JP2022025827A - Authentication method, authentication program, and information processing apparatus - Google Patents

Abstract

To provide an authentication method for reducing authentication time, an authentication program, and an information processing apparatus.SOLUTION: The authentication method causes a computer to execute the processing of: generating a candidate list of a person to be authenticated by use of images of the person included in first image data captured in first authentication; acquiring a candidate list which does not include persons subjected to previous authentication, out of candidate lists of the persons subjected to previous authentication, generated by use of images of the persons subjected to previous authentication included in second image data captured in second authentication which has been performed before the first authentication; and determining an authentication operation required for the person to be authenticated included in the first image data, on the basis of a result of comparing the generated candidate list with the acquired candidate list.SELECTED DRAWING: Figure 7

Description

This case relates to an authentication method, an authentication program, and an information processing device.

In recent years, there have been cases where identity verification is performed in order to unlock a smartphone or to log in to a service from a personal computer via the Internet. Such a technique includes an ID-less multi-biometric authentication technique that performs identity verification using a plurality of biometric information such as a face and a palm vein without inputting an ID (see, for example, Patent Document 1).

As an example of the multi-biometric authentication technology, the first authentication for the first biometric information narrows down the candidates from about 1 million to about 10,000 in advance, and the second authentication for the second biometric information starts from about 10,000. There is a technology to identify the person. In such a multi-biometric authentication technology, for example, the user registers face feature data as first biometric information in advance, and registers vein feature data as second biometric information. Then, the collation target is narrowed down by using the face feature data acquired from the camera at the time of payment at the store, and the person is identified by using the vein feature data acquired from the vein sensor.

Japanese Unexamined Patent Publication No. 2019-144695

In the above-mentioned multi-biometric authentication technology, if the second authentication fails, the second authentication may be re-executed for about 1 million people before narrowing down, and the authentication time may become longer.

In one aspect, the present invention aims to provide an authentication method, an authentication program, and an information processing apparatus capable of shortening the authentication time.

In one aspect, the authentication method creates a candidate list of the person from the image of the person to be authenticated included in the first shooting data taken at the time of the first authentication, and is performed before the first authentication. 2 The past authentication target person is not included in the candidate list of the past authentication target person created by the image of the past authentication target person included in the second shooting data taken at the time of authentication. The candidate list is acquired, and based on the comparison result between the created candidate list and the acquired candidate list, the authentication operation required for the authentication target person included in the first shooting data is determined. The computer performs the process.

In another aspect, in the authentication method, the first authentication for creating the candidate list of the authentication target person is performed using the first photography data of the authentication target person, and the second photography data of the authentication target person and the candidate are performed. From the storage unit that stores the candidate list in the case where the second authentication for collating the registered biometric data registered in advance with respect to the candidates in the list is performed and the authentication target person who has succeeded in the authentication is associated with each other. The candidate list is acquired, the candidate list of the person is created from the image of the person to be authenticated included in the first shooting data taken at the time of the new first authentication, and the candidate list is created from the acquired candidate list. By collating the registered biometric data registered in advance for the candidate associated with the candidate list whose similarity with the candidate list is equal to or higher than the threshold value, and the second photographing data of the person, a new first result is obtained. 2 The computer executes the process of performing authentication.

The authentication time can be shortened.

It is a figure which illustrates the multi-biometric authentication. It is a block diagram which illustrates the whole structure of the authentication system which concerns on Example. It is a flowchart which shows an example of the authentication process executed by a server. It is a figure which illustrates the registration data stored in the biological data management unit. It is a figure which illustrates the user ID list created by the 1st list management part. It is a figure which exemplifies the user ID list at the time of the past narrowing down failure. It is a figure which illustrates the case where the authentication method which concerns on this Example is applied to a convenience store. It is a flowchart which shows an example of the authentication process which a server executes in Example 2. It is a figure which illustrates the statistical data of the collation processing time stored in the 2nd list management part. It is a flowchart which shows an example of the authentication process which a server executes in Example 3. It is a flowchart which shows an example of the authentication process which a server executes in Example 4. It is a figure which exemplifies the user ID list at the time of the past narrowing down success. (A) is a block diagram for explaining the hardware configuration of the server, and (b) is a block diagram for explaining the hardware configuration of the client.

Biometrics is a technology that uses biometric features such as fingerprints, faces, and veins to verify identity. In biometric authentication, a collation biometric feature acquired by a sensor in a situation where identity verification is required is compared (collated) with a registered biometric feature registered in advance, and whether or not the degree of similarity is equal to or higher than the identity verification threshold value. The identity is confirmed by determining. Biometric authentication is used in various fields such as bank ATMs and room entry / exit management, and in recent years, it has begun to be used for cashless payments in supermarkets and convenience stores.

