JP2023089427A - Authentication system and authentication method - Google Patents

Abstract

To provide an authentication system and an authentication method for improving convenience without requiring input of an ID or a password.SOLUTION: In an authentication system 1, a face authentication server includes a biometric authentication processing unit (face authentication processing unit) which executes biometric authentication processing for authenticating a user on the basis of a comparison between feature quantities of registered biometric information which is biometric information registered in advance, and feature quantities of biometric information of the user detected from the user. A behavior authentication server includes an authentication control unit (server control unit) which executes authentication of the user based on an authentication result of the biometric authentication processing and an authentication result of behavior authentication processing, the behavior authentication server comprising a behavior authentication processing unit which executes behavior authentication processing for authenticating the user on the basis of a comparison between template information indicating characteristics of behavioral habits of the user generated based on behavior information of the user and acquired behavior information of the user in a predetermined period.SELECTED DRAWING: Figure 1

Description

The present disclosure relates to authentication systems and authentication methods.

In recent years, in order to improve authentication accuracy, an authentication system that combines a plurality of authentication methods is known (see, for example, Patent Document 1). In such an authentication system, an authentication method using biometric information such as fingerprints and veins is combined with an authentication method using an ID or a password.

JP 2016-45811 A

However, in an authentication system such as the above-described conventional technology, it is necessary to enter an ID or a password in addition to biometric information such as fingerprints and veins, and there is a demand for a more convenient authentication system.

The present disclosure has been made to solve the above problems, and its purpose is to provide an authentication system and an authentication method that can improve convenience without requiring the input of an ID or password.

In order to solve the above problems, the present disclosure compares the feature amount of registered biometric information, which is biometric information that has been registered in advance, with the feature amount of the user's biometric information detected from the user. , a biometric authentication processing unit that executes biometric authentication processing for authenticating the user; template information that indicates the characteristics of the user's behavior habits generated based on the user's behavior information; a behavior authentication processing unit that executes behavior authentication processing for authenticating a user based on comparison with the behavior information of the user during the period of; an authentication result of the biometric authentication processing; and an authentication control unit that authenticates the user based on.

In addition, the present disclosure is based on a comparison between template information indicating characteristics of the user's behavioral habits generated based on the user's behavioral information and the acquired behavioral information of the user for a predetermined period. and an authentication control unit that authenticates the user based on the authentication result of the behavior authentication processing.

Further, in the present disclosure, the biometric authentication processing unit compares the feature amount of registered biometric information, which is biometric information registered in advance, with the feature amount of the biometric information of the user detected from the user. a biometric authentication processing step of executing biometric authentication processing for authenticating the user; and template information generated by the behavior authentication processing unit based on the behavior information of the user and indicating characteristics of behavioral habits of the user. and a behavior authentication processing step of executing behavior authentication processing for authenticating a user based on comparison with the acquired behavior information of the user for a predetermined period; The authentication method includes a result and an authentication control step of performing authentication of the user based on the authentication result of the behavior authentication process.

According to the present disclosure, convenience can be improved.

1 is a schematic block diagram showing an example of an authentication system according to a first embodiment; FIG. It is a figure which shows the data example of the action information storage part of a user portable terminal in 1st Embodiment. It is a figure which shows the data example of the registration information storage part in 1st Embodiment. It is a figure which shows the data example of the action information storage part of the action authentication server in 1st Embodiment. 4 is a diagram showing an example of data in a template storage unit according to the first embodiment; FIG. It is a figure which shows an example of the authentication process of the authentication system by 1st Embodiment. 6 is a flow chart showing an example of authentication processing of the face authentication server according to the first embodiment; 6 is a flowchart illustrating an example of processing for generating template information for behavior authentication according to the first embodiment; 6 is a flow chart showing an example of behavior authentication processing of the behavior authentication server in the first embodiment; FIG. 4 is a schematic block diagram showing an example of an authentication system according to a second embodiment; FIG. It is a figure which shows an example of the authentication process of the authentication system by 2nd Embodiment. 9 is a flow chart showing an example of authentication processing of a face authentication server according to the second embodiment;

An authentication system and an authentication method according to an embodiment of the present disclosure will be described below with reference to the drawings.

[First embodiment]
FIG. 1 is a schematic block diagram showing an example of an authentication system 1 according to this embodiment.
As shown in FIG. 1 , the authentication system 1 includes an authentication terminal device 10 , a user portable terminal 20 , a face authentication server 30 and an action authentication server 40 .

The authentication system 1 according to the present embodiment is, for example, a system that authenticates a user U1 at the time of payment at an unmanned store or the like. Here, the authentication of the user U1 indicates, for example, a process of proving the legitimacy of the user U1. In the authentication system 1, as authentication processing of the user U1, face authentication processing and behavior authentication processing are combined to identify the user U1 and execute processing for proving the legitimacy of the user U1. Details of the face authentication process and the action authentication process will be described later.

The authentication terminal device 10 is, for example, a terminal device such as a tablet terminal, and is connected to a POS (Point Of Sales) terminal for payment processing.
The authentication terminal device 10 includes a network communication unit 11 , a camera 12 , a terminal storage unit 13 , a terminal control unit 14 and a display unit 15 .

The NW communication unit 11 is, for example, a communication device such as a wireless LAN (Local Area Network), a wireless WAN (Wide Area Network), or a wired LAN, is connectable to the network NW1, and performs various data communications via the network NW1. conduct. The NW communication unit 11 connects to the face authentication server 30 via the network NW1, for example, and performs data communication with the face authentication server 30. FIG.

The camera 12 (an example of a biometric information detection unit) is, for example, a digital camera module having an image sensor, and is an example of an imaging unit that detects the face image of the user U1. In addition, in this embodiment, a face image is used as an example of biometric information, and the camera 12 detects the face image of the user U1 as the biometric information.

The terminal storage unit 13 stores various information used by the authentication terminal device 10 . The terminal storage unit 13 stores, for example, face image data detected by the camera 12, authentication results, position information of the camera 12 (authentication terminal device 10), and the like. Personal information such as face image data is temporarily stored in the terminal storage unit 13 during authentication processing.

The terminal control unit 14 is, for example, a processor including a CPU (Central Processing Unit), and controls the authentication terminal device 10 in an integrated manner. For example, the terminal control unit 14 extracts the feature amount of the face image detected by the camera 12 . The terminal control unit 14 transmits the feature amount of the face image and the position information of the camera 12 to the face authentication server 30 via the NW communication unit 11 .
Further, the terminal control unit 14 executes processing such as permitting payment processing based on the authentication result of the user U1 received from the face authentication server 30 via the NW communication unit 11, for example.

The display unit 15 is, for example, a display device such as a liquid crystal display, and displays various information used by the authentication terminal device 10 . The display unit 15 displays, for example, face authentication guidance, an identity verification screen, prices of purchased products, and the like.

The user portable terminal 20 is a terminal device carried by the user U1, and is, for example, a mobile phone such as a smart phone, a tablet terminal, or the like. The user portable terminal 20 includes a NW communication section 21 , an input section 22 , a display section 23 , a camera 24 , a position detection section 25 , a terminal storage section 26 and a terminal control section 27 .

The NW communication unit 21 is, for example, a communication device such as a wireless LAN, a wireless WAN, or a wired LAN, is connectable to the network NW1, and performs various data communications via the network NW1. For example, the NW communication unit 21 connects to the behavior authentication server 40 via the network NW1 and performs data communication with the behavior authentication server 40 .

The input unit 22 is an input device such as a touch sensor and a keyboard, receives various information from the user U1, and outputs the information to the terminal control unit 27 .
The display unit 23 is, for example, a display device such as a liquid crystal display, and displays various information used by the user portable terminal 20 .

The camera 24 is, for example, a digital camera module equipped with an image sensor, and captures various image data.
The position detection unit 25 is, for example, a GPS (Global Positioning System) module or the like, and detects position information of the user portable terminal 20 . The positional information detected by the position detection unit 25 is used as the positional information of the user U1 in the action information described later.

