JP4267307B2 - Personal authentication method and system, and personal authentication program - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
  The present invention relates to a personal authentication method, an apparatus thereof, and a system thereof that authenticate whether or not the person is the person based on, for example, biometric information (biometric information) of the person to be authenticated.
[0002]
[Prior art]
  Conventionally, a personal authentication system that uses an iris, a retina, a fingerprint, or a voiceprint as biometric information has been proposed.
[0003]
  In such a personal authentication system, it is determined whether or not the person is the person by comparing whether or not the biometric information matches the person pattern registered in advance.
[0004]
  In order to acquire the biometric information, an image scanner (or a digital camera) is required for the iris or retina, a fingerprint scanner for the fingerprint, and a microphone for the voiceprint. For this reason, it is necessary to add hardware for personal authentication. As a result, the cost is increased, and the user tends to be avoided from the cost.
[0005]
  As a personal authentication system that facilitates this adoption and uses biometric information, the characters displayed on the screen are clicked with the mouse, one of the coordinate input means, and the password is entered. There has been proposed a method of using timing learning (biometrics) for personal authentication (see, for example, Patent Document 1).
[0006]
[Patent Document 1]
          Japanese Patent Laid-Open No. 2002-32142.
[0007]
[Problems to be solved by the invention]
  However, in order to input characters with a mouse, it takes labor to search for characters until it gets used to, which is troublesome for the user.
  In addition, it takes time to search for each character until the character array is remembered, and the mouse is often moved in an unnecessary direction while searching. In practice, authentication is difficult only after the character array is remembered. There was also a problem.
[0008]
  The present invention relates to a personal authentication method and apparatus, system, and personal authentication method in which the accuracy of authentication is not affected by the user's habituation and experience after using coordinate input means normally provided in computers such as personal computers and portable information terminals. An object is to provide an authentication program and a recording medium.
[0009]
[Means for Solving the Problems]
  This invention,Personal authentication method for authenticating an individual based on registered personal feature information of the person to be authenticated stored in the storage meansIn lawAn input person having a characteristic component characteristic for each predetermined frequency by causing the person to be authenticated to input an input figure using coordinate input means, performing frequency analysis processing on the input wave as an input wave with respect to a reference axis A personal authentication method for calculating feature information, comparing the input personal feature information and the registered personal feature information in an authentication process, and authenticating a person to be authenticatedThe frequency analysis processing includes generating a moving wave obtained by moving the input wave by a predetermined amount in a predetermined direction of the reference axis, and multiplying the moving wave and the input wave to generate an individual frequency feature wave. The individual frequency feature wave is integrated to calculate a personal feature value, the personal feature value is calculated for a plurality of moving waves having different movement distances, and the plurality of personal feature values are enumerated as a list. Configure input personal feature information
Personal authentication methodIt is characterized by being.
[0010]
  The present invention also provides a personal authentication device for authenticating an individual based on registered personal characteristic information of an authentication subject stored in a storage means, a coordinate input means for allowing the authentication subject to input an input figure, and the input figure. Frequency analysis processing for calculating input personal feature information having a characteristic component characteristic for each predetermined frequency based on the input wave as an input wave with respect to a reference axis, and comparing the input personal feature information with the registered personal feature information Control means for performing authentication processing for authenticating a person to be authenticated, the frequency analysis processing generates a moving wave by moving the input wave by a predetermined amount in a predetermined direction of the reference axis, and the moving wave and the An individual wave feature wave is generated by multiplying with the input wave, the individual frequency feature wave is integrated to calculate an individual feature value, and the individual feature value is applied to a plurality of moving waves having different movement distances. Calculated, Characterized in that Le is a personal authentication apparatus that is set in the process of forming the input personal feature information by enumeration of a plurality of individual feature values by.
[0011]
  The storage means includes a device capable of storing information (data) such as a hard disk, a flash memory, or an MO (Magneto Optical disk).
[0012]
  The coordinate input means includes a pointing device such as a mouse, a three-dimensional mouse, a trackball, a trackpad, a tablet, or a touch panel.
[0013]
  The input figure is a handwritten straight line diagram drawn by a user to draw a straight line such as a horizontal line, vertical line or diagonal line, a handwritten curve diagram drawn by a user to draw a curve such as an arc or a wave shape, or the above Including a handwritten line diagram drawn by a user trying to draw a predetermined figure, such as a handwritten line diagram or / and a handwritten multiline diagram in which a plurality of the handwritten curve diagrams are drawn. In order to obtain an input wave with respect to the reference axis, a handwritten line diagram is desirable, and a handwritten horizontal diagram or handwritten vertical diagram is desirable because it is easy to calculate.
[0014]
  The reference axis includes a linear axis such as a horizontal axis, a vertical axis, and an oblique axis.