Biometric authentication includes 1: 1 authentication for confirming a match with a registered biometric feature specified by an ID or a card, and 1: N authentication for searching for a matching registered biometric feature from a plurality of registered biometric features. .. In stores and the like, 1: N certification is often desired from the viewpoint of convenience. However, since the biological features fluctuate depending on the acquisition status and the like, the possibility of erroneous collation increases as the number of registered biological features to be searched increases. Therefore, the collation target is narrowed down by a simple PIN code or the like, the search set is made sufficiently small, and then 1: N authentication is performed. How small it should be to reach a practical level depends on the biometric authentication method. However, even if it is simple, PIN code input impairs convenience, so a biometric authentication system that does not require an ID or card is desired.

Therefore, using multiple types of modality, the first authentication that narrows down the search set by the biometric characteristics of the first modality is performed, and the second authentication that identifies the user by the biometric characteristics of the second modality is performed. Has been proposed. Modality is a type of biological feature, such as a fingerprint, vein, iris, face shape, palm shape, and the like. Therefore, fingerprints and veins on the same finger are of different modality. Since it is inconvenient to input multiple modality individually, a method of acquiring the palm vein at the same time as fingerprint input and a method of taking a facial image at the time of palm vein input have been proposed.

As an example, a method of narrowing down candidates by face recognition in the first authentication and identifying the person by the palm vein in the second authentication will be described. In this method, for example, a user ID list of N candidates for face recognition is created, and 1: N authentication using a palm vein is executed in the obtained set of user ID lists to identify a user. The process is carried out.

For example, as illustrated in FIG. 1, a client acquires facial feature data from a camera and sends it to a server. The server collates each registered face feature data with the acquired face feature data for a plurality of users in which face feature data and vein feature data are registered in advance. The server extracts user IDs whose similarity is equal to or higher than the threshold value and creates a user ID list. The server sends the user ID list to the client as a result of this first authentication.

Next, the client acquires vein feature data from the vein sensor and sends it to the server together with the user ID list. The server collates the acquired vein feature data with the registered vein feature data of the user ID described in the user ID list. The server determines that the authentication is successful if there is a user ID whose similarity is equal to or higher than the threshold value, and determines that the authentication is unsuccessful if there is no user ID whose similarity is equal to or higher than the threshold value. The server sends the result of this second authentication to the client. In such multi-biometric authentication, it is possible to shorten the time required for identity verification by narrowing down the candidates for vein authentication, which requires a long processing time.

However, in the multi-biometric authentication in which the first authentication and the second authentication are performed, the authentication may fail in the second authentication. For example, if the first certification narrows down the number of people from about 1 million to about 10,000, and the second certification collates with the registered data of about 10,000 people and the authentication fails, the second certification will result in all cases of about 1 million people. There is a problem that processing time is required for additional authentication such as collation with registered data. In addition, when the acquisition of the face image data fails due to a small amount of features extracted from the face image data, the processing time is also required when the acquisition of the face image data is repeated until the client side can acquire the good quality face image data. There is such a problem.

Therefore, in the following examples, an authentication method, an authentication program, and an information processing apparatus that can shorten the authentication time will be described.

FIG. 2 is a block diagram illustrating the overall configuration of the authentication system 400 according to the first embodiment. As illustrated in FIG. 2, the authentication system 400 has a configuration in which a server 100 and a client 200 are connected via a telecommunication line 300 such as the Internet and a LAN (Local Area Network). The server 100 functions as an information processing device according to this embodiment. In this embodiment, as an example, a case where an authentication process is required for payment when a user who has entered a store purchases a product at a cash register will be described.

The server 100 includes a list creation unit 10, a first list management unit 20, an authentication method determination unit 30, an authentication processing unit 40, a second list management unit 50, a biometric data management unit 60, and the like. The client 200 includes a face image acquisition unit 110, a face feature extraction unit 120, a vein image acquisition unit 130, a vein feature extraction unit 140, a search word acquisition unit 150, a camera 160, a vein sensor 170, an input device 180, a display device 190, and the like. Be prepared. The camera 160, the vein sensor 170, the input device 180, and the display device 190 may be external devices to the client 200. Further, the face feature extraction unit 120 and the vein feature extraction unit 140 may be provided in the server 100.

The face image acquisition unit 110 acquires shooting data from the camera 160. The installation location of the camera 160 is not particularly limited, but it is installed, for example, on the ceiling of a store or in front of a cash register. The camera 160 acquires first shooting data including the face of a user who intends to purchase a product in the store. The face feature extraction unit 120 extracts face feature data from the face image data obtained from the first photographing data acquired by the face image acquisition unit 110. The face feature extraction unit 120 sends the extracted face feature data to the list creation unit 10 via the telecommunication line 300. The amount of facial feature data is smaller than the amount of vein feature data below. As a result, the time required for narrowing down can be shortened.