The terminal storage unit 26 stores various information used by the user portable terminal 20 . The terminal storage unit 26 has a behavior information storage unit 261 .
The behavior information storage unit 261 stores behavior information of the user U1. The behavior information of the user U1 is history information indicating the behavior of the user U1, and information indicating habits of behavior of the user U1. Note that the behavior information storage unit 261 may temporarily store the behavior information, or may store information that can be detected by the user portable terminal 20 instead of the behavior information. Details of information that can be detected by the user portable terminal 20 will be described later. Here, an example of data in the action information storage unit 261 in this embodiment when action information is temporarily stored will be described with reference to FIG.

FIG. 2 is a diagram showing an example of data in the action information storage unit 261 of the user portable terminal 20 in this embodiment.
As shown in FIG. 2, the action information storage unit 261 can temporarily store "date", "time", "position", and "action information" in association with each other.

In this figure, "date" indicates the date of action of user U1, and "time" indicates the time of action of user U1. "Position" indicates the position information of user U1 (position information of user portable terminal 20) at "date" and "time". The “behavioral information” is behavioral content indicating behavioral habits, such as commuting to work or school, home, eating, walking, sleeping, exercising, shopping, viewing smartphones, and wireless LAN usage. The “behavior information” may be, for example, a behavior code indicating the content of the behavior.
The "behavior information" is based on information that can be detected by the user mobile terminal 20 (for example, location information, terminal operation/usage history, radio wave information, IP address, sensor detection information such as an acceleration sensor, etc.) Presumed. In addition, the user portable terminal 20 temporarily stores these pieces of detectable information in the behavior information storage unit 261 in place of the "behavior information", and periodically transmits the information to the behavior authentication server 40 to perform the behavior authentication. The server 40 may estimate action information, which is action content, from these pieces of detectable information.

For example, in the example shown in FIG. 2, the "date" and "time" are "2021/8/20" and "7:40", the "location" is "XX Ward, Tokyo", and " Behavior information” indicates that the user is “moving, using the Internet”.

Returning to the description of FIG. 1, the terminal control unit 27 is, for example, a processor including a CPU, and controls the user portable terminal 20 in an integrated manner. The terminal control unit 27 uses, for example, the NW communication unit 21, the input unit 22, the display unit 23, the camera 24, and the position detection unit 25 to collect behavior information of the user U1, and Behavior information is periodically transmitted to the behavior authentication server 40 via the NW communication unit 21 .
The terminal control section 27 includes a behavior information processing section 271 .

The behavior information processing unit 271 is, for example, a functional unit realized by causing the CPU of the terminal control unit 27 to execute an application program. The behavior information processing unit 271 collects behavior information (observes the behavior of the user U1) for behavior authentication processing, and transmits the collected behavior information to the behavior authentication server 40 .

The behavior information processing unit 271 uses, for example, the NW communication unit 21, the input unit 22, the display unit 23, the camera 24, the position detection unit 25, and the like to detect (observe) the behavior information of the user U1. The action information is stored in the action information storage unit 261 as action information as shown in FIG. 2 described above.

In addition, the behavior information processing unit 271 periodically (for example, every 5 minutes) or in response to a request or instruction from the behavior authentication server 40 or the like, transfers the behavior information stored by the behavior information storage unit 261 to NW communication. It is transmitted to the behavior authentication server 40 via the unit 21 .

The face authentication server 30 is, for example, a server device, and executes face authentication processing (an example of biometric authentication processing). The face authentication server 30 includes a NW communication section 31 , a server storage section 32 and a server control section 33 .

The NW communication unit 31 is, for example, a communication device such as a wired LAN, is connectable to the network NW1, and performs various data communications via the network NW1. For example, the NW communication unit 31 connects to the authentication terminal device 10 and the behavior authentication server 40 via the network NW1, and performs data communication with the authentication terminal device 10 and data communication with the behavior authentication server 40. to run.

The server storage unit 32 stores various information used by the face authentication server 30 . The server storage unit 32 stores, for example, various information related to face authentication processing. The server storage unit 32 has a registration information storage unit 321 .

The registration information storage unit 321 is a storage unit for pre-registering a feature amount (a feature amount of a face image) corresponding to the face authentication user U1. The registration information storage unit 321 stores, for example, user identification information for identifying the user U1 and the feature amount of the face image in association with each other. Here, an example of data in the registration information storage unit 321 will be described with reference to FIG.

FIG. 3 is a diagram showing an example of data in the registration information storage unit 321 in this embodiment.
As shown in FIG. 3, the registration information storage unit 321 stores a “user ID” and a “face authentication feature amount” in association with each other.

In FIG. 3, "user ID" is an example of user identification information. "Face authentication feature amount" indicates the feature amount extracted from the face image, and indicates the feature amount of the registered face image.
The example shown in FIG. 3 indicates that the "face authentication feature amount" corresponding to "U0001" as the "user ID" is "XXXX...".

Returning to the description of FIG. 1 again, the server control unit 33 (an example of an authentication control unit) is, for example, a processor including a CPU, and controls the face authentication server 30 in an integrated manner. The server control unit 33 executes face authentication processing and, for example, authenticates the user U1 based on the authentication result of the face authentication processing and the authentication result of the action authentication processing. That is, the server control unit 33 combines the authentication result of the face authentication process and the authentication result of the action authentication process to authenticate the user U1.
The server control unit 33 has a face authentication processing unit 331 .

The face authentication processing unit 331 (an example of the biometric authentication processing unit) uses a feature amount of a registered face image (registered biometric information), which is a face image registered in advance, and a feature of the face image of the user U1 detected by the camera 12. A face authentication process (biometric authentication process) for authenticating the user U1 is executed based on the comparison with the quantity. The face authentication processing unit 331 determines the user U1, for example, based on the degree of matching between the feature amount of the registered face image and the feature amount of the face image of the user U1.

Specifically, the face authentication processing unit 331 compares the feature amount of the face image of the user U1 received from the authentication terminal device 10 with the feature amount of the registered face image stored in the registration information storage unit 321, A user ID corresponding to a feature amount with a high degree is determined. The face authentication processing unit 331 determines that the user U1 is the user corresponding to the feature amount of the registered face image when the matching degree of the feature amount corresponding to the determined user ID is equal to or greater than the first threshold. judge.

In addition, the face authentication processing unit 331 determines the user U1 when the matching degree of the feature amount corresponding to the determined user ID is less than the first threshold and equal to or greater than the second threshold smaller than the first threshold. is determined to be uncertain.

Further, when the matching degree of the feature amount corresponding to the determined user ID is less than the second threshold, the face authentication processing unit 331 determines that the feature amount of the registered face image corresponding to the user U1 is registered information storage. It is determined that it is not registered in the unit 321 . That is, in this case, the face authentication processing unit 331 determines that authentication of user U1 has failed.

When the face authentication processing unit 331 determines the user ID corresponding to the user U1 (the face authentication processing unit 331 determines the user U1), the server control unit 33 (or the face authentication processing unit 331) If successful), the user ID is transmitted to the authentication terminal device 10 via the NW communication unit 31 as the authentication result of the user U1.

In addition, when the face authentication processing unit 331 fails to determine the user U1, the server control unit 33 (or the face authentication processing unit 331) fails to determine the user U1 via the NW communication unit 31. is transmitted to the authentication terminal device 10 as the authentication result of the user U1.

Moreover, the server control unit 33 (or the face authentication processing unit 331) uses the authentication result of the behavior authentication processing to authenticate the user U1 when the determination of the user U1 is uncertain. That is, the server control unit 33 (or the face authentication processing unit 331 ) transmits an action authentication request including the user ID and the position information of the camera 12 to the action authentication server 40 via the NW communication unit 31 .

