JP6749623B1 - Authentication method, its system and management server - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication method capable of handling highly confidential data with high reliability and low cost when authenticating an authentication target of a person or the like. SOLUTION: In an authentication system 1, one of the person authentication servers 15_1 to 15_n causes a management server 17 to generate a synchronization processing server 19 as a virtual server when the update condition of authentication metadata is satisfied. The person authentication server sends the acquired metadata to the synchronization processing server. The synchronous processing server sends the received acquired metadata to all the person authentication servers to update the authentication metadata, and then deletes the data. [Selection diagram] Fig. 1

Description

The present invention relates to an authentication method, its system, and a management server.

Conventionally, as shown in FIG. 9, a person authentication system detects a feature of a person's face by using an image of a monitoring/imaging unit and compares the extracted data as a feature to identify an individual. Feature extraction Mold techniques have been used. On the other hand, with artificial intelligence technology that has been growing rapidly in recent years, by using the method of deep learning, in addition to the person's face, other features of the human body are also added to determine the face taken by the camera 213. In the field of person authentication, conventionally, as shown in FIG. 9, a camera 213 and a person authentication server 219 are connected to each other, and a person authentication server 219 is connected to the person authentication server 219. , The image of the camera 213 is analyzed, and the person is identified by collating with the person authentication data registered in advance.

For the purpose of discovering the same person across a plurality of facilities, in the conventional system, as shown in FIG. 10, a large person authentication server 219 is installed in a data center or a cloud center, and each facility is installed in each facility. Deploys the image processing server 215 to cut out an image of a person having a heavy processing load, transmits the image of the cut out person to the person authentication server 219, and deploys all subsequent processing to the data center or cloud center. The processed person authentication server 219 performs the processing.

However, in the system shown in FIG. 10, since the image processing server 215 sends the data including the image of the person to the person authentication server 219, it is necessary to construct an environment that maintains very high security from the viewpoint of personal information protection, and maintenance and There is a problem that the operation cost becomes very high.

Further, in applications using the deep learning technology, a mechanism that takes advantage of the characteristic of the deep learning technology, “improvement in performance by re-learning”, is required, so that the security problem of the system shown in FIG. Therefore, the system shown in FIG. 9 is introduced in each facility, and when replacing with the person authentication data improved by re-learning, for example, there is a method of artificially replacing all the facilities and moving around. When it was necessary to replace the data with, there was a problem that was not realistic in actual operation.

The present invention has been made in view of such circumstances, and an object thereof is to handle highly confidential data with high reliability and at a low cost when authenticating an authentication target such as a person, and for the purpose of data planning. An object of the present invention is to provide an authentication method, a system thereof, and a management server that can automatically improve performance by re-learning required when using technology.

In order to solve the above-mentioned problems of the prior art and achieve the above-mentioned object, the authentication method of the present invention is a method in which the authentication device has a database storing a plurality of authentication metadata in association with the authentication target identification information , each of the plurality of the authentication device, a first step of the corresponding imaging means to acquire acquisition metadata indicating characteristics of the authentication unit position of the authentication target included in the image captured, the authentication device, wherein The degree of coincidence between the acquired metadata acquired in the first step and the plurality of authentication metadata read out from the database is calculated, and if the degree of coincidence exceeds a predetermined criterion, the authentication is successful, A second step of identifying the authentication target identification information corresponding to the authentication metadata in which the degree of coincidence exceeds a predetermined criterion, and the authentication device, when the authentication is successful in the second step, The certainty factor of whether the acquired metadata that has been successfully authenticated is the data of the authentication part is the smallest among the certainty factors of the plurality of authentication metadata of the person corresponding to the identified authentication target identification information. If the update condition that is greater than the confidence, the third step and, prior SL management server the authentication device transmits the update request specified the authentication metadata authentication subject identification information to the management server wherein a fourth step of generating a synchronization server in response to the update request received, the synchronization server, the update request directly from the authentication apparatus that has transmitted or indirectly received the acquired metadata from A fifth step of transmitting the authentication target identification information to the other authentication apparatus, the other authentication apparatus that has received the acquisition metadata in the fifth step, and the authentication apparatus that has transmitted the update request , wherein the authentication metadata the confidence smallest among the authentication metadata multiple corresponding human was the identified said authentication object identification information, the sixth update process in acquiring metadata said received And the process.

Preferably, in the second step, the authentication device compares a plurality of the authentication metadata and the acquired metadata, which are respectively associated with a plurality of verification objects for verification, and acquires the acquired metadata. It is authenticated whether the data matches any of the plurality of verification objects for verification.

Preferably, in the fifth step, the synchronization processing server transmits the authentication target identification information received together with the acquired metadata to the other authentication device, and in the sixth step, the other authentication. The device performs the update process based on the received authentication target identification information.

Preferably, in the third step, the authentication device calculates the certainty factor of the acquired metadata based on image data of an authentication portion of an authentication target included in the captured video, and performs the authentication. The certainty factor calculated in advance is associated with the metadata.