The vein image acquisition unit 130 acquires the second imaging data input by the user using the vein sensor 170. Since the vein sensor 170 is installed, for example, in front of the cash register, the user can hold his / her palm over the vein sensor 170 at the timing of purchasing the product. The vein feature extraction unit 140 extracts vein feature data from the vein image data obtained from the second imaging data acquired by the vein image acquisition unit 130. The vein feature extraction unit 140 sends the extracted vein feature data to the authentication processing unit 40 via the telecommunication line 300. If both the camera 160 and the vein sensor 170 are installed in front of the cash register, the probability that the face image data and the vein image data belong to the same user is high.

The search word acquisition unit 150 acquires the search word input by the user using the input device 180. The search word acquisition unit 150 sends the acquired search word to the authentication method determination unit 30 via the telecommunication line 300.

FIG. 3 is a flowchart showing an example of the authentication process executed by the server 100. First, the list creation unit 10 performs the first authentication by collating the face feature data received from the face feature extraction unit 120 with each registered face feature data stored in the biometric data management unit 60 (step). S1). In step S1, a user ID having a similarity between the face feature data received from the face feature extraction unit 120 and each registered face feature data stored in the biometric data management unit 60 is equal to or greater than a threshold value is extracted.

FIG. 4 is a diagram illustrating registration data stored in the biological data management unit 60. As illustrated in FIG. 4, the registered face feature data of each user registered in advance, the registered vein feature data of each user registered in advance, and the registered vein feature data of each user are registered in advance in association with the user ID. The search word for each user is stored.

The search word is the attribute information of the individual user. The search word may be like a password that does not duplicate each other, or may be duplicated with another user. Search words that may be duplicated with other users include date of birth, blood type, zip code of address, and so on. By using search words that do not overlap with each other, it is possible to identify the only user ID that matches the input search word. By using a search word that may be duplicated with other users, it is possible to narrow down all user IDs registered in the biometric data management unit 60 to one or more candidates.

The first list management unit 20 creates and stores a user ID list including the user ID extracted in step S1 (step S2). FIG. 5 is a diagram illustrating a user ID list created by the first list management unit 20. As illustrated in FIG. 5, each user ID is associated with the similarity calculated in step S1.

Next, the authentication method determination unit 30 collates the user ID list created in step S2 with each user ID list stored in the second list management unit 50 at the time of past narrowing failure (step S3). .. FIG. 6 is a diagram illustrating the user ID list 1 to the user ID list n at the time of past narrowing down failure. In the example of FIG. 6, the number of user IDs included in the user ID list 1 and the user ID list n is the same, but may be different.

The authentication method determination unit 30 determines whether or not there is a user ID list whose similarity obtained as the collation result in step S3 is equal to or greater than the threshold value (step S4). The degree of similarity here is an index for determining whether or not the user ID lists are similar to each other. For example, the number of the same user IDs included in the two collated lists, the ratio of the number of the same user IDs to the total number of user IDs included in the two collated lists, and the like can be calculated as the degree of similarity.

If the result is "No" in step S4, the authentication processing unit 40 causes the display device 190 to display information instructing the user to hold the palm over the vein sensor 170 (step S5). As a result, the user holds the palm over the vein sensor 170.

Upon receiving the vein feature data from the vein feature extraction unit 140, the authentication processing unit 40 executes vein authentication as the second authentication (step S6). For example, the authentication processing unit 40 collates the received vein feature data with each registered vein feature data stored in the biometric data management unit 60.

The authentication processing unit 40 determines whether or not there is registered vein feature data whose similarity is equal to or higher than the threshold value (step S7). The threshold value in this case is set to a high value so that one user can be identified.

If it is determined as "Yes" in step S7, the authentication processing unit 40 sends information related to successful authentication to the client 200 (step S8). As a result, the client 200 executes possible processing (for example, payment processing) after the authentication is successful. In addition, the execution of the flowchart ends.

When it is determined as "No" in step S7, the authentication processing unit 40 stores the user ID list created in step S2 in the second list management unit 50 as a user ID list at the time of past narrowing failure, and also stores it in the second list management unit 50. Information related to the authentication failure is sent to the client 200 (step S9). After the execution of step S9, the execution of the flowchart ends. By executing step S9, one user ID list at the time of past narrowing down failure stored in the second list management unit 50 is added.

If it is determined to be "Yes" in step S4, the authentication method determination unit 30 causes the display device 190 to display information instructing the user to input a search word using the input device 180 (step S10). If the search word registered in FIG. 5 is the date of birth, the display device 190 displays information instructing the input of the date of birth. As a result, the user inputs the search word using the input device 180.

When the authentication processing unit 40 receives the search word from the search word acquisition unit 150, the authentication processing unit 40 assigns a user ID associated with the search word matching the received search word among the user IDs stored in the biometric data management unit 60. Specify (step S11).

