JP6823267B2 - Information processing equipment, information processing systems, control methods, and programs - Google Patents

Description

The present invention relates to an authentication method using a face authentication technique in performing user authentication.

In recent years, interest in telework has been increasing in each company. Telework has problems such as third party access to confidential information and labor management, which must be resolved in order to introduce telework.

Currently, in order to solve these problems, a telework management support system that uses face recognition technology is appearing, and by using this system, identity verification is performed from webcam images, and spoofing and screen peeping by a third party. You will be able to detect crowds. In addition, since the attendance time of the person can be grasped, it is possible to manage the working hours appropriately.

When performing personal authentication with the above system, it is important to detect spoofing and improve authentication accuracy.

Therefore, as a technique for detecting spoofing, in order to detect spoofing using a person projected on a recording medium such as a photograph, the person is the person or the photograph or the like from the direction of the line of sight to the camera provided in the device. A technique for determining spoofing by determining whether or not a person is projected on a recording medium is disclosed (see, for example, Patent Document 1).

In addition, as a technology to improve the authentication accuracy, when the reliability of face recognition is lower than a certain value due to insufficient light, etc., the person is authenticated by recognizing the answer to the question and its voice. , A technique for improving authentication accuracy by combining face recognition and voice recognition is disclosed (see, for example, Patent Document 2).

Japanese Unexamined Patent Publication No. 2008-015800 JP-A-2007-156688

However, in the above-mentioned telework management support system, there is a problem that spoofing erroneous detection occurs due to a decrease in the accuracy of personal authentication under the following two situations.

The first situation is false detection of spoofing on a face other than the front, and this system periodically detects spoofing by personal authentication using a webcam image adjacent to the display.

When authenticating the person, if the person is facing the front of the webcam, the authentication can be performed with relatively high accuracy even at present, but in reality, the teleworker looks not only at the display but also at other places when working. There are many, and it is rare that the webcam is in front.

Especially when working while looking at the documents at hand, it is often in a downward position. Therefore, the accuracy of personal authentication is lowered, and false detection of spoofing occurs.

The second situation is false detection of spoofing when a part of the face is missing, such as when wearing a mask. In the face recognition process used in this system, if the area around the nose is missing, the accuracy of personal authentication is extremely high. It will be reduced to, and false detection of spoofing will occur.

In response to such a problem, the technique described in Patent Document 1 distinguishes a person projected on a photograph or the like from the person himself / herself, so that the accuracy of person authentication due to a change in the angle of the face or a lack of a part thereof. The decline cannot be prevented.

Further, the technique described in Patent Document 2 deals with a case where the reliability of the face authentication process is low, and since the answer contents to the question and the voice recognition information are used, it is possible to perform a specific scene such as a login process. Although suitable for application, application to a system that authenticates the person on a regular basis, such as a teleworker management support system, is not suitable because it is necessary to answer questions for each authentication.

Therefore, an object of the present invention is to provide an information processing device, an information processing system, a control method, and a program that suppress erroneous recognition in a mechanism that requires personal authentication using face information .

The first invention for achieving the above object is an information processing device that authenticates a person by using the face information of an image obtained by taking a picture, and obtains face information about a face from the image obtained by taking a picture. The acquisition means for acquiring and the authentication control means for repeatedly controlling the person authentication using the face information acquired by the acquisition means are provided, and the authentication control means is the person after the user is authenticated as the person. When the continuation of the state in which the user is recognized based on the face information of the user who has been authenticated as a condition satisfies a predetermined condition, the user is controlled to perform the personal authentication.

A second invention for achieving the above object is an information processing system in which a client terminal, an administrator terminal, and a server are connected via a network, and a face is obtained from an image obtained by photographing. The authentication control means includes an acquisition means for acquiring face information related to the user and an authentication control means for repeatedly controlling personal authentication using the face information acquired by the acquisition means, and the authentication control means authenticates the user as the person. After that, when the continuation of the state in which the user is recognized based on the face information of the user who has been authenticated as the person satisfies a predetermined condition, the control is performed so as to perform the person authentication.

