JP6194327B2 - Authentication system, authentication method and program - Google Patents

Description

  The present invention relates to an authentication system, an authentication method, and a program.

  Various services are provided on the Internet, and the opportunity for many users to use a plurality of services is increasing. For convenience, the user can use the user ID and password used when using the service for multiple services, continue to use the password once set for a long time, or use a weak password. It is. Due to such inappropriate password management, once the user ID and password are leaked from one of the service providers, unauthorized access to other services is performed using the leaked user ID and password. Password list attacks are increasing.

  In view of this, an authentication technique using a two-dimensional pattern based on a user's signature or the like instead of an authentication technique using a password has been studied (Patent Documents 1 and 2).

JP 2009-009280 A JP, 2014-130554, A

  However, if there are few feature points to be extracted from the two-dimensional pattern used for authentication, or if the signature is seen by a third party, the user who has the usage qualification will not be authenticated successfully, Authentication may succeed for users who do not have it.

  In view of the above circumstances, an object of the present invention is to provide an authentication system, an authentication method, and a program that can improve authentication accuracy and reduce an erroneous authentication rate.

  One aspect of the present invention is a three-dimensional motion sensor that detects at least two feature points including a fingertip in a user's hand, an authentication information storage unit that stores in advance authentication information including a trajectory of the feature points, and the tertiary An authentication unit that authenticates the user based on a similarity between the trajectory of the feature point detected by the original motion sensor and the trajectory of the feature point included in the authentication information; System.

  One aspect of the present invention is the authentication system, wherein the authentication information further includes a feature amount calculated based on a distance between the feature points, and the authentication unit is detected by the three-dimensional motion sensor. A feature amount is calculated based on the distance between the feature points, and the user is authenticated based on the similarity between the calculated feature amount and the feature amount included in the authentication information.

  One aspect of the present invention is characterized in that, in the authentication system, the feature point includes a finger joint, and the feature amount is a finger length.

  According to one aspect of the present invention, in the authentication system, the feature point includes a plurality of fingertips, the authentication information includes a plurality of fingertip trajectories, and the authentication unit is configured by the three-dimensional motion sensor. The degree of similarity between each detected fingertip trajectory and each fingertip trajectory included in the authentication information is calculated, and the user is authenticated based on the calculated plurality of similarities.

  One aspect of the present invention is the authentication system described above, further including an authentication information generation unit configured to generate a two-dimensional image obtained by projecting a trajectory of the feature point detected by the three-dimensional motion sensor onto a two-dimensional plane. The information includes a two-dimensional image as a trajectory of the feature point, and the authentication unit calculates the similarity between the two-dimensional image generated by the authentication information generation unit and the two-dimensional image included in the authentication information. It is characterized in that it is calculated as a similarity to the trajectory of feature points.

  In one embodiment of the present invention, in the authentication system, the authentication information includes a time required for the user to draw a trajectory while holding the hand over the three-dimensional motion sensor. The time required to draw a trajectory over the three-dimensional motion sensor is measured, and the user is authenticated based on the measured time and the time included in the authentication information.

  One aspect of the present invention is a first step of acquiring trajectories of at least two feature points including a fingertip in a user's hand, which is detected by a three-dimensional motion sensor, and the feature points acquired in the first step. And a second step of authenticating the user based on the similarity between the trajectory and the trajectory of the feature point stored in the authentication information storage unit.

  One aspect of the present invention is a first step of acquiring trajectories of at least two feature points including a fingertip in a user's hand, which is detected by a three-dimensional motion sensor, and the feature points acquired in the first step. And a second step of authenticating the user based on the similarity between the trajectory and the trajectory of the feature point stored in the authentication information storage unit.

  According to the present invention, it is possible to improve the authentication accuracy and reduce the false authentication rate.

It is a block diagram which shows the structural example of the authentication system in 1st Embodiment. It is a figure which shows the structural example of the authentication information table which an authentication information storage part has. It is a flowchart which shows the registration process of the authentication information in an authentication system. It is a figure which shows the outline | summary at the time of converting a three-dimensional locus | trajectory into a two-dimensional image. It is a flowchart which shows the authentication process of the user in an authentication system. It is a block diagram which shows the structural example of the authentication system in 2nd Embodiment.