Preferably, when the authentication part of the authentication target is a human face, the authentication device specifies the contours of the human head, the left and right eyes, and the mouth from the image data of the authentication part of the authentication target, and the identification is performed. The certainty factor is calculated based on the head width Lf, the specified distance Le between the center positions of the left and right eyes, and the distance Lm between the specified center position of the mouth and the center of gravity of the left and right eyes.

Preferably, in the second step, the authentication device, based on a plurality of the authentication metadata and the acquisition metadata, the face contour, the distance between specific parts of the face, and the degree of coincidence of angles. The matching degree data shown is calculated, and the authentication is performed based on the matching degree data.

Preferably, in the third step, when the certainty factor exceeds a predetermined reference value and the certainty factor is larger than the smallest certainty factor among the certainty factors of the plurality of authentication metadata, Judge that the update condition is satisfied.

Preferably, after the fifth step, the management server further includes a seventh step of deleting the synchronization processing server.

Suitably, it has a camera which accommodated the image pick-up means and the attestation device.

Preferably, the acquired metadata and the authentication metadata are at least one of characteristic data of a person's face or body type (skeleton, height), gender data, age data, stride data, walking speed data, and center-of-gravity position data. including.

The authentication system of the present invention includes a plurality of image pickup means and a plurality of authentication devices each corresponding to each of the plurality of image pickup means and having a database for storing a plurality of authentication metadata in association with authentication target identification information. And a management device, each of the plurality of authentication devices acquires acquisition metadata indicating the characteristics of the authentication site of the authentication target included in the image captured by the corresponding image capturing unit, and the authentication device , The degree of coincidence between the acquired acquisition metadata and the plurality of authentication metadata read from the database is calculated, and if the degree of coincidence exceeds a predetermined criterion, the authentication is successful, and the degree of coincidence is The authentication target identification information corresponding to the authentication metadata that exceeds a predetermined standard is specified, and the authentication device, when the authentication is successful, of the authentication site for the acquired metadata that is successfully authenticated. If the certainty factor of data is greater than the smallest certainty factor among the certainty factors of the plurality of authentication metadata of the person corresponding to the identified authentication target identification information, the management is performed. sending the update request specified the authentication metadata authentication subject identification information to the server, generates a synchronization server according to the prior SL management server has received from the authentication device update request, the synchronization process The server transmits the acquisition metadata and the authentication target identification information directly or indirectly received from the authentication device that has transmitted the update request to another authentication device, and the synchronization processing server acquires the acquisition metadata. The other authentication device that has received the authentication request and the authentication device that has transmitted the update request, the authentication with the smallest certainty factor among the plurality of authentication metadata of the person corresponding to the identified authentication target identification information. The processing metadata is updated with the received acquisition metadata.

Preferably, after the fifth step, the management server further includes a seventh step of deleting the synchronization processing server.

According to the present invention, it is possible to provide an authentication method, a system thereof, and a management server capable of handling highly confidential data at a low cost with high reliability when authenticating an authentication target such as a person.

FIG. 1 is an overall configuration diagram of an authentication system according to the first embodiment of the present invention. FIG. 2 is a functional block diagram of the person authentication server shown in FIG. FIG. 3 is a diagram for explaining an authentication process of the person authentication server shown in FIG. FIG. 4 is a diagram for explaining the certainty factor calculation of the person authentication server shown in FIG. FIG. 5 is a functional block diagram of the management server shown in FIG. FIG. 6 is a flowchart for explaining an operation example of the authentication system shown in FIG. FIG. 7 is an overall configuration diagram of an authentication system according to the second embodiment of the present invention. FIG. 8 is a flowchart for explaining an operation example of the authentication system according to the third embodiment of the present invention. FIG. 9 is an overall configuration diagram for explaining a first example of a conventional authentication system. FIG. 10 is an overall configuration diagram for explaining a second example of the conventional authentication system.

Hereinafter, the authentication system according to the embodiment of the present invention will be described.
<First Embodiment>
FIG. 1 is an overall configuration diagram of an authentication system 1 according to the first embodiment of the present invention.
As illustrated in FIG. 1, the authentication system 1 includes, for example, cameras 13_1 to 13_n, person authentication servers 15_1 to 15_n, a management server 17, and a synchronization processing server 19.

The authentication system 1 is a highly secure authentication database system using a self-growing algorithm in video surveillance.
In recent years, it has become possible to perform excellent image analysis using deep learning (DL) with the technology of artificial intelligence (AI).

The authentication system 1 provides a system that has high automatic recognition performance and high security performance by using person authentication by deep learning.

[Camera 13_1 to 13_n]
Each of the cameras 13_1 to 13_n has an image capturing unit that captures an image, and outputs the captured image data to the person authentication servers 15_1 to 15_n, respectively. n is an integer of 2 or more.

