JP2021163423A - Information processing device, information processing method and program - Google Patents

Abstract

To perform further shrewd authentication by performing comprehensive authentication using information used for face authentication and information other than that information.SOLUTION: In a server 1, a face-related information acquisition unit 101 acquires face-related information of a user U. A context-related information acquisition unit 102 acquires context-related information of the user U. A determination unit 103 performs comprehensive determination based on the face-related information and the context-related information. An authentication unit 104 performs comprehensive authentication of the user U on the basis of the result of the comprehensive determination by the determination unit 103. Accordingly, the above problem to be solved is resolved.SELECTED DRAWING: Figure 8

Description

The present invention relates to an information processing device, an information processing method, and a program.

Conventionally, face recognition has been used as an authentication method. Further, a technique related to face recognition has also been proposed (see, for example, Patent Document 1).

Japanese Unexamined Patent Publication No. 2020-038545

However, at the current state of the art, it is difficult to perform astute and complete authentication using only face recognition. For example, the authentication result may differ due to the difference in the resolution of the captured image data of the face, the out-of-focus, the difference in the distance between the camera and the authentication target, and the like.

The present invention has been made in view of such a situation, and more astute authentication can be performed by performing comprehensive authentication using information used for face authentication and other information. With the goal.

In order to achieve the above object, the information processing device of one aspect of the present invention is
The first acquisition means for acquiring the first information based on the captured image of the user's face, and
A second acquisition means for acquiring second information based on one or more context data of the user, and
An authentication means that authenticates the user based on a determination result based on the first information acquired by the first acquisition means and the second information acquired by the second acquisition means.
To be equipped.

The information processing method and program according to one aspect of the present invention are the information processing methods and programs corresponding to the above-mentioned information processing device according to one aspect of the present invention.

According to the present invention, more astute authentication can be performed by performing comprehensive authentication using information used for face authentication and other information.

It is a figure which shows the outline of this service which is applicable to the information processing system to which the server which concerns on one Embodiment of the information processing apparatus of this invention is applied. It is a figure which shows the specific example of the timing which the user's face-related information and context-related information are acquired. It is a figure which shows the specific example of the comprehensive authentication by a server. It is a figure which shows the specific example of the comprehensive authentication by a server. It is a figure which shows the specific example of the comprehensive authentication by a server. It is a block diagram which shows an example of the structure of the information processing system to which the server which concerns on one Embodiment of this invention is applied. It is a block diagram which shows an example of the hardware configuration of a server in the information processing system of FIG. FIG. 5 is a functional block diagram showing an example of a functional configuration that realizes a comprehensive authentication process among the processes whose execution is controlled by the server of FIG. 7. It is a flowchart which shows the flow of the comprehensive authentication processing among the processing whose execution is controlled by the server which has the functional configuration of FIG.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.

First, with reference to FIGS. 1 to 5, a service to which the information processing system (see FIG. 6 described later) to which the server 1 according to the embodiment of the information processing apparatus of the present invention is applied is applied (hereinafter, "" The outline of "this service") will be explained.

FIG. 1 is a diagram showing an outline of the present service to which the information processing system to which the server according to the embodiment of the information processing apparatus of the present invention is applied is applied.

This service is a service provided when user U is authenticated. User U is not particularly limited, and includes all human beings who can be authenticated by this service.
A person who authenticates user U (not shown) uses this service to comprehensively perform highly accurate authentication based on user U's face-related information and user U's context-related information (not shown). Hereinafter referred to as "comprehensive certification") can be performed.

"Face-related information" refers to information related to the face of user U. The face-related information includes the data itself of the captured image of the face of the user U, the data converted into the feature amount for use in the face recognition of the user U, the information indicating the result of the face recognition of the user U, and the like.

The "context-related information" refers to information based on the context data of the user U. The "context data" refers to data indicating at least one or more states of the internal state and the external state of the user U. That is, one context data is data indicating one or more of the "internal state" and the "external state" of the user U. Here, the "internal state" refers to the state of the user U, which is indicated by various data obtained by targeting the user U itself for sensing. The data indicating the "internal state" indicates the physical characteristics of the user U such as height, weight, body temperature, pulse, body fat percentage, body shape, fingerprint, voice print, and age obtained by measurement or investigation, for example. Contains objective data. In addition, subjective data such as physical condition and emotion obtained by questionnaires and interviews, and user U's behavior history are also included in the data showing the internal state of user U. Further, the "external state" refers to the state of the user U indicated by various data obtained by targeting the environment around the user U for sensing. The data indicating the "external state" includes, for example, the history and forecast of the weather (weather, temperature, humidity, etc.), the room temperature, etc. in the place where the user U existed in the past, exists now, or may exist in the future. Contains data about. Further, the data indicating the external state includes data indicating the position of the spatial or temporal arrangement of the user U, and predetermined data distributed in at least one of the spatial direction and the temporal direction around the user U. Data indicating the state of is also included.
In addition, in this specification, "time" is not limited to the original concept of "width", but also includes "time" and "timing" as a concept of "at that time". .. Therefore, the "data indicating the position of the temporal arrangement" includes, for example, the time at a predetermined timing in the past, the current time, and the like.