Also, the server control unit 33 (or the face authentication processing unit 331 ) receives the authentication result of the user U<b>1 by the action authentication process from the action authentication server 40 via the NW communication unit 31 . The server control unit 33 (or the face authentication processing unit 331) transmits the authentication result of the user U1 by the behavior authentication process to the authentication terminal device 10 via the NW communication unit 31 as the authentication result of the user U1.

The behavior authentication server 40 is, for example, a server device, and executes behavior authentication processing. The behavior authentication server 40 includes a NW communication unit 41 , a server storage unit 42 and a server control unit 43 .

The NW communication unit 41 is, for example, a communication device such as a wired LAN, is connectable to the network NW1, and performs various data communications via the network NW1. For example, the NW communication unit 41 connects to the user portable terminal 20 and the face authentication server 30 via the network NW1, performs data communication with the user portable terminal 20, and communicates with the face authentication server 30. Execute data communication.

The server storage unit 42 stores various information used by the behavior authentication server 40 . The server storage unit 42 stores, for example, various information related to behavior authentication processing. The server storage unit 42 includes an action information storage unit 421 and a template storage unit 422 .

The behavior information storage unit 421 stores the behavior information received from the user portable terminal 20 for each user U1. Here, an example of data in the behavior information storage unit 421 in this embodiment will be described with reference to FIG.

FIG. 4 is a diagram showing an example of data in the behavior information storage unit 421 of the behavior authentication server 40 in this embodiment.
As shown in FIG. 4, the action information storage unit 421 associates and stores a "user ID", a "terminal ID", a "date", and "action information".
In FIG. 4 , “user ID” indicates identification information of user U1, and “terminal ID” indicates terminal identification information for identifying user mobile terminal 20 . Also, "date" indicates the date of collection, and "behavior information" is the behavior information for each day shown in FIG. contains.

For example, in the example shown in FIG. 4, the "user ID" is "U0001", the behavior information collected by "terminal ID" is "D0001", and the "date" is "2021/08/20". , "XXX...". In addition, the action information storage unit 421 stores a plurality of such "action information" for one day.

Returning to the description of FIG. 1 again, the template storage unit 422 stores pre-registered template information for each user U1. Here, the template information is information indicating characteristics of behavioral habits of the user generated based on the behavioral information of the user U1, and is generated by analyzing the behavioral information stored in the behavioral information storage unit 421. . Here, an example of data in the template storage unit 422 in this embodiment will be described with reference to FIG.

FIG. 5 is a diagram showing an example of data in the template storage unit 422 in this embodiment.
As shown in FIG. 5, the template storage unit 422 stores a "user ID", a "terminal ID", and "template information" in association with each other.
The example shown in FIG. 5 indicates that the "user ID" is "U0001" and the "template information" corresponding to the "terminal ID" of "D0001" is "XXX...".

Returning to the description of FIG. 1 again, the server control unit 43 is, for example, a processor including a CPU, and controls the behavior authentication server 40 in an integrated manner. The server control unit 43 executes behavior authentication processing.
The server control unit 43 also includes a behavior authentication processing unit 431 . The server control unit 43 causes the behavior authentication processing unit 431 to perform behavior authentication processing, for example, using the user ID and the position information of the camera 12 received from the face authentication server 30 via the NW communication unit 41 . Also, the server control unit 43 transmits the authentication result of the behavior authentication process to the face authentication server 30 via the NW communication unit 41 .

The behavior authentication processing unit 431 (an example of the behavior authentication processing unit) executes behavior authentication processing for authenticating the user based on comparison between the template information and the acquired behavior information of the user for a predetermined period. The behavior authentication processing unit 431 compares, for example, template information corresponding to the designated user ID among a plurality of pieces of template information stored in the template storage unit 422 with behavior information of the user U1 during a predetermined period. to authenticate the user U1.

Here, the behavior information of the user U1 for a predetermined period is obtained by acquiring a predetermined period of the behavior information corresponding to the user ID specified from the behavior information storage unit 421. For example, the last 24 hours behavioral information. Also, the predetermined period may be changed according to the place of use, and may be a predetermined period corresponding to the position information of the camera 12, for example. For example, when the position information of the camera 12 is the position information corresponding to the place of work, the predetermined period may be a A period may be used.

The behavior authentication processing unit 431 reads the template information corresponding to the designated user ID from the template storage unit 422, and reads the behavior information of the user U1 for a predetermined period corresponding to the user ID from the behavior information storage unit 421. read out. The behavior authentication processing unit 431 compares the read template information with the behavior information of the user U1 during a predetermined period to calculate a score indicating the degree of matching. User U1 is authenticated to determine whether or not the user corresponding to the given user ID is valid.

Note that the behavior authentication processing unit 431 may calculate a score by weighting each element of the template information in order to absorb fluctuations in the behavior of the user U1.
In addition, in order to absorb fluctuations in the behavior of user U1, the behavior authentication processing unit 431 may expand the time and position included in the behavior information of the user to a predetermined range and compare the time and position with the template information. .

Next, the operation of the authentication system 1 according to this embodiment will be described with reference to the drawings.
FIG. 6 is a diagram showing an example of authentication processing of the authentication system 1 according to this embodiment.
As shown in FIG. 6, the authentication terminal device 10 first acquires a face image (step S101). The camera 12 of the authentication terminal device 10 detects the face image of the user U1, and the terminal control unit 14 acquires the face image from the camera 12. FIG.

Next, the authentication terminal device 10 extracts feature amounts from the face image (step S102). The terminal control unit 14 of the authentication terminal device 10 extracts feature amounts from the face image of the user U1 detected by the camera 12 .

Next, the authentication terminal device 10 transmits the feature quantity and position information to the face authentication server 30 (step S103). For example, the terminal control unit 14 transmits the position information of the camera 12 (authentication terminal device 10) stored in advance in the terminal storage unit 13 and the feature amount of the extracted face image of the user U1 to the NW communication unit 11. to the face authentication server 30 via the

Next, the face authentication server 30 executes face authentication processing (step S104). The face authentication processing unit 331 of the face authentication server 30 executes face authentication processing for determining the user U1 based on the feature amount of the received face image of the user U1 (hereinafter referred to as user feature amount). The face authentication processing unit 331 compares the feature amount of the registered face image (hereinafter referred to as the registered feature amount) stored in the registered information storage unit 321 with the user feature amount to calculate the matching degree. The face authentication processing unit 331 selects the user ID associated with the registered feature value having the highest degree of matching among the registered feature values stored in the registered information storage unit 321 . Here, the face authentication processing unit 331 determines that the user corresponding to the selected user ID is the user U1 whose face image is detected in the authentication terminal device 10 . Details of the face authentication processing by the face authentication server 30 will be described later with reference to FIG.

Next, the face authentication server 30 determines whether or not the user determination is uncertain (step S105). If the user determination is uncertain (step S105: YES), the server control unit 33 advances the process to step S106. If the user determination is certain (authentication success or authentication failure is confirmed) (step S105: NO), the server control unit 33 advances the process to step S109.

In step S<b>106 , the face authentication server 30 transmits the user ID and location information to the action authentication server 40 . That is, the server control unit 33 transmits the user ID selected by the face authentication processing unit 331 and the position information received from the authentication terminal device 10 to the behavior authentication server 40 via the NW communication unit 31 .

Next, the behavior authentication server 40 executes behavior authentication processing (step S107). The action authentication processing unit 431 of the action authentication server 40 uses the user ID and the position information received from the face authentication server 30, and the information stored in the action information storage unit 421 and the template storage unit 422 to identify the user ID. The corresponding user U1 is authenticated. Here, the action authentication processing unit 431 determines the legitimacy of the user U1 corresponding to the user ID by action authentication processing. Details of the behavior authentication processing by the behavior authentication server 40 will be described later with reference to FIG. 9 .

Next, the behavior authentication server 40 transmits the authentication result of the behavior authentication process to the face authentication server 30 (step S108). The server control unit 43 of the behavior authentication server 40 transmits the authentication result of the behavior authentication process (user ID authentication success or authentication failure) to the face authentication server 30 via the NW communication unit 41 .