A third invention for achieving the above object is a control method of an information processing device that authenticates a person by using face information of an image obtained by photographing, and the information processing device obtains by photographing. An acquisition step of acquiring face information about a face from the acquired image and an authentication control step of repeatedly controlling personal authentication using the face information acquired by the acquisition step are executed, and the authentication control step is a user. After being authenticated as the person, if the continuation of the state in which the user is recognized based on the face information of the user who has been authenticated as the person satisfies a predetermined condition, the person is controlled to perform the person authentication. And.

A fourth invention for achieving the above object is to photograph a computer by using an acquisition means for acquiring face information about a face from an image obtained by photographing and the face information acquired by the acquisition means. It functions as an authentication control means that repeatedly performs personal authentication that recognizes the user's face from the obtained image, and the authentication control means is for a user who has been authenticated as the person after the user has been authenticated as the person. If continuation of the state where the user is recognized on the basis of face information satisfies a predetermined condition, a program for causing the functions to control to perform the personal authentication.

A fifth invention for achieving the above object is a control method of an information processing system in which a client terminal, an administrator terminal, and a server are connected via a network. Control of personal authentication that recognizes the user's face from the image obtained by taking a picture by using the acquisition step of acquiring face information about the face from the image obtained by taking a picture and the face information acquired by the acquisition step. The repeated authentication control step is executed, and in the authentication control step, after the user is authenticated as the person, the state recognition in which the user is recognized based on the face information of the user who has been authenticated as the person is continued. When a predetermined condition is satisfied, it is characterized in that it is executed so as to control the personal authentication.

According to the present invention, in a mechanism that requires personal authentication using face information, it is possible to suppress erroneous recognition and use the system.

It is a system block diagram which shows an example of the structure of the telework management support system which concerns on embodiment of this invention. It is a block diagram which shows the hardware configuration of the information processing apparatus applicable to the management server, the database server, the teleworker PC, and the administrator PC which concerns on embodiment of this invention. It is a functional block diagram of a management server, a database server, a teleworker PC, and a management PC in the telework management support system according to the embodiment of the present invention. It is a flowchart which shows an example of the authentication procedure in the telework management support system which concerns on embodiment of this invention. It is a flowchart which shows an example of the determination process of a face recognition area and a face tracking area in the telework management support system which concerns on embodiment of this invention. This is a description example of a setting file in the telework management support system according to the embodiment of the present invention. It is explanatory drawing for demonstrating the relationship between a face recognition area and a face tracking area in the telework management support system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating the range of face tracking area determination in the telework management support system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating the range of face tracking area determination in the telework management support system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating the range of face tracking area determination in the telework management support system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating the range of face tracking area determination in the telework management support system which concerns on embodiment of this invention. It is a block diagram which shows the structure of the web management console screen in the telework management support system which concerns on embodiment of this invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 is a system configuration diagram showing an example of the configuration of a telework management support system to which the personal authentication process of the present invention is applied.

The telework management support system 100 has a configuration in which one or more management servers 101, one or more database servers 102, one or more teleworker PCs 111, or one or more administrator PCs 121 are connected via the Internet 130. It has become.

The management server 101 is a server that centrally manages the teleworker's absence status, peeping by another person, or spoofing trail data as telework information, and is constructed on the service environment network 104.

When the teleworker PC 111 and the administrator PC 121 are connected to the management server 101 by an authentication process using an account ID and a password, the management server 101 connects to the database server 102 when telework information is received from the teleworker PC 111. Store. Further, when there is a request for acquisition of telework information from the administrator PC 121, the necessary telework information is extracted from the database server 102.

The database server 102 is a server that stores telework information based on the operation of the management server 101, and is constructed on the service environment network 104. The database server 102 connects to the management server 101 in addition to the telework information. The account ID and password are also stored. The database server 102 can be configured to allow only the connection from the management server 101 and not to connect from the outside.

