JP6376246B2 - Authentication device, authentication method, control program, and recording medium - Google Patents

Description

  The present invention relates to an authentication device that performs authentication based on an image, an authentication method, a control program, and a recording medium.

  In recent years, mobile devices such as mobile phones, mobile computers, mobile game machines, music players, and the like have become more sophisticated and multifunctional. Accordingly, security measures for preventing unauthorized use of portable devices have become important.

  As a security measure, facial recognition technology using a camera that is becoming standard equipment in portable devices has attracted attention. Personal authentication (face authentication) using face recognition technology is effective as a highly convenient security because it can capture a face from a natural motion and check the owner.

  On the other hand, there is a countermeasure against “spoofing” using a photograph or the like as an issue of face recognition technology. “Impersonation” is an act in which another person tries to be authenticated by using his / her face photo or the like. In particular, recent mobile devices are equipped with megapixel-class cameras and have autofocus and close-up functions, so there is a risk of spoofing even from small-sized photos such as snapshots and licenses. is there.

  Therefore, techniques for preventing spoofing have been developed. For example, Patent Literature 1 describes a technique for preventing spoofing by determining whether or not a user's line of sight is directed to a light source that guides the user's line of sight. Patent Document 2 describes a technique for preventing spoofing by moving a mark displayed on a display at random to determine whether or not the user's line-of-sight movement matches the trajectory of the mark. Patent Document 3 describes a technique for preventing spoofing by determining whether or not a user's line of sight is directed to a display unit. Patent Document 4 displays a pointer indicating the user's line-of-sight direction, moves the pointer in accordance with the user's iris position, and determines whether or not the pointer trajectory matches a predetermined movement pattern. The technology for executing the authentication process is described. Japanese Patent Application Laid-Open No. 2004-228561 describes a technique for detecting a user's line of sight, determining whether an image watched by the user is a registered image, and executing authentication.

Japanese Patent No. 3562970 (published on September 8, 2004) Japanese Patent No. 4470663 (published on June 2, 2010) Japanese Patent No. 4807167 (published on November 2, 2011) Japanese Patent Laying-Open No. 2004-220376 (released on August 5, 2004) Japanese Patent Laying-Open No. 2005-149326 (released on June 9, 2005)

  However, the above-described conventional techniques display input candidates (types of gaze direction that can be input, guidance marks, images as options, etc.) at the time of impersonation prevention determination, so that others can easily grasp the authentication method. It was possible to do. For this reason, there is a problem that impersonation prevention determination for preventing unauthorized authentication may not function effectively.

  The present invention has been made in view of the above-described problems, and an object thereof is to realize an authentication device, an authentication method, a control program, and a recording medium that can prevent unauthorized authentication to a higher degree.

  In order to solve the above-described problem, an authentication apparatus according to an aspect of the present invention is an authentication apparatus that performs authentication based on an image, specifies a line-of-sight angle of a subject captured in the image, and Among the gaze directions classified into types, gaze detection means for detecting a gaze direction corresponding to the identified gaze angle, authentication permission gaze direction setting means for setting a gaze direction that permits authentication, and the gaze detection means It is determined whether or not the detected line-of-sight direction is an authentication-permitted line-of-sight direction set by the authentication-permitted line-of-sight direction setting unit, and an authentication execution unit that performs authentication and an authentication-permitted line-of-sight of the authentication-permitted line-of-sight direction setting unit An image indicating the type of line-of-sight direction is displayed on the display unit when the direction is set, and a display control unit that does not display the image on the display unit when executing the authentication. Execution means, any of the viewing angle and the viewing direction specified by the visual axis detecting means, executes the authentication selectively used according to the condition of the detection performed by said visual line detection means.

  In order to solve the above-described problem, an authentication method according to an aspect of the present invention is an authentication method in which an authentication device performs authentication based on an image, and the authentication device permits a line-of-sight direction in which authentication is permitted. An authentication-permitted line-of-sight direction setting step, and the authentication device identifies the line-of-sight angle of the subject imaged in the image, and corresponds to the identified line-of-sight angle among a plurality of types of line-of-sight directions A line-of-sight detection step for detecting a line-of-sight direction, and the authentication device determines whether or not the line-of-sight direction detected in the line-of-sight detection step is the authentication permission line-of-sight direction set in the authentication permission line-of-sight direction setting step. An authentication execution step for performing authentication, and in the authentication permission line-of-sight direction setting step, an image indicating the type of the line-of-sight direction is displayed on the display unit, while the authentication execution In the step, the image is not displayed on the display unit, and in the authentication execution step, either the visual line angle or the visual line direction specified in the visual line detection step is detected in the visual line detection step. The above authentication is executed selectively according to the situation.

  According to one embodiment of the present invention, there is an effect that unauthorized authentication can be prevented.