[0015]
  The input wave includes a waveform that looks like a wave drawn by a user..
[0016]
  in frontThe characteristic component feature includes the individual frequency feature wave or the individual feature value.
  The input personal feature information includes a plurality of individual frequency feature waves or a plurality of personal feature values.
[0017]
  The registered personal characteristic information has a predetermined value or a predetermined width, such as an average value obtained by sampling the input personal characteristic information a plurality of times, or a standard deviation indicating an allowable error with respect to the average value and the average value. Including composing with values.
[0018]
  The authentication process includes a process of comparing the input personal characteristic information and the registered personal characteristic information and determining whether or not the person is the person based on the comparison result.
[0019]
  The frequency analysis process and the authentication process include execution by a control unit such as a CPU (Central Processing Unit) or an MPU (Micro Processing Unit).
[0020]
  With the above configuration, personal authentication based on ecological information can be provided at a low price by using coordinate input means such as a mouse normally provided in a personal computer or the like. In addition, since the person to be authenticated authenticates whether or not he / she is based on the input figure entered by the coordinate input means, high-accuracy authentication can be performed easily and easily without giving the person to be authenticated a sense of refrain from using fingerprints. Can be executed.
[0021]
  in frontThe individual feature value includes a value obtained by integrating the individual frequency feature wave.
  The enumeration of the individual feature values includes an enumeration in a descending order of the movement distance, or an enumeration in the descending order of the movement distance.
[0022]
  With the above-described configuration, it is possible to perform convolution integration on an input wave with the reference axis as a time axis, and it is possible to acquire an input feature by performing frequency analysis on an input wave that is an input figure of the person to be authenticated. Further, since authentication is performed using input personal feature information composed of a list of personal feature values, the amount of data to be compared can be suppressed to a necessary minimum and whether or not the user is the person can be authenticated at high speed.
[0023]
  The present invention includes a management server including the storage unit and a server control unit that executes a predetermined process, and an operation terminal including the coordinate input unit and a terminal control unit that executes a predetermined process. The frequency analysis process is set to be executed by the server control means or the terminal control means, the authentication process is set to be executed by the server control means or the terminal control means, and the personal authentication method is performed. It can be a personal authentication system to be executed.
[0024]
  Thereby, the registered personal characteristic information necessary for personal authentication can be centrally managed by the management server. Further, even when any one of the plurality of operation terminals constituting the personal authentication system is used, authentication can be performed using the same authentication method and the same authentication standard.
[0025]
  The present invention also relates to a personal authentication program for authenticating an individual based on registered personal characteristic information of an authentication target person read from a storage means, the input processing for causing the authentication target person to input an input figure using coordinate input means, and the input A frequency analysis process for calculating input personal feature information having a characteristic component characteristic for each predetermined frequency based on the input wave as a wave with respect to a reference axis as a figure, and comparing the input personal feature information with the registered personal feature information Set the authentication process to authenticate the person to be authenticated.The frequency analysis process generates a moving wave obtained by moving the input wave by a predetermined amount in a predetermined direction of the reference axis, and multiplies the moving wave and the input wave to generate an individual frequency feature wave. An individual feature value is calculated by integrating the individual frequency feature wave, the individual feature value is calculated for a plurality of movement waves having different movement distances, and the input is made up of a plurality of individual feature values arranged in this way. Set to process that constitutes personal characteristic informationIt can be a personal authentication program.
[0026]
  Thereby, personal authentication can be executed by a device such as a personal computer or a personal digital assistant installed with the personal authentication program. When the personal authentication program is installed on the server, the personal authentication can be used for confirming the access right to the server thereafter. The portable information terminal includes a PDA (Personal Digital Assistance) equipped with a pen touch input device capable of handwriting input of characters.
[0027]
  further,A device with a personal authentication program installed that can perform convolution integration on the input wave with the reference axis as the time axis, and obtain input features by frequency analysis of the input wave that is the input figure of the person to be authenticated Can do.
[0028]
  The present invention can also be a recording medium storing the personal authentication program.
  The recording medium includes a recording medium capable of storing a program such as a CD-ROM, a flexible disk, an MO disk, a hard disk, or a nonvolatile memory.
[0029]
  With the above configuration, the personal authentication program can be read directly from the recording medium and executed, or the personal authentication program can be copied from the recording medium to a device such as a personal computer or a portable information terminal and executed.
[0030]
【The invention's effect】
  According to the present invention, the person to be authenticated can be personally authenticated by a simple operation of inputting a figure with the coordinate input means. Thereby, it is possible to provide biometric authentication (authentication based on biometric information) at a low cost and with high accuracy to companies, organizations, and individuals that are considering security enhancement. In addition, it is possible to expand the purchasing layer to the user reserve army, which has been hesitant to introduce, with a large investment amount in terms of facilities, thereby expanding the biometrics authentication market.