The teleworker PC 111 is a terminal that creates trail data that is the basis of telework information, exists on the home network 110, and the trail data is created by a dedicated application via the router 112, the Internet 130, and the router 103. It is transmitted to the management server 101. The personal authentication process of this embodiment operates as a function in this dedicated application.

The administrator PC 121 is a terminal for confirming telework information, exists on the in-house network 120, uses a web management console (operates on a web browser) to confirm telework information, and is a router 122 and the Internet. It connects to the management server 101 via the 130 and the router 103.

Hereinafter, the hardware configuration of the information processing apparatus applicable to the management server 101, the database server 102, the teleworker PC 111, and the administrator PC 121 shown in FIG. 1 will be described with reference to FIG.

FIG. 2 is a block diagram showing a hardware configuration of an information processing device applicable to the management server 101, the database server 102, the teleworker PC 111, and the administrator PC 121 shown in FIG. Since each device has the same configuration, the same reference numerals will be used for description.

In FIG. 2, 201 is a CPU that comprehensively controls each device and controller connected to the system bus 204. Further, the ROM 202 or the external memory 212 is required to realize a function executed by a BIOS (Basic Input / Output System) or an operating system program (hereinafter, OS) which is a control program of the CPU 201, and each server or each PC. Various programs described later are stored.

Reference numeral 203 denotes a RAM, which functions as a main memory, a work area, and the like of the CPU 201. The CPU 201 realizes various operations by loading a program or the like necessary for executing the process from the ROM 202 or the external memory 212 into the RAM 203 and executing the loaded program.

Further, 205 is an input controller, which controls input from a keyboard (KB) 209, a webcam 210, a pointing device such as a mouse (not shown), or the like. Reference numeral 206 denotes a video controller, which controls the display on a display such as a CRT display (CRT) 211. Although it is described as CRT211 in FIG. 2, the display may be not only the CRT but also another display such as a liquid crystal display. These are used by the administrator as needed.

Reference numeral 207 is a memory controller, which can be used in an external storage device (hard disk (HD)) for storing boot programs, various applications, font data, user files, edit files, various data, etc., a flexible disk (FD), or a PCMCIA card slot. Controls access to an external memory 212 such as a compact flash® memory connected via an adapter.

Reference numeral 208 denotes a communication I / F controller, which connects and communicates with an external device via a network (for example, network 104 shown in FIG. 1), and executes communication control processing in the network. For example, communication using TCP / IP is possible.

Note that the CPU 201 enables display on the CRT 211 by, for example, executing an outline font expansion (rasterization) process in the display information area in the RAM 203. Further, the CPU 201 enables a user instruction with a mouse cursor or the like (not shown) on the CRT 211.

Various programs to be described later for realizing the present invention are recorded in the external memory 212, and are executed by the CPU 201 by being loaded into the RAM 203 as needed. Further, a setting file or the like used when executing the above program is also stored in the external memory 212, and detailed description of these will be described later.

Hereinafter, using FIG. 3, a functional block diagram showing the main functions of the management server 101, the database server 102, the teleworker PC 111, and the administrator PC 121 in the telework management support system 100 to which the personal authentication process of the present invention is applied. explain.

The teleworker PC 111 includes an imaging unit 301, a communication connection unit 302, and a camera image acquisition unit 303. The imaging unit 301 indicates a camera for photographing a teleworker as a subject, and the above-mentioned webcam 210 The communication connection unit 302 has a function of establishing communication so as to be able to connect to the management server 101 triggered by the start of shooting of the webcam 210, and the camera image acquisition unit 303 is an imaging unit. The data obtained by taking a picture with 301 is acquired as an image. However, the trigger for starting shooting is not limited to this mode, and may be triggered by activating the personal authentication process, or may be triggered by other conditions as long as the timing is suitable for connection.

Further, the teleworker PC 111 includes a storage unit 304, a face information acquisition unit 305, a detection area determination unit 306, and an authentication unit 307.

