor of the team to which the user belongs is retrieved from the team storage unit 511, and an unauthorized access registration notice is sent to the trail audit terminal 110 of each supervisor.

The trail auditing terminal 110, which has received the unauthorized access registration notification, prompts the monitoring person to audit the unauthorized access and updates the display of the user information.

Again, as described above, the trail inspection terminal 110 displays the entire movement confirmation screen 702 shown in the lower part of FIG. 9, and the presence/absence of unauthorized access can be confirmed on the entire movement confirmation screen 702.

In step S717, the end date and time of the unauthorized access is updated with the current time. If a certain period of time has passed since registration, the latest camera image is also registered. The trail management server 120 registers or updates the trail information in the information in the trail storage unit 912.

In step S718, if a command such as logout has been received, the flow ends, otherwise, the process returns to step S702, and the processes of steps S702 to S717 are repeated.

Hereinafter, with reference to FIG. 26, a flow of performing face recognition on a camera image in step S<b>702 of FIG. 25 and calculating a user's motion and unauthorized access state from the result is described. This processing is executed by the CPU 201 of the trail transmission terminal 100 storing the program acquired from the ROM 203 in the RAM 202. Basically, since the same processing as the flowchart shown in FIG. 7 is performed, only different processing will be described.

In step S801, the camera image obtained by the camera device 210 in the trail transmission terminal 100 is acquired. In step S802, face detection and face identification are performed on the camera image to obtain a plurality of face recognition results (FIG. 21).

The face detection is a process of detecting a face area existing in the camera image, and the face identification extracts feature amount data from the detected face and compares the feature amount data stored in the feature amount data storage unit 907. This is a process of performing matching and calculating the degree of similarity with each feature amount data, and based on the calculated degree of similarity, it is identified who the face is.

The simplest identification method is to identify the user of the feature amount data that has recorded the highest degree of similarity exceeding a certain threshold. There are many other existing techniques as identification methods, and any technique may be applied.

In step S803, if a face cannot be detected in step S802, the process proceeds to step S804. If only one face can be detected, the process proceeds to step S805. If multiple faces can be detected, the process proceeds to step S803. The process proceeds to S808.

In step S804, since no one is shown on the camera device 210, the movement of “leaving” and the unauthorized access of “normal” are stored in the trail storage unit 909. Also, the camera image and the face recognition result are stored.

In step S805, it is determined whether or not the detected face is identified as the user. If it is determined that the face is identified, the process proceeds to step S806. If it is determined that the face is not identified, the process proceeds to step S807.

In step S806, since only one user is shown on the camera device 210, “moving seat” and “unauthorized” unauthorized access are stored in the trail storage unit 909. Also, the camera image and the face recognition result are stored.

In step S807, since only one person other than the user is shown on the camera device 210, the movement of “leaving” and the unauthorized access of “spoofing” are stored in the trail storage unit 909. Also, the camera image and the face recognition result are stored.

In step S808, it is determined whether or not there is a face identified as the user among the detected faces. If it is determined that the face has been identified, the process proceeds to step S809. If it is determined that the face has not been identified, the process proceeds to step S809. The process proceeds to S810.

In step S809, since the user is shown on the camera device 210, the movement of “attended” is stored in the trail storage unit 909. Also, the camera image and the face recognition result are stored.

In step S810, since the user is not displayed on the camera device 210, the movement of “leaving” is stored in the trail storage unit 909. Also, the camera image and the face recognition result are stored.

In step S811, it is confirmed whether all the faces are identified as the faces of the users at the same location. If they are identified, the process proceeds to step S812. If not identified, the process proceeds to step S813. The user determination at the same location can be performed using the information regarding the user retrieved from the login information storage unit 503.

In step S<b>812, since the user himself/herself and the user at the same site are shown in the camera device 210, the unauthorized access of “peeping (colleague)” is stored in the trail storage unit 909.

In step S813, since a third party other than the user at the same location is shown in the camera device 210, the unauthorized access of “peeping” is stored in the trail storage unit 909.