  In the authentication system according to the embodiment of the present invention, when a user performs a predetermined gesture such as drawing a signature in the air with a hand, a trajectory of a feature point such as each fingertip or joint of the hand is acquired by a three-dimensional motion sensor, The user is authenticated by combining the physical feature amount obtained from the feature point and the trajectory. The authentication system described below performs authentication by combining a feature amount and a trajectory of a feature point, thereby reducing the occurrence of erroneous authentication and improving authentication accuracy. Hereinafter, an authentication system, an authentication method, and a program according to an embodiment will be described with reference to the drawings.

(First embodiment)
FIG. 1 is a block diagram illustrating a configuration example of an authentication system according to the first embodiment. As shown in the figure, the authentication system in the first embodiment includes a terminal device 1 used by a user and a three-dimensional motion sensor 2 connected to the terminal device 1.

  The terminal device 1 includes a control unit 11, an input unit 12, an output unit 13, an authentication information storage unit 14, and an authentication processing unit 15. The control part 11 controls each part with which the terminal device 1 is provided, and performs control according to the user's operation information which the input part 12 inputs. The control unit 11 includes, for example, an arithmetic processing unit, a volatile storage area, and a nonvolatile storage area, and controls each unit by executing a program stored in the nonvolatile storage area. The input unit 12 receives operation of the user and inputs operation information corresponding to the operation. The input unit 12 is an input device such as a keyboard, a mouse, or a touch panel. The output unit 13 outputs a control result or the like in the control unit 11 to the user. The output unit 13 is an output device such as a display, a speaker, or a printer.

  The authentication information storage unit 14 stores authentication information used when the authentication processing unit 15 authenticates a user. FIG. 2 is a diagram illustrating a configuration example of an authentication information table included in the authentication information storage unit 14. The authentication information table has columns of items of “user ID”, “finger length”, “trajectory image”, and “signature time”. The user ID is an identifier for identifying the user. The length of the finger is used as a feature amount of the user's hand. The trajectory image is an image showing the trajectory of the fingertip in a predetermined operation, for example, an operation of signing, by moving the hand of the user. The “finger length” and “trajectory image” are provided with columns of items of “thumb”, “index finger”, “middle finger”, “ring finger”, and “little finger”, respectively. In the authentication information table, each row exists for each user. Each row in the authentication information table is authentication information including information of “user ID”, “finger length”, “trajectory image”, and “signature time”. In the authentication information table, by using a user ID for identifying a user as a search key, authentication information corresponding to the user can be specified. In addition, you may identify a user with the combination of the length of each finger.

  Returning to FIG. 1, the description of the configuration of the authentication system will be continued. The authentication processing unit 15 includes a feature position acquisition unit 151, an authentication information generation unit 152, a memory unit 153, an authentication information registration unit 154, and an authentication unit 155. The feature position acquisition unit 151 acquires position information of a plurality of feature points in the user's hand from the three-dimensional motion sensor 2. Here, the plurality of feature points in the user's hand are locations including the fingertips and joints of each finger. The position information of the plurality of feature points acquired by the 3D motion sensor 2 is a 3D coordinate value in a 3D coordinate space that is uniquely determined according to the position where the 3D motion sensor 2 is installed, for example.

  The authentication information generation unit 152 detects whether the user's hand is performing a predetermined operation based on the position information of each feature point acquired by the feature position acquisition unit 151 from the three-dimensional motion sensor 2. The predetermined operation includes an operation indicating the start of the signature and an operation indicating the end of the signature. The operation indicating the start of the signature and the operation indicating the end of the signature may be the same operation. Examples of such actions include the action of holding all five fingers inward (Janken Goo's movement) for 2 seconds and the action of extending all five fingers (Janken's par action). For example, an operation of continuing for 3 seconds is used. Predetermined operations are used for the operation indicating the start of the signature and the operation indicating the end of the signature.