The storage unit 304 includes a setting file (see FIG. 6, which will be described in detail later) described later. The camera image acquisition unit 303 acquires the setting file, and the parameters recorded in the setting file in each process. Is used.

The face information acquisition unit 305 detects the face of the person to be the subject from the image acquired by the camera image acquisition unit 303, and further acquires face information such as the number of faces and the position of the face with respect to the image to determine the detection area. The unit 306 determines whether the face is in the face following area or the face recognition area (details will be described later) using the face information acquired by the face information acquisition unit 305.

Further, the teleworker PC 111 includes an authentication unit 307, an authentication information management unit 308, an event notification unit 309, and a control unit 310.

The authentication unit 307 determines whether or not the face of the person appearing is the teleworker in the face tracking area or the face recognition area, and the authentication information management unit 308 determines whether or not the person is the teleworker. That is, it manages the authentication status of whether or not authentication has been performed. For example, if the authentication unit 307 is authenticated, it is regarded as "authenticated", and if the number of faces is 0, the face information acquisition unit 305 is regarded as "away" and "unauthenticated". When there are two or more of the above, it is possible to manage the authentication status such as "unauthenticated" as "peeping" has occurred.

The event notification unit 309 has a function of notifying the management server 101 of an event that occurs to the teleworker PC 111, and as described above, "leaves the seat" depending on the number of faces detected by the face information acquisition unit 305. Or "Peeping" event is detected and the image acquired by the camera image acquisition unit 303 is notified to the management server 101, or the authentication unit 307 detects the "spoofing" event. Along with the image acquired by the camera image acquisition unit 303, the management server 101 is notified to that effect.

The control unit 310 has a function of controlling each process and device executed in the teleworker PC 111, and for example, performs sleep process for CPU201 load adjustment, end process of personal authentication process, and the like.

Hereinafter, the overall flow of the telework management support system 100 in the present embodiment will be described.

In the telework management support system 100, the teleworker PC 111 performs labor monitoring by personal authentication processing, the management server 101 and the database server 102 manage monitoring information, and the administrator PC 121 displays monitoring information.

The teleworker PC 111 uses a dedicated application to perform personal authentication processing using an image based on data obtained by taking a picture with a webcam 210. The dedicated application uses the account ID and password to establish a communication connection with the management server 101.

After establishing a connection with the management server 101, labor monitoring of the teleworker is performed by personal authentication processing. During labor monitoring, leaving a seat, looking into the display by another person, or impersonating the person is detected as an event. When the event is detected, the teleworker PC 111 transmits the event trail data to the management server 101.

When the management server 101 receives the event trail data from the teleworker PC 111, it stores it in a table that stores the telework information on the database server 102 as telework information. Further, when the trail data is received, the management server 101 sends a detection notification mail to the administrator PC 121.

On the administrator PC 121, the trail data of the teleworker event on the management server can be confirmed by using the web management console. The web management console can be used by accessing the dedicated URL from a web browser. On the management console, in addition to the time and image when the event is detected, the photograph of the teleworker used for the personal authentication process and the communication status of the teleworker PC 111 to the management server 101 can be confirmed. An example of the management screen on the web management console will be described later in the description of FIG.

Hereinafter, the personal authentication process in the telework management support system 100 of the present embodiment will be described with reference to FIG.

FIG. 4 describes the personal authentication process on the teleworker PC 111. This process determines whether or not the person is the teleworker from the image of the webcam 210 provided in the teleworker PC 111. If it is determined that the event is leaving the seat, spoofing, or looking into the event, the trail data is transmitted to the management server 101.

As a point of this processing, when authenticating the person, the image obtained by taking a picture with the webcam 210 is divided into a face recognition area and a face tracking area, and the processing content is changed depending on which of the faces is detected. To do.

The details will be described later, but the face recognition area is an area where the face recognition process is always executed. The face tracking area is an area where the face recognition process is skipped depending on the authentication state.