[0031]
DETAILED DESCRIPTION OF THE INVENTION
  An embodiment of the present invention will be described below with reference to the drawings.
  First, the configuration of the personal authentication system 1 will be described together with the system configuration diagram of the personal authentication system 1 shown in FIG.
[0032]
  The personal authentication system 1 connects a management server 10 having an authentication database (authentication DB) 21 and a plurality of operation terminals 30 to be operated by an authentication target person via a LAN cable 2 via a hub (not shown). This makes it possible to build an intranet within a company.
[0033]
  The management server 10 includes a main body 11 equipped with a CD-ROM drive 17, a monitor (display means) 14 connected to the main body 11, a keyboard 15, a mouse 16, and a hard disk 20 (described later) storing an authentication database 21. It has.
[0034]
  As shown in the data explanatory diagram of FIG. 2, the authentication database 21 stores authentication reference data for authenticating the person to be authenticated.
[0035]
  The certification standard data is
    ID: An authentication code consisting of alphanumeric characters assigned to the person to be authenticated for access right setting
    Password: A password consisting of any alphanumeric characters determined by the person to be authenticated
    Name: Name of the person to be authenticated
    Authentication prohibition flag: Flag indicating whether authentication is prohibited
    Average for each frequency: Average feature value at a given frequency. Here, frequency refers to a horizontal handwritten straight line (blurred in the vertical direction) input with a mouse as described later as an input wave composed of waves with different frequencies, and the frequency component present in this input wave. This is the frequency that serves as a reference for extracting. The feature value is a numerical value indicating the feature of the person to be authenticated that appears in the frequency component, and the average value is an average value of the feature values by a plurality of sampled handwritten straight lines (handwritten lines).
[0036]
    Upper limit for each frequency: Upper limit of certification range based on standard deviation at a given frequency
    Lower limit for each frequency: Lower limit of the authentication range based on the standard deviation at a given frequency
Consists of. Here, the range from the upper limit for each frequency to the lower limit for each frequency is an authentication allowable range for authenticating the person to be authenticated as the person.
[0037]
  The operation terminal 30 shown in FIG. 1 includes a main body 31 on which a CD-ROM drive 37 is mounted, a monitor (display means) 34 connected to the main body 31, a keyboard 35, and a mouse 36 used for personal authentication. ing.
[0038]
  Each program included in the software package 50 shown in the perspective view of FIG. 3 is already installed in the management server 10 and the operation terminal 30 as software necessary for the personal authentication system 1.
[0039]
  The software package 50 stores a server installation CD-ROM 51, a server administrator technical manual 52, a terminal installation CD-ROM 53, a terminal user manual 54, and a user registration card 55 in a packaging case 56. It is composed.
[0040]
  The server installation CD-ROM 51 records a server installation program for installing an authentication database, a feature calculation program, a comparison authentication program, a reference registration program, and a reference data creation program.
[0041]
  The terminal installation CD-ROM 53 records a terminal installation program for installing a diagram acquisition program and an authentication request program.
[0042]
  With the system configuration described above, the management server 10 performs registration and management of the authentication reference data in the authentication database 21, and allows the user (authentication target person) who operates the operation terminal 30 to execute handwriting input with the mouse 36. It is possible to authenticate whether or not the person is himself.
[0043]
  Next, a circuit configuration of the management server 10 will be described together with a block diagram showing a control circuit of the management server 10 in FIG.
[0044]
  The management server 10 includes a control device 13 composed of a CPU, a ROM, and a RAM, and the following devices are connected to the control device 13 via an I / O interface 12.
[0045]
  The monitor 14 displays images such as characters, figures and symbols in accordance with the RGB signals received from the control device 13. This image includes a maintenance screen for maintaining the authentication database 21 and a screen for the system administrator to issue an ID to the person to be authenticated.
[0046]
  The keyboard 15 is a device that allows a person to be authenticated to input alphabets, numbers, and symbols, and transmits an input key signal to the control device 13 as an input signal. When issuing an ID to a person to be authenticated, input of personal information necessary for authentication standard data such as an ID, a password, and a name is permitted.
[0047]
  The mouse 16 is a pointing device for a server administrator or an authentication target person to transmit a command to the control device 13 and transmits a coordinate signal and a click signal to the control device 13 as input signals.
[0048]
  The CD-ROM drive 17 reads data such as a server installation program recorded on the CD-ROM, and transmits this read signal to the control device 13.
[0049]
  The LAN board 19 is a communication device for communicating with the operation terminal 30, communicates with the operation terminal 30 in accordance with a communication signal received from the control device 13, and uses the data received from the operation terminal 30 as a communication signal. Send to.