Next, the authentication processing unit 40 causes the display device 190 to display information instructing the user to hold the palm over the vein sensor 170 (step S12). As a result, the user holds the palm over the vein sensor 170.

Upon receiving the vein feature data from the vein feature extraction unit 140, the authentication processing unit 40 executes vein authentication (step S13). Specifically, the authentication processing unit 40 collates the received vein feature data with the registered vein feature data of each user ID specified in step S11.

The authentication processing unit 40 determines whether or not there is registered vein feature data whose similarity is equal to or higher than the threshold value (step S14). The threshold value in this case is set to a high value so that one user can be identified, and may be the same value as the threshold value in step S7 or may be different.

If it is determined as "Yes" in step S14, the authentication processing unit 40 sends information related to successful authentication to the client 200 (step S15). As a result, the client 200 executes possible processing (for example, payment processing) after the authentication is successful. In addition, the execution of the flowchart ends.

If "No" is determined in step S14, the authentication processing unit 40 sends information related to the authentication failure to the client 200 (step S16). After the execution of step S16, the execution of the flowchart ends.

In this embodiment, the first shooting data acquired by the camera 160 is an example of the first shooting data shot at the time of the first authentication. The second imaging data acquired by the vein sensor 170 is an example of the second imaging data captured at the time of the second authentication. The user ID list generated by the first list management unit 20 in step S2 is an example of the candidate list of the person generated by the image of the person to be authenticated included in the first shooting data taken at the time of the first authentication. be. Each user ID list at the time of the past narrowing down failure stored in the second list management unit 50 is the past authentication target included in the second shooting data taken at the time of the past second authentication before the first authentication. This is an example of a candidate list that does not include the past authentication target person in the candidate list of the past authentication target person generated by the image of the person.

According to this embodiment, the candidate list of the user is generated from the face image data of the user to be authenticated included in the first photographed data photographed at the time of the first authentication. Next, the candidate of the user to be authenticated in the past generated by the face image data of the user to be authenticated in the past included in the second photographed data taken in the second authentication executed before the first authentication. From the list, a candidate list that does not include the person to be authenticated in the past is acquired. Next, based on the comparison result between the generated candidate list and the acquired candidate list, the authentication operation required for the authentication target person included in the first shooting data is determined. By such processing, the authentication time can be shortened.

For example, when the similarity between the user ID list generated in step S2 and the user list at the time of past narrowing failure is low, there is a high possibility that the past narrowing failure will not be repeated. The past narrowing down failure is a case where the candidates are narrowed down by the first certification but the authentication is not successful by the second certification. Therefore, by performing the second authentication using the user ID list, there is a high possibility that the second authentication will succeed. In this case, since it is not necessary to repeat the first authentication and the second authentication, the authentication time can be shortened. For example, even if good quality facial feature data cannot be obtained by the first authentication, it is not necessary to repeat the first authentication. In this embodiment, it takes a processing time to collate the lists with each other, but the processing time does not have a great influence on the entire authentication time. For example, even if one million users keep a user ID list at the time of past filtering failure one by one, if there are only a few user ID lists included in each list, the collation processing time is calculated based on the highming distance. There is no problem because it is in units of tens to hundreds of nanoseconds x 1 million cases = tens to hundreds of milliseconds.

On the other hand, if the user ID list generated in step S2 has a high degree of similarity to the user ID list at the time of the past narrowing failure, there is a high possibility that the narrowing failure as in the past is repeated. Therefore, there is a high possibility that the second authentication will be successful by accurately narrowing down the candidates by inputting the search word. In this case, it takes time to input the search word, but since it is not necessary to repeat the first authentication and the second authentication, there is a high possibility that the authentication time will be shortened as a result.

FIG. 7 is a diagram illustrating a case where the authentication method according to this embodiment is applied to a convenience store. For example, a camera 160 on the ceiling of a convenience store acquires shooting data including the user's face, sends facial feature data to the server 100 even if the quality is low, and narrows down candidates as the first authentication. The user picks up the product and goes to the POS terminal (register). At that time, it is assumed that the user and the narrowing-down result performed by the server can be linked by a technique such as tracking of a person. Next, palm vein authentication is performed as an authentication method based on the collation result between the user ID list created by the first authentication and the user ID list at the time of past narrowing down failure. Alternatively, based on the collation result, narrowing down by a search word and palm vein authentication are performed. For vein authentication, vein feature data acquired by the vein sensor 170 provided in the POS terminal is used.

In the second embodiment, when there is a possibility that the collation processing time between the user ID lists becomes long, the collation processing time is suppressed by reducing the collation target among the users included in the user ID list at the time of the past narrowing down failure. do.