It should be noted that the cameras 13_1 to 13_n are not assigned a network address and are not hacked.

[Person authentication server 15_1 to 15_n]
FIG. 2 is a functional block diagram of the person authentication servers 15_1 to 15_n shown in FIG.
As illustrated in FIG. 2, the person authentication servers 15_1 to 15_n include, for example, an interface 27, a memory 29, a database 31, and a processing unit 33.

The interface 27 inputs video data from the corresponding cameras 13_1 to 13_n.
Further, the interface 27 communicates with the management server 17 and the synchronization processing server 19 via the network.

The memory 29 stores a program executed by the processing unit 33 and data used for executing the program.
The database 31 stores, for example, a plurality of pieces of authentication metadata associated with each of authentication portions (for example, faces of persons) of a plurality of authentication objects for verification (for example, a plurality of persons). In the present embodiment, the authentication metadata is characteristic information of a person's face.
Authentication target identification information (person ID) for identifying the target is assigned to each of the plurality of verification target authentication targets, and the authentication target identification information is associated with each authentication metadata.

The processing unit 33 executes the program read from the memory 29 and performs the processing described below.

The processing unit 33 analyzes the video data input from the corresponding cameras 13_1 to 13_n, extracts the characteristics of a predetermined authentication part (for example, face) of the authentication target included in the video data, and obtains metadata indicating the characteristics. To generate.
Specifically, the processing unit 33 outputs acquisition metadata obtained by analyzing image information of a person included in the image by performing image analysis on the image obtained by deep learning of the image data.

The metadata of this embodiment includes at least one of feature data of a person's face or body type (skeleton, height), sex data, age data, stride data, walking speed data, and center-of-gravity position data.
In the present embodiment, the metadata is the facial feature data as described above.

The processing unit 33 authenticates the person by comparing the generated acquisition metadata with the plurality of authentication metadata read from the database 31.

Each of the person authentication servers 15_1 to 15_n determines the outline of the face based on the acquired metadata and the plurality of pieces of authentication metadata of each of the plurality of verification objects to be verified (faces of a plurality of persons) read from the database 31. , Matching degree data indicating a matching degree of feature data such as distance and angle between specific parts of the face is calculated, and authentication is performed based on the matching degree data. In other words, the person authentication servers 15_1 to 15_n, if any one of the plurality of pieces of authentication metadata to be verified for collation has a degree of coincidence with the acquired metadata that exceeds a predetermined standard, the degree of coincidence. Authenticate as the person who is the target of verification for verification of the verification metadata that exceeds.

FIG. 4 is a diagram for explaining the authentication processing of the person authentication servers 15_1 to 15_n shown in FIG.
The processing unit 33 calculates the degree of coincidence used for authentication as shown below.
The processing unit 33 converts the difference between the acquired metadata and the authentication metadata (difference between the features of the face of the person and the face of another person) into a number, and matches the person with the degree of coincidence indicating the magnitude of the difference. Determine whether or not.
The processing unit 33 sets the perfect match to 0, and calculates the degree of non-identity as the degree of matching based on the size of the numbers up to 100.
FIG. 5 shows points F00 to F13 that are features of the outline of the face in the face image of the captured image.
The processing unit 33 calculates the distance and the angle of F00-F01 for each authentication portion (person's face) to be imaged.
The processing unit 33 also calculates the distance and the angle of F01-F01.

Similarly, the processing unit 33 calculates the respective distances and angles of F01-F02, F02-F03, F02-F10... F13-F00.
Similarly, the processing unit 33 calculates the distances and angles of the characteristic points of the contour with respect to the eyes, nose, and mouth.
The processing unit 33 calculates the difference between the numerical value of the distance and the numerical value of the angle between the characteristic points by determining whether or not they are the same person.
The processing unit 33 determines that the total sum of the numbers of the distances and angles between the characteristic points and the total of the difference of the angles r and the angles of the characteristic points of the two persons is 40%. If the number is less than, it is determined that the “matching degree” with the person is high (successful authentication). The processing unit 33 adjusts the accuracy of the person himself/herself to use the difference according to the strictness (threshold value) of the “coincidence degree”, such as within 20% and within 5%.

The processing unit 33 determines that the authentication is successful if the degree of coincidence exceeds the first reference value.
Here, if the authentication data is whitelist data that the person collaborated and acquired in an appropriate environment, the authentication is successful with a matching rate of 99.5% or more, and blacklist data other than whitelist data may be used. For example, the authentication may be successful when the degree of coincidence is 80% or more.
The calculation of the degree of coincidence by the processing unit 33 is not limited to the method described above.

The processing unit 33 transmits the authentication result to the cameras 13_1 to 13_n or a predetermined server. For example, the person authentication servers 15_1 to 15_n transmit the authentication target identification information (person ID) registered in the database 31 when the authentication is successful. That is, the person authentication servers 15_1 to 15_n transmit the authentication target identification information of the authentication target person for verification of the authentication metadata whose degree of coincidence has exceeded in the above-mentioned authentication to the synchronization processing server 19 described later together with the acquired metadata. To do. At this time, the processing unit 33 also transmits the authentication server identification information of its own person authentication servers 15_1 to 15_n to the synchronization processing server 19.