1, showing an embodiment of the present invention, is a block diagram illustrating a configuration of a main part of an authentication apparatus. FIG. It is a figure which shows an example of the gaze angle specific information which shows the correspondence of a gaze angle and a gaze direction. It is a figure which shows an example of the gaze angle classification image which shows the classification of the gaze angle displayed on a display part. It is a figure which shows an example of the image which does not suggest the classification of the gaze direction displayed on a display part. It is a flowchart which shows an example of the authentication permission gaze direction setting process which an authentication apparatus performs. It is a flowchart which shows an example of the authentication process which an authentication apparatus performs. It is a flowchart which shows another example of the authentication process which an authentication apparatus performs. It is a flowchart which shows another example of the authentication process which an authentication apparatus performs. It is a flowchart which shows another example of the authentication process which an authentication apparatus performs.

  An embodiment of the present invention will be described below with reference to FIGS.

[Configuration of authentication device]
The authentication device 1 performs personal authentication by determining whether the user is the owner of the authentication device 1 or an electronic device in which the device is mounted based on the image. More specifically, the authentication device 1 determines whether or not the user is the owner based on the user's face image. Furthermore, the authentication device 1 detects the user's line-of-sight direction and determines whether or not the user shown in the captured image is a living body in order to prevent impersonation before performing personal authentication. . That is, the authentication device 1 performs personal authentication based on the face image after performing the impersonation prevention determination and correctly performing biometric authentication.

  In the present embodiment, the authentication method according to the present invention will be described as an authentication method used for anti-spoofing determination. However, the authentication method according to the present invention is not applied only to the impersonation prevention determination. That is, the authentication method according to the present invention is not applied only to biometric authentication performed before personal authentication, and the authentication method according to the present invention may be used for personal authentication itself.

  The authentication device 1 is, for example, an electronic device such as a mobile phone, a smartphone, a PC, a digital camera, a digital video camera, a PDA (Personal Digital Assistant), a game machine, a device that captures and prints a photo, and a device that edits an image. It may be installed. In this embodiment, it is assumed that the authentication device 1 is mounted on a mobile phone, and the authentication target is the owner of the mobile phone.

  The configuration of the authentication device 1 will be described with reference to FIG. FIG. 1 is a block diagram illustrating an example of a main configuration of the authentication device 1. As shown in FIG. 1, the authentication device 1 includes a control unit 11, a storage unit 12, an image input unit 13, and a display unit 14. The authentication device 1 may include members such as an operation unit, a communication unit, a voice input unit, and a voice output unit, but these members are not shown because they are not related to the feature points of the invention.

  The image input unit 13 is an interface for acquiring an image from an external image providing device (not shown). The image providing apparatus may be anything as long as it is an apparatus that provides a held image or an acquired image to another apparatus. For example, the image providing device is a digital camera, a digital video camera, a mobile phone, a smartphone, a PDA, a game machine, a storage device such as a USB (Universal Serial Bus) memory, or the like. Note that the authentication device 1 may be equipped with a camera instead of the image input unit 13.

  The display unit 14 displays an image in accordance with an instruction from the control unit 11. The display unit 14 only needs to display an image in accordance with an instruction from the control unit 11, and for example, an LCD (liquid crystal display), an organic EL display, a plasma display, or the like can be applied. Note that the authentication device 1 may not include the display unit 14. In this case, the authentication device 1 displays an image on a separate display device.

  The control unit 11 performs various operations by executing a program read from the storage unit 12 to a temporary storage unit (not shown), and comprehensively controls each unit included in the authentication device 1. .

  In the present embodiment, the control unit 11 includes, as functional blocks, an image acquisition unit 21, a line-of-sight detection unit (line-of-sight detection unit) 22, an authentication-permitted line-of-sight direction setting unit (authentication-permission line-of-sight setting unit) 23, and a biological determination unit (authentication). (Execution means) 24, identity determination section 25, and display control section (display control means) 26. Further, as shown in FIG. 1, the control unit 11 may include a blink detection unit (blink detection unit) 27. Each functional block (21 to 27) of the control unit 11 includes a CPU (central processing unit) that stores a program stored in a storage device realized by a ROM (read only memory) or the like (RAM (random access memory)). This can be realized by reading out and executing the temporary storage unit realized by the above.

  The image acquisition unit 21 acquires an image captured by the user via the image input unit 13. The image acquisition unit 21 outputs the acquired image to the line-of-sight detection unit 22, the person determination unit 25, and the blink detection unit 27. When an image is stored in the storage unit 12, the image acquisition unit 21 may read the image from the storage unit 12.

  The line-of-sight detection unit 22 acquires an image from the image acquisition unit 21 and detects a user's line-of-sight direction captured in the image. Specifically, the line-of-sight detection unit 22 identifies the line-of-sight angle of the user captured in the image, and refers to the line-of-sight direction identification information 31 indicating the correspondence between the line-of-sight angle and the line-of-sight direction. The line-of-sight direction corresponding to is specified. The line-of-sight detection unit 22 outputs the identified line-of-sight direction to the authentication-permitted line-of-sight direction setting unit 23 and the living body determination unit 24.