Next, in step S<b>109 , the face authentication server 30 transmits the authentication result including the user ID to the authentication terminal device 10 . When the authentication result of the face authentication process is successful, or when the authentication result of the action authentication process is successful, the server control unit 33 transmits the determined user ID to the authentication terminal device 10 via the NW communication unit 31. Send to In addition, when the authentication result of the face authentication process is unsuccessful, or when the authentication result of the action authentication process is unsuccessful, the server control unit 33 indicates that the authentication of the user U1 has failed (there is no corresponding user ID). The information shown is transmitted to the authentication terminal device 10 via the NW communication unit 31 .

After the processing of step S109, the authentication terminal device 10 executes various processing such as payment processing based on the received authentication result of the user U1.

Next, details of face authentication processing by the face authentication server 30 will be described with reference to FIG.
FIG. 7 is a flowchart showing an example of authentication processing of the face authentication server 30 according to this embodiment.

As shown in FIG. 7, the face authentication server 30 first receives the feature amount (user feature amount) of the face image of the user U1 and position information (step S201). The server control unit 33 of the face authentication server 30 receives the user feature amount and the position information of the camera 12 from the authentication terminal device 10 via the NW communication unit 31 .

Next, the face authentication processing unit 331 of the face authentication server 30 estimates the user U1 from the acquired feature amount (user feature amount) and the registration information (step S202). The face authentication processing unit 331 compares, for example, the user feature amount and the registered feature amount stored in the registered information storage unit 321 to calculate the degree of matching, and determines the user U1 based on the degree of matching. The face authentication processing unit 331 selects a user ID associated with the registered feature value having the highest degree of matching among the registered feature values stored in the registered information storage unit 321, and performs a usage corresponding to the selected user ID. The authentication terminal device 10 determines that the person is the user U1 whose face image is detected.

Note that the face authentication processing unit 331 determines that the determination of the user U1 is successful when the degree of matching when determining the user U1 is equal to or greater than a predetermined threshold value (equal to or greater than the first threshold value). If the degree is less than the first threshold and greater than or equal to the second threshold, it is determined that the determination of user U1 is uncertain. Here, the second threshold is a predetermined threshold smaller than the first threshold (first threshold>second threshold). In addition, when the degree of matching is less than the second threshold, the face authentication processing unit 331 determines that the determination of user U1 has failed (there is no corresponding person for user U1).

Next, the server control unit 33 determines whether or not the authentication result of the face authentication processing indicates that there is no applicable user (step S203). For example, the server control unit 33 determines whether or not there is a corresponding user based on whether or not the degree of matching is less than the second threshold. If the authentication result of the face authentication process indicates that there is no corresponding user (step S203: YES), the server control unit 33 advances the process to step S208. If the authentication result of the face authentication process does not determine that there is no corresponding user (step S203: NO), the server control unit 33 advances the process to step S204.

In step S204, the server control unit 33 determines whether or not the accuracy of authentication is sufficient. The server control unit 33 determines, for example, whether the accuracy of authentication is sufficient based on whether the degree of matching is equal to or greater than the first threshold. If the accuracy of authentication is sufficient (the matching degree is greater than or equal to the first threshold) (step S204: YES), the server control unit 33 advances the process to step S207. If the accuracy of authentication is insufficient (the degree of matching is less than the first threshold and equal to or greater than the second threshold) (step S204: NO), the server control unit 33 advances the process to step S205.

In step S<b>205 , the server control unit 33 transmits the user ID and location information to the action authentication server 40 . The server control unit 33, as shown in step S106 in FIG. , to the behavior authentication server 40 .

Next, the server control unit 33 receives the behavior authentication result from the behavior authentication server 40 (step S206). The server control unit 33 receives, via the NW communication unit 31, an authentication result of the action authentication process (user ID authentication success or authentication failure).

Next, in step S<b>207 , the server control unit 33 transmits the authentication result to the authentication terminal device 10 . When the authentication result of the face authentication process is successful, or when the authentication result of the action authentication process is successful, the server control unit 33 transmits the determined user ID to the authentication terminal device 10 via the NW communication unit 31. Send to In addition, when the authentication result of the face authentication process is unsuccessful, or when the authentication result of the action authentication process is unsuccessful, the server control unit 33 indicates that the authentication of the user U1 has failed (there is no corresponding user ID). The information shown is transmitted to the authentication terminal device 10 via the NW communication unit 31 . After the process of step S207, the server control unit 33 terminates the process.

Next, referring to FIG. 8, template information generation processing by the behavior authentication server 40 will be described.
FIG. 8 is a flowchart showing an example of processing for generating template information for behavior authentication according to the present embodiment.

As shown in FIG. 8, the behavior authentication processing unit 431 of the behavior authentication server 40 first acquires behavior information corresponding to the user ID (step S301). Here, the user ID is a user ID indicating the user U1 who generates the template information. The behavior authentication processing unit 431 acquires all behavior information corresponding to the user ID from the behavior information storage unit 421 .

Next, the action authentication processing unit 431 executes a time information fluctuation absorption process (step S302). The behavior authentication processing unit 431 expands the time information included in the behavior information to a predetermined range (a range obtained by rounding the time in units of one hour), for example, by rounding the time every hour, so that fluctuations in the time information Executes a process that absorbs

Next, the behavior authentication processing unit 431 executes fluctuation absorption processing of position information (step S303). The action authentication processing unit 431 expands the position information included in the action information to a predetermined range, for example, by converting it into a mesh code of 1 km square, and executes processing to absorb fluctuations in the position information. .

Next, the behavior authentication processing unit 431 generates template information (step S304). The behavior authentication processing unit 431 analyzes behavior information on which fluctuation absorption processing has been executed, extracts characteristic behavior cycle (behavior) patterns, and generates template information. In the template information, each element of the template information may be weighted in order to absorb differences in actions such as weekdays, holidays, and during travel.

Next, the behavior authentication processing unit 431 stores the generated template information in the template storage unit 422 (step S305). For example, as shown in FIG. 5, the behavior authentication processing unit 431 associates the user ID with the generated template information and stores them in the template storage unit 422 . After the process of step S305, the behavior authentication processing unit 431 ends the template information generation process.

Note that the behavior authentication processing unit 431 may execute the template information generation processing shown in FIG. 8, for example, periodically or in response to a generation request from the administrator of the authentication system 1 or the user U1. .

Next, details of behavior authentication processing by the behavior authentication server 40 will be described with reference to FIG. 9 .
FIG. 9 is a flowchart showing an example of authentication processing of the behavior authentication server 40 according to this embodiment.

As shown in FIG. 9, the behavior authentication server 40 first receives a user ID and location information (step S401). Here, the user U1 is the user indicated by the received user ID. The server control unit 43 of the behavior authentication server 40 receives the user ID and the position information of the camera 12 from the face authentication server 30 via the NW communication unit 41 .

Next, the behavior authentication processing unit 431 of the behavior authentication server 40 acquires behavior information corresponding to the user ID and position information (step S402). For example, the behavior authentication processing unit 431 selects, from among the behavior information for the received user ID stored in the behavior information storage unit 421, the most recent predetermined period (for example, 24 hours) related to the received position information. Action information (action information of user U1) is acquired. Here, the acquired action information for a predetermined period is referred to as acquired action information.