FIG. 8 is a flowchart showing an example of the authentication process executed by the server 100 in the second embodiment. First, the same processing as in step S1 and step S2 in FIG. 3 is performed. As a result, a user ID list with a narrowed number of users is created.

Next, the authentication method determination unit 30 refers to the statistical data of the collation processing time of the user ID list at the time of the past narrowing down failure (step S21). FIG. 9 is a diagram illustrating statistical data of the collation processing time stored in the second list management unit 50. As illustrated in FIG. 9, the collation processing time and the collation date and time are associated with each user ID list number at the time of narrowing down failure. For example, if the user 1 is collated a plurality of times, a plurality of collation processing times are registered for the list 1. In this case, the authentication method determination unit 30 calculates a plurality of collation processing time statistics (for example, average value, maximum value, minimum value, intermediate value, etc.) as the collation processing time statistics in Listing 1.

The authentication method determination unit 30 determines whether or not the statistic of the collation processing time is equal to or greater than the threshold value for each user ID list stored in the second list management unit 50 (step S22). By executing step S22, it is possible to determine whether or not it takes time to collate the lists for each user ID list stored in the second list management unit 50.

The authentication method determination unit 30 extracts and extracts the user IDs whose similarity is equal to or less than the threshold value or a predetermined number of user IDs having low similarity from the user ID list determined as "Yes" in step S22. The user ID group and the user ID created in step S2 are collated (step S23). Thereby, the collation processing time can be shortened.

The authentication method determination unit 30 collates the user ID list determined to be "No" in step S22 with the user ID created in step S2 by the same process as in step S3 of FIG. 3 (step S24). That is, for the user ID list determined to be "No" in step S22, all user IDs and the user IDs created in step S2 are collated.

The authentication method determination unit 30 stores the processing time required for collation in steps S23 and S24 in the second list management unit 50 (step S25). After that, the processes after step S4 in FIG. 3 are executed.

According to this embodiment, when the collation process takes time for the user ID list at the time of the past narrowing down failure, a part of the user ID list is targeted for collation. As a result, the authentication time can be shortened.

In the third embodiment, when the candidates are narrowed down by using the search word and then the authentication is successful in the second authentication, the user IDs that have been successfully authenticated are included in the past narrowing down failed user ID list whose similarity is equal to or higher than the threshold value. If it is, control it to be deleted.

FIG. 10 is a flowchart showing an example of the authentication process executed by the server 100 in the third embodiment. First, the same processing as in steps S1 to S14 of FIG. 3 is performed. Thereby, it is determined whether or not there is registered vein feature data whose similarity is equal to or higher than the threshold value.

If "No" is determined in step S14, the authentication processing unit 40 sends information related to the authentication failure to the client 200 (step S16). After the execution of step S16, the execution of the flowchart ends.

If it is determined as "Yes" in step S14, the authentication processing unit 40 sends information related to successful authentication to the client 200 (step S15). As a result, the client 200 executes possible processing (for example, payment processing) after the authentication is successful.

Next, the second list management unit 50 checks the user ID list whose similarity is equal to or higher than the threshold value in step S4 (step S31). Next, the second list management unit 50 determines whether or not the user ID that has been successfully authenticated in step S15 is included (step S32). If "Yes" is determined in step S32, the user ID list is deleted (step S33). After that, the execution of the flowchart ends. Even if it is determined as "No" in step S32, the execution of the flowchart ends.

According to this embodiment, since the number of user ID lists at the time of past narrowing down failure can be reduced, the collation processing time between ID lists can be shortened.

In Examples 1 to 3, the list creation unit 10 is an example of a creation unit that creates a candidate list of the person from the image of the person to be authenticated included in the first shooting data taken at the time of the first authentication. be. The authentication method determination unit 30 is the past authentication target created by the image of the person to be authenticated in the past included in the second shooting data taken at the time of the second authentication in the past performed before the first authentication. Among the candidate lists of persons, the first candidate list is obtained by acquiring a candidate list that does not include the person to be authenticated in the past, and based on the comparison result between the created candidate list and the acquired candidate list. This is an example of a determination unit that determines an authentication operation required for the person to be authenticated included in the shooting data.

In the fourth embodiment, the user ID that has been successfully authenticated in the past and the user ID list created by the first authentication are associated and stored. 1: 1 authentication is performed in the second authentication for the user ID associated with the user ID list whose similarity with the user ID list created in the first authentication is equal to or higher than the threshold value.

FIG. 11 is a flowchart showing an example of the authentication process executed by the server 100 in the fourth embodiment. As illustrated in FIG. 11, as step S41 and step S42, the same processing as in step S1 and step S2 in FIG. 3 is performed. As a result, a user ID list is created.