  Here, the line-of-sight direction specifying information 31 is, for example, as shown in FIG. In the line-of-sight direction specifying information 31 shown in FIG. 2, there are nine types of line-of-sight directions. As shown in FIG. 2, when the left / right (horizontal) line-of-sight angle is larger than 20 degrees and the vertical (vertical direction) line-of-sight angle is larger than 10 degrees, the line-of-sight direction is upper right. In addition, when the left and right (horizontal) line-of-sight angle is −20 degrees or more and 20 degrees or less, and the top and bottom (vertical direction) line-of-sight angle is −10 degrees or more and 10 degrees or less, the line-of-sight direction is the center. When the left / right (horizontal) line-of-sight angle is smaller than −20 degrees and the vertical (vertical) line-of-sight angle is smaller than −10 degrees, the line-of-sight direction is lower left.

  The line-of-sight direction specifying information 31 shown in FIG. 2 is an example, and the correspondence between the line-of-sight angle and the line-of-sight direction may be set as appropriate. For example, the line-of-sight direction may be four types (up, down, left, and right), and the corresponding line-of-sight angle range may be arbitrarily changed.

  The line-of-sight direction specifying information 31 is set in advance. However, since it is desirable to set the correspondence between the line-of-sight angle and the line-of-sight direction based on the camera position and the position of the user's face, the line-of-sight direction specifying information is set for each user or whenever the authentication-permitted line-of-sight direction is set. It is desirable to correct 31.

  Further, the line-of-sight detection unit 22 identifies a plurality of line-of-sight angles from a plurality of images photographed in a predetermined period, and a line-of-sight direction corresponding to an average value, a most frequent angle, an intermediate value, or the like of the plurality of line-of-sight angles May be specified. Thereby, even if a user's gaze angle is not stable, a user's gaze direction with high reliability can be specified.

  Further, the line-of-sight detection unit 22 may specify the line-of-sight angle of the user captured in the image and output the specified line-of-sight angle itself to the authentication-permitted line-of-sight direction setting unit 23 and the living body determination unit 24.

  The method for detecting the user's line-of-sight direction from the image is not limited to the above-described method, and a known technique can be used. For example, the line-of-sight direction may be detected based on the position of the iris.

  The authentication permission gaze direction setting unit 23 sets a gaze direction for permitting impersonation prevention determination (biometric authentication). The authentication permission line-of-sight setting unit 23 stores authentication permission line-of-sight information 32 indicating the set authentication permission line-of-sight direction in the storage unit 12. The line-of-sight direction permitting biometric authentication is referred to as an authentication-permitted line-of-sight direction.

  Specifically, the authentication permission gaze direction setting unit 23 prompts the user to register the authentication permission gaze direction, and sets the gaze direction detected by the gaze detection unit 22 as the authentication permission gaze direction. The authentication permission line-of-sight setting unit 23 may set the line-of-sight direction input by the user operating the operation unit such as a keyboard or a mouse as the authentication permission line-of-sight direction.

  Moreover, the authentication permission gaze direction setting part 23 sets the acquired gaze angle as an authentication permission gaze angle, when a gaze angle is acquired from the gaze detection part 22. FIG. In this case, information indicating the set authentication permission line-of-sight angle is stored in the storage unit 12 as authentication permission line-of-sight information 32.

  The authentication permission line-of-sight setting unit 23 may set a plurality of authentication permission line-of-sight directions or authentication permission line-of-sight angles in a predetermined order.

  The biological determination unit 24 reads the authentication permission line-of-sight information 32 from the storage unit 12 and determines whether or not the line-of-sight direction detected by the line-of-sight detection unit 22 is the authentication permission line-of-sight direction indicated by the authentication permission line-of-sight information 32. . The living body determination unit 24 determines that the authentication is correctly performed when the line-of-sight direction detected by the line-of-sight detection unit 22 is the authentication-permitted line-of-sight direction. That is, it is determined that the user imaged in the image is a living body. Then, the biometric determination unit 24 notifies the person determination unit 25 that biometric authentication has been correctly performed.

  On the other hand, when the line-of-sight direction detected by the line-of-sight detection unit 22 is not the authentication-permitted line-of-sight direction, the living body determination unit 24 determines that authentication has not been performed correctly. That is, it is determined that the user imaged in the image is not a living body. At this time, the biometric determination unit 24 may notify the display control unit 26 that biometric authentication has not been performed correctly.

  When the line-of-sight detection unit 22 outputs the line-of-sight angle, the living body determination unit 24 calculates a difference value (absolute value) between the line-of-sight angle detected by the line-of-sight detection unit 22 and the authentication permission line-of-sight angle indicated by the authentication permission line-of-sight information 32. Is less than or equal to a predetermined threshold. The living body determination unit 24 determines that the authentication is correctly performed when the difference value between the line-of-sight angle detected by the line-of-sight detection unit 22 and the authentication-permitted line-of-sight angle is equal to or less than a predetermined threshold. On the other hand, when the difference value between the line-of-sight angle detected by the line-of-sight detection unit 22 and the authentication-permitted line-of-sight angle is not less than a predetermined threshold, the living body determination unit 24 determines that the authentication has not been performed correctly.

  For example, assume that the threshold value is set to 5 degrees for the horizontal direction and the vertical direction. In addition, it is assumed that the authentication-permitted gaze angles in the horizontal direction and the vertical direction are 9 degrees and 11 degrees, respectively, and the gaze angles in the horizontal direction and the vertical direction detected by the gaze detection unit 22 are 13 degrees and 8 degrees, respectively. In this case, since the difference values in the horizontal direction and the vertical direction are 4 degrees and 3 degrees, respectively, the living body determination unit 24 determines that the difference is equal to or less than the threshold value.