There are two types of authentication status, "unauthenticated" and "authenticated", and the status changes depending on the face detection status and face recognition status. In the "unapproved" state, face recognition processing is performed regardless of the area where the face is detected. In the "approved" state, the face recognition process is skipped only when a face is detected in the face tracking area.

Hereinafter, each step of the personal authentication process of the present embodiment will be described with reference to FIG.

In step S401, the camera image acquisition unit 303 reads various parameters from the setting file (see FIG. 6, which will be described in detail later) of the storage unit 304. The parameters include camera image size, face tracking area, face recognition similarity threshold, and processing cycle parameters.

The camera image size parameter is used to define the size of the image obtained from the webcam 210. It is specified by a pixel value such as 640 × 480, and is used in step S402, step S403, and step S408 described later.

The face tracking area parameters are used to define the face tracking area. The horizontal direction is the X-axis and the vertical direction is the Y-axis, and the upper and lower limit values of each are specified by pixel values, which are used in step S408 described later.

The face recognition similarity threshold is used to determine if the teleworker is the person himself or herself. For example, it is specified in the range of 0.5 to 1.0 and is used in step S412 described later.

The processing cycle parameters are used to define the processing cycle for personal authentication. For example, the unit is specified in milliseconds and is used in step S417 described later.

Each read parameter is stored in RAM 203 and referred to when necessary.

In step S402, the communication connection unit 302 establishes a communication connection with the management server 101 so that the event can be notified to the management server 101 in steps S406, 407, and S415 described later. To establish the connection, the account ID and password for the system login of the teleworker registered in the management server 101 in advance are used.

In step S403, the camera image acquisition unit 303 acquires the data obtained by photographing with the imaging unit 301 (web camera 210) as an image. The acquired image is stored in the RAM 203 and used in steps S404 and S412.

In step S404, the face information acquisition unit 305 detects the face from the image acquired in step S403. An external library is used to detect faces (existing technology is applied) to identify the number of faces and their position on the image. The detection result is stored in the RAM 203 and used in steps S405 and S409.

In this step, the number and position of faces are calculated for both the face recognition area and the face tracking area.

In step S405, the face information acquisition unit 305 determines the result of face detection in step S404. When the number of detected faces is 0 (not detected), the trail data of the "leaving" event is transmitted to the management server 101 in step S406 described later, and when the number of detected faces is 1, the detection area is detected in step S409 described later. If the number of detections is 2 or more, the trail data of the "peeping" event is transmitted to the management server 101 in step S407 described later.

In step S406, the event notification unit 309 transmits the image acquired in step S403 and the current time to the management server 101 as trail data of the "away" event.

In step S407, the event notification unit 309 transmits the image acquired in step S403 and the current time to the management server 101 as trail data of the "peeping" event.

In step S408, the authentication information management unit 308 shifts the authentication status to "unapproved" as a process when the "leaving" event and the "peeping" event occur. The authentication state is stored in the RAM 203 and used in step S411.

In step S409, the detection area determination unit 306 determines whether the detected face is in the face recognition area or the face tracking area.

The area determination process is performed using the image size read in step S401 and the parameters of the face tracking area (see FIG. 5, which will be described in detail later).

In step S410, the detection area determination unit 306 determines the determination result of the area where the face is detected in step S409. If the detected area is a face tracking area, the authentication status is determined in step S411 described later, and if the detected area is a face recognition area, face authentication processing is performed in step S412 described later.

In step S411, the authentication information management unit 308 determines the current authentication status. If the authentication status is "unauthenticated", the face recognition process is performed in step S412 described later, and if the authentication status is "authenticated", it is determined in step S418 described later whether to terminate the application.

In step S412, the authentication unit 307 calculates the degree of similarity between the face in the image and the teleworker by the face recognition process. Use an external library for authentication processing (apply existing technology).

In step S413, the authentication unit 307 compares the result of the similarity of the face recognition process with the threshold of the similarity read in step S401, and determines whether or not the teleworker is the person himself / herself. If the similarity is equal to or higher than the threshold value, it is determined to be the person, the authentication status is changed to "authenticated" in step S414 described later, and if the similarity is less than the threshold value, it is determined to be another person, and the management server 101 is determined in step S415 described later. Send trail data for "spoofing" events to.