  Further, the authentication information generation unit 152 calculates the feature amount of the user's hand based on the position information of each feature point acquired by the feature position acquisition unit 151 from the 3D motion sensor 2. As described above, the length of each finger is used as the feature amount of the user's hand. In addition, it may replace with the length of a finger | toe and the length between predetermined joints may be used. When the length of the finger is used as the feature amount, the length from the fingertip to the first joint, the length from the first joint to the second joint, and the length from the second joint to the third joint are set for each feature point. It is calculated from the position information, and the sum of the calculated lengths is calculated as the finger length.

  Further, the authentication information generation unit 152 causes the memory unit 153 to sequentially store the position information of each feature point acquired by the feature position acquisition unit 151 from the 3D motion sensor 2. The authentication information generation unit 152, from the start of the signature to the end of the signature, from the position information of each feature point acquired by the feature position acquisition unit 151, the locus indicating the trajectory of the fingertip in the period when the signature was performed Generate an image for each finger.

  The memory unit 153 temporarily stores the position information acquired by the feature position acquisition unit 151, the feature amount calculated by the authentication information generation unit 152, and the trajectory image generated by the authentication information generation unit 152.

  Upon receiving a request for registering authentication information from the control unit 11 or an external device, the authentication information registration unit 154 controls the feature position acquisition unit 151, the authentication information generation unit 152, the memory unit 153, and the three-dimensional motion sensor 2. To obtain authentication information. The authentication information registration unit 154 stores the acquired authentication information in the authentication information storage unit 14.

  When the authentication unit 155 receives a request to execute authentication from the control unit 11 or an external device, the authentication unit 155 controls the feature position acquisition unit 151, the authentication information generation unit 152, the memory unit 153, and the three-dimensional motion sensor 2 to obtain authentication information. get. The authentication unit 155 calculates the similarity between the acquired authentication information and the authentication information stored in the authentication information storage unit 14, and determines whether the calculated similarity is within a predetermined range. . The authentication unit 155 determines that the authentication for the user has succeeded when the similarity is within the range, and determines that the authentication for the user has failed when the similarity is not within the range.

  The three-dimensional motion sensor 2 includes a three-dimensional sensor 21 and a feature position detection unit 22. The three-dimensional sensor 21 includes, for example, a plurality of image sensors, and detects the distance and movement to the subject based on a plurality of images obtained by imaging with the plurality of image sensors. Note that the plurality of imaging elements may include an imaging element that detects infrared light and generates an image in addition to an imaging element that detects visible light and generates an image. In that case, the three-dimensional motion sensor may include a light emitting element that irradiates infrared light toward the subject.

  The feature position detection unit 22 detects feature points in the subject based on a plurality of images obtained by the three-dimensional sensor 21 and distances and movements to the subject. The feature points detected by the feature position detection unit 22 are, for example, each fingertip and each joint in the user's hand. The feature position detector 22 calculates a three-dimensional coordinate value of the feature point for each detected feature point. The feature position detection unit 22 sequentially outputs the calculated three-dimensional coordinate value of each feature point to the authentication processing unit 15 as position information. The position information of each feature point is sequentially output according to the number of frames processed per unit time in the feature position detection unit 22.

  FIG. 3 is a flowchart showing a registration process of authentication information in the authentication system of the first embodiment. For example, when a request for storing authentication information corresponding to the user in the authentication information storage unit 14 is input to the authentication processing unit 15 from the control unit 11 or an external device, the registration process is started.

  In the authentication processing unit 15, the authentication information registration unit 154 requests the 3D motion sensor 2 to start processing for detecting feature points and processing for sequentially outputting 3D coordinate values of feature points. In the three-dimensional motion sensor 2, the feature position detection unit 22 detects a feature point on the user's hand held over the detection range of the three-dimensional motion sensor 2 based on a plurality of images captured by the three-dimensional sensor 21. The feature position detection unit 22 outputs the detected three-dimensional coordinate value of each feature point to the authentication processing unit 15 (step S101). At this time, the authentication information registration unit 154 sends a message to the user requesting that the operations of “Goo” and “Par” be repeated alternately while holding the hand over the detection range of the 3D motion sensor 2. The output control may be performed on the output unit 13. By allowing the user to repeat “goo” and “par” within the detection range of the three-dimensional motion sensor 2, the feature points can be easily detected.