Next, the action authentication processing unit 431 compares the acquired action information (acquired action information) with template information corresponding to the user ID, and calculates a score (step S403). The behavior authentication processing unit 431 acquires template information corresponding to the user ID from the template storage unit 422 . The behavior authentication processing unit 431 compares the acquired template information and the acquired behavior information to calculate a score indicating the degree of matching. Note that the behavior authentication processing unit 431 may calculate a score by weighting each element of the template information in order to absorb fluctuations in the behavior of the user U1. In addition, in order to absorb fluctuations in the behavior of user U1, the behavior authentication processing unit 431 performs fluctuation absorption processing on the time information and position information included in the acquired behavior information in the same manner as the template information. You may calculate the score from

Next, the action authentication processing unit 431 determines authentication of the user U1 based on the score (step S404). The behavior authentication processing unit 431 determines that the user U1 indicated by the received user ID is valid (authentication of the user U1 is successful) when the score is equal to or greater than a predetermined threshold. Also, when the score is less than a predetermined threshold, the behavior authentication processing unit 431 determines that the user U1 indicated by the received user ID is not valid (authentication of the user U1 has failed).

Next, the server control unit 43 transmits the authentication result to the face authentication server 30 (step S405). The server control unit 43 transmits the authentication result of the behavior authentication process (user U1 authentication success or authentication failure) to the face authentication server 30 via the NW communication unit 41 . After the processing of step S405, the behavior authentication processing unit 431 ends the behavior authentication processing.

As described above, the authentication system 1 according to the present embodiment includes the camera 12 (biometric information detection unit), the face authentication processing unit 331 (biometric authentication processing unit), and the behavior authentication processing unit 431 (behavior authentication processing unit). , and a server control unit 33 (authentication control unit). Camera 12 detects a face image (biological information) from user U1. The face authentication processing unit 331 compares the feature amount of a registered face image (registered biometric information), which is a face image registered in advance, with the feature amount of the user's face image detected by the camera 12. A face authentication process (biometric authentication process) for authenticating the person U1 is executed. The behavior authentication processing unit 431 compares template information indicating characteristics of behavior habits of the user U1 generated based on the behavior information of the user U1 with the acquired behavior information of the user U1 during a predetermined period. Based on, action authentication processing for authenticating the user U1 is executed. The server control unit 33 authenticates the user U1 based on the authentication result of the face authentication process and the authentication result of the action authentication process.

Thereby, the authentication system 1 according to the present embodiment can increase the authentication rate (recognition rate) of the user U1 by combining the authentication result of the face authentication process and the authentication result of the action authentication process. In addition, since the behavior authentication process uses the behavior information of the user U1, the user U1 does not need to newly detect biometric information such as fingerprints and veins. Therefore, the authentication system 1 according to the present embodiment can improve convenience by using behavior authentication processing. Therefore, the authentication system 1 according to this embodiment can improve convenience while obtaining high authentication accuracy.

In addition, in the present embodiment, the face authentication processing unit 331 performs the User U1 is determined. The server control unit 33 uses the authentication result of the face authentication process for authentication of the user U1 when the face authentication processing unit 331 has successfully determined the user U1, and when the determination of the user U1 is uncertain. , the authentication result of the behavior authentication process is used for user authentication.

As a result, the authentication system 1 according to the present embodiment complementarily uses the behavior authentication process when the authentication result of the face authentication process (determination result of the user U1) is uncertain (uncertain), and the user Since U1 is authenticated, authentication accuracy (authentication rate) can be improved more efficiently.

Further, in the present embodiment, the face authentication processing unit 331 generates a degree of matching between the registered feature amount and the user feature amount, and when the degree of matching is equal to or greater than the first threshold, the user U1 uses the registered feature amount If the degree of matching is less than the first threshold and equal to or greater than the second threshold smaller than the first threshold, it is determined that the determination of user U1 is uncertain.

As a result, the authentication system 1 according to the present embodiment can more appropriately perform supplementary processing of authentication by behavior authentication processing by an easy and simple method of using the first threshold value and the second threshold value.

Further, in this embodiment, the behavior authentication processing unit 431 authenticates the user U1 based on comparison between the behavior information for the most recent predetermined period and the template information.
As a result, the authentication system 1 according to the present embodiment can more accurately authenticate the user U1 through the behavior authentication process by using the behavior information for the most recent predetermined period.

Further, in this embodiment, the action information and the template information include time information and position information. The behavior authentication processing unit 431 may authenticate the user U1 based on comparison between behavior information for a predetermined period corresponding to the position information of the camera 12 and template information corresponding to this predetermined period. . Here, the positional information of the camera 12 is the positional information where the biometric information of the user U1 is detected.

As a result, the authentication system 1 according to the present embodiment can use the action information of the past action in the vicinity of the position information as a comparison target by using the action information of the predetermined period corresponding to the position information of the camera 12. Therefore, the user U1 can be more accurately authenticated by the behavior authentication process.

The authentication system 1 according to the present embodiment also includes a template storage unit 422 that stores a user ID (user identification information) that identifies the user U1 and template information in association with each other. The behavior authentication processing unit 431 compares the template information corresponding to the designated user ID among the plurality of pieces of template information stored in the template storage unit 422 with the behavior information of the user U1. Authenticate U1.

As a result, the authentication system 1 according to the present embodiment can appropriately authenticate the user U1 by the behavior authentication process with a simple configuration using the template storage unit 422 .

The authentication system 1 according to the present embodiment also includes a mobile terminal (user mobile terminal 20) of the user U1 that acquires behavior information of the user U1.
As a result, the authentication system 1 according to the present embodiment can always acquire the behavior information of the user U1 using the mobile terminal of the user U1 (the user mobile terminal 20), so that the behavior authentication process can be performed more efficiently. Authentication can be performed with high accuracy. Further, since the user U1 can acquire the behavior information of the user U1 only by possessing the user portable terminal 20, the authentication system 1 according to the present embodiment can improve convenience. can.

Moreover, in this embodiment, the biometric information includes the face image of the user U1. Also, the biometric information detection unit is the camera 12 (imaging unit) that detects the face image of the user U1.
Accordingly, since the authentication system 1 according to the present embodiment uses the face image of the user U1, there is no need for the user U1 to input biometric information such as a fingerprint. Therefore, the authentication system 1 according to this embodiment can further improve convenience.

Further, in this embodiment, the template information includes time information and position information having a predetermined range. Also, the behavior authentication processing unit 431 may expand the time and position included in the behavior information of the user to a predetermined range and compare it with the template information.

As a result, the authentication system 1 according to the present embodiment expands the time information and the location information to a predetermined range, thereby absorbing fluctuations in the behavior of the user U1, thereby further improving convenience. can.

The authentication system 1 according to this embodiment also includes a behavior authentication processing unit 431 and a server control unit 33 . The behavior authentication processing unit 431 compares template information indicating characteristics of behavior habits of the user U1 generated based on the behavior information of the user U1 with the acquired behavior information of the user U1 during a predetermined period. Based on, action authentication processing for authenticating the user U1 is executed. The server control unit 33 authenticates the user U1 based on the authentication result of the action authentication process.

Accordingly, since the authentication system 1 according to the present embodiment uses the behavior information of the user U1, it is not necessary for the user U1 to newly detect biometric information such as fingerprints and veins. Therefore, the authentication system 1 according to the present embodiment can improve convenience by using behavior authentication processing.

Further, the authentication method according to this embodiment includes a face image detection step (biometric information detection step), a face authentication processing step (biometric authentication processing step), a behavior authentication processing step, and an authentication control step. In the face image detection step, camera 12 detects a face image from user U1. In the face authentication processing step, the face authentication processing unit 331 compares the feature amount of the registered face image, which is a face image registered in advance, with the feature amount of the face image of user U1 detected in the face image detection step. Based on, a face authentication process for authenticating the user U1 is executed. In the behavior authentication processing step, the behavior authentication processing unit 431 generates template information indicating characteristics of behavior habits of the user U1 generated based on the behavior information of the user U1, Based on the comparison with the behavior information of , a behavior authentication process for authenticating the user U1 is executed. In the authentication control step, the server control unit 33 performs user authentication based on the authentication result of the face authentication process and the authentication result of the action authentication process. The same effects as those of the authentication system 1 can be obtained, and convenience can be improved while obtaining high authentication accuracy.

[Second embodiment]
Next, an authentication system 1a according to a second embodiment will be described with reference to the drawings.
In this embodiment, a modification will be described in which the threshold value of face authentication processing is changed according to the authentication result of behavior authentication processing.