  The line-of-sight detection unit 22 may output the line-of-sight direction and the line-of-sight angle to the authentication-permitted line-of-sight direction setting unit 23 and the living body determination unit 24. In this case, the biometric determination unit 24 may perform biometric authentication using both the line-of-sight direction and the line-of-sight angle.

  For example, the living body determination unit 24 performs the determination based on the line-of-sight angle when the line-of-sight angle detected by the line-of-sight detection unit 22 is near the boundary for classifying the line-of-sight direction, and otherwise determines based on the line-of-sight direction. You may go. Here, in the case of the gaze direction specifying information 31 shown in FIG. 2, the boundary for classifying the gaze direction is a horizontal gaze angle of 20 degrees or −20 degrees, and a vertical gaze angle of 10 degrees or −10. Degree.

  Further, for example, when the reliability (accuracy) of face detection or gaze detection described later is high, the determination may be performed based on the gaze direction, and when the reliability is low, the determination may be performed based on the gaze angle.

  In addition, when the authentication permission line-of-sight setting unit 23 sets a plurality of authentication permission line-of-sight directions or authentication permission line-of-sight angles in a predetermined order, the biometric determination unit 24 sets the predetermined number set by the authentication permission line-of-sight direction setting unit 23. Authentication may be executed by determining whether or not the line-of-sight detection unit 22 has output a plurality of authentication-permitted line-of-sight directions or authentication-permitted line-of-sight angles in order.

  At this time, the line-of-sight detection unit 22 specifies the line-of-sight direction or the line-of-sight angle for each predetermined period and outputs it to the living body determination unit 24. For example, the line-of-sight detection unit 22 outputs the next line-of-sight direction or line-of-sight angle when the blink detection unit 27 described later detects blinking. Further, the line-of-sight detection unit 22 may output the detected line-of-sight direction when detecting a certain line-of-sight direction for a predetermined period.

  Upon receipt of a notification indicating that biometric authentication has been correctly performed from the biometric determination unit 24, the personal identification determination unit 25 reads the personal information 33 indicating the face image of the owner registered in advance and acquires it from the image acquisition unit 21. It is determined whether or not the user captured in the captured image is the owner. If the user imaged in the image is the owner, the person determination unit 25 determines that the personal authentication has been performed correctly. On the other hand, if the user imaged in the image is not the owner, the person determination unit 25 determines that the personal authentication has not been performed correctly.

  The display control unit 26 generates a predetermined image according to the processing of each unit, and causes the display unit 14 to display the generated image. Specifically, when the authentication permission gaze direction setting unit 23 starts the authentication permission gaze direction setting process, the display control unit 26 causes the display unit 14 to display an image that prompts the user to register the authentication permission gaze direction. For example, the display control unit 26 causes the display unit 14 to display text such as “please see the direction as the authentication permission line-of-sight direction” or “please look at the three directions as the authentication permission line-of-sight direction in order”. At this time, the display control unit 26 causes the display unit 14 to display a line-of-sight direction type image indicating the type of line-of-sight direction. For example, the display control unit 26 causes the display unit 14 of the mobile phone 100 to display the marker 41 indicating each direction as shown in FIG. Further, the display control unit 26 may display a visual line direction type image as shown in FIG.

  In addition, when the biometric authentication unit 24 performs biometric authentication, the display control unit 26 causes the display unit 14 to display an image that does not suggest the type of line-of-sight direction without displaying the line-of-sight direction type image. For example, the display control unit 26 may display a black image as shown in FIG. 4 on the display unit 14 of the mobile phone 100. The display control unit 26 also displays a one-color image, a landscape image, a background image at startup, an input image captured by the user, an image indicating that biometric authentication is being performed, or a count image (biometric authentication execution period (input An image indicating (time limit) may be displayed. In addition, when performing biometric authentication, the display control unit 26 may display an image indicating that biometric authentication has been started, superimposed on an image that does not suggest the type of line-of-sight direction.

  Moreover, the display control part 26 displays the image which shows an input timing on the display part 14, when inputting several gaze directions. For example, the display control unit 26 may display text such as “Please input the next gaze direction” at a predetermined interval.

  The display control unit 26 displays a predetermined image on the display unit 14 and notifies the user, but the notification method for the user is not limited to this. For example, when a mobile phone includes a speaker, a vibration unit, or a lamp (such as an LED), the user may be notified by sound, vibration, or light emission (color).

  The blink detection unit 27 acquires an image from the image acquisition unit 21 and detects the user's blink captured in the image. When the blink detection unit 27 detects blinking, the blink detection unit 27 notifies the line-of-sight detection unit 22 to that effect.

  The storage unit 12 stores programs, data, and the like referred to by the control unit 11, and stores, for example, the above-described line-of-sight direction specifying information 31, authentication permission line-of-sight information 32, personal information 33, and the like.