  The feature position acquisition unit 151 determines whether or not the feature position detection unit 22 has detected each feature point based on whether or not the three-dimensional coordinate value of each feature point in the user's hand is input from the feature position detection unit 22. Is determined (step S102). The feature position detection unit 22 may separately output a signal indicating that each feature point has been detected, and the feature position acquisition unit 151 may make a determination based on the signal. The feature position acquisition unit 151 stands by until the three-dimensional coordinates of each feature point are input from the feature position detection unit 22 (step S102: NO).

  When the three-dimensional coordinate value of each feature point is input from the feature position detection unit 22 (step S102: YES), the feature position acquisition unit 151 notifies the authentication information registration unit 154 that the detection of each feature point has been completed. To do. The feature position acquisition unit 151 sequentially outputs the three-dimensional coordinate values of the feature points acquired from the feature position detection unit 22 to the authentication information generation unit 152. The authentication information registration unit 154 acquires a user ID corresponding to the authentication information from the input unit 12 (step S103).

  The authentication information generation unit 152 acquires the three-dimensional coordinate value of each feature point via the feature position acquisition unit 151 (step S104), and determines whether or not the operation indicating the start of the signature is performed (step S104). S105). When the operation indicating the start of the signature cannot be detected (step S105: NO), the authentication information generation unit 152 returns the process to step S104, and performs the processing of steps S104 and S105 until the operation indicating the start of the signature is detected. Repeat. At this time, the authentication information generation unit 152 causes the user to output a message requesting an operation for signing in the air after the operation indicating the start of the signature with the hand held over the detection range of the three-dimensional motion sensor 2. Control may be performed on the output unit 13.

  When the authentication information generation unit 152 detects an operation indicating the start of a signature (step S105: YES), the authentication information generation unit 152 calculates a feature amount of the user's hand based on the three-dimensional coordinate value of each feature point (step S106). The authentication information generation unit 152 stores the calculated feature amount in the memory unit 153. Also, the authentication information generation unit 152 starts a timer for measuring the time required for the user to sign. After performing the operation indicating the start of the signature, the user holds the hand over the detection range of the 3D motion sensor 2 and performs the operation indicating the end of the signature after performing the signature operation. .

  The authentication information generation unit 152 acquires the three-dimensional coordinate value of each feature point via the feature position acquisition unit 151 (step S107), and sequentially stores the acquired three-dimensional coordinate value of each feature point in the memory unit 153. (Step S108). The authentication information generation unit 152 determines whether an operation indicating the end of the signature has been performed (step S109). If the operation indicating the end of the signature cannot be detected (step S109: NO), the authentication information generation unit 152 returns the process to step S107, and continues to step S107, step S108, and step until the operation indicating the end of the signature is detected. The process of S109 is repeated.

  When the authentication information generation unit 152 detects an operation indicating the end of the signature (step S109: YES), the authentication information generation unit 152 calculates the time required for the signature by the user based on the count value of the timer, and stores the calculated time as the signature time. The data is stored in the unit 153 (step S110). The authentication information generation unit 152 generates a trajectory image indicating the trajectory of each fingertip from the three-dimensional coordinate value of each feature point stored in the memory unit 153, and stores the generated trajectory image in the memory unit 153 (step S111). ).

  When the authentication information generation unit 152 stores the feature amount, signature time, and locus image of each fingertip of the user in the memory unit 153, the authentication information registration unit 152 stores the feature amount, signature time, and each fingertip of the user hand. The authentication information in which the user ID is associated with the combination of the locus image is stored in the authentication information storage unit 14 (step S112), and the registration process is terminated.

  Here, a method for generating a trajectory image will be described. The authentication information generation unit 152 obtains the three-dimensional trajectory of each fingertip by connecting the three-dimensional coordinate values accumulated in the memory unit 153 in step S108 with the coordinate values adjacent in time series for each fingertip with a straight line. be able to. When a three-dimensional trajectory is used as a trajectory image, a combination of three two-dimensional images projected on the XY plane, YZ plane, and ZX plane is used, for example, by performing coordinate transformation with the starting point of the trajectory as the origin. May be.