[0050]
  The hard disk 20 stores an authentication database 21, a feature calculation program (PG) 22, a comparison authentication program 23, a reference registration program 24, and a reference data creation program 25 installed by the server installation program described above. Data update (including update and installation of authentication reference data) is executed in accordance with the write signal received from, and necessary data is transmitted to the control device 13 as a read signal.
[0051]
  With the above circuit configuration, the management server 10 can perform maintenance of the authentication database 21 and issue an ID to the person to be authenticated, communicate with the operation terminal 30 to register the personal feature value of the person to be authenticated, etc. It can be authenticated.
[0052]
  Next, a circuit configuration of the operation terminal 30 will be described together with a block diagram showing a control circuit of the operation terminal 30 in FIG.
[0053]
  The operation terminal 30 includes a control device 33 constituted by a CPU, a ROM, and a RAM, and the following devices are connected to the control device 33 via an I / O interface 32.
[0054]
  The monitor 34 displays images such as characters, figures and symbols in accordance with the RGB signals received from the control device 33. In this image, an ID and password input screen for identifying the person to be authenticated, a handwriting straight line input screen for allowing the person to be authenticated to input a handwritten straight line for authentication, and a registration screen for registering authentication reference data of the person to be authenticated Includes screens necessary for personal authentication.
[0055]
  The keyboard 35 is a device that allows the person to be authenticated to input alphabets, numbers, and symbols, and transmits the input key signal to the control device 33 as an input signal. At the time of registration of authentication standard data and at the time of personal authentication, authentication standard data such as ID and password or input necessary for personal authentication is allowed.
[0056]
  The mouse 36 is a pointing device for a user (person to be authenticated) to transmit a command to the control device 33, and transmits a coordinate signal and a click signal to the control device 33 as input signals. It also functions as a pointing device that allows a person to be authenticated to input a handwritten straight line for personal authentication.
[0057]
  The CD-ROM drive 37 reads data such as a terminal installation program recorded on the CD-ROM, and transmits this read signal to the control device 33.
[0058]
  The LAN board 39 is a communication device for communicating with the management server 10, communicates with the management server 10 in accordance with a communication signal received from the control device 33, and uses the data received from the management server 10 as a communication signal. Send to.
[0059]
  The hard disk 40 stores necessary data such as the diagram acquisition program 41 and the authentication request program 42 installed by the terminal installation program, and updates (installs) the data according to the write signal received from the control device 33. Data required as a read signal is transmitted to the control device 33.
[0060]
  With the above configuration, the person to be authenticated can input a horizontal line on the monitor 34 with the mouse 36 of the operation terminal 30 by handwriting, and can receive personal authentication based on the handwriting input. This makes it possible to access special data such as important data and confidential data that can only be viewed after receiving personal authentication, or to perform special operations with limited feasibility, such as upgrading other software or changing environmental settings. It becomes possible to execute. Moreover, since registration as a person to be authenticated can be received from the operation terminal 30, the convenience during registration is also excellent.
[0061]
  Next, a process for registering authentication reference data of the person to be authenticated in the management server 10 will be described together with a process flowchart showing the operation of the control device 33 of the operation terminal 30 shown in FIG.
[0062]
  In executing the registration process, the user requests a system administrator who manages the management server 10 in advance to receive an ID and a password. The ID and password are stored (registered) in the authentication database 21 (FIG. 1) by the system administrator together with the user's name, and when the user inputs the ID and password on the operation terminal 30, the ID and password are stored in the authentication database 21. The following registration process is executed by triggering that necessary data such as an upper limit value and a lower limit value (FIG. 2), which are authentication allowable ranges, are not registered.
[0063]
  The control device 33 displays the registration data input screen shown in (A) of the screen image explanatory diagram of FIG. 8 on the monitor 34 (step s1), and inputs the ID and password to the user who is the subject of authentication in this registration. (Step s2).
[0064]
  The control device 33 starts the diagram acquisition program 41, displays the handwritten straight line input screen shown in (B) on the monitor 34 (step s3), causes the user to trace the reference line 34a with the mouse 36, The locus is acquired as a handwritten straight line (step s4).
[0065]
  This handwritten straight line can be input by pressing the mouse button (left button) at the START position, starting from this point, dragging the reference line 34a as it is, and releasing the mouse button (left button) at the END position. This is the end point. The reference line 34a is a horizontal straight line having a length of, for example, about 250 mm. That is, for example, when the monitor 34 is 15 inches and displayed at a setting of 1024 × 760 dots, it corresponds to 750 dots. The length to be used.