[Authentication gaze direction setting process]
Next, the authentication permission gaze direction setting process executed by the authentication device 1 will be described with reference to FIG. FIG. 5 is a flowchart illustrating an example of the authentication permission line-of-sight direction setting process executed by the authentication device 1.

  As illustrated in FIG. 5, when the authentication permission line-of-sight direction setting unit 23 starts the authentication permission line-of-sight direction setting process, the display control unit 26 causes the display unit 14 to display a line-of-sight direction type image indicating the type of line-of-sight direction (S1). ). Then, the image acquisition unit 21 acquires an input image via the image input unit 13 (S2). Next, the gaze detection unit 22 detects the user's gaze direction from the input image (S3). The authentication permission line-of-sight setting unit 23 sets the line-of-sight direction detected by the line-of-sight detection unit 22 as the authentication permission line-of-sight direction (S4).

  Next, the authentication permission gaze direction setting unit 23 determines whether or not a predetermined number of authentication permission gaze directions have been set (S5), and if a predetermined number of authentication permission gaze directions have not been set (NO in S5). Then, the user inputs the line-of-sight direction again. On the other hand, when a predetermined number of authentication permission line-of-sight directions are set (YES in S5), the authentication permission line-of-sight direction setting unit 23 generates authentication permission line-of-sight information 32 indicating the set authentication permission line-of-sight direction and stores it in the storage unit 12. Store (S6).

[Biometric authentication processing]
Example 1
Next, authentication processing executed by the authentication device 1 will be described with reference to FIG. FIG. 6 is a flowchart illustrating an example (Example 1) of the authentication process executed by the authentication device 1.

  As illustrated in FIG. 6, when the authentication process is started, the display control unit 26 does not display the line-of-sight direction type image, unlike the authentication permission line-of-sight direction setting process illustrated in FIG. 5. In this state, the image acquisition unit 21 acquires an input image via the image input unit 13 (S11). Next, the line-of-sight detection unit 22 detects the user's line-of-sight direction from the input image (S12). The living body determination unit 24 determines whether the line-of-sight direction detected by the line-of-sight detection unit 22 is the authentication-permitted line-of-sight direction (S13).

  Here, when the line-of-sight direction detected by the line-of-sight detection unit 22 is the authentication-permitted line-of-sight direction (YES in S13), the living body determination unit 24 then performs a predetermined number of authentications in a predetermined order indicated by the authentication-permission line-of-sight information 32. It is determined whether or not the permitted gaze direction is detected (S14). If a predetermined number of authentication-permitted line-of-sight directions have not been detected yet (NO in S14), S11 to S13 are repeated.

  When a predetermined number of authentication permission line-of-sight directions are detected in a predetermined order indicated by the authentication permission line-of-sight information 32 (YES in S14), the living body determination unit 24 determines that the subject is a living body (S15). Then, the person determination unit 25 determines whether the subject is the owner based on the image, and executes personal authentication (S16).

  If the line-of-sight direction detected by the line-of-sight detection unit 22 is not the authentication-permitted line-of-sight direction in S13 (NO in S13), the biometric determination unit 24 determines that the subject is not a living body (S17) and executes personal authentication. The process is terminated without doing so. In S <b> 16, when the subject is not the owner, the person determination unit 25 determines that the subject is not the owner. In these cases, the display control unit 26 may display an image indicating that the authentication has not been correctly performed on the display unit 14.

  In S11, the line-of-sight direction type image is not displayed, but a message indicating the start of processing such as “start authentication processing” and “start biometric authentication” may be displayed.

(Example 2)
Next, another embodiment of the biometric authentication process executed by the authentication device 1 will be described with reference to FIG. FIG. 7 is a flowchart illustrating another example (Example 2) of the biometric authentication process performed by the authentication device 1.

  Example 2 shows an example in which a user inputs a plurality of line-of-sight directions by blinking. The second embodiment is different from the first embodiment only in a method in which the line-of-sight detection unit 22 specifies a plurality of line-of-sight directions. Therefore, a different part from Example 1 is mainly demonstrated.

  As illustrated in FIG. 7, similarly to the first embodiment, the display control unit 26 executes the processes of S11 to S14 without displaying the line-of-sight direction type image. In S14, when the predetermined number of authentication-permitted gaze directions are not detected (NO in S14), the gaze detection unit 22 waits until the blink detection unit 27 detects blinking (S21). When the blink detection unit 27 detects blinking (YES in S21), the image acquisition unit 21 acquires an input image (S11), and the line-of-sight detection unit 22 detects the next line-of-sight direction and returns to the living body determination unit 24. Output (S12). Then, the living body determination unit 24 executes the determination process of S13.

  When a predetermined number of authentication permission line-of-sight directions are detected in a predetermined order indicated by the authentication permission line-of-sight information 32 (YES in S14), the processes of S15 and S16 are executed as in the first embodiment.

(Example 3)
Next, another embodiment of the biometric authentication process executed by the authentication device 1 will be described with reference to FIG. FIG. 8 is a flowchart illustrating another example (third embodiment) of the biometric authentication process performed by the authentication device 1.