  Further, a two-dimensional image obtained by projecting a three-dimensional locus onto a two-dimensional plane may be used as the locus image. FIG. 4 is a diagram showing an outline when a three-dimensional trajectory is converted into a two-dimensional image. As shown in FIG. 4A, the authentication information generation unit 152 detects the direction with the longest distance in the trajectory of the fingertip obtained when the user draws a signature in the XYZ three-dimensional coordinate space. This direction is taken as the X ′ direction. Subsequently, the authentication information generation unit 152 detects a plane having the longest signature trajectory in the direction orthogonal to the X ′ direction among the planes orthogonal to the X ′ direction, and is orthogonal to the X ′ direction in the detected plane. Let the direction be the Y ′ direction. When the authentication information generation unit 152 determines the X ′ direction and the Y ′ direction, as shown in FIG. 4B, the authentication information generation unit 152 obtains the three-dimensional trajectory by projecting onto a plane stretched between the X ′ direction and the Y ′ direction. The trajectory on the two-dimensional plane is used as a trajectory image. Note that the trajectory image may be reduced or enlarged so that either or both of the horizontal width and height of the trajectory image have a predetermined size (for example, 800 pixels).

  In addition to the above method for converting a three-dimensional trajectory into a two-dimensional image, for example, when a three-dimensional trajectory is projected onto a two-dimensional plane, the minimum rectangular area surrounding the trajectory on the two-dimensional plane A trajectory image may be obtained by detecting a two-dimensional plane having the largest value and projecting a three-dimensional trajectory on the detected two-dimensional plane.

  A method other than the above method for converting a three-dimensional trajectory into a two-dimensional image may be used. For example, two parallel planes in contact with a three-dimensional trajectory that detect the two planes having the shortest distance between the planes and sandwich one of the two planes are detected. Is the x′y ′ plane. Subsequently, an axis orthogonal to the x′y ′ plane may be used as the z ′ axis, and a trajectory on the plane obtained by projecting a three-dimensional trajectory onto the x′y ′ plane in the z ′ axis direction may be used as the trajectory image.

  FIG. 5 is a flowchart illustrating user authentication processing in the authentication system according to the first embodiment. For example, when a request for executing authentication for a user is input from the control unit 11 or an external device to the authentication processing unit 15, the authentication processing is started.

  In the authentication processing unit 15, the authentication unit 155 requests the 3D motion sensor 2 to start processing for detecting feature points and processing for sequentially outputting 3D coordinate values of feature points. In the three-dimensional motion sensor 2, the feature position detection unit 22 detects a feature point on the user's hand held over the detection range of the three-dimensional motion sensor 2 based on a plurality of images captured by the three-dimensional sensor 21. The feature position detection unit 22 outputs the detected three-dimensional coordinate value of each feature point to the authentication processing unit 15 (step S201).

  The feature position acquisition unit 151 determines whether or not the feature position detection unit 22 has detected each feature point based on whether or not the three-dimensional coordinate value of each feature point in the user's hand is input from the feature position detection unit 22. Is determined (step S202). The feature position acquisition unit 151 stands by until the three-dimensional coordinates of each feature point are input from the feature position detection unit 22 (step S202: NO).

  When the three-dimensional coordinate value of each feature point is input from the feature position detection unit 22 (YES in step S202), the feature position acquisition unit 151 notifies the authentication unit 155 that the detection of each feature point is completed. The feature position acquisition unit 151 sequentially outputs the three-dimensional coordinate values of the feature points acquired from the feature position detection unit 22 to the authentication information generation unit 152. The authentication unit 155 acquires a user ID indicating a user to be authenticated from the input unit 12 (step S203).

  The authentication information generation unit 152 acquires the three-dimensional coordinate value of each feature point via the feature position acquisition unit 151 (step S204), and determines whether an operation indicating the start of the signature is performed (step S204). S205). If the operation that indicates the start of the signature cannot be detected (step S205: NO), the authentication information generation unit 152 returns the processing to step S204, and performs the processing of steps S204 and S205 until the operation that indicates the start of the signature is detected. Repeat.