[0066]
  In this way, handwritten line data that is an array of coordinate values obtained by mouse input is sampled, and each coordinate of the handwritten line data is placed on a reference axis (which is used as a time axis) as a reference line 34a. The values are arranged and the values are connected, and this is adopted as an input wave on the two-dimensional graph. As shown in (D) of the feature extraction explanatory diagram of FIG. 9, the two-dimensional graph becomes a complex waveform graph g0 in which waves of a plurality of frequency bands are synthesized, and the diagram is obtained when the waveform graph g0 is acquired. The acquisition program 41 is terminated.
[0067]
  In this embodiment, the reference axis is used as the time axis as it is, that is, the arrangement of dots (pixels on the monitor) is considered as the passage of time, but the passage of time of mouse input is measured and acquired from the mouse. The coordinate value input time may be set on the time axis. That is, since the mouse transmits coordinate values every time it moves a predetermined distance (for example, 0.3 mm), the time elapse of mouse input can be measured by measuring the time of the reception interval. Note that it is desirable to use a high-performance mouse that transmits coordinate values over a short movement distance (for example, a type that transmits coordinate values every 0.21 mm).
[0068]
  The control device 33 checks whether the number of times that the user has performed handwriting input with the mouse 36 and acquired the handwritten straight line data is less than 10 times, returns to step s3 if the number is less than 10 times, and returns 10 times or more. Proceed to the next step (step s5).
[0069]
  When the handwritten straight line data for 10 times is acquired, all the handwritten straight line data is transmitted to the management server 10 (step s6), and the management server 10 executes reference data creation processing (step s7).
[0070]
  Here, the reference data creation processing will be described together with a processing flowchart showing the operation of the control device 13 of the management server 10 shown in FIG.
  The control device 13 of the management server 10 that has received the handwritten straight line data starts the reference data creation program 25, and first, the waveform graph g0 (input wave) of the first handwritten straight line data shown in FIG. 9D. Is slightly moved to the right (for example, one dot) to generate a waveform graph g0 ′ (moving wave) indicated by a virtual line in (E) (step n1).
[0071]
  The waveform graph g0 ′ is multiplied by the height (value) of the waveform graph g0 to generate an individual frequency feature wave g0 ″ (combined wave) shown in (E) (step p2). waveg0 "Is a waveform obtained by extracting a component having a frequency of 1 Hz from the waveform graph g0 as an input wave.
[0072]
  An integration process is performed on the individual frequency feature wave, an area formed by the individual frequency feature wave and the reference line 34a is calculated as a frequency component of the individual frequency feature wave, and the area is set as a personal feature value (step n3).
  The personal characteristic value is calculated by moving the moving wave to the right by one dot until the moving amount of the moving wave reaches 50 mm (step n4). The frequency component calculated as the individual feature value is in a relationship in which the moving distance of the moving wave (waveform graph g0 ′) is proportional to the wavelength of the synthesized wave (individual frequency characteristic wave g0 ″). Produces a high frequency component, and a low frequency component is obtained as the moving distance increases.
[0073]
  Personal feature data composed of an array in which the personal feature values are arranged in order from a low frequency is created for all 10 input waves sampled (step n5), and the input wave for which personal feature data has not been created yet If there is, personal feature data is created for the next input wave (handwritten straight line data) (step n6). When the individual feature data is displayed as a graph with the X axis as a frequency (from a low frequency to a high frequency), the Y axis as a personal feature value (from a small value to a large value), and connecting the values, FIG. As shown to (F), it becomes the personal characteristic graph g1 which has the characteristic in a low frequency part (left part of a figure). In addition, the value (height) for each 1 Hz of the personal feature graph g1 is a personal feature value for each frequency, and the list of the personal feature values is the personal feature data.
[0074]
  Here, the portion corresponding to 0 Hz, that is, the portion corresponding to the start point of the personal feature graph g1 is cut off, and the subsequent points are adopted as the personal feature graph g1. Since the starting point has a large variation for each input, the authentication system is greatly improved by eliminating this variation.
[0075]
  Each element of the plurality of personal characteristic data calculated in this way, that is, the average value of the personal characteristic values is calculated as shown in the average item of FIG. 2 (step n7), and the standard deviation is obtained from the variation of the personal characteristic data. (Step n8).
[0076]
  The average value calculated in step n7, the average calculated from the standard deviation, the upper limit, and the lower limit are determined, and the reference registration program 24 is activated and registered in the authentication database 21 (step n9).
  As described above, the control device 10 can generate authentication range data and register it in the authentication database 21.
[0077]
  When this reference data creation program is completed, the process returns to FIG. 6 and the operation terminal 30 receives registration permission / inhibition from the management server 10 (step s8).
  As shown in FIG. 8C, a registration completion screen indicating the completion of user registration is displayed on the monitor 14 of the operation terminal 30 (step s9), and the process ends.