When the above-described authentication is successful, the processing unit 33 calculates the certainty factor of whether the acquired metadata that has been successfully authenticated is the data of the authentication site.
Then, the processing unit 33 determines whether or not the update condition that the calculated certainty factor exceeds a predetermined reference value and is larger than the smallest certainty factor among the certainty factors of the plurality of authentication metadata is satisfied. When the update condition is satisfied, a request for updating the authentication metadata is sent to the management server 17 together with the authentication target identification information and the authentication server identification information.
The management server 17 creates the synchronization processing server 19 in response to the update request.

The processing unit 33 calculates the certainty factor as described below.
That is, when the authentication portion to be authenticated is a human face, the processing unit 33 specifies the contours of the human head, the left and right eyes, and the mouth from the image data of the authentication portion to be authenticated. Then, the processing unit 33 calculates the specified head width Lf, the specified distance Le between the center positions of the left and right eyes, and the distance Lm between the specified center position of the mouth and the center positions of the left and right eyes. Then, the confidence factor is calculated based on these.

Specifically, the processing unit 33 calculates the certainty factor as follows.
FIG. 4 is a diagram for explaining the calculation of the certainty factors of the person authentication servers 15_1 to 15_n shown in FIG.
The processing unit 33 expresses the probability of being a “human face” from the captured image with a number of “confidence level”.
The processing unit 33 determines that the certainty factor is a number from 0 to 100, and if the number is large, the certainty factor is high, that is, the image is a face.
The processing unit 33 identifies the contour of the human head and sets its width to Lf.
The processing unit 33 identifies the contours of both eyes of a human and sets the distance between the barycentric positions of each eye as Le.
The processing unit 33 identifies the human mouth and sets the distance between the center of gravity of the mouth and the center of gravity of the eyes as Lm.

If the head, eyes, and mouth cannot be identified, the processing unit 33 sets the face certainty factor to zero.
In the case of Lf=1.8*Le&#12316;2.2Le, the processing unit 33 sets the confidence factor 1 to 50 from the position information of the head and eyes.
When Lf=1.5*Le&#12316;1.8Le, the processing unit 33 sets the confidence factor 1 to 25 from the position information of the head and eyes.
When Lf=2.2*Le&#12316;2.7Le, the processing unit 33 sets the confidence factor 1 to 25 from the position information of the head and eyes.
In other cases, the confidence factor 1 is set to 0.

When Lf=0.4*Lm&#12316;0.6Lm, the processing unit 33 sets the confidence factor 2 to 50 based on the positional relationship between the eyes and the mouth.
When Lf=0.2*Lm&#12316;0.4Lm, the processing unit 33 sets the confidence factor 2 to 25 based on the positional relationship between the eyes and the mouth.
When Lf=0.6*Lm&#12316;0.8Lm, the processing unit 33 sets the confidence factor 2 to 25 from the positional relationship between the eyes and the mouth.
Otherwise, the confidence factor 2 is set to 0.

The processing unit 53 sets the value of the certainty factor = the value of the certainty factor + the value of the certainty factor 2, and when the certainty factor >= 50 (reference value), determines that the image is a usable "face". That is, it is determined that the certainty factor exceeds a predetermined reference value.

The determination of the certainty factor may be performed as follows, for example. When the quality obtained when a video of a theoretically ideal face is captured and the metadata is acquired by the algorithm of artificial intelligence is set to 100, for example, the angle of the camera capturing the face is not directly in front of but vertically or horizontally. When the camera is tilted to the right, the light is not evenly distributed, and there is a little strong light coming in from the direction of the right eye, sunglasses are worn, or part of the face is hidden by the eaves of the hat. , Quality goes down. The state of this quality is converted into a number and divided into a degree of 0 to 100 to obtain a certainty factor.
The calculation of the certainty factor by the processing unit 33 is not limited to the method described above.

When the authentication is successful and the update condition is satisfied, the processing unit 33 sends an update request for the authentication metadata to the management server 17.
At this time, the processing unit 33 transmits the ID of the authentication device (self) and the identification information (person ID) to be updated to the management server 17.

The processing unit 33 transmits the acquired metadata, its authentication target identification information, and its own authentication server identification information to the synchronization processing server 19 in response to a request from the synchronization processing server 19 which is a virtual server generated by the management server 17. ..

When the processing unit 33 receives the acquired metadata for updating from the synchronization processing server 19, the processing unit 33 updates the authentication metadata stored in the database 31 using the acquired metadata. Specifically, the processing unit 33 updates the authentication metadata having the smallest certainty factor among the plurality of authentication metadata of the person corresponding to the received authentication target identification information with the received acquisition metadata. Perform processing.