FIG. 10 is a schematic block diagram showing an example of an authentication system 1a according to the second embodiment.
As shown in FIG. 10, the authentication system 1a includes an authentication terminal device 10a, a user portable terminal 20a, a face authentication server 30a, and an action authentication server 40a.

The authentication system 1a according to this embodiment is a system that authenticates a user U1 when entering or leaving a company, for example. In the authentication system 1a, as the authentication process of the user U1, the action authentication process and the face authentication process are combined to execute the process of proving the legitimacy of the user U1.
In addition, in FIG. 10, the same components as in FIG. 1 described above are denoted by the same reference numerals, and descriptions thereof are omitted.

The authentication terminal device 10a is, for example, a terminal device such as a tablet terminal, and is connected to a gate for entry and exit.
The authentication terminal device 10a includes a NW communication unit 11, a camera 12, a terminal storage unit 13, and a terminal control unit 14a.

The terminal control unit 14a is, for example, a processor including a CPU, and controls the authentication terminal device 10a in a centralized manner. The terminal control unit 14a can be connected to the user portable terminal 20a via a wireless communication unit (not shown) such as Bluetooth (registered trademark), and uses the wireless communication unit (not shown) to communicate with the user portable terminal. The position information of the camera 12 is transmitted to 20a.

Further, the terminal control unit 14a extracts, for example, a feature amount (user feature amount) of the face image of the user U1 detected by the camera 12. FIG. The terminal control unit 14a transmits the feature amount (user feature amount) of the face image of the user U1 to the face authentication server 30a via the NW communication unit 11. FIG.
Further, the terminal control unit 14a executes processing such as permitting entry/exit based on the authentication result of the user U1 received from the face authentication server 30a via the NW communication unit 11, for example.

The user portable terminal 20a is a terminal device carried by the user U1, and is, for example, a mobile phone such as a smart phone, a tablet terminal, or the like. The user portable terminal 20a includes a NW communication section 21, an input section 22, a display section 23, a camera 24, a position detection section 25, a terminal storage section 26, and a terminal control section 27a.

The terminal control unit 27a is, for example, a processor including a CPU, and controls the user portable terminal 20a in an integrated manner. The terminal control unit 27a uses, for example, the NW communication unit 21, the input unit 22, the display unit 23, the camera 24, and the position detection unit 25 to collect behavior information of the user U1, and Behavior information is periodically transmitted to the behavior authentication server 40 via the NW communication unit 21 . Further, the terminal control unit 27a can be connected to the authentication terminal device 10a through a wireless communication unit (not shown) such as Bluetooth (registered trademark), and uses the wireless communication unit (not shown) to It receives the position information of the camera 12 from 10a.
The terminal control unit 27a also includes a behavior information processing unit 271a.

The behavior information processing unit 271a collects behavior information (observes the behavior of the user U1) for behavior authentication processing, and transmits the collected behavior information to the behavior authentication server 40a. The behavior information processing unit 271a stores the collected behavior information in the behavior information storage unit 261 as shown in FIG. 2 described above. In addition, the behavior information processing unit 271a periodically or in response to a request from the behavior authentication server 40a transmits the behavior information stored in the behavior information storage unit 261 to the behavior authentication server 40a via the NW communication unit 21. Send to

In addition, when the behavior information processing unit 271a receives the location information from the authentication terminal device 10a, for example, the user ID stored in the terminal storage unit 26 and the received location information are transmitted via the NW communication unit 21. , to the behavior authentication server 40a.

The behavior authentication server 40a is, for example, a server device, and executes behavior authentication processing. The behavior authentication server 40a includes a NW communication unit 41, a server storage unit 42, and a server control unit 43a.

The server control unit 43a is, for example, a processor including a CPU, and controls the behavior authentication server 40a in an integrated manner. The server control unit 43a executes behavior authentication processing.
The server control unit 43 a also includes a behavior authentication processing unit 431 . The server control unit 43a uses the user ID and the position information of the camera 12 received from the user portable terminal 20a via the NW communication unit 41, for example, to cause the behavior authentication processing unit 431a to perform the behavior authentication process. The server control unit 43a also transmits the authentication result of the behavior authentication process and the user ID to the face authentication server 30a via the NW communication unit 41. FIG.

The behavior authentication processing unit 431a performs behavior authentication processing for authenticating the user U1 based on a comparison between the template information and the acquired behavior information of the user for a predetermined period. The behavior authentication processing unit 431 compares, for example, template information corresponding to the designated user ID among a plurality of pieces of template information stored in the template storage unit 422 with behavior information of the user U1 during a predetermined period. to authenticate the user U1. Since the action authentication processing by the action authentication processing unit 431a is the same as that of the first embodiment described above, the explanation thereof is omitted here.

Note that the behavior authentication processing unit 431a outputs the authentication result of the behavior authentication process including the score described above. Based on the score, the behavior authentication processing unit 431a estimates the current situation of the user U1 such as “at work”, “traveling”, etc., and transmits information indicating the current situation to the behavior authentication process. May be included in the authentication result.

The face authentication server 30a is, for example, a server device, and executes face authentication processing (an example of biometric authentication processing). The face authentication server 30a includes a NW communication section 31, a server storage section 32, and a server control section 33a.

The server control unit 33a (an example of an authentication control unit) is, for example, a processor including a CPU, and controls the face authentication server 30a in an integrated manner. The server control unit 33a executes face authentication processing and, for example, authenticates the user U1 based on the authentication result of the face authentication processing and the authentication result of the action authentication processing. For example, the server control unit 33a changes a predetermined threshold value for face authentication processing according to the authentication result of the behavior authentication processing, causes the face authentication processing unit 331a to perform the face authentication processing, and Authentication of user U1 is performed based on.

For example, the server control unit 33a changes the threshold used in the face authentication process to a lower value as the score of the authentication result of the action authentication process increases, and changes the threshold value used in the face authentication process to a higher value as the score decreases. Further, when the score is high (for example, when the score is equal to or higher than a predetermined third threshold value), the server control unit 33a does not perform the face authentication process, and directly uses the authentication result of the behavior authentication process as the authentication result of the user U1. may be
The server control unit 33a also includes a face authentication processing unit 331a.

The face authentication processing unit 331a (an example of a biometric authentication processing unit) performs face authentication processing (biometric authentication processing) for authenticating the user U1 based on a comparison between a registered feature amount registered in advance and a user feature amount. to run. In the face authentication process, the face authentication processing unit 331a allows the user U1 to use the feature corresponding to the feature of the registered face image when the degree of matching between the registered feature and the user feature is equal to or greater than a predetermined threshold. person.

The face authentication processing unit 331a acquires the registered feature amount corresponding to the received user ID from the registration information storage unit 321, and determines the matching degree between the acquired registered feature amount and the user feature amount received from the authentication terminal device 10a. Calculate The face authentication processing unit 331a determines that the user U1 is valid when the degree of matching is equal to or greater than a predetermined threshold. Here, the predetermined threshold is a threshold for face authentication, and is changed according to the authentication result (score) of the behavior authentication process described above.

Next, the operation of the authentication system 1a according to this embodiment will be described with reference to the drawings.
FIG. 11 is a diagram showing an example of authentication processing of the authentication system 1a according to this embodiment.
As shown in FIG. 11, the authentication terminal device 10a first transmits location information to the user portable terminal 20a (step S501). The terminal control unit 14a of the authentication terminal device 10a transmits position information of the camera 12 to the user portable terminal 20a using a wireless communication unit (not shown).

Next, the user portable terminal 20a transmits the user ID and location information to the behavior authentication server 40a (step S502). The behavior information processing unit 271a of the user portable terminal 20a transmits, for example, the user ID stored in the terminal storage unit 26 and the location information received from the authentication terminal device 10a to the behavior authentication server via the NW communication unit 21. 40a.