  The third embodiment shows an example in which one gaze direction is input when the user gazes at the same gaze direction for a certain period of time. The third embodiment is different from the first embodiment only in how the line-of-sight detection unit 22 specifies a plurality of line-of-sight directions. Therefore, a different part from Example 1 is mainly demonstrated.

  As shown in FIG. 8, as in S11 and S12 of the first embodiment, the display control unit 26 does not display the line-of-sight direction type image, the image acquisition unit 21 acquires the input image (S31), and the line-of-sight detection is performed. The unit 22 detects the user's line-of-sight direction from the input image (S32).

  Here, the gaze detection unit 22 outputs the detected gaze direction to the living body determination unit 24 only when the same gaze direction is detected for a predetermined period (S33). In the example illustrated in FIG. 8, the line-of-sight detection unit 22 performs the detection process until the same line-of-sight direction is detected for a predetermined period. If the user's line-of-sight direction is not determined, the detection process and the authentication process are terminated. May be.

  Next, the living body determination unit 24 determines whether or not the line-of-sight direction detected by the line-of-sight detection unit 22 is the authentication-permitted line-of-sight direction (S34). When the line-of-sight direction detected by the line-of-sight detection unit 22 is the authentication-permitted line-of-sight direction (YES in S34), the biometric determination unit 24 then proceeds to a predetermined number of authentication-permitted line-of-sight directions in a predetermined order indicated by the authentication-permission line-of-sight information 32. Whether or not is detected is determined (S35). If the predetermined number of authentication-permitted line-of-sight directions has not been detected yet (NO in S35), S31 to S34 are repeated.

  When a predetermined number of authentication permission line-of-sight directions are detected in a predetermined order indicated by the authentication permission line-of-sight information 32 (YES in S35), the living body determination unit 24 determines that the subject is a living body (S36). Then, the person determination unit 25 determines whether or not the subject is the owner based on the image, and executes personal authentication (S37).

  If the line-of-sight direction detected by the line-of-sight detection unit 22 is not the authentication-permitted line-of-sight direction in S34 (NO in S34), the biometric determination unit 24 determines that the subject is not a living body (S38) and executes personal authentication. The process is terminated without doing so.

Example 4
Next, another embodiment of the biometric authentication process executed by the authentication device 1 will be described with reference to FIG. FIG. 9 is a flowchart showing another example (embodiment 4) of the biometric authentication process executed by the authentication device 1.

  The fourth embodiment shows an example in which the user inputs the next line-of-sight direction by looking at the image displayed on the display unit 14 and instructing the input of the next line-of-sight direction. The fourth embodiment is different from the first embodiment only in how the line-of-sight detection unit 22 specifies a plurality of line-of-sight directions. Therefore, a different part from Example 1 is mainly demonstrated.

  As illustrated in FIG. 9, as in the first embodiment, the display control unit 26 performs the processes of S11 to S14 without displaying the line-of-sight direction type image. In S14, when a predetermined number of authentication-permitted gaze directions have not been detected (NO in S14), the display control unit 26 displays an image instructing input of the next gaze direction on the display unit 14 to the user. It is notified that it is the input timing of the authentication permission line-of-sight direction (S41). Thereafter, the image acquisition unit 21 acquires an input image (S11), and the line-of-sight detection unit 22 detects the next line-of-sight direction and outputs it to the living body determination unit 24 (S12). Then, the living body determination unit 24 executes the determination process of S13.

  When a predetermined number of authentication permission line-of-sight directions are detected in a predetermined order indicated by the authentication permission line-of-sight information 32 (YES in S14), the processes of S15 and S16 are executed as in the first embodiment.

[Example of software implementation]
The control block (especially the control unit 11) of the authentication device 1 may be realized by a logic circuit (hardware) formed in an integrated circuit (IC chip) or the like, or realized by software using a CPU (Central Processing Unit). May be.

  In the latter case, the authentication device 1 includes a CPU that executes instructions of a program that is software that implements each function, a ROM (Read Only Memory) in which the above-described program and various data are recorded so as to be readable by a computer (or CPU), or A storage device (these are referred to as “recording media”), a RAM (Random Access Memory) that expands the program, and the like are provided. And the objective of this invention is achieved when a computer (or CPU) reads the said program from the said recording medium and runs it. As the recording medium, a “non-temporary tangible medium” such as a tape, a disk, a card, a semiconductor memory, a programmable logic circuit, or the like can be used. The program may be supplied to the computer via an arbitrary transmission medium (such as a communication network or a broadcast wave) that can transmit the program. The present invention can also be realized in the form of a data signal embedded in a carrier wave in which the program is embodied by electronic transmission.

[Summary]
An authentication apparatus according to aspect 1 of the present invention is an authentication apparatus that performs authentication based on an image, and a line-of-sight detection unit that detects a line-of-sight direction of a subject captured in the image, and a line-of-sight direction that permits authentication Authentication permission line-of-sight direction setting means for setting and the line-of-sight direction detected by the line-of-sight detection means determine whether or not the authentication permission line-of-sight direction set by the authentication permission line-of-sight direction setting means and execute authentication When the authentication execution means and the authentication permission line-of-sight direction setting means set the authentication permission line-of-sight direction, an image indicating the type of the line-of-sight direction is displayed on the display unit, while when the authentication execution unit performs authentication, the image is displayed on the display unit Display control means not to display on the display.