[0078]
  With the above operation, the reference data of the person to be authenticated can be stored in the authentication database 21 in several pieces. That is, as shown in the explanatory view of FIG. 10, for example, it is assumed that the handwritten straight line L1 of the person A to be authenticated is a straight line as shown in (G1). If this is repeated 10 times, the authentication range Z1 by the average graph ga1, the upper limit graph gt1, and the lower limit graph gb1 as shown in (H1) is obtained by the above-described operation.
[0079]
  Further, it is assumed that the handwritten straight line L2 of the person to be authenticated B is a straight line as shown in (G2). If this is repeated 10 times, the authentication range Z2 by the average graph ga2, the upper limit graph gt2, and the lower limit graph gb2 as shown in (H2) is obtained by the above-described operation.
[0080]
  Since the authentication range Z1 and the authentication range Z2 are different, there is a difference (feature) between the two, and personal authentication can be performed. That is, when both are compared in the vicinity of 10 Hz where the difference is particularly remarkable, the lower limit of the authentication range Z1 is above the upper limit of the authentication range Z2, and there is no overlapping portion. Therefore, if it is both, even if only 10 Hz vicinity is compared, it can distinguish. In this way, for example, even if the authentication target person B tries to authenticate with the ID of the authentication target person A, the drawn handwritten straight line falls within the authentication range Z2 and falls outside the authentication range Z1.
[0081]
  Even if multiple people are registered and there is no part where the authentication range does not overlap at all with the other authentication target, the part of the authentication range such as the shape and height of the mountain is different. A part deviating from the above occurs, and it can be correctly authenticated by performing comparative authentication in a plurality of frequency bands.
[0082]
  In this way, as shown in FIG. 2, the authentication reference data of the user who is the authentication target can be registered in the authentication database 21, and the personal authentication is executed with the user as the authentication target. Server environment is ready.
[0083]
  Next, together with a process flow diagram showing the operation of the control device 33 of the operation terminal 30 shown in FIG. 11 and a process flow diagram showing the operation of the control device 13 of the management server 10 shown in FIG. The process of receiving personal authentication will be described.
[0084]
  The control device 33 shown in FIG. 5 displays the ID & password input screen shown in FIG. 8A on the monitor 34 (step m1), and allows the person to be authenticated to input the ID and password (step m2).
[0085]
  If the authentication prohibition flag of the person to be authenticated with the ID and password is 1, that is, authentication is prohibited (step m3), “the number of misidentifications exceeds the predetermined number. Ask the system administrator to re-register Please indicate "that the authentication is prohibited on the monitor 34 (step m4), and the process is terminated.
[0086]
  If the authentication prohibition flag is not 1, the control device 33 activates the diagram acquisition program 41 and displays the handwritten straight line input screen shown in FIG. 8B (step m5).
  The person to be authenticated traces the reference line 34a with the mouse 36, thereby acquiring handwritten straight line data and ending the diagram acquisition program 41 (step m6).
[0087]
  The control device 33 activates the authentication request program 42, transmits the handwritten straight line data to the management server 10 (step m7), and executes a verification process for verifying whether or not the person to be authenticated is the person himself / herself. (Step m8).
[0088]
  Here, the collation processing will be described with reference to the processing flowchart shown in FIG.
  The control device 13 of the management server 10 starts the feature calculation program 22 and calculates the personal feature value of the person to be authenticated in steps p1 to p4. Since the operation from step p1 to p4 is the same as the operation from step n1 to n4 described with reference to FIG. 7, detailed description thereof is omitted.
[0089]
  The control device 13 ends the feature calculation program 22 and starts the comparison authentication program 23, and compares the personal feature value with the authentication range for each frequency in the authentication reference data (FIG. 2) (step p5).
[0090]
  If the individual feature value falls within the upper limit and lower limit of the authentication range for each frequency in the authentication reference data (FIG. 2), it is determined that the authentication is OK, and otherwise, it is determined that the authentication is NG (step p6).
[0091]
  If the authentication is OK, authentication OK is transmitted to the operation terminal 30 as an authentication result (step p7), and if it is NG, authentication NG is transmitted to the operation terminal 30 as an authentication result (step p8). And the process of the management server 10 is terminated.
[0092]
  Returning to FIG. 11, the operation terminal 30 receives the authentication result, and ends the authentication request program 42 (step m9).
[0093]
  If the authentication result is authentication OK (step m10), an access permission is output, the person to be authenticated is allowed to access security data such as confidential data on the operation terminal 30, and personal authentication processing is performed. The process ends (step m11).
[0094]
  If it is authentication NG, an authentication error screen is displayed on the monitor 34 (step m12). If the number of errors is within a predetermined number (step m13), 1 is added to the number of errors and the process returns to step m3 (step m13). Step m14).