Next, the authentication method determination unit 30 collates the user ID list created in step S42 with each user ID list stored in the second list management unit 50 at the time of successful narrowing down in the past (step S43). .. FIG. 12 is a diagram illustrating the user ID list 1 to the user ID list n at the time of successful narrowing down in the past. As illustrated in FIG. 12, each user ID list is associated with a user ID that has been successfully authenticated using the user ID list. In the example of FIG. 12, the number of user IDs included in the user ID list 1 and the user ID list n is the same, but may be different.

The authentication method determination unit 30 determines whether or not there is a user ID list whose similarity obtained as the collation result in step S43 is equal to or greater than the threshold value (step S44). If the result is determined to be "Yes" in step S44, the authentication processing unit 40 causes the display device 190 to display information instructing the user to hold the palm over the vein sensor 170 (step S45). As a result, the user holds the palm over the vein sensor 170.

Upon receiving the vein feature data from the vein feature extraction unit 140, the authentication processing unit 40 executes vein authentication as the second authentication (step S46). In this case, the authentication processing unit 40 collates the received vein feature data with the registered vein feature data of the user ID associated with the user ID list whose similarity is equal to or higher than the threshold value in step S44.

The authentication processing unit 40 determines whether or not the similarity becomes equal to or higher than the threshold value by executing step S46 (step S47).

When it is determined as "Yes" in step S47, the authentication processing unit 40 stores the user ID list created in step S42 in the second list management unit 50 as a user ID list at the time of past narrowing failure, and also stores it in the second list management unit 50. Information related to successful authentication is sent to the client 200 (step S48). As a result, the client 200 executes possible processing (for example, payment processing) after the authentication is successful. By executing step S48, one user ID list at the time of past successful narrowing down stored in the second list management unit 50 is added. In addition, the execution of the flowchart ends.

If "No" is determined in step S47, the authentication processing unit 40 sends information related to the authentication failure to the client 200 (step S49). After the execution of step S49, the execution of the flowchart ends.

If the result is "No" in step S44, the authentication method determination unit 30 causes the display device 190 to display information instructing the user to input a search word using the input device 180 (step S50).

When the authentication processing unit 40 receives the search word from the search word acquisition unit 150, the authentication processing unit 40 assigns a user ID associated with the search word matching the received search word among the user IDs stored in the biometric data management unit 60. Specify (step S51).

Next, the authentication processing unit 40 causes the display device 190 to display information instructing the user to hold the palm over the vein sensor 170 (step S52). As a result, the user holds the palm over the vein sensor 170.

Upon receiving the vein feature data from the vein feature extraction unit 140, the authentication processing unit 40 executes vein authentication (step S53). Specifically, the authentication processing unit 40 collates the received vein feature data with the registered vein feature data of each user ID specified in step S51.

The authentication processing unit 40 determines whether or not there is registered vein feature data whose similarity is equal to or higher than the threshold value (step S54). The threshold value in this case is set to a high value so that one user can be identified, and may be the same value as the threshold value in step S57 or may be different.

If it is determined as "Yes" in step S54, the authentication processing unit 40 sends information related to successful authentication to the client 200 (step S55). As a result, the client 200 executes possible processing (for example, payment processing) after the authentication is successful. In addition, the execution of the flowchart ends.

If "No" is determined in step S54, the authentication processing unit 40 sends information related to the authentication failure to the client 200 (step S56). After the execution of step S56, the execution of the flowchart ends.

According to this embodiment, when the user ID list created by the first authentication is similar to the user ID list when the authentication is successful in the past, the user when the authentication is successful can be specified. Thereby, the processing time of the second authentication can be shortened. Therefore, the time of the entire authentication process can be shortened.

The processing after step S43 may be performed in parallel with the processing after step S3 in FIG. Thereby, the user ID list created by the first authentication can be collated with the user ID list when the narrowing down fails in the past and the user ID list when the narrowing down is successful in the past. By predetermining which collation result is prioritized, either the process after step S43 or the process after step S3 in FIG. 3 can be prioritized.

In the fourth embodiment, the authentication method determination unit 30 performs the first authentication for creating a candidate list of the authentication target person using the first photography data of the authentication target person, and performs the first authentication with the second photography data of the authentication target person. A memory that stores the candidate in the candidate list in association with the authentication target person who has succeeded in the authentication when the second authentication for collating the registered biometric data registered in advance with the candidate in the candidate list is performed and the authentication is successful. This is an example of an acquisition unit that acquires the candidate list from the unit. The list creation unit 10 is an example of a creation unit that creates a candidate list of the person from the image of the person to be authenticated included in the first shooting data taken at the time of the new first authentication. Among the acquired candidate lists, the registered biometric data registered in advance for the candidates associated with the candidate list whose similarity with the created candidate list is equal to or higher than the threshold value, and This is an example of an authentication processing unit that performs a new second authentication by collating with the second shooting data of the person.