Next, the behavior authentication server 40a executes behavior authentication processing (step S503). The action authentication processing unit 431a of the action authentication server 40a uses the user ID and the position information received from the user portable terminal 20a and the information stored in the action information storage unit 421 and the template storage unit 422 to generate a user ID. authenticate the user U1 corresponding to . Here, the action authentication processing unit 431a determines the legitimacy of the user U1 corresponding to the user ID by action authentication processing. The behavior authentication processing unit 431a outputs a score, which is the degree of matching obtained by comparing the acquired behavior information and the template information corresponding to the user ID, as the authentication result.

Next, the behavior authentication server 40a transmits the user ID and authentication result to the face authentication server 30a (step S504). The server control unit 43a of the behavior authentication server 40a transmits the authentication result including the score and the user ID to the face authentication server 30a via the NW communication unit 41. FIG.

Next, the face authentication server 30a changes the threshold for face authentication according to the action authentication result (step S505). The server control unit 33a of the face authentication server 30a changes the threshold for face authentication according to the received score of behavior authentication.

On the other hand, the authentication terminal device 10a acquires a face image (step S506). The camera 12 of the authentication terminal device 10a detects the face image of the user U1, and the terminal control unit 14a acquires the face image from the camera 12. FIG.

Next, the authentication terminal device 10a extracts feature amounts from the face image (step S507). The terminal control unit 14a of the authentication terminal device 10a extracts a feature amount (user feature amount) from the face image of the user U1 detected by the camera 12. FIG.

Next, the authentication terminal device 10a transmits the feature amount to the face authentication server 30a (step S508). The terminal control unit 14a transmits the extracted feature amount (user feature amount) of the face image of the user U1 to the face authentication server 30a via the NW communication unit 11. FIG.

Next, the face authentication server 30a executes face authentication processing (step S509). The face authentication processing unit 331a of the face authentication server 30a executes face authentication processing using the changed threshold for face authentication. Here, the face authentication server 30a acquires the registered feature amount corresponding to the user ID from the registration information storage unit 321, and the degree of matching between the registered feature amount and the user feature amount received from the authentication terminal device 10a is , the legitimacy of the user U1 of the user ID is determined (user determination) according to whether or not it is equal to or greater than the threshold value for face authentication.

Next, the face authentication server 30a transmits the user authentication result to the authentication terminal device 10a (step S510). The server control unit 33a transmits information indicating that the authentication of the user U1 is successful or information indicating that the authentication of the user U1 is unsuccessful as the user authentication result via the NW communication unit 31. It is transmitted to the authentication terminal device 10a.

After the process of step S510, the authentication terminal device 10a executes various processes such as permission to enter/exit based on the received authentication result of the user U1.

Next, with reference to FIG. 12, authentication processing of the face authentication server 30a according to this embodiment will be described.
FIG. 12 is a flowchart showing an example of authentication processing of the face authentication server 30a according to this embodiment.

As shown in FIG. 12, the server control unit 33a of the face authentication server 30a first receives the user ID and the behavior authentication result (step S601). The server control unit 33a receives the user ID and the behavior authentication result from the behavior authentication server 40a via the NW communication unit 31 . Note that the behavior authentication result includes the score or the current situation of the user U1, such as "at work" or "traveling".

Next, the server control unit 33a changes the threshold for face authentication according to the action authentication result (step S602). For example, the server control unit 33a classifies the score into “low level”, “middle level”, and “high level”, and when the score is “low level”, changes the face authentication threshold to the highest, is "high level", the threshold for face authentication is changed to the lowest value (for example, "0"). Further, the server control unit 33a changes the threshold value for face authentication to a normal value when the score is "middle level". Note that the case where the threshold for face authentication is “0” corresponds to, for example, the case where face authentication processing is not executed.

In addition, when the action authentication result includes "at work", "travel", etc., the server control unit 33a sets the threshold for face authentication to "at work" and "travel". It may be changed to a predetermined threshold value.

Next, the server control unit 33a receives the feature amount from the authentication terminal device 10a (step S603). The server control unit 33 a receives the feature amount (user feature amount) of the face image of the user U<b>1 detected by the camera 12 via the NW communication unit 31 .

Next, the face authentication processing unit 331a performs face authentication processing on the user ID from the acquired feature amount (user feature amount) and the registered feature amount (step S604). The face authentication processing unit 331a acquires the registered feature amount corresponding to the user ID from the registered information storage unit 321, and the degree of matching between the user feature amount and the registered feature amount is equal to or greater than the changed face authentication threshold. The legitimacy of the user U1 of the user ID is determined according to whether or not. For example, the face authentication processing unit 331a determines that the authentication of the user U1 is successful when the degree of matching is equal to or greater than the threshold for face authentication, and determines that the user U1 is successfully authenticated when the degree of matching is less than the threshold for face authentication. authentication failure.

Next, the server control unit 33a transmits the authentication result to the authentication terminal device 10a (step S605). The server control unit 33a transmits, via the NW communication unit 31, an authentication result indicating that the authentication of the user U1 has succeeded or that the authentication of the user U1 has failed to the authentication terminal device 10a. After the processing of step S605, the server control unit 33a terminates the processing.

As described above, the authentication system 1a according to this embodiment includes the face authentication processing section 331a, the behavior authentication processing section 431a, and the server control section 33a. In face authentication processing, the face authentication processing unit 331a determines that the degree of matching between the feature amount of the registered face image and the feature amount of the face image of user U1 (user feature amount) is equal to or greater than a predetermined threshold (for example, the threshold), it is determined that the user U1 is the user corresponding to the feature amount of the registered face image. The server control unit 33a changes the predetermined threshold according to the authentication result of the action authentication processing by the action authentication processing unit 431a, and causes the face authentication processing unit 331a to perform face authentication processing. The server control unit 33a authenticates the user U1 based on the authentication result of the face authentication process.

As a result, the authentication system 1a according to the present embodiment changes a predetermined threshold value or more (for example, a threshold value or more for face authentication) according to the authentication result of the behavior authentication process, executes the face authentication process, and allows the user Since the authentication of U1 is executed, it is possible to efficiently authenticate the user U1 while improving the authentication accuracy (authentication rate).

Note that the present disclosure is not limited to the above-described embodiments, and can be modified without departing from the scope of the present disclosure.
For example, in each of the above-described embodiments, the example of using 24-hour action information as the action information for a predetermined period has been described, but the present invention is not limited to this. It may be a period.

Also, in each of the above-described embodiments, an example has been described in which biometric information is a face image and biometric authentication processing is face authentication processing, but the present invention is not limited to this. Other biometric information such as fingerprints, veins, voice, iris, etc. may be used as the biometric information.

Further, in each of the above-described embodiments, the face authentication server 30 (30a) and the behavior authentication server 40 (40a) have been described as separate server devices. The authentication server 30 (30a) and the behavior authentication server 40 (40a) may be composed of one server device.

Further, in each of the above-described embodiments, an example using the server control unit 33 (33a) included in the face authentication server 30 (30a) has been described as an example of the authentication control unit, but the present invention is not limited to this. For example, the behavior authentication server 40 (40a) or the authentication terminal device 10 (10a) may have the function of the authentication control unit. In addition, an authentication controller having the function of an authentication control unit may be provided separately from the face authentication server 30 (30a) and the behavior authentication server 40 (40a).

Also, in each of the above-described embodiments, an example in which position information of the camera 12 is used for user U1 authentication processing has been described, but the present invention is not limited to this. For example, based on the location information of the user portable terminal 20 (20a) and the location information of the camera 12, the authentication of the user U1 may be complemented. That is, the authentication system 1 (1a) uses the position information of the user portable terminal 20 (20a) and the position information of the camera 12 to place the user portable terminal 20 (20a) in the vicinity of the installation position of the camera 12. User U1 authentication processing may be added depending on whether or not exists. Further, the authentication system 1 (1a) may be implemented in combination with, for example, authentication of the user U1 using a password and a user ID (user ID).