[Management server 17]
FIG. 3 is a functional block diagram of the management server 17 shown in FIG.
As illustrated in FIG. 3, the management server 17 includes, for example, an interface 47, a memory 49, a database 51, and a processing unit 53.

The interface 47 communicates with the person authentication servers 15_1 to 15_n and the synchronization processing server 19.

The memory 49 stores a program executed by the processing unit 53 and data used for executing the program.
The database 41 stores, for example, data regarding the person authentication servers 15_1 to 15_n.

The processing unit 53 executes the program read from the memory 49 and performs the processing described below.
Upon receiving the authentication metadata update request from the person authentication servers 15_1 to 15_n, the processing unit 53 generates the synchronization processing server 19 as a virtual server. The processing unit 53 receives the authentication target identification information (person ID) to be updated, which is received from the person authentication servers 15_1 to 15_n that transmitted the update request, and the authentication server identification information of the person authentication servers 15_1 to 15_n that issued the update request. It is transmitted to the synchronization processing server 19.

When the synchronization processing server 19 completes the process of transmitting the acquired metadata to the other person authentication servers 15_1 to 15_n, the processing unit 53 erases the synchronization processing server 19.

[Synchronization processing server 19]
The synchronization processing server 19 is generated by the management server 17.
That is, the management server 17 newly generates the synchronization processing server 19 from a place where nothing exists, or activates the program related to the synchronization processing server 19.

The synchronization processing server 19 receives, from the management server 17, the authentication server identification information of the person authentication servers 15_1 to 15_n that issued the update request and the authentication target identification information (person ID) of the update target.
The synchronization processing server 19 requests acquisition metadata from the person authentication servers 15_1 to 15_n that issued the update request based on the received authentication server identification information. At this time, the authentication target identification information may be transmitted.
Upon receiving the acquired metadata from the person authentication servers 15_1 to 15_n in response to the request, the synchronization processing server 19 transmits the acquired metadata to other person authentication servers 15_1 to 15_n together with the authentication target identification information. When the transmission is completed, the synchronization processing server 19 notifies the management server 17 to that effect.
Further, the synchronization processing server 19 is deleted by the management server 17 when the transmission is completed.

Hereinafter, an operation example of the authentication system 1 shown in FIG. 1 will be described.
FIG. 6 is a flowchart for explaining an operation example of the authentication system 1 shown in FIG.
Hereinafter, each step shown in FIG. 6 will be described.

Step ST1:
Each of the cameras 13_1 to 13_n has an image capturing unit that captures an image, and outputs the captured image data to the person authentication servers 15_1 to 15_n, respectively.

Step ST2:
The person authentication servers 15_1 to 15_n analyze the video data input from the corresponding cameras 13_1 to 13_n, extract the characteristics of a predetermined authentication site (for example, face) of the authentication target included in the video data, and show the characteristics. Generate acquisition metadata.

Step ST3:
The person authentication servers 15_1 to 15_n authenticate a person by comparing the acquired metadata generated in step ST2 with the plurality of authentication metadata read from the database 31.
The person authentication servers 15_1 to 15_n, for example, determine that the authentication is successful if any one of the plurality of pieces of authentication data exceeds a predetermined reference value (for example, 95%).
The person authentication servers 15_1 to 15_n transmit the authentication result to a predetermined server such as the cameras 13_1 to 13_n or the management server 17. For example, when the authentication is successful, the person authentication servers 15_1 to 15_n transmit the authentication target identification information of the authenticated authentication target to the management server 17 or the like.

Step ST4:
If the authentication is successful in step ST3, the process proceeds to step ST5, and if not, the process returns to step ST1.

Step ST5:
When the authentication in step ST3 is successful, the person authentication servers 15_1 to 15_nh calculate a certainty factor of whether or not the acquired metadata that has been successfully authenticated is data of an authentication site.
Then, the person authentication servers 15_1 to 15_n satisfy the update condition that the calculated certainty factor exceeds a predetermined reference value and is larger than the smallest certainty factor among the certainty factors of the plurality of authentication metadata. If the update condition is satisfied, the process proceeds to step ST6, and if not, the process returns to step ST1.

Step ST6:
The person authentication servers 15_1 to 15_n that have made an affirmative determination in steps ST3 and ST5 send an update request for the authentication metadata to the management server 17 together with the authentication target identification information and the authentication server identification information.
In addition, the person authentication servers 15_1 to 15_n that have issued the update request receive the received acquisition metadata from the authentication metadata with the smallest certainty factor among the plurality of authentication metadata of the person corresponding to the authentication target identification information. Perform the update process to update with.

Step ST7:
The management server 17 creates the synchronization processing server 19 as a virtual server.