The person who performs comprehensive authentication of user U using this service is not particularly limited. For example, an event management company that manages the security of event venues, a financial institution that manages ATMs (Autummatic Teller Machines), accommodation facilities such as hotels that manage guests, and persons who perform comprehensive certification by EC (Electronic Commerce) site management companies. Is listed as.

As described above, the information indicating the result of the face authentication of the user U is acquired as the face-related information. In addition, the results of various authentications performed using the context data are acquired as "context-related information" as information based on the context data. For example, when the user U withdraws a deposit at an ATM of a financial institution, the result of the ATM authentication (for example, the authentication by the combination of the identification information of the cash card and the PIN code) is acquired as the context-related information of the user U. ..

In this way, the face-related information and the context-related information of the user U are acquired not only at the timing when the comprehensive authentication is performed but also at every scene in the life of the user U.
FIG. 2 is a diagram showing a specific example of the timing at which the user's face-related information and context-related information are acquired.

FIG. 2 shows a flow when a user U living in Tokyo travels to participate in an event held in Osaka.
User U entered the platform by holding an information processing device (user terminal 3) such as his / her smartphone over an automatic ticket gate (external device 4) at Tokyo Station and reading predetermined information (step SS1). ..
Here, the action history (context data) that the user U has passed through the automatic ticket gate at Tokyo Station is recorded as context-related information. Specifically, the action history of "passing the ticket gate of Tokyo Station" is recorded on the automatic ticket gate of Tokyo Station as context-related information together with a time stamp indicating the timing. In addition, the action history of "passing the ticket gate of Tokyo Station" is recorded on the user terminal 3 as context-related information together with a time stamp indicating the timing. The context-related information recorded in the automatic ticket gate of Tokyo Station or the user terminal 3 is sequentially transmitted to the server 1, stored in the server 1, and the history is managed. Specifically, for example, the action history of the user U is managed by identifying the user terminal 3 and the user U from the MAC address (Media Access Control addless), the terminal ID of a smartphone or the like, the access point of WiFi, or the like.

User U, who arrived at Shin-Osaka Station on the Shinkansen, exited the platform by holding the user terminal 3 over the automatic ticket gate (external device 4) at Shin-Osaka Station and reading the predetermined information (step SS2).
Here, the action history (context data) that the user U has passed the automatic ticket gate at Shin-Osaka Station is recorded as context-related information. Specifically, the action history of "passing the ticket gate of Shin-Osaka Station" is recorded on the automatic ticket gate of Shin-Osaka Station as context-related information together with a time stamp indicating the timing. Further, on the user terminal 3 possessed by the user U, the action history of "passing the ticket gate of Shin-Osaka Station" is recorded as context-related information together with a time stamp indicating the timing. The context-related information recorded in the automatic ticket gate of Shin-Osaka Station or the user terminal 3 is sequentially transmitted to the server 1, stored in the server 1, and the history is managed.

User U, who left Shin-Osaka Station, withdrew cash from an ATM installed at a bank in front of the station (step SS3). Here, the ATM shall function as a comprehensive authentication device 2 that performs comprehensive authentication using this service.
The action history (context data) that the user U withdrew cash at the ATM of the bank in front of Shin-Osaka station is recorded as context-related information. Further, when the user U uses the ATM, the result of the comprehensive authentication executed by the ATM is also recorded as the context-related information.
Specifically, at the ATM installed at the bank in front of the station, the action history that "cash was withdrawn at the ATM of the bank in front of Shin-Osaka Station" is recorded as context-related information along with a time stamp indicating the timing. Will be done. In addition, the action history that "cash was withdrawn at the ATM of the bank in front of Shin-Osaka Station" is recorded on the user terminal 3 possessed by the user U as context-related information together with a time stamp indicating the timing. .. The context-related information recorded in the ATM of the bank or the user terminal 3 is sequentially transmitted to the server 1 and stored and managed in the server 1.

Further, the result of face recognition in the comprehensive ATM authentication is recorded as face-related information. The face-related information recorded in the ATM is sequentially transmitted to the server 1, stored in the server 1, and the history is managed.
In the example of FIG. 2, the ATM is a comprehensive authentication device 2 that performs comprehensive authentication, but it may be an ATM that performs only conventional authentication. In this case as well, the authentication result is recorded as context-related information.

User U, who withdrew cash at the ATM of the bank in front of the station, headed to the hotel in Osaka city where he was staying and checked in by operating the automatic check-in reception device (external device 4) installed at the entrance. (Step SS4).
Here, the action history (context data) that the user U has checked in to a hotel in Osaka city is recorded as context-related information. Further, when the user U checks in to the hotel, the result of the authentication executed by the automatic check-in reception device is also recorded as context-related information. Specifically, the action history of "checking in to a hotel in Osaka City" is recorded as context-related information along with a time stamp indicating the timing on the automatic check-in reception device installed in the hotel. .. In addition, the action history of "checking in to a hotel in Osaka City" is recorded on the user terminal 3 as context-related information together with a time stamp indicating the timing. The context-related information recorded in the automatic check-in reception device and the user terminal 3 is sequentially transmitted to the server 1 and stored and managed in the server 1.