In each step, the trail control unit 908 makes a request to the trail transmission terminal 100 for obtaining a screenshot at the timing when it is determined that an unauthorized access has occurred, and the trail transmission terminal 100 obtains the screenshot. Accepts the request to perform, a screen shot is acquired regarding the information currently displayed on the CRT 211 and transmitted to the trail management server 120.

Upon receiving this screen shot, the trail control unit 908 stores the screen shot in correspondence with the motion and camera images stored in the trail storage unit 909 and the face recognition result.
[Third Embodiment]

Next, a third embodiment will be described. In the first embodiment and the second embodiment, when the unauthorized access state is peeping, in step S411 and step S811, all login users of the same location The judgment was made based on whether or not was displayed.

According to this determination, if all users are login users at the same location, they are sneak peeks (colleagues), and if not all are login users at the same location, they are sneak peeks. Then, whether the displayed user is a "sneak peek (self + colleague)" showing himself and his colleague, or a "sneak peek (only colleague)" showing only his colleague, or a "peeping peek" showing his boss By "viewing (boss)", a mode for changing the state to register is provided.

The reason for providing such an aspect is that if a colleague looks into the person while he or she is away, there is a risk of leaking information that the person does not intend, and if the boss looks into the information, security is not considered to be unauthorized access. It is possible to reduce the monitoring load on the observer, etc.

This determination is performed in steps S411 and S811, and for the determination of "peep (self + colleague)", the user is present in the face shown in step S808, and all of them are at the same base. This is the case when it is determined that the login user is.

On the other hand, the determination of “peeping (only colleague)” is a case where the user is present on the face shown in step S808 and all are login users at the same base.

Further, the "peep (boss)" determination is a case where it is determined that the user is the user's boss regardless of whether or not the user is present in the face shown in step S808. Using the superior information table shown in FIG. 27, it is determined whether or not the superior of the user is reflected.

The boss information table stores information about the user's boss, and corresponds to an ID (corresponding to the user ID) for uniquely indicating the boss, a user ID for uniquely indicating a user who belongs to the boss. I remember it including.

Also, although the case where the boss is looking into the peeping state is shown, when the colleague is reflected as the boss's state, the state may be divided depending on whether the boss of the colleague is the same or not. ..

Identifying the bosses of the co-workers, including him/herself, from the information stored in the boss information table, depending on whether or not they are all the same boss, they are “peeping (self + co-worker)” and “peeping (co-workers only)”. It may be possible to determine a state where the boss is the same or the boss is different.

As described above, according to the present invention, the use of the information processing apparatus used by the user is controlled in the case where the person other than the person himself/herself is photographed and is not regarded as an unauthorized use according to the monitoring environment of the user. In addition, by suppressing the notification to the administrator and the like, it is possible to realize an efficient monitoring method by reducing the labor related to the monitoring of the user or the administrator.

Although the exemplary embodiments have been described in detail above, the present invention can be embodied as, for example, a method, a program, a storage medium, or the like. It may be applied or may be applied to an apparatus composed of one device.

Further, the program according to the present invention is a program that allows a computer to execute (read) each processing method, and the storage medium according to the present invention stores a program that allows a computer to execute each processing method.

The program in the present invention may be a program for each processing method of each device.

As described above, the recording medium recording the program that realizes the functions of the above-described embodiments is supplied to the system or apparatus, and the computer (or CPU or MPU) of the system or apparatus executes the program stored in the recording medium. It goes without saying that the object of the present invention can be achieved by reading and executing.

In this case, the program itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program constitutes the present invention.

As a recording medium for supplying the program, for example, a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a CD-R, a DVD-ROM, a magnetic tape, a non-volatile memory card, a ROM, an EEPROM, and a silicon. A disk or the like can be used.