In each of the above examples, the face image is used for the first authentication and the vein image is used for the second authentication, but the present invention is not limited to this. Biometric information other than the facial image may be used for the first authentication, and biometric information other than the vein image may be used for the second authentication. However, the amount of biometric information data used in the second authentication is preferably smaller than the amount of biometric information data used in the first authentication.

FIG. 13A is a block diagram for explaining the hardware configuration of the server 100. As illustrated in FIG. 13A, the server 100 includes a CPU 101, a RAM 102, a storage device 103, a communication device 104, and the like. Each of these devices is connected by a bus or the like. The CPU (Central Processing Unit) 101 is a central processing unit. The RAM (Random Access Memory) 102 is a volatile memory that temporarily stores a program executed by the CPU 101, data processed by the CPU 101, and the like. The storage device 103 is a non-volatile storage device. As the storage device 103, for example, a ROM (Read Only Memory), a solid state drive (SSD) such as a flash memory, a hard disk driven by a hard disk drive, or the like can be used. When the CPU 101 executes the authentication program stored in the storage device 103, the functions of each part of the server 100 are realized. The functions of each part of the server 100 may be configured by a dedicated circuit or the like. The communication device 104 is an interface to the telecommunication line 300.

FIG. 13B is a block diagram for explaining the hardware configuration of the client 200. As illustrated in FIG. 13B, the client 200 includes a CPU 201, a RAM 202, a storage device 203, a communication device 204, and the like. Each of these devices is connected by a bus or the like. The CPU 201 is a central processing unit. The RAM 202 is a volatile memory that temporarily stores a program executed by the CPU 201, data processed by the CPU 201, and the like. The storage device 203 is a non-volatile storage device. As the storage device 203, for example, a solid state drive such as a ROM or a flash memory, a hard disk driven by a hard disk drive, or the like can be used. By executing the program stored in the storage device 203 by the CPU 201, the face image acquisition unit 110, the face feature extraction unit 120, the vein image acquisition unit 130, the vein feature extraction unit 140, and the search word acquisition unit 150 of the client 200 are executed. The functions of each part are realized. It should be noted that each of these functions of the client 200 may be configured by a dedicated circuit or the like. The communication device 204 is an interface to the telecommunication line 300.

Although the embodiments of the present invention have been described in detail above, the present invention is not limited to the specific embodiment, and various modifications and variations are made within the scope of the gist of the present invention described in the claims. It can be changed.

10 List creation unit 20 1st list management unit 30 Authentication method determination unit 40 Authentication processing unit 50 2nd list management unit 60 Biometric data management unit 100 Server 110 Face image acquisition unit 120 Face feature extraction unit 130 Vein image acquisition unit 140 Vein feature Extraction unit 150 Search word acquisition unit 160 Camera 170 Venous sensor 180 Input device 190 Display device 200 Client 300 Telecommunications line 400 Authentication system

Claims (15)