  When the authentication information generation unit 152 detects an operation indicating the start of a signature (step S205: YES), the authentication information generation unit 152 calculates the feature amount of the user's hand based on the three-dimensional coordinate value of each feature point (step S206). The authentication information generation unit 152 stores the calculated feature amount in the memory unit 153. Also, the authentication information generation unit 152 starts a timer for measuring the time required for the user to sign.

  The authentication information generation unit 152 acquires the three-dimensional coordinate value of each feature point via the feature position acquisition unit 151 (step S207), and sequentially stores the acquired three-dimensional coordinate value of each feature point in the memory unit 153. (Step S208). The authentication information generation unit 152 determines whether an operation indicating the end of the signature has been performed (step S209). If the operation indicating the end of the signature cannot be detected (step S209: NO), the authentication information generation unit 152 returns the processing to step S207, and continues to step S207, step S208, and step until the operation indicating the end of the signature is detected. The process of S209 is repeated.

  When the authentication information generation unit 152 detects an operation indicating the end of the signature (step S209: YES), the authentication information generation unit 152 calculates the time required for the signature by the user based on the count value of the timer, and stores the calculated time as the signature time. The data is stored in the unit 153 (step S210). The authentication information generation unit 152 generates a trajectory image indicating the trajectory of each fingertip from the three-dimensional coordinate value of each feature point stored in the memory unit 153, and stores the generated trajectory image in the memory unit 153 (step S211). ).

  The authentication unit 155 stores the authentication information specified by the user ID acquired in step S203 when the authentication information generation unit 152 stores the feature amount of the user's hand, the signature time, and the trajectory image of each fingertip in the memory unit 153. Read from the authentication information storage unit 14 (step S212). The authentication unit 155 includes the feature value of the user's hand, the signature time, and the trajectory image of each fingertip included in the read authentication information, and the feature value, signature time, and each fingertip of the user's hand stored in the memory unit 153. The similarity with the trajectory image is calculated (step S213).

  For the similarity regarding the feature amount (the length of each finger) of the user's hand, for example, the ratio of the feature amount stored in the memory unit 153 to the feature amount stored in the authentication information storage unit 14 ((memory unit 153 feature amount) / (feature amount of authentication information storage unit 14)). The similarity of the length of each finger is calculated for each finger. Similarly, the ratio of the feature amount stored in the memory unit 153 with respect to the signature time stored in the authentication information storage unit 14 is also used for the similarity regarding the signature time. Further, for the similarity of the trajectory images, the trajectory image stored in the authentication information storage unit 14 and the trajectory image stored in the memory unit 153 using a known technique for calculating the similarity between the images. The similarity as an image is used. As a known technique, for example, a function for calculating an image similarity degree prepared in OpenCV or the like can be used.

  The authentication unit 155 determines whether the feature amount of the user's hand, the signature time, and the similarity of each trajectory image are included in a predetermined authentication range (step S214). If all the similarities are included in the authentication range (step S214: YES), the authentication unit 155 outputs a signal indicating that the user has been successfully authenticated to the control unit 11 or an external device (step S215). ), And ends the authentication process. If any similarity is not included in the authentication range (step S214: NO), the authentication unit 155 outputs a signal indicating that the authentication for the user has failed to the control unit 11 or an external device (step S214). S216), the authentication process is terminated. Note that the numerical value (threshold value) indicating the authentication range may be determined based on the obtained authentication result after the user repeatedly performs registration processing and authentication processing in advance.

  In the determination in step S214, the authentication unit 155 determines that the authentication is successful when the number of similarities included in the authentication range is equal to or greater than a predetermined number, and the number of similarities included in the authentication range is the predetermined number. If it is less than the value, it may be determined that the authentication has failed. Further, instead of acquiring the user ID in step S203, authentication information with a matching combination may be read in step S212 using the length of each finger calculated in step S206 as a search key.

(Second Embodiment)
FIG. 6 is a block diagram illustrating a configuration example of the authentication system according to the second embodiment. As shown in the figure, the authentication system in the second embodiment is connected to the terminal device 1A used by the user, the three-dimensional motion sensor 2 connected to the terminal device 1A, and the terminal device 1A via the network 3. The authentication cooperation server 4 is provided. Note that in the authentication system of the second embodiment, the same components as those in the authentication system of the first embodiment are denoted by the same reference numerals, and redundant description is omitted.