[0095]
  When the number of errors exceeds a predetermined number (for example, when it is determined to be authentication NG for ten consecutive times), prohibition data (formed with an ID and an authentication prohibition flag) for prohibiting authentication of the person to be authenticated The information is transmitted to the management server 10 (step m15), and the management server 10 updates the authentication prohibition flag to 1 and performs authentication prohibition registration for the person to be authenticated with the ID (see FIG. 2) in the authentication database 21 (step m15). m16).
[0096]
  With the above operation, it is possible to authenticate whether or not the person to be authenticated is the person by simply inputting a simple straight line by hand using the mouse 36. Even if the handwritten straight line is different from the handwritten straight line at the time of registration due to sneezing at the time of input or the like, the handwritten input can be performed again up to 10 times, so that the authentication can be correctly performed.
[0097]
  Even if unauthorized access is attempted, it is difficult to imitate the input characteristics of the mouse 36, and the ID cannot be used over 10 times, which is the error limit, repeatedly.
[0098]
  Further, by providing the feature calculation program 22 and the comparison authentication program 23 only in the management server 10, it is possible to avoid the risk of hacking such that an authentication-related program is analyzed.
[0099]
  In other words, if the operation terminal 30 includes the feature calculation program 22 and the comparison authentication program 23, hacking is possible if the operation terminal 30 is modified, so that strict management of all the operation terminals 30 is required. In this embodiment, if only the management server 10 is strictly managed, the hacking action can be eliminated.
[0100]
  In addition, you may comprise so that a system administrator can arbitrarily set a user's permissible error with the authentication reference data by a standard deviation. Thereby, it becomes possible to flexibly change the permissible error (permissible level) for authenticating the person as the robustness required by the company or facility introducing the personal authentication system 1.
[0101]
  The feature calculation program 22, the comparison authentication program 23, the reference registration program 24, and the reference data creation program 25 may be all or part of the operation terminal 30 (for example, each program other than the reference registration program 24). Thereby, the processing speed is improved by reducing the load on the management server 10, and even a large-scale system used by many people can be used without stress.
[0102]
  The authentication database 21, the feature calculation program 22, the comparison authentication program 23, the reference registration program 24, and the reference data creation program 25 are stored in the hard disk 40 of the operation terminal 30 so that only the operation terminal 30 can use the personal authentication terminal. (Operation terminal 30) may be configured. Thereby, personal authentication can be performed stand-alone.
[0103]
  Further, after the password is issued by the system administrator, the user may change the password freely on the operation terminal 30 or within a predetermined limit range.
[0104]
  The personal authentication system 1 may be configured to be usable not only via the intranet but also via the Internet. The personal authentication system 1 stores all programs and data in the hard disk 40 of the operation terminal 30 to form the operation terminal 30 ′. You may comprise so that operation terminal 30 'single-use can be used.
[0105]
  Further, the input of the handwritten straight line in step s4 in FIG. 6 is performed by clicking the mouse button (left button) at the START position, starting from this, and keeping the finger away from the mouse button so as to trace the reference line 34a as it is. It is also possible to move the mouse button (left button or right button) again at the END position and set this as the end point.
[0106]
  In correspondence between the configuration of the present invention and the above-described embodiment,
The server control means of the present invention corresponds to the control device 13 of the embodiment,
Similarly,
The storage means corresponds to the hard disk 20,
The personal authentication program corresponds to the feature calculation program 22, the comparative authentication program 23, and the diagram acquisition program 41,
The operation terminal corresponds to the operation terminal 30,
The control means and the terminal control means correspond to the control device 33,
The reference axis corresponds to the reference line 34a,
The coordinate input means corresponds to the mouse 36,
The recording medium corresponds to the server installation CD-ROM 51 and the terminal installation CD-ROM 53,
The frequency analysis process corresponds to steps n1 to n4 and steps p1 to p4,
The authentication process corresponds to steps p5 to p8,
The input process corresponds to steps s3 to s4 and steps m5 to m6.
The input figures correspond to the handwritten straight line L1 and the handwritten straight line L2,
The input wave corresponds to the waveform graph g0,
The moving wave corresponds to the waveform graph g0 ',
The individual frequency characteristic wave corresponds to the individual frequency characteristic wave g0 ",
The registered personal feature information corresponds to the authentication standard data,
Input personal feature information corresponds to personal feature data,
Eigencomponent features correspond to individual feature values,
The personal authentication device is compatible with personal authentication terminals.,
productMinute processing corresponds to integration,
Each predetermined frequency corresponds to every 1 Hz,
The present invention is not limited only to the configuration of the above-described embodiment, and many embodiments can be obtained.