User U, who stayed overnight at a hotel in Osaka, had lunch at a restaurant before attending an event to be held from that afternoon. Then, the user U completes the payment process by holding the user terminal 3 over a predetermined receiver provided in the POS (Point of sales) terminal (external device 4) (step SS5).
Here, the action history (context data) that the user U made a payment at the restaurant is recorded as the context-related information. Specifically, on the POS terminal installed in the restaurant, the action history that "the payment of XX yen was made at the XX restaurant in Osaka city" is recorded as context-related information together with the time stamp indicating the timing. Will be done. In addition, the action history of "payment of XX yen at XX restaurant in Osaka city" is recorded on the user terminal 3 as context-related information together with a time stamp indicating the timing. The context-related information recorded in the POS terminal and the user terminal 3 is sequentially transmitted to the server 1, stored in the server 1, and the history is managed.

After having lunch at the restaurant, User U headed to the event venue where the event he participated in was held (step SS6).
A comprehensive authentication device 2 is installed at the entrance (security gate) of the event venue where the event in which the user U participates is held. When the user U tries to pass through the entrance / exit (security gate) of the event venue, the comprehensive authentication device 2 acquires the face-related information and the context-related information of the user U via the server 1.
Further, the comprehensive authentication device 2 causes an image pickup device such as a camera to image at least a part of the body of the user U including the face of the user U who is about to pass through the entrance / exit (security gate) of the event venue. Then, the data of the captured image of the face of the user U is acquired as face-related information, and the data of the other captured images is acquired as context-related information.

The comprehensive authentication device 2 performs comprehensive authentication of the user U based on the result of a comprehensive judgment (hereinafter, referred to as "comprehensive judgment") by the server 1 based on the face-related information and the context-related information. The result of the comprehensive authentication by the comprehensive authentication device 2 is recorded in the comprehensive authentication device 2 as face-related information or context-related information depending on the type of information. Further, the result of the comprehensive authentication recorded in the comprehensive authentication device 2 is sequentially transmitted to the server 1, stored in the server 1, and the history is managed.
A specific example of the comprehensive authentication performed by the server 1 will be described later with reference to FIGS. 3 and 4.

User U, who participated in the event held in Osaka, entered a cafe (coffee shop) for a break after finishing work and leaving the event venue (step SS7).
After ordering, the user U operates the user terminal 3 in the audience seat to access the EC site and perform Internet shopping. After that, the user U completed the payment processing by the POS terminal (external device 4) like the restaurant and left the store.
Here, the behavior history (context data) that the user U has accessed the EC site and performed Internet shopping is recorded as context-related information. Further, when the user U logs in to the EC site, the result of the authentication executed by the EC site is also recorded as context-related information. Specifically, the purchase history (behavior history) of Internet shopping is recorded as context-related information together with a time stamp indicating the timing on the operation server (external device 4) that operates the EC site. Further, the purchase history (behavior history) of Internet shopping is also recorded on the user terminal 3 as context-related information together with a time stamp indicating the timing. The context-related information recorded in the operation server of the EC site or the user terminal 3 is sequentially transmitted to the server 1, stored in the server 1, and the history is managed.

3 to 5 are diagrams showing specific examples of comprehensive authentication by the server.

FIG. 3 shows an example in which the comprehensive authentication of the user U by the comprehensive authentication device 2 installed at the security gate of the event venue in Osaka City in FIG. 2 is performed at 2:00 pm on February 20, 2020. It is shown.
Here, it is assumed that the server 1 has acquired the information that "the payment process was performed at a restaurant in Osaka City at 12:30 pm on February 20, 2020" as the context-related information of the user U. In this case, the server 1 determines "whether or not the Tsuji 褄 matches" based on the acquired context-related information. That is, the server considers the time difference (1 hour 30 minutes) and the positional relationship between the time when the payment is processed at the restaurant in Osaka city and the time when the comprehensive authentication is performed at the event venue in Osaka city. Then, make a judgment about "whether or not the Tsuji restaurant matches". As a result of the determination by the server 1, when it is determined that "the tsuji 褄 matches", the comprehensive authentication device 2 performs the comprehensive authentication of the user U based on the result of the face authentication and the determination result of the server 1.

In this way, when the server 1 makes a judgment based on the "time" and the "action history" of the context-related information of the user U, it is possible to make a more accurate judgment in the comprehensive authentication device 2 using the judgment result. Become. As a result, even if the face authentication of the user U is not performed accurately, the comprehensive authentication based on the result of the comprehensive determination of the server 1 becomes possible. Specifically, for example, even if a person who tries to enter an event venue in Osaka by pretending to be user U is a master of disguise who can escape face recognition, the judgment result by server 1 is "Tsuji 褄If it doesn't match, it won't be authenticated. For example, as shown in FIG. 3, at the timing of comprehensive authentication, context-related information indicating that the real user U exists in Tokyo (behavior history of using an ATM of a certain bank in Tokyo) is acquired. In that case, the judgment result by the server 1 is "the information does not match" and the authentication is not performed.