  According to the above configuration, since an image indicating the type of line-of-sight direction is not displayed at the time of performing authentication, it is difficult for another person to grasp the authentication method. Therefore, there is an effect that unauthorized authentication can be prevented.

  In the authentication device according to aspect 2 of the present invention, in the aspect 1, the display control unit may cause the display unit to display an image that does not suggest the type of the line-of-sight direction when the authentication execution unit performs authentication. .

  According to said structure, the image which does not suggest the type of said gaze direction, for example, a black image, etc. is displayed at the time of authentication execution. Therefore, it is difficult for another person to grasp the authentication method. Therefore, unauthorized authentication can be prevented.

  The authentication device according to aspect 3 of the present invention is the authentication apparatus according to aspect 1 or 2, wherein the authentication permission line-of-sight direction setting unit sets a plurality of authentication permission line-of-sight directions in a predetermined order, and the authentication execution unit performs the authentication permission Authentication may be executed by determining whether or not the line-of-sight detection means has detected the plurality of authentication-permitted line-of-sight directions in a predetermined order set by the line-of-sight direction setting means.

  According to said structure, in order to authenticate, you have to input several gaze directions in a predetermined order. Therefore, unauthorized authentication can be prevented to a higher degree.

  The authentication device according to aspect 4 of the present invention further includes blink detection means for detecting blinking of the subject in the aspect 3, and the line-of-sight detection means detects the next blinking direction when the blink detection means detects blinking. May be detected.

  According to said structure, the said gaze detection means detects a gaze direction for every period divided | segmented by the user's blink. Therefore, the user can continuously input a plurality of line-of-sight directions with a simple operation.

  In the authentication device according to aspect 5 of the present invention, in the above aspect 3, the line-of-sight detection means may detect the next line-of-sight direction when detecting a line-of-sight direction in a certain direction for a predetermined period.

  According to said structure, the user can input a several gaze direction continuously only by simple operation | movement which gazes a certain direction for a predetermined period.

  In the authentication device according to aspect 6 of the present invention, in the aspect 3, the line-of-sight detection unit displays the next line-of-sight direction when the display control unit displays an image that prompts input of the next line-of-sight direction on the display unit. It may be detected.

  According to said structure, the user can input a several gaze direction continuously only by following the said image displayed on the said display part.

  An authentication method according to aspect 7 of the present invention is an authentication method for executing authentication based on an image, and includes an authentication permission line-of-sight direction setting step for setting a line-of-sight direction permitting authentication, and a subject imaged in the image A line-of-sight detection step for detecting the line-of-sight direction, and whether the line-of-sight direction detected in the line-of-sight detection step is the authentication-permitted line-of-sight direction set in the authentication-permission line-of-sight direction setting step. An authentication execution step to be executed. In the authentication permission line-of-sight direction setting step, an image indicating the type of line-of-sight direction is displayed on the display unit, while in the authentication execution step, the image is not displayed on the display unit.

  An authentication apparatus according to an aspect 8 of the present invention is an authentication apparatus that performs authentication based on an image, specifies a line-of-sight angle of a subject imaged in the image, and includes a plurality of types of line-of-sight directions. Among these, the gaze detection means for detecting the gaze direction corresponding to the specified gaze angle, the authentication permitted gaze direction setting means for setting the gaze direction that permits authentication, and the gaze direction detected by the gaze detection means are the authentication permission. It is determined whether the line-of-sight direction setting means is an authentication-permitted line-of-sight direction, and at the time of setting the authentication-permission line-of-sight direction of the authentication-permitted line-of-sight direction setting means, the line-of-sight direction type is set. A display control unit that displays the image to be displayed on the display unit, and does not display the image on the display unit when the authentication execution unit executes the authentication. The line-of-sight detection unit captures the image during a predetermined period. From the a plurality of images of the subject, respectively identify the viewing angle, the average value of each viewing angle, to identify the line-of-sight direction corresponding to the most frequent angle or intermediate values.

  An authentication method according to aspect 9 of the present invention is an authentication method in which an authentication device performs authentication based on an image, and the authentication device sets an authentication permission line-of-sight direction setting step for setting a line-of-sight direction to permit authentication; A line-of-sight detection step in which the authentication device identifies a line-of-sight angle of a subject captured in the image and detects a line-of-sight direction corresponding to the identified line-of-sight angle among a plurality of types of line-of-sight directions; An authentication execution step in which the authentication device determines whether the line-of-sight direction detected in the line-of-sight detection step is the authentication permission line-of-sight direction set in the authentication permission line-of-sight direction setting step, and executes authentication; In the line-of-sight detection step, the line-of-sight angle is identified from a plurality of images of the subject photographed during a predetermined period, and the average value of each line-of-sight angle and the most frequent angle Alternatively, the line-of-sight direction corresponding to the intermediate value is specified, and in the authentication permission line-of-sight direction setting step, an image indicating the line-of-sight direction type is displayed on the display unit, while in the authentication execution step, the image is displayed on the display unit. I won't let you.