Step ST8:
The synchronization processing server 19 sends a request for the acquired metadata to the person authentication servers 15_1 to 15_n that have been affirmed in steps ST3 and ST5.
Specifically, the synchronization processing server 19 receives from the management server 17 the authentication server identification information of the person authentication servers 15_1 to 15_n that issued the update request and the authentication object identification information (person ID) of the update target. ..
Then, the synchronization processing server 19 requests acquisition metadata together with the authentication target identification information to the person authentication servers 15_1 to 15_n that issued the update request based on the received authentication server identification information.

Step ST9:
The person authentication servers 15_1 to 15_n that have received the request from the synchronization processing server 19 in step ST8 transmit the acquired metadata to the synchronization processing server 19.

Step ST10:
The synchronization processing server 19 transmits the acquired metadata and the authentication target identification information received in step ST9 to all other person authentication servers 15_1 to 15_n except the person authentication servers 15_1 to 15_n that issued the update request.

Step ST11:
Upon receiving the acquired metadata and the authentication target identification information from the synchronization processing server 19 in step ST10, the other person authentication servers 15_1 to 15_n update the corresponding authentication metadata stored in the database 31. Specifically, the person authentication servers 15_1 to 15_n use the received acquisition metadata as the authentication metadata having the smallest certainty factor among the plurality of authentication metadata of the person corresponding to the received authentication target identification information. Perform update processing to update.

Step ST12:
The management server 17 deletes the synchronization processing server 19.

As described above, according to the authentication system 1, in any one of the person authentication servers 15_1 to 15_n, when the acquired metadata satisfies the predetermined update condition, all the person authentication servers 15_1 to 15_n for new authentication use. Can be registered as metadata. Thereby, the authentication accuracy in the person authentication servers 15_1 to 15_n can be improved. That is, even if the person to be authenticated changes due to age or the like, the authentication data can be updated according to the change. Further, it is possible to automatically improve the performance by re-learning required when using the day planing technique.

Further, according to the authentication system 1, when the acquired metadata determined to satisfy the predetermined update condition by any of the person authentication servers 15_1 to 15_n is shared by all the person authentication servers 15_1 to 15_n, the acquired metadata is temporarily changed. The acquired metadata is transmitted/received via the generated synchronization processing server 19. Further, the synchronization processing server 19 disappears when the transmission/reception is completed. Therefore, the acquired metadata is not held in any server for a long time, and the leakage list due to hacking can be lowered.
Further, since the synchronization processing server 19 is a virtual server, even if the security level of the communication path between the person authentication servers 15_1 to 15_n and the synchronization processing server 19 is lowered, it is possible to maintain a certain level of safety and reduce the price. Can be planned.

<Second Embodiment>
FIG. 7 is an overall configuration diagram of the authentication system 101 according to the second embodiment of the present invention.
As illustrated in FIG. 7, the authentication system 101 includes, for example, cameras with authentication function 113_1 to 113_n, person authentication servers 15_1 to 15_n, a management server 17, and a synchronization processing server 19.

The authentication function cameras 113_1 to 113_n are cameras having the functions of the cameras 13_1 to 13_n and the person authentication servers 15_1 to 15_n described in the first embodiment.
Similar to the case of the first embodiment, the management server 17 generates the synchronization processing server 19 and transmits the acquisition metadata received from the authentication function-equipped cameras 113_1 to 113_n to the synchronization processing server 19.
The synchronization processing server 19 transmits the acquired metadata to the other cameras with authentication function 113_1 to 113_n.

The authentication system 101 can also obtain the same effect as the authentication system 1 of the first embodiment.

<Third Embodiment>
The present embodiment has the same configuration as that of FIG. 1, but the operation example is different.
Hereinafter, an operation example of the authentication system 1 of this embodiment will be described.
FIG. 8 is a flowchart for explaining an operation example of the authentication system 1 according to the third embodiment of the present invention.
Hereinafter, each step shown in FIG. 8 will be described.

Step ST31:
Each of the cameras 13_1 to 13_n has an image capturing unit that captures an image, and outputs the captured image data to the person authentication servers 15_1 to 15_n, respectively.

Step ST32:
The person authentication servers 15_1 to 15_n analyze the video data input from the corresponding cameras 13_1 to 13_n, extract the characteristics of a predetermined authentication site (for example, face) of the authentication target included in the video data, and show the characteristics. Generate acquisition metadata.

Step ST33:
The person authentication servers 15_1 to 15_n authenticate the person by comparing the acquired metadata generated in step ST32 with the plurality of authentication metadata read from the database 31.

The person authentication servers 15_1 to 15_n, for example, determine that the authentication is successful if any one of the plurality of pieces of authentication data exceeds a predetermined reference value (for example, 95%).
The person authentication servers 15_1 to 15_n transmit the authentication result to a predetermined server such as the cameras 13_1 to 13_n or the management server 17. For example, when the authentication is successful, the person authentication servers 15_1 to 15_n transmit the authentication target identification information of the authenticated authentication target to the management server 17 or the like.

Step ST34:
If the authentication is successful in step ST33, the process proceeds to step ST35, and if not, the process returns to step ST31.