FIG. 4 shows an example in which the comprehensive authentication of the user U is performed by the comprehensive authentication device 2 installed at the security gate of the event venue in Osaka City, as in FIG.
Here, it is assumed that the server 1 has acquired the information "height is 185 cm", "weight is 65 kg", "gender is male", and "wears a black sweater" as the context-related information of the user U. Further, it is assumed that the data of the captured image of the whole body of the user U is acquired as the context-related information from the imaging device such as a camera installed at the security gate.
In this case as well, the server 1 determines "whether or not the Tsuji 褄 matches" based on the acquired context-related information, as in the example of FIG. That is, the server 1 compares the objectively shown information about the physical characteristics of the user U (for example, height, weight, clothes, gender, etc.) with the data of the captured image of the whole body of the user U captured by the imaging device. Then, make a judgment about "whether or not the Tsuji image matches". As a result of the determination by the server 1, if it is determined that "the tsuji 褄 matches", the comprehensive authentication device 2 authenticates.

In this way, the server 1 makes a judgment based on the "feature" and the "captured image" of the context-related information of the user U, and the comprehensive authentication device 2 using the judgment result makes a more accurate judgment. be able to. As a result, as in the example of FIG. 3, even if the face authentication of the user U is not performed accurately, the authentication based on the determination result of the server 1 becomes possible. Specifically, for example, a person who tries to enter an event venue in Osaka by pretending to be user U was a master of disguise who can escape face recognition. If it says "No", it will not be authenticated. For example, a real user U is "height 185 cm" and "weight 65 kg". For this reason, the skeleton of the user U is a so-called "slender tall", but the "slender tall" cannot be found from the data of the captured image of the whole body of a person who tries to enter the event venue in Osaka by pretending to be the user U. In some cases. In this case, the judgment result by the server 1 is "the tsuji does not match", so the comprehensive authentication device 2 does not authenticate.

FIG. 5 shows a specific example of comprehensive authentication using an ATM installed in a bank as the comprehensive authentication device 2.
Here, it is assumed that the server 1 has acquired the "name" and the "voiceprint" in advance as the context-related information of the user U.
In this case, the server 1 is based on the context-related information acquired in advance and the context-related information indicating the "name" and "voiceprint (biological information)" acquired by the comprehensive authentication device 2. Make a judgment about "whether or not". As a result of the judgment by the server 1, when it is judged that "the tsuji 褄 matches", the comprehensive authentication device 2 performs the comprehensive authentication of the user U based on the result of the face authentication and the result of the comprehensive judgment of the server 1. conduct.
Specifically, for example, even if a person trying to withdraw cash using an ATM is a so-called master of disguise who can escape face recognition, the question "What is your name?" Output from the speaker. If the response to is not accurate, it will not be authenticated. That is, if the name of the real user U stored in advance and the voiceprint are not matched, the authentication is not performed.

As described above, in the example of FIG. 5, the user U is authenticated when the response of the user U to the question from the ATM (“What is your name?”) Is accurate (the “name” and the “voiceprint” match each other). NS. As a method similar to the method of authenticating when the response to the action from the comprehensive authentication device 2 to the user U is accurate, for example, there are the following methods.
That is, although not shown, there is a method in which an ATM (Comprehensive Authentication Device 2) randomly issues some "instruction" to the user U, and the user U is authenticated when the response of the user U to the instruction is accurate. Specifically, for example, there are instructions such as "Please raise the index finger and middle finger of your right hand and give a peace sign to the camera" or "Please smile at the camera". Is done. When the user U responds appropriately to these instructions, the user U is authenticated.
Also, for example, there is a method of issuing an instruction such as "write your name on the touch panel with a touch pen" and authenticating when the response is accurate. Such authentication can be realized by using techniques such as handwriting pattern recognition and spatial recognition.
Further, for example, there is also a method in which the ATM gives instructions after learning in advance the gestures of the user U (for example, whether the hand operating the touch panel is left or right), habits, and speaking patterns. In this case, the user U's response is authenticated if it is not statistically unnatural.
In this way, by making some "instructions" randomly issued from the ATM (general authentication device 2) to the user U, for example, even if there is a person who falsely tries to authenticate the user U. You will not be able to prepare for authentication. This makes it possible to easily prevent authentication due to fraudulent activity.

Further, the face recognition, which is an element of the comprehensive authentication in this service, is not limited to the conventional data of one still image obtained by capturing the face of the user U from the front. For example, the data of a plurality of (for example, three) still images and the data of a moving image composed of the data of a large number of still images are also included. This enables authentication based on changes in the facial expression of the user U (for example, changes in the movement of the cheek muscles), which cannot be realized with the data of one still image.