  The terminal device 1A includes a control unit 11, an input unit 12, an output unit 13, and a transfer unit 18. The transfer unit 18 is communicably connected to the 3D motion sensor 2. The transfer unit 18 is connected to the authentication cooperation server 4 via the network 3 so as to be communicable. The transfer unit 18 transmits information acquired from the 3D motion sensor 2 to the authentication collaboration server 4, and outputs control information addressed to the 3D motion sensor 2 received from the authentication collaboration server 4 to the 3D motion sensor 2.

  The authentication collaboration server 4 includes an authentication information storage unit 14, an authentication processing unit 15, and a communication unit 41. The communication unit 41 is communicably connected to the terminal device 1A via the network 3. The communication unit 41 transmits control information input from the authentication processing unit 15 to the terminal device 1 and outputs information received from the terminal device 1A to the authentication processing unit 15.

  The authentication system in the second embodiment has a configuration in which the authentication processing unit 15 and the three-dimensional motion sensor 2 are connected via the transfer unit 18, the network 3, and the communication unit 41, as shown in FIG. The registration process and the authentication process shown in FIG. 5 are mainly performed in the authentication cooperation server 4. Configurations and processes other than the transmission of information performed between the authentication processing unit 15 and the three-dimensional motion sensor 2 via the transfer unit 18, the network 3, and the communication unit 41 are the same as those in the first embodiment. Similar to the authentication system, the registration process and the authentication process can be performed via the network 3. In addition to the user authentication in the authentication cooperation server 4, it can be used for the user authentication in the login of the server device that provides the service.

  In the authentication system in each embodiment, the three-dimensional motion sensor 2 is used to acquire the three-dimensional coordinates in the signature operation, thereby authenticating using a larger amount of information than the two-dimensional pattern of the signature on the touch panel or touch pad. Thus, it is possible to improve the authentication accuracy and reduce the false authentication rate.

  In addition, by performing authentication that combines the trajectory images of each fingertip, even if a third party who stole the signature of another user imitated the signature, it is difficult to imitate the operation of all the fingertips. Can be reduced, and unauthorized use of the user ID can be prevented. In addition, since a feature amount of a user's hand, for example, a combination of the lengths of the fingers, is used, authentication based on information unique to each user can be performed, and authentication accuracy can be increased.

  In addition, by handling the trajectory based on the three-dimensional coordinate value extracted using the three-dimensional motion sensor 2 as a trajectory image on a two-dimensional plane, the calculation load in authentication is reduced while increasing the amount of information used for authentication. In the above, the authentication accuracy can be improved and the false authentication rate can be reduced. In addition, since authentication is performed in combination with the time required for signature, the authentication accuracy can be increased and the false authentication rate can be reduced.

  In addition, since the trajectory image of each fingertip is used for authentication, it reflects not only the fingertip that performs the signature but also the bending of other fingers, etc., thus preventing unauthorized use of the signature and authenticating the user who identifies the individual Is preferred.

  In the authentication system in each embodiment, authentication is performed by combining the length of each finger, the trajectory of each fingertip, and the signature time. Authentication using any combination is possible with a combination of items as a minimum configuration. Authentication combining two fingertip trajectories is also possible. Further, although the trajectory of the fingertip is used as the trajectory image, the trajectory of a feature point (for example, a joint) other than the fingertip may be used as the trajectory image.

  You may make it implement | achieve all or one part of the authentication system in each embodiment mentioned above with a computer. For example, it is realized by recording a program for realizing each component included in the authentication processing unit 15 on a computer-readable recording medium, causing the computer system to read and execute the program recorded on the recording medium. May be. Here, the “computer system” includes an OS and hardware such as peripheral devices. The “computer-readable recording medium” refers to a storage device such as a flexible medium, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system. Further, the “computer-readable recording medium” is a program that dynamically holds a program for a short time, like a communication line when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. In this case, a volatile memory inside a computer system serving as a server or a client in that case may be included and a program held for a certain period of time. Further, the program may be for realizing a part of the above-described constituent elements, and may be realized by combining the above-described constituent elements with a program already recorded in a computer system. It may be realized by using hardware such as PLD (Programmable Logic Device) or FPGA (Field Programmable Gate Array).