Step ST35:
When the authentication in step ST3 is successful, the person authentication servers 15_1 to 15_nh calculate a certainty factor of whether or not the acquired metadata that has been successfully authenticated is data of an authentication site.
Then, the person authentication servers 15_1 to 15_n satisfy the update condition that the calculated certainty factor exceeds a predetermined reference value and is larger than the smallest certainty factor among the certainty factors of the plurality of authentication metadata. If the update condition is satisfied, the process proceeds to step ST36, and if not, the process returns to step ST31.

Step ST36:
The person authentication servers 15_1 to 15_n that have determined that the update condition is satisfied update the authentication metadata having the smallest certainty factor among the plurality of authentication metadata of the person corresponding to the authentication target identification information with the received acquisition metadata. Update processing is performed.

Step ST37:
The thing authentication servers 15_1 to 15_n that have determined that the update condition is satisfied send an update request for the authentication metadata to the management server 17, together with the acquired metadata, the authentication target identification information, and the authentication server identification information.
The management server 17 stores the received data in the database 51.

Step ST38:
The management server 17 creates the synchronization processing server 19 as a virtual server.

Step ST39:
The management server 17 reads the acquired metadata from the database 51 and sends it to the synchronization processing server 19 together with the authentication target identification information. After that, the management server 17 deletes the acquired metadata from the database 51.

Step ST40:
The synchronization processing server 19 transmits the acquired metadata and the authentication target identification information received from the management server 17 to the person authentication servers 15_1 to 15_n other than the person authentication server that has transmitted the acquired metadata to the management server 17.

Step ST41:
Upon receiving the acquired metadata and the authentication target identification information from the synchronization processing server 19 in step ST10, the other person authentication servers 15_1 to 15_n update the authentication metadata stored in the corresponding database 31. Specifically, the person authentication servers 15_1 to 15_n use the received acquisition metadata as the authentication metadata having the smallest certainty factor among the plurality of authentication metadata of the person corresponding to the received authentication target identification information. Perform update processing to update.

Step ST42:
The management server 17 deletes the synchronization processing server 19.

As described above, according to the authentication system 1, when any one of the person authentication servers 15_1 to 15_n obtains the acquired metadata whose matching degree exceeds the update reference value, the obtained metadata is set to another person authentication server 15_1. Can be registered as new authentication metadata in ~15_n. Thereby, the authentication accuracy in the person authentication servers 15_1 to 15_n can be improved. That is, even if the person to be authenticated changes due to age or the like, the authentication data can be updated according to the change.

In addition, according to the authentication system 1, when transmitting the acquired metadata in which the degree of coincidence obtained in any of the person authentication servers 15_1 to 15_n exceeds the update reference value to the other person authentication servers 15_1 to 15_n, it is temporary. The transmission is performed via the synchronization processing server 19 generated in the above. Further, the synchronization processing server 19 disappears when the transmission is completed. Therefore, the acquired metadata is not held in any server for a long time, and the leakage list due to hacking can be lowered.
Further, since the synchronization processing server 19 is a virtual server, even if the security level of the communication path between the person authentication servers 15_1 to 15_n and the synchronization processing server 19 is lowered, a certain level of safety can be maintained and the price is reduced. Can be planned.

The present invention is not limited to the above embodiments.
That is, those skilled in the art may make various changes, combinations, sub-combinations, and substitutions with respect to the constituent elements of the above-described embodiments within the technical scope of the present invention or the equivalent scope thereof.

In the above-described embodiment, a person has been exemplified as the authentication target of the present invention, but other targets such as topography for early detection of natural disasters may be used.

Further, in the above-described embodiment, the person authentication servers 15_1 to 15_n and the authentication function cameras 113_1 to 113_n and the management server 17 are separately provided, but the person authentication servers 15_1 to 15_n and the authentication function cameras 113_1 to 113_n are provided. The function of the management server 17 may be provided.
In addition, the present invention may perform excellent video analysis using deep learning (learning function) with an artificial intelligence technique, and may also use the deep learning technique (learning technique) in updating metadata.
Further, in the above-described embodiment, the case in which the certainty factor is calculated by the person authentication servers 15_1 to 15_n has been illustrated, but it may be calculated by another server such as the management server 17.

The present invention can be applied to a person authentication system.