Specifically, for example, face recognition using moving images can be realized by accumulating moving image data that captures changes in the facial expression of user U and analyzing feature quantities using techniques such as deep learning. Become. The change in the facial expression of the user U is an expression of the emotion of the user U. Therefore, it is also possible to perform an analysis or the like by extracting an emotional feature amount indicating the relationship between the facial expression of the user U and the emotion. Further, since the moving image of the user U may include data of the moving image of the front face, the profile, and the back view of the user U, the relationship between the front face, the profile, and the back view of the user U can be determined. It can also be managed in association with each other. As a result, it is possible to perform not only the conventional face authentication using the data of the still image of the front face of the user U, but also the authentication using the data of the still image of the profile of the user U and the still image of the back view. Become. Further, it is possible to collect data in which the front face, the profile, and the back of a large number of users U are associated with each other, and extract and analyze the feature amount by using a technique such as deep learning. As a result, it is possible to infer the profile and the back view from the still image data of the front face of the user U. Furthermore, by improving the accuracy of estimation, it is possible to infer the state in which the mask or sunglasses are removed from the data of the still image of the face of the user U in the state of wearing the mask or sunglasses. It is also possible to perform authentication based on the movement (blinking and skin amplitude) of the part (eyes and the skin around them) that is not hidden by the mask.

In addition, according to this service, it is possible to flexibly set different authentication levels and patterns according to, for example, the required level of security, budget, and the like.

Further, for example, according to this service, since the login operation using a password is not required, the password is not forgotten or an input error is not caused. In addition, the login operation by another person's "spoofing" will not be performed.

Further, for example, according to this service, since the user U can be easily identified, it becomes possible to easily manage the people and the like in a country or region where the family register management is insufficient. It is also possible to identify the infection route of an unknown virus or the like.

Further, for example, according to this service, it is possible to easily manage how much energy (for example, electric power) the user U is consuming. Therefore, scoring can be performed according to the amount of energy consumed. Specifically, for example, an index called "environmental score" can be provided to the user U who contributes to the reduction of energy consumption. An environmental score may be given not only to energy consumption but also to, for example, observing rules to dispose of garbage or taking specific actions to protect forests.
Further, according to this service, it is possible to easily manage how much credit the user U has, so that scoring can be performed according to the credit rating of the user U. Specifically, for example, an index called "credit score" can be provided and given to the user U. Thereby, for example, the user U having a high environmental score or credit score can simplify the authentication as compared with the user U having a low environmental score or credit score, and the authentication can be made more efficient. As a result, it is expected that the number of users U who try to increase the environmental score and the credit score will increase, so that this service can also contribute to the protection of the global environment.

FIG. 6 is a block diagram showing an example of the configuration of an information processing system to which the server according to the embodiment of the present invention is applied.

The information processing system shown in FIG. 6 includes a server 1, general authentication devices 2-1 to 2-n (n is an integer value of 1 or more), and user terminals 3-1 to 3-m (m is 1 or more). Numerical value) and external devices 4-1 to 4-k (k is an integer value of 1 or more).
The server 1, the comprehensive authentication devices 2-1 to 2-n, the user terminals 3-1 to 3-m, and the external devices 4-1 to 4-k are connected to each other via a network N such as the Internet. They are interconnected. The form of the network N is not particularly limited, and for example, Bluetooth (registered trademark), Wi-Fi, LAN (Local Area Network), the Internet, and the like can be adopted.
Hereinafter, when it is not necessary to individually distinguish each of the comprehensive authentication devices 2-1 to 2-n, the user terminals 3-1 to 3-m, and the external devices 4-1 to 4-k, these are collectively referred to as " They are called "general authentication device 2", "user terminal 3", and "external device 4", respectively.

The server 1 is an information processing device managed by a service provider (not shown). The server 1 acquires the face-related information or context-related information of the user U from each of the comprehensive authentication device 2, the user terminal 3, and the external device 4.
In addition, the server 1 makes a comprehensive judgment based on the acquired face-related information and context-related information.

The comprehensive authentication device 2 is a device that performs comprehensive authentication of the user U. The comprehensive authentication device 2 authenticates the user U who has visited the event venue shown in FIG. 2, for example, or is installed as an ATM of a bank. The result of the comprehensive authentication by the comprehensive authentication device 2 is transmitted to the server 1 as context-related information, and is stored and managed in the server 1.

The user terminal 3 is an information processing device operated by the user U. The user terminal 3 is composed of, for example, a smartphone, a tablet, or the like.

The external device 4 is a device that acquires context-related information of the user U. The external device 4 is installed in various places. Specifically, for example, in the example of FIG. 2, the automatic ticket gate installed at Tokyo Station, the automatic ticket gate installed at Shin-Osaka Station, the automatic check-in reception device installed at the hotel, and the POS installed at the restaurant. The terminal is an example of the external device 4. Further, an operation server that operates the EC site accessed by the user U in the example of FIG. 2 and an image pickup device such as a camera installed at the security gate are also examples of the external device 4.

FIG. 7 is a block diagram showing an example of the hardware configuration of the server in the information processing system of FIG.