Further, not only the functions of the above-described embodiments are realized by executing the program read by the computer, but also the OS or the like running on the computer executes a part of the actual processing based on the instructions of the program. Needless to say, this includes a case where all the processing is performed and the functions of the above-described embodiments are realized by the processing.

Furthermore, after the program read from the recording medium is written in the memory provided in the function expansion board inserted in the computer or the function expansion unit connected to the computer, the function expansion board is instructed based on the instruction of the program code. Needless to say, this also includes the case where the CPU or the like included in the function expansion unit performs some or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

Further, the present invention may be applied to a system including a plurality of devices or an apparatus including one device.

Further, it goes without saying that the present invention can be applied to the case where it is achieved by supplying a program to a system or an apparatus. In this case, by reading the recording medium storing the program for achieving the present invention into the system or device, the system or device can enjoy the effects of the present invention.

Furthermore, by downloading and reading a program for achieving the present invention from a server, a database or the like on a network using a communication program, the system or device can enjoy the effects of the present invention. It should be noted that the present invention also includes all configurations that combine the above-described embodiments and modifications thereof.

100 Trail transmission terminal 110 Trail audit terminal 120 Trail management server 130 LAN
140 Router 150 Internet 201 CPU
202 ROM
203 RAM
204 system bus 205 input controller 206 video controller 207 memory controller 208 communication I/F controller 209 KB
210 camera device 211 CRT
212 External memory

Claims (6)

What is claimed is: 1. An information processing system comprising: a plurality of information processing devices that monitor the unauthorized access by performing face recognition of the user by photographing the user; and a server that manages monitoring information for monitoring the unauthorized access. ,
Requesting means for requesting the monitoring information including the monitoring information used in another information processing device;
Using the monitoring information obtained by requesting by the requesting unit, a detecting unit that detects that an unauthorized access has been performed from the relationship between the person and a person who uses another information processing apparatus,
An information processing system comprising: A server that manages monitoring information for monitoring unauthorized access,
Request receiving means for receiving a request for the monitoring information from the information processing device,
When the request for the monitoring information is received by the receiving unit, the information processing for receiving the monitoring information of the information processing device and the monitoring information used by another information processing device different from the information processing device by the request receiving unit Transmitting means for transmitting to the device,
A server characterized by having. Method of controlling information processing system comprising a plurality of information processing devices for monitoring unauthorized access by performing face recognition of the user by capturing an image of the user and a server for managing monitoring information for monitoring unauthorized access And
The information processing system,
A request step for requesting the monitoring information including the monitoring information used in another information processing device,
Using the monitoring information obtained by requesting in the requesting step, a detection step of detecting that unauthorized access has been performed, from the relationship between the person and a person who uses another information processing device,
A method for controlling an information processing system, the method comprising: Read and execute in an information processing system including a plurality of information processing devices that monitor the unauthorized access by performing face recognition of the user by photographing the user and a server that manages monitoring information for monitoring the unauthorized access There are possible programs,
The information processing system,
Requesting means for requesting the monitoring information including the monitoring information used in another information processing device;
Using the monitoring information obtained by requesting by the requesting means, a detecting means for detecting that an unauthorized access has been made from the relationship between the person and the person using the other information processing device,
A program characterized by making it function. A method for controlling a server that manages monitoring information for monitoring unauthorized access, comprising:
The server
A request receiving step of receiving a request for the monitoring information from the information processing device,
When a request for monitoring information is received by the request receiving step, the information received by the request receiving step includes the monitoring information of the information processing apparatus and the monitoring information used by another information processing apparatus different from the information processing apparatus. A transmitting step for transmitting to the processing device,
A method of controlling a server, comprising: A program that can be read and executed by a server that manages monitoring information for monitoring unauthorized access,
The server
Request receiving means for receiving a request for the monitoring information from the information processing device,
When the request for the monitoring information is received by the receiving unit, the information processing for receiving the monitoring information of the information processing device and the monitoring information used by another information processing device different from the information processing device by the request receiving unit Transmitting means for transmitting to the device,
A program characterized by causing it to function.

Images