1, 101... Authentication systems 13_1 to 13_n... Cameras 15_1 to 15_n... Person authentication server 17... Management server 19... Synchronization servers 27, 47... Interfaces 29, 49... Memory 31, 51... Databases 33, 53... Processing units 113_1-113_n ...Camera with authentication function

Claims (12)

When the authentication device has a database that stores a plurality of authentication metadata in association with the authentication target identification information, each of the plurality of authentication devices authenticates the authentication target included in the video imaged by the corresponding imaging means. A first step of acquiring acquisition metadata indicating a characteristic of the part;
When the authentication device calculates the degree of coincidence between the acquired metadata acquired in the first step and the plurality of authentication metadata read from the database, and when the degree of coincidence exceeds a predetermined standard, A second step of identifying the authentication target identification information corresponding to the authentication metadata, in which the degree of coincidence exceeds a predetermined criterion, assuming that the authentication is successful;
When the authentication device succeeds in the authentication in the second step, the certainty factor of whether the acquired metadata for which the authentication is successful is the data of the authentication part corresponds to the identified authentication target identification information. Requesting the management server to update the identified authentication target identification information and the authentication metadata when the update condition is greater than the smallest certainty factor among the certainty factors of the plurality of authentication metadata of the person A third step of sending
A fourth step in which the management server generates a synchronization processing server in response to the update request received from the authentication device;
A fifth step in which the synchronization processing server transmits the acquisition metadata and the authentication target identification information received directly or indirectly from the authentication device that has transmitted the update request to another authentication device;
The other authentication device that has received the acquisition metadata in the fifth step and the authentication device that has transmitted the update request are the plurality of authentication metadata of the person corresponding to the identified authentication target identification information. A sixth step of updating the authentication metadata having the smallest certainty factor with the received acquisition metadata. In the second step, the authentication device compares a plurality of the authentication metadata and the acquired metadata, which are respectively associated with a plurality of verification objects for verification, and the acquired metadata includes the plurality of acquired metadata. The authentication method according to claim 1, wherein the authentication method authenticates whether or not any of the verification targets for verification is matched. In the fifth step, the synchronization processing server transmits the authentication target identification information received together with the acquired metadata to the other authentication device,
The authentication method according to claim 2, wherein in the sixth step, the other authentication device performs the update process based on the received authentication target identification information. In the third step, the authentication device calculates the certainty factor of the acquired metadata based on image data of the authentication site of the authentication target included in the captured image,
The authentication method according to claim 3, wherein the certainty factor calculated in advance is associated with the authentication metadata. When the authentication part of the authentication target is a human face, the authentication device specifies the human head, the left and right eyes and the contour of the mouth from the image data of the authentication part of the authentication target,
The certainty factor is calculated based on the specified head width Lf, the specified distance Le between the center positions of the left and right eyes, and the distance Lm between the specified center position of the mouth and the center positions of the left and right eyes. The authentication method according to any one of claims 1 to 4. In the second step, the authentication device, based on a plurality of the authentication metadata and the acquisition metadata, the degree of coincidence data indicating the degree of coincidence of the contour of the face, the distance between specific parts of the face, and the angle. Is calculated, and the authentication is performed based on the coincidence data, The authentication method according to claim 1. In the third step, when the certainty factor exceeds a predetermined reference value and the certainty factor is larger than the smallest certainty factor among the certainty factors of the plurality of authentication metadata, the update condition is set. The authentication method according to claim 1, wherein the authentication method is determined to satisfy the above condition. The authentication method according to claim 1, further comprising a seventh step in which the management server erases the synchronization processing server after the fifth step. The authentication method according to claim 1, further comprising: a camera that houses the image pickup unit and the authentication device. The acquisition metadata and the authentication metadata include at least one of feature data of a person's face or body type (skeleton, height), sex data, age data, stride data, walking speed data, and center-of-gravity position data. The authentication method according to any one of 1 to 9. A plurality of imaging means,
A plurality of authentication devices corresponding to each of the plurality of imaging means, and having a database that stores a plurality of authentication metadata in association with authentication target identification information;
With a management device,
Each of the plurality of authentication devices acquires the acquisition metadata indicating the characteristics of the authentication site of the authentication target included in the image captured by the corresponding imaging unit,
The authentication device calculates the degree of coincidence between the acquired acquisition metadata and the plurality of authentication metadata read from the database, and if the degree of coincidence exceeds a predetermined criterion, the authentication is successful, The authentication target identification information corresponding to the authentication metadata whose degree of coincidence exceeds a predetermined standard is specified,
When the authentication device succeeds in the authentication, a plurality of persons corresponding to the identified authentication target identification information having a certainty factor of whether the acquired metadata that has been successfully authenticated is the data of the authentication site. When the update condition that is greater than the smallest certainty factor among the certainty factors of the authentication metadata is satisfied, the management server transmits the identified authentication target identification information and the update request for the authentication metadata,
It generates a synchronization server in response to the update request before SL management server has received from the authentication device,
The synchronization processing server, the acquisition metadata and the authentication target identification information directly or indirectly received from the authentication device that has transmitted the update request to another authentication device,
The other authentication device that has received the acquisition metadata from the synchronization processing server and the authentication device that has transmitted the update request are a plurality of the authentication metadata of the person corresponding to the identified authentication target identification information. An authentication system for updating the authentication metadata having the smallest certainty factor with the received acquisition metadata. The authentication system according to claim 11, wherein the management server deletes the synchronization processing server after the synchronization processing server transmits the acquired metadata to the other authentication device.

Images