The server 1 includes a CPU (Central Processing Unit) 11, a ROM (Read Only Memory) 12, a RAM (Random Access Memory) 13, a bus 14, an input / output interface 15, an input unit 16, and an output unit 17. , A storage unit 18, a communication unit 19, and a drive 20.

The CPU 11 executes various processes according to the program recorded in the ROM 12 or the program loaded from the storage unit 18 into the RAM 13.
Data and the like necessary for the CPU 11 to execute various processes are also appropriately stored in the RAM 13.

The CPU 11, ROM 12 and RAM 13 are connected to each other via the bus 14. An input / output interface 15 is also connected to the bus 14. An input unit 16, an output unit 17, a storage unit 18, a communication unit 19, and a drive 20 are connected to the input / output interface 15.

The input unit 16 is composed of various hardware buttons and the like, and inputs various information according to an operation instructed by the operator.
The output unit 17 is composed of a display such as a liquid crystal display and displays various images.

The storage unit 18 is composed of a DRAM (Dynamic Random Access Memory) or the like, and stores various data.
The communication unit 19 controls communication with other devices (general authentication device 2, user terminal 3, external device 4, etc.) via a network N including the Internet.

The drive 20 is provided as needed. A removable media 40 made of a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is appropriately mounted on the drive 20. The program read from the removable media 40 by the drive 20 is installed in the storage unit 18 as needed. Further, the removable media 40 can also store various data stored in the storage unit 18 in the same manner as the storage unit 18.

By collaborating with the various hardware of the server 1 shown in FIG. 7 and the various software, it is possible to execute various processes described later.
Although not shown, among the information processing systems of FIG. 6, the comprehensive authentication device 2, the user terminal 3, and the external device 4 also have the hardware configuration shown in FIG. 7. Therefore, the description of the hardware configuration of the comprehensive authentication device 2, the user terminal 3, and the external device 4 will be omitted. However, when the user terminal 3 is composed of a smartphone or a tablet, it has a touch panel as an input unit 16 and an output unit 17.

FIG. 8 is a functional block diagram showing an example of a functional configuration that realizes a comprehensive authentication process among the processes whose execution is controlled by the server of FIG. 7.

The "comprehensive authentication process" refers to a process whose execution is controlled when the above-mentioned comprehensive authentication is performed. By controlling the execution of the comprehensive authentication process, highly accurate authentication based on the face-related information of the user U and the context-related information of the user U becomes possible.

As shown in FIG. 8, in the CPU 11 of the server 1, when the execution of the comprehensive authentication process is controlled, the face-related information acquisition unit 101, the context-related information acquisition unit 102, the determination unit 103, and the authentication unit 104 works. Further, a user DB 181 is provided in one area of the storage unit 18 of the server 1.

The face-related information acquisition unit 101 acquires face-related information based on the captured image of the face of the user U. The face-related information acquired by the face-related information acquisition unit 101 is stored and managed in the user DB 181.

The context-related information acquisition unit 102 acquires context-related information based on one or more context data of the user U. The context-related information acquired by the context-related information acquisition unit 102 is stored and managed in the user DB 181.
Further, the context-related information acquisition unit 102 acquires the context-related information at the timing when the comprehensive authentication by the authentication unit 104, which will be described later, is performed, and at one or more timings before the timing.
Further, the context-related information acquisition unit 102 acquires at least one of the data including the time, the behavior of the user U, the feature, and the captured image, which are included in the context data, as the context-related information.

The determination unit 103 makes various determinations necessary for comprehensive authentication based on the face-related information acquired by the face-related information acquisition unit 101 and the context-related information acquired by the context-related information acquisition unit 102. As an example of this "judgment", the judgment unit 103 comprehensively considers a plurality of information constituting the face-related information and the context-related information, and makes a judgment as to, for example, "whether or not the tsuji 褄 matches" between the information. ..

The authentication unit 104 performs comprehensive authentication of the user U based on the result of the determination by the determination unit 103. The result of authentication by the authentication unit 104 is stored and managed in the user DB 181 as face-related information or context-related information.
Here, the "judgment result by the judgment unit 103", which is the basis of the comprehensive authentication, includes the judgment result based on the face-related information and the context-related information acquired by the context-related information acquisition unit 102 at a plurality of timings. included.
That is, the authentication unit 104 is based on a determination result based on information indicating the position of the user U included in each of the context-related information acquired at the timing of performing the comprehensive authentication and at one or more timings prior to the timing. Then, the user U is authenticated.

Next, with reference to FIG. 9, the flow of the comprehensive authentication process whose execution is controlled by the server 1 having the functional configuration of FIG. 8 will be described.
FIG. 9 is a flowchart showing the flow of the comprehensive authentication process among the processes whose execution is controlled by the server having the functional configuration of FIG.

As shown in FIG. 9, when the execution of the comprehensive authentication process is controlled by the server 1, in step S1, the determination unit 103 of the server 1 determines whether or not the face-related information has been acquired by the face-related information acquisition unit 101. Make a judgment. If the face-related information has been acquired, the determination unit 103 determines "YES", and the process proceeds to step S2. On the other hand, when the face-related information has not been acquired, the determination unit 103 determines "NO" and repeats the process of step S1 until the face-related information is acquired.