  The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes designs and the like that do not depart from the gist of the present invention.

  It can also be applied to applications where user authentication is essential.

  DESCRIPTION OF SYMBOLS 1,1A ... Terminal device, 2 ... Three-dimensional motion sensor, 3 ... Network, 4 ... Authentication cooperation server, 11 ... Control part, 12 ... Input part, 13 ... Output part, 14 ... Authentication information storage part, 15 ... Authentication process , 18 ... Transfer unit, 21 ... 3D sensor, 22 ... Feature position detection unit, 41 ... Communication unit, 151 ... Feature position acquisition unit, 152 ... Authentication information generation unit, 153 ... Memory unit, 154 ... Authentication information registration unit 155 ... Authentication unit

Claims (7)

A three-dimensional motion sensor for detecting feature points including a plurality of fingertips in a user's hand;
An authentication information storage unit that stores in advance authentication information including a trajectory of each of the feature points;
An authentication unit that authenticates the user based on a similarity between the trajectory of the feature point detected by the three-dimensional motion sensor and the trajectory of the feature point included in the authentication information;
The authentication unit calculates, for each feature point, a similarity between a plurality of feature point trajectories detected by the three-dimensional motion sensor and a plurality of feature point trajectories included in the authentication information. The user is authenticated based on whether the number of similarities included in a predetermined authentication range among the plurality of similarities is a predetermined number or more.
An authentication system characterized by that. The authentication system according to claim 1 ,
The authentication information further includes a feature amount calculated based on a distance between the feature points,
The authentication unit calculates a feature amount based on the distance between the feature points detected by the three-dimensional motion sensor, and based on the similarity between the calculated feature amount and the feature amount included in the authentication information, An authentication system characterized by authenticating users. The authentication system according to claim 2 ,
The feature points include finger joints,
The authentication system is characterized in that the feature amount is a length of a finger. In the authentication system according to any one of claims 1 to 3 ,
An authentication information generating unit that generates a two-dimensional image obtained by projecting the trajectory of the feature point detected by the three-dimensional motion sensor onto a two-dimensional plane;
The authentication information includes a two-dimensional image as a locus of the feature points,
The authentication unit calculates a similarity between the two-dimensional image generated by the authentication information generation unit and the two-dimensional image included in the authentication information as a similarity to the trajectory of the feature point. . In the authentication system according to any one of claims 1 to 4 ,
The authentication information includes a time required for the user to draw a trajectory by holding a hand over the 3D motion sensor,
The authentication unit measures the time required for the user to draw a trajectory while holding the hand over the 3D motion sensor, and authenticates the user based on the measured time and the time included in the authentication information. An authentication system characterized by performing. A first step of acquiring a trajectory of a feature point including a plurality of fingertips in a user's hand, which is detected by a three-dimensional motion sensor;
Based on the similarity between the trajectories of the plurality of feature points acquired in the first step and the trajectories of the feature points included in the authentication information stored in the authentication information storage unit, authentication for the user is performed. A second step to perform;
Including
In the second step, the similarity between the trajectories of the plurality of feature points detected by the three-dimensional motion sensor and the trajectories of the feature points included in the authentication information is calculated for each feature point. The user is authenticated based on whether or not the number of similarities included in a predetermined authentication range among the plurality of calculated similarities is a predetermined number or more.
An authentication method characterized by that. A first step of acquiring a trajectory of a feature point including a plurality of fingertips in a user's hand, which is detected by a three-dimensional motion sensor;
Based on the similarity between the trajectories of the plurality of feature points acquired in the first step and the trajectories of the feature points included in the authentication information stored in the authentication information storage unit, authentication for the user is performed. A second step to perform;
To the computer,
In the second step, the similarity between the trajectories of the plurality of feature points detected by the three-dimensional motion sensor and the trajectories of the feature points included in the authentication information is calculated for each feature point. The user is authenticated based on whether or not the number of similarities included in a predetermined authentication range among the plurality of calculated similarities is a predetermined number or more.
program.

Images