[Brief description of the drawings]
FIG. 1 is a system configuration diagram of a personal authentication system.
FIG. 2 is an explanatory diagram of authentication reference data for authenticating a person to be authenticated.
FIG. 3 is a perspective view of a software package.
FIG. 4 is a block diagram showing a control circuit of the management server.
FIG. 5 is a block diagram showing a control circuit of the operation terminal.
FIG. 6 is a process flow diagram showing the operation of the control device of the operation terminal when registering authentication reference data.
FIG. 7 is a processing flowchart showing the operation of the control device of the management server when registering authentication reference data.
FIG. 8 is an explanatory diagram of a screen image displayed on the monitor of the operation terminal.
FIG. 9 is an explanatory diagram of calculation of personal feature data.
FIG. 10 is an explanatory diagram of comparison of personal feature data.
FIG. 11 is a processing flowchart showing the operation of the control device of the operation terminal at the time of personal authentication.
FIG. 12 is a processing flowchart showing the operation of the control device of the management server at the time of personal authentication.
[Explanation of symbols]
    1 ... Personal authentication system
    10 ... Management server
    13 ... Control device
    20 ... Hard disk
    22 ... Feature calculation program
    23 ... Comparison authentication program
    30 ... Operation terminal
    33 ... Control device
    34a ... reference line
    36 ... Mouse
    41 ... Diagram acquisition program
    51 ... Server installation CD-ROM
    53 ... Terminal installation CD-ROM
    L1 ... Handwritten straight line
    L2 ... Handwritten straight line
    g0 ... Waveform graph
    g0 '... Waveform graph
    g0 "... Individual frequency characteristic wave

Claims (5)

A personal authentication method for authenticating an individual based on registered personal characteristic information of a person to be authenticated stored in a storage means,
Let the person to authenticate input the input figure with the coordinate input means,
Performing frequency analysis processing on the input wave as an input wave with respect to the reference axis as the input figure, and calculating input personal characteristic information having a characteristic component characteristic for each predetermined frequency,
In the personal authentication method for authenticating the person to be authenticated by comparing the input personal characteristic information and the registered personal characteristic information in an authentication process ,
As the frequency analysis processing,
A moving wave is generated by moving the input wave by a predetermined amount in a predetermined direction of the reference axis,
Multiplying the moving wave and the input wave to generate an individual frequency feature wave,
An individual feature value is calculated by integrating the individual frequency feature wave,
Calculating the individual characteristic value for a plurality of moving waves having different moving distances;
A personal authentication method in which the input personal feature information is composed of a list of a plurality of personal feature values . A personal authentication device for authenticating an individual based on registered personal characteristic information of a person to be authenticated stored in a storage means,
A coordinate input means for allowing an authentication subject to input an input figure;
Frequency analysis processing for calculating input personal feature information having specific component features for each predetermined frequency based on the input wave as an input wave with respect to a reference axis as the input figure, and the input personal feature information and the registered personal feature information And a control means for executing an authentication process for authenticating the person to be authenticated .
The frequency analysis process
A moving wave is generated by moving the input wave by a predetermined amount in a predetermined direction of the reference axis,
Multiplying the moving wave and the input wave to generate an individual frequency feature wave,
An individual feature value is calculated by integrating the individual frequency feature wave,
Calculating the individual characteristic value for a plurality of moving waves having different moving distances;
A personal authentication apparatus set in a process for constructing the input personal feature information by enumerating a plurality of personal feature values . A management server comprising the storage means and server control means for executing predetermined processing;
An operation terminal comprising the coordinate input means and a terminal control means for executing a predetermined process,
The frequency analysis processing is set to be executed by the server control means or terminal control means,
Set the authentication process to be executed by the server control means or terminal control means,
Personal authentication system that performs a personal authentication method of claim 1 Symbol placement. A personal authentication program for authenticating an individual based on registered personal characteristic information of an authentication target person read from a storage means,
An input process that allows the person to be authenticated to input an input figure with the coordinate input means;
A frequency analysis process for calculating input personal feature information having a characteristic component characteristic for each predetermined frequency based on the input wave as an input wave with respect to a reference axis as the input figure;
An authentication process for authenticating the person to be authenticated by comparing the input personal characteristic information and the registered personal characteristic information is set ,
The frequency analysis process
A moving wave is generated by moving the input wave by a predetermined amount in a predetermined direction of the reference axis,
Multiplying the moving wave and the input wave to generate an individual frequency feature wave,
An individual feature value is calculated by integrating the individual frequency feature wave,
Calculating the individual characteristic value for a plurality of moving waves having different moving distances;
A personal authentication program set in a process for constructing the input personal feature information by enumerating a plurality of personal feature values . A recording medium storing the personal authentication program according to claim 4 .

Images