In step S2, the determination unit 103 determines whether or not the context-related information has been acquired by the context-related information acquisition unit 102. If the context-related information has been acquired, the determination unit 103 determines "YES", and the process proceeds to step S3. On the other hand, when the context-related information has not been acquired, the determination unit 103 determines "NO" and repeats the process of step S2 until the context-related information is acquired.

In step S3, the determination unit 103 is required for comprehensive authentication based on the face-related information acquired by the face-related information acquisition unit 101 and the context-related information acquired by the context-related information acquisition unit 102. Make a comprehensive judgment.

In step S4, the authentication unit 104 performs comprehensive authentication of the user U based on the determination result of step S3. The result of the comprehensive authentication is output to the comprehensive authentication terminal. This ends the process.

Although one embodiment of the information processing apparatus of the present invention has been described above, the present invention is not limited to the above-described embodiment. Further, the effects described in the present embodiment are merely a list of the most preferable effects arising from the present invention, and the effects according to the present invention are not limited to those described in the present embodiment.

For example, in the above-described embodiment, the context data managed by the user terminal 3 possessed by one user U is acquired and used for comprehensive judgment and comprehensive authentication, but the present invention is not limited to this. Comprehensive judgment and comprehensive authentication based on the context data stored in each user terminal 3 of the plurality of users U can also be performed. This enables comprehensive judgment and comprehensive authentication based on, for example, relationships between users U (for example, friendships, lovers, colleagues, etc.).

Further, for example, in the above-described embodiment, when the user U checks in to the hotel, the automatic check-in reception device (external device 4) records the context-related information and transmits it to the server 1, but the present invention is not limited to this. .. For example, a predetermined information processing terminal (external device 4) that has received the check-in processing operation by the person in charge at the front desk of the hotel may record the context-related information and send it to the server 1.

Further, for example, in the above-described embodiment, it is assumed that the imaging device such as a camera that images the user U for authentication is a fixed type, but the present invention is not particularly limited to the fixed type. For example, a small flying object such as a drone may be equipped with an imaging device such as a camera to image the user U. In this case, the height difference of the imaged object can be recognized by superimposing the data of the captured images. As a result, the face authentication of the user U is also possible.

Further, for example, in the flowchart shown in FIG. 9, steps S1 and S2 are in no particular order. That is, it does not matter which comes first when the face-related information and the context-related information are acquired.

Further, the system configuration shown in FIG. 6, the hardware configuration shown in FIG. 7, and the functional configuration shown in FIG. 8 are merely examples for achieving the object of the present invention, and are not particularly limited.

In other words, the functional configuration shown in FIG. 8 is merely an example and is not particularly limited.
That is, it is sufficient that the information processing system shown in FIG. 6 has a function capable of executing the above-mentioned series of processes as a whole, and what kind of functional block is used to realize this function is particularly determined in FIG. Not limited to examples. Further, the location of the functional block is not particularly limited to FIG. 8, and may be arbitrary. For example, the functional block of the server 1 may be transferred to the general authentication device 2, the user terminal 3, the external device 4, or another information processing device (not shown). That is, it is also possible to enable the comprehensive authentication device 2 to perform the comprehensive authentication process by the server 1.
Further, one functional block may be configured by a single piece of hardware, a single piece of software, or a combination thereof.

Further, for example, when a series of processes are executed by software, a program constituting the software is installed on a computer or the like from a network or a recording medium.
The computer may be a computer embedded in dedicated hardware.
Further, the computer may be a computer capable of executing various functions by installing various programs, for example, a general-purpose smartphone or a personal computer in addition to a server.

Further, for example, a recording medium containing such a program is not only composed of a removable medium (not shown) distributed separately from the main body of the device in order to provide the program to the user, but is also preliminarily incorporated in the main body of the device. It is composed of a recording medium or the like provided to the user in the state.

The recording medium including such a program is not only composed of the removable media 40 of FIG. 7 distributed separately from the device main body in order to provide the program to the user, but also is in a state of being preliminarily incorporated in the device main body. It is composed of a recording medium or the like provided to the user. The removable media 40 is composed of, for example, a magnetic disk (including a floppy disk), an optical disk, a magneto-optical disk, or the like. The optical disk is composed of, for example, a CD-ROM (Compact Disk-Read Only Memory), a DVD (Digital Versaille Disk), or the like. The magneto-optical disk is composed of an MD (Mini-Disc) or the like. Further, the recording medium provided to the user in a state of being incorporated in the apparatus main body in advance includes, for example, the ROM 12 of FIG. 7 in which the program is recorded, the hard disk included in the storage unit 18 of FIG. 7, and the like.

In the present specification, the steps for describing a program recorded on a recording medium are not necessarily processed in chronological order, but also in parallel or individually, even if they are not necessarily processed in chronological order. It also includes the processing to be executed.
Further, in the present specification, the term of the system means an overall device composed of a plurality of devices, a plurality of means, and the like.