A candidate list of the person is created from the image of the person to be authenticated included in the first shooting data taken at the time of the first authentication.
Among the candidate list of the past authentication target person created by the image of the past authentication target person included in the second shooting data taken at the time of the second authentication performed before the first authentication, the above. Get a list of candidates that does not include people to be authenticated in the past
Based on the comparison result between the created candidate list and the acquired candidate list, the authentication operation required for the authentication target person included in the first shooting data is determined.
An authentication method characterized by a computer performing processing. When the degree of similarity between the created candidate list and the acquired candidate list is equal to or higher than the threshold value, the attribute information of the person is acquired from the person to be authenticated included in the first shooting data.
Using the acquired attribute information, identify the candidate for the person, and
A new second authentication is performed by collating the second photographing data of the person with the registered biometric data registered in advance for the identified candidate.
The authentication method according to claim 1, wherein the processing is executed by the computer. When the authentication is successful in the new second authentication, and the acquired candidate list whose similarity is equal to or higher than the threshold value includes the candidate who has been successfully authenticated, the candidate list is included in the past. The authentication method according to claim 2, wherein the person to be authenticated is not used as a candidate list that does not include the person to be authenticated. The candidate list created according to the processing time required for comparison between the candidate list not including the person to be authenticated in the past and the candidate list created by the first authentication in the past. The authentication method according to any one of claims 1 to 3, wherein the computer executes a process of controlling the comparison method with the acquired candidate list. On the computer
The process of creating a candidate list of the person to be authenticated from the image of the person to be authenticated included in the first shooting data taken at the time of the first authentication, and
Among the candidate list of the past authentication target person created by the image of the past authentication target person included in the second shooting data taken at the time of the second authentication performed before the first authentication, the above. The process of getting a candidate list that does not include people to be authenticated in the past,
Based on the comparison result between the created candidate list and the acquired candidate list, the process of determining the authentication operation required for the person to be authenticated included in the first shooting data, and the process of determining the authentication operation.
An authentication program characterized by running. To the computer
When the degree of similarity between the created candidate list and the acquired candidate list is equal to or higher than the threshold value, the process of acquiring the attribute information of the person from the person to be authenticated included in the first shooting data. ,
Using the acquired attribute information, the process of identifying the candidate for the person and
A process of performing a new second authentication by collating the second photographed data of the person with the registered biometric data registered in advance for the specified candidate.
The authentication program according to claim 5, wherein the authentication program is executed. When the authentication is successful in the new second authentication, and the acquired candidate list whose similarity is equal to or higher than the threshold value includes the candidate who has been successfully authenticated, the candidate list is included in the past. The authentication program according to claim 6, wherein the person to be authenticated is not used as a candidate list that does not include the person to be authenticated. To the computer
The candidate list created according to the processing time required for comparison between the candidate list not including the person to be authenticated in the past and the candidate list created by the first authentication in the past. The authentication program according to any one of claims 5 to 7, wherein the process of controlling the comparison method with the acquired candidate list is executed. A creation unit that creates a candidate list of the person based on the image of the person to be authenticated included in the first shooting data taken at the time of the first authentication, and
Among the candidate list of the past authentication target person created by the image of the past authentication target person included in the second shooting data taken at the time of the second authentication performed before the first authentication, the above. Based on the result of comparison between the candidate list created by acquiring the candidate list that does not include the person to be authenticated in the past and the acquired candidate list, the authentication target included in the first shooting data is included. An information processing device including a decision unit that determines an authentication operation required for a person. When the degree of similarity between the created candidate list and the acquired candidate list is equal to or higher than the threshold value, the attribute information of the person is acquired from the person to be authenticated included in the first shooting data and acquired. A new second image is created by identifying the candidate of the person using the attribute information and collating the second photographing data of the person with the registered biometric data registered in advance for the identified candidate. The information processing apparatus according to claim 9, further comprising an authentication processing unit for performing authentication. When the authentication is successful in the new second authentication, the determination unit is the candidate if the acquired candidate list whose similarity is equal to or higher than the threshold value includes the candidate who has been successfully authenticated. The information processing apparatus according to claim 10, wherein the person list is not used as a candidate list that does not include the person to be authenticated in the past. The determination unit was created according to the processing time required for comparison between the candidate list that does not include the person to be authenticated in the past and the candidate list created by the first authentication in the past. The information processing apparatus according to any one of claims 9 to 11, wherein the method of comparing the candidate list with the acquired candidate list is controlled. The first authentication is performed to create a candidate list of the authentication target person using the first shooting data of the authentication target person, and the second shooting data of the authentication target person and the candidates of the candidate list are registered in advance. The candidate list is acquired from the storage unit that stores the candidate list when the second authentication for collating with a certain registered biometric data is performed and the authentication target person who has succeeded in the authentication is associated with each other.
A candidate list of the person is created from the image of the person to be authenticated included in the first shooting data taken at the time of the new first authentication.
Among the acquired candidate list, the registered biometric data registered in advance for the candidate associated with the candidate list whose similarity with the created candidate list is equal to or higher than the threshold value, and the second photographing of the person. Perform a new second authentication by collating with the data,
An authentication method characterized by the processing being performed by a computer. On the computer
The first authentication is performed to create a candidate list of the authentication target person using the first shooting data of the authentication target person, and the second shooting data of the authentication target person and the candidates of the candidate list are registered in advance. The candidate list is acquired from the storage unit that stores the candidate list when the second authentication for collating with a certain registered biometric data is performed and the authentication target person who has succeeded in the authentication is associated with each other.
A candidate list of the person is created from the image of the person to be authenticated included in the first shooting data taken at the time of the new first authentication.
Among the acquired candidate list, the registered biometric data registered in advance for the candidate associated with the candidate list whose similarity with the created candidate list is equal to or higher than the threshold value, and the second photographing of the person. Perform a new second authentication by collating with the data,
An authentication program characterized by executing processing. The first authentication is performed to create a candidate list of the authentication target person using the first shooting data of the authentication target person, and the second shooting data of the authentication target person and the candidates of the candidate list are registered in advance. An acquisition unit that acquires the candidate list from a storage unit that stores the candidate list when the second authentication for collating with a certain registered biometric data is performed and the authentication target person who has succeeded in the authentication is associated and stored. ,
A creation unit that creates a candidate list of the person to be authenticated from the image of the person to be authenticated included in the first shooting data taken at the time of the new first authentication, and a creation unit.
Of the acquired candidate list, the registered biometric data registered in advance for the candidate associated with the candidate list whose similarity with the created candidate list is equal to or higher than the threshold value, and the second photographing of the person. An information processing device including an authentication processing unit that performs a new second authentication by collating with data.

Images