Further, in each of the above embodiments, the authentication terminal device 10 (10a) extracts the feature amount of the face image and transmits the feature amount to the face authentication server 30 (30a). not something. For example, the authentication terminal device 10 (10a) may transmit a face image to the face authentication server 30 (30a), and the face authentication server 30 (30a) may extract the feature amount of the face image.

In each of the above-described embodiments, an example in which the behavior information storage unit 261 stores behavior information has been described, but the present invention is not limited to this. of detectable information may be stored. Here, the information that can be detected by the user mobile terminal 20 (20a) includes, for example, position information, terminal operation/usage history, radio wave information, IP address, sensor detection information such as an acceleration sensor, and the like. In this case, the user portable terminal 20 (20a) temporarily stores these pieces of detectable information in the behavior information storage unit 261 instead of "behavior information", and periodically stores them in the behavior authentication server 40 (40a). ). Then, the behavior authentication server 40 (40a) estimates and holds behavior information, which is behavior content, from these pieces of detectable information. That is, the behavior information is not retained by the user portable terminal 20 (20a) but is entirely retained by the behavior authentication server 40 (40a), 40a) and both are possible.

Also, in the above-described second embodiment, the authentication system 1a includes the authentication device 10a and the user portable terminal 20a as independent devices, but the present invention is not limited to this. For example, the user portable terminal 20a may have the functions of the authentication device 10a. Further, in this case, the authentication system 1a may be applied to, for example, online authentication of an EC (Electronic Commerce) site, in addition to authentication of the user U1 when entering or leaving a company as described above.

Each component included in the authentication system 1 (1a) described above has a computer system inside. Then, a program for realizing the function of each configuration included in the authentication system 1 (1a) described above is recorded in a computer-readable recording medium, and the program recorded in this recording medium is read by the computer system and executed. By doing so, the processing in each configuration included in the above-described authentication system 1 (1a) may be performed. Here, "loading and executing the program recorded on the recording medium into the computer system" includes installing the program in the computer system. The "computer system" here includes an OS and hardware such as peripheral devices.

A "computer system" may also include a plurality of computer devices connected via a network including communication lines such as the Internet, WAN, LAN, and dedicated lines. The term "computer-readable recording medium" refers to portable media such as flexible discs, magneto-optical discs, ROMs and CD-ROMs, and storage devices such as hard discs incorporated in computer systems. Thus, the recording medium storing the program may be a non-transitory recording medium such as a CD-ROM.

Recording media also include internal or external recording media accessible from the distribution server for distributing the program. It should be noted that the program may be divided into a plurality of programs, and after each of them is downloaded at different timings, they may be united in each configuration provided in the authentication system 1 (1a), or the distribution servers that distribute each of the divided programs may be different. . Furthermore, "computer-readable recording medium" is a volatile memory (RAM) inside a computer system that acts as a server or client when the program is transmitted via a network, and retains the program for a certain period of time. It shall also include things. Further, the program may be for realizing part of the functions described above. Further, it may be a so-called difference file (difference program) that can realize the above functions by combining with a program already recorded in the computer system.

1, 1a... authentication system, 10, 10a... authentication terminal device, 11, 21, 31, 41... NW communication unit, 12, 24... camera, 13, 26... terminal storage unit, 14, 14a, 27, 27a... terminal Control unit 20, 20a User portable terminal 22 Input unit 23, 15 Display unit 25 Position detection unit 30, 30a Face authentication server 32, 42 Server storage unit 33, 33a, 43, 43a... Server control unit 40, 40a... Action authentication server 261... Action information storage unit 271, 271a... Action information processing unit 321... Registration information storage unit 331, 331a... Face authentication processing unit 421... Action information storage unit, 431, 431a... action authentication processing unit, NW1... network, U1... user

Claims (13)

Execute biometric authentication processing for authenticating the user based on a comparison between the feature amount of the registered biometric information, which is biometric information registered in advance, and the feature amount of the biometric information of the user detected from the user. a biometric authentication processing unit that
Based on a comparison between template information indicating characteristics of behavioral habits of the user generated based on the behavioral information of the user and the behavioral information of the user acquired for a predetermined period, the user is identified. a behavior authentication processing unit that executes behavior authentication processing for authentication;
An authentication system comprising: an authentication control unit that authenticates the user based on an authentication result of the biometric authentication process and an authentication result of the behavior authentication process. The authentication system according to claim 1, further comprising a biometric information detection unit that detects the biometric information of the user. The biometric authentication processing unit is
determining the user based on the degree of matching between the feature amount of the registered biometric information and the feature amount of the biometric information of the user;
The authentication control unit is
When the biometric authentication processing unit succeeds in determining the user, using the authentication result of the biometric authentication process for authentication of the user,
3. The authentication system according to claim 1, wherein an authentication result of the behavior authentication process is used for authentication of the user when determination of the user is uncertain. The biometric authentication processing unit is
The degree of matching is generated, and if the degree of matching is equal to or greater than a first threshold, the user is determined to be a user corresponding to the feature amount of the registered biometric information, and the degree of matching is the first threshold. 4. The authentication system according to claim 3, wherein the determination of the user is determined to be uncertain if the threshold is less than the first threshold and is equal to or greater than a second threshold that is smaller than the first threshold. The biometric authentication processing unit
In the biometric authentication process, if the degree of matching between the feature amount of the registered biometric information and the feature amount of the biometric information of the user is equal to or greater than a predetermined threshold, the user is identified as the feature amount of the registered biometric information. determined to be the corresponding user,
The authentication control unit is
According to the authentication result of the behavior authentication process, the predetermined threshold is changed, the biometric authentication processing unit is caused to execute the biometric authentication process, and based on the authentication result of the biometric authentication process, the user's 3. An authentication system according to claim 1 or 2, for performing authentication. The action information and the template information include time information and location information,
The behavior authentication processing unit compares the behavior information of the predetermined period corresponding to the position information where the biometric information of the user is detected and the template information corresponding to the predetermined period, based on the The authentication system according to any one of claims 1 to 5, which authenticates a user. 6. The behavior authentication processing unit according to any one of claims 1 to 5, wherein the behavior authentication processing unit authenticates the user based on a comparison between the behavior information for the most recent predetermined period and the template information. Authentication system. a template storage unit that associates and stores user identification information for identifying the user and the template information;
The behavior authentication processing unit compares the template information corresponding to the specified user identification information among the plurality of template information stored in the template storage unit with the behavior information of the user. The authentication system according to any one of claims 1 to 7, wherein a user is authenticated by The authentication system according to any one of claims 1 to 8, comprising a mobile terminal of the user that acquires the behavior information of the user. The authentication system according to any one of claims 1 to 9, wherein the biometric information includes a face image of the user detected by an imaging unit. Authenticating a user based on a comparison between template information indicating behavioral habit characteristics of the user generated based on the user's behavior information and the acquired behavior information of the user for a predetermined period a behavior authentication processing unit that executes behavior authentication processing for
An authentication system comprising: an authentication control unit that authenticates the user based on an authentication result of the behavior authentication process. the template information includes time information and position information having a predetermined range;
12. The behavior authentication processing unit according to any one of claims 1 to 11, wherein the time and position included in the behavior information of the user are expanded to the predetermined range and compared with the template information. Authentication system. A biometric authentication processing unit authenticates the user based on a comparison between a feature amount of registered biometric information, which is biometric information registered in advance, and a feature amount of biometric information of the user detected from the user. A biometric authentication processing step for performing biometric authentication processing to
A behavior authentication processing unit compares template information indicating characteristics of behavior habits of the user generated based on the behavior information of the user with the acquired behavior information of the user for a predetermined period of time. a behavior authentication processing step for executing behavior authentication processing for authenticating a user based on;
An authentication control step in which an authentication control unit authenticates the user based on an authentication result of the biometric authentication process and an authentication result of the behavior authentication process.

Images