  The authentication device according to each aspect of the present invention may be realized by a computer, and in this case, the authentication device that realizes the authentication device by a computer by causing the computer to operate as each unit included in the authentication device. A control program and a computer-readable recording medium on which the control program is recorded also fall within the scope of the present invention.

  The present invention is not limited to the above-described embodiments, and various modifications can be made within the scope shown in the claims. That is, embodiments obtained by combining technical means appropriately modified within the scope of the claims are also included in the technical scope of the present invention.

  The present invention can be used in an authentication device that detects a user's line of sight and performs authentication.

DESCRIPTION OF SYMBOLS 1 Authentication apparatus 14 Display part 21 Image acquisition part 22 Gaze detection part (Gaze detection means)
23 authentication permission gaze direction setting unit (authentication permission gaze direction setting means)
24 Biological determination unit (authentication execution means)
25 Identity determination unit 26 Display control unit (display control means)
27 Blink detection unit (blink detection means)
31 Gaze direction identification information 32 Authentication permission gaze information 33 Identity information

Claims (12)

An authentication device that performs authentication based on an image,
A line-of-sight detecting means for identifying a line-of-sight angle of a subject imaged in the image and detecting a line-of-sight direction corresponding to the identified line-of-sight angle among a plurality of types of line-of-sight directions;
Authentication permission gaze direction setting means for setting a gaze direction permitting authentication;
An authentication execution unit that performs authentication by determining whether or not the line-of-sight direction detected by the line-of-sight detection unit is the authentication-permitted line-of-sight direction set by the authentication-permitted line-of-sight direction setting unit;
Display control for displaying an image indicating the type of line-of-sight direction on the display unit when the authentication-permitted line-of-sight direction setting unit sets the authentication-permission line-of-sight direction, while not displaying the image on the display unit when performing authentication by the authentication execution unit Means, and
The authentication execution means executes the authentication by selectively using any of the line-of-sight angle and the line-of-sight direction specified by the line-of-sight detection means according to the state of detection performed by the line-of-sight detection means. An authentication apparatus characterized by that.   The authentication execution unit is configured to determine either the line-of-sight angle or the line-of-sight direction according to the proximity of the line-of-sight angle specified by the line-of-sight detection unit to a predetermined angle serving as a boundary for classifying the line-of-sight direction. The authentication apparatus according to claim 1, wherein the authentication is performed by selectively using the authentication.   The authentication execution unit performs the authentication by selectively using either the line-of-sight angle or the line-of-sight direction according to the reliability of detection performed by the line-of-sight detection unit. The authentication device according to 1.   The line-of-sight detection means identifies a line-of-sight angle from a plurality of images of the subject photographed during a predetermined period, and identifies a line-of-sight direction corresponding to an average value, a most frequent angle, or an intermediate value of each line-of-sight angle. The authentication device according to any one of claims 1 to 3, wherein   The said display control means displays the image which does not suggest the classification of the said gaze direction on the said display part at the time of the authentication execution of the said authentication execution means, The display part of any one of Claim 1 to 4 characterized by the above-mentioned. Authentication device. The authentication permission line-of-sight direction setting means sets a plurality of authentication permission line-of-sight directions in a predetermined order,
The authentication execution means determines whether or not the line-of-sight detection means has detected the plurality of authentication permission line-of-sight directions in a predetermined order set by the authentication permission line-of-sight direction setting means, and executes authentication. The authentication device according to claim 1, wherein the authentication device is a feature. It further comprises blink detecting means for detecting blink of the subject,
The authentication device according to claim 6, wherein the line-of-sight detection unit detects a next line-of-sight direction when the blink detection unit detects blinking.   7. The authentication apparatus according to claim 6, wherein the line-of-sight detection means detects the next line-of-sight direction when detecting a line-of-sight direction in a certain direction for a predetermined period.   The authentication device according to claim 6, wherein the line-of-sight detection unit detects the next line-of-sight direction when the display control unit displays an image prompting input of the next line-of-sight direction on the display unit. An authentication method in which an authentication device performs authentication based on an image,
The authentication apparatus, an authentication permission line-of-sight direction setting step for setting a line-of-sight direction that permits authentication,
A line-of-sight detection step in which the authentication device identifies a line-of-sight angle of a subject imaged in the image and detects a line-of-sight direction corresponding to the identified line-of-sight angle among a plurality of types of line-of-sight directions;
An authentication execution step in which the authentication device determines whether or not the line-of-sight direction detected in the line-of-sight detection step is the authentication permission line-of-sight direction set in the authentication permission line-of-sight direction setting step, and executes authentication. Including,
In the authentication permission gaze direction setting step, an image indicating the type of gaze direction is displayed on the display unit, while in the authentication execution step, the image is not displayed on the display unit,
In the authentication execution step, the authentication is executed by selectively using either the line-of-sight angle or the line-of-sight direction specified in the line-of-sight detection step according to the state of detection performed in the line-of-sight detection step. An authentication method characterized by:   A control program for operating the authentication apparatus according to any one of claims 1 to 9, wherein the control program causes a computer to function as each of the means.   The computer-readable recording medium which recorded the control program of Claim 11.

Images