Summarizing the above, the information processing apparatus to which the present invention is applied need only have the following configuration, and various various embodiments can be taken.
That is, the information processing device to which the present invention is applied (for example, the server 1 in FIG. 8) is
A first acquisition means (for example, the face-related information acquisition unit 101 in FIG. 8) for acquiring first information (for example, the above-mentioned face-related information) based on a captured image of the face of a user (for example, the above-mentioned user U).
A second acquisition means (for example, the context-related information acquisition unit 102 in FIG. 8) for acquiring the second information (for example, the above-mentioned context-related information) based on one or more context data of the user, and
Based on the determination result (for example, the determination by the determination unit 103 in FIG. 8) based on the first information acquired by the first acquisition means and the second information acquired by the second acquisition means, the user. (For example, the above-mentioned comprehensive authentication) and an authentication means (for example, the authentication unit 104 in FIG. 8)
To be equipped.

Further, the second acquisition means is
The first at the timing when the authentication is performed (for example, the timing when the authentication is performed at the security gate in FIG. 2) and one or more timings before the timing (for example, the timing when the settlement process is performed at the restaurant in FIG. 2). 2 Get information and
The authentication means has a determination result (for example, whether or not the Tsuji 褄 matches) based on the first information acquired by the first acquisition means and the second information acquired by the second acquisition means at a plurality of timings. The user can be authenticated based on the determination result).

As a result, a judgment is made based on the second information acquired at the timing at which the authentication is performed and at one or more timings prior to the timing, and the user is authenticated based on the result of the judgment.
As a result, highly credible authentication considering the time axis is realized.

In addition, the authentication means is
Based on the determination result based on the information indicating the position of the user included in each of the timing of performing the authentication and the timing of one or more prior to the timing, the second information of the user. Authentication can be performed.

As a result, a judgment is made based on the information indicating the position of the user included in each of the second information acquired at each of the timing at which the authentication is performed and the timing of one or more prior to that, and the result of the judgment is made. The user is authenticated based on the above.
As a result, so-called survival authentication based on the fact that the same person does not exist in different places at the same timing becomes possible.

Further, the second acquisition means is
As the second information, at least one of the data including the time, the behavior of the user, the characteristics of the user, and the captured image of the user, which are included in the context data, can be acquired.

As a result, authentication is performed based on context data indicating time, user behavior, user characteristics, and user captured images, respectively.
As a result, more astute authentication can be performed.

In addition, the data indicating the behavior of the user included in the context data is
The data can be data managed by a predetermined information processing terminal (for example, user terminal 3) owned by the user.

This enables authentication based on the user's action history, which is specified by, for example, the MAC address of the information processing terminal owned by the user.

1 ... Server, 2 ... Comprehensive authentication device, 3 ... User terminal, 4 ... External device, 11 ... CPU, 12 ... ROM, 13 ... RAM, 14 ... Bus, 15 ... Input / output interface, 16 ... Input section, 17 ... Output section, 18 ... Storage section, 19 ... Communication section, 20 ... Drive, 40 ... Removable media , 101 ... Face-related information acquisition unit, 102 ... Context-related information acquisition unit, 103 ... Judgment unit, 104 ... Authentication unit, 181 ... User DB, U ... User, N. ··network

Claims (7)

The first acquisition means for acquiring the first information based on the captured image of the user's face, and
A second acquisition means for acquiring second information based on one or more context data of the user, and
An authentication means that authenticates the user based on a determination result based on the first information acquired by the first acquisition means and the second information acquired by the second acquisition means.
Information processing device equipped with. The second acquisition means is
The second information is acquired at the timing at which the authentication is performed and at one or more timings prior to the timing.
The authentication means of the user is based on a determination result based on the first information acquired by the first acquisition means and the second information acquired by the second acquisition means at a plurality of timings. Authenticate,
The information processing device according to claim 1. The authentication means is
Based on the determination result based on the information indicating the position of the user included in each of the timing of performing the authentication and the timing of one or more prior to the timing, the second information of the user. Authenticate,
The information processing device according to claim 2. The second acquisition means is
As the second information, at least one of the data including the time, the behavior of the user, the characteristics of the user, and the captured image of the user, which are included in the context data, is acquired.
The information processing device according to claim 1. The data indicating the behavior of the user included in the context data is
Data managed by a predetermined information processing terminal owned by the user,
The information processing device according to claim 4. It is an information processing method executed by an information processing device.
The first acquisition step of acquiring the first information based on the captured image of the user's face, and
The second acquisition step of acquiring the second information based on one or more context data of the user, and
An authentication step for authenticating the user based on a determination result based on the first information acquired in the first acquisition step and the second information acquired in the second acquisition step.
Information processing methods including. For computers that control information processing devices
The first acquisition step of acquiring the first information based on the captured image of the user's face, and
The second acquisition step of acquiring the second information based on one or more context data of the user, and
An authentication step for authenticating the user based on a determination result based on the first information acquired in the first acquisition step and the second information acquired in the second acquisition step.
A program that executes control processing including.

Images