In step S414, the authentication information management unit 308 shifts the authentication status to "authenticated" based on the result of step S413. The authentication state is stored in the RAM 203 and used in S411.

In step S415, the event notification unit 309 transmits the image acquired in step S403 and the current time to the management server 101 as trail data of the "spoofing" event.

In step S416, the authentication information management unit 308 shifts the authentication status to "unapproved" as a process when a "spoofing" event occurs. The authentication state is stored in the RAM 203 and used in S411.

In step S417, the control unit 310 performs a sleep process for adjusting the load of the CPU 201. For the sleep time, the parameter of the processing cycle read in step S401 is used.

In step S418, the control unit 310 determines whether or not to end the personal authentication process. To end the personal authentication process, the user explicitly accepts a command from a menu or the like. When ending the personal authentication process, end it. If the personal authentication process is not terminated, the process returns to S403 again.

Hereinafter, the face detection area determination process of the present embodiment will be described with reference to FIG. This process is executed by the detection area determination unit 306.

In FIG. 5, it is determined whether the face detected from the image taken by the webcam 210 is in the face recognition area or the face tracking area.

Here, the face recognition area and the face tracking area will be described with reference to FIG. 7.

The face recognition area indicates an area where face recognition is performed to determine whether or not the person is the person using face recognition technology. The face recognition that appears in this area is always performed, face recognition is performed, and the area is concerned. Calculate the number of faces that appear in.

Further, the face tracking area indicates an area for confirming whether or not a face exists, and the number of faces existing in the area is always calculated, but the face appears for the first time in the area. Face recognition is performed and face recognition is performed only when it appears.

As a result, the area is usually set on the assumption that the face of the teleworker is within the range of the face tracking area. Therefore, even if the face faces other than the front, the face is first faced in the area. Since face recognition is performed only when the product appears, it is possible to prevent erroneous authentication.

In addition, if only the face tracking area is set, face recognition is performed only when the face first appears in the area. Therefore, if a third party successfully replaces the face, face recognition is not performed and spoofing is performed. An act will occur.

Therefore, in the present invention, by setting the face recognition area surrounding the outer shell of the face tracking area, the number of faces is calculated while constantly performing face recognition in the face recognition area, so that spoofing can occur. It becomes possible to deter. However, the face recognition area may be set only above and below the face tracking area, only above, only below, only left and right, only left, or only right, or may be set by a combination of directions to be set up, down, left and right.

For example, even if the faces are successfully replaced in the face recognition area, face recognition is always performed. Therefore, even if the number of faces is calculated as one in the face recognition area and the face tracking area, spoofing can be detected. It will be possible.

Although the number of faces is described here, as described above, for example, when two or more faces are detected in the face recognition area and the face tracking area, it is detected that peeping has occurred. Or, when the number of faces is 0, it can be used to judge whether the person is leaving the office or the like.

The range of the face tracking area refers to the camera image size and the face tracking area parameter from the RAM 203 among the parameters read in step S401. Further, for the face detection position, the position information calculated in step S404 is referred to from the RAM 203.

The face tracking area is set within the image obtained by shooting with the webcam 210, and the maximum image size is set. For example, if the image size is 640 × 480, the range of the upper and lower limit values in the X direction is 0 to 640, and the range is 0 to 480 in the Y direction. If a value outside the range is set, it is automatically corrected to a value within the range.

The processing of each step will be described below.

In step S501, the detection position of the face (centered on the face) with respect to the image is compared with the lower limit value of the face tracking area in the X direction, and it is determined whether or not the detection position is within the range, and the detection position is the lower limit value in the X direction. In the above case, it is compared with the upper limit value in the X direction in S502 described later. When the detection position is less than the lower limit value in the X direction, it is determined as the face recognition area in S506 described later.

As an example of this determination, as shown in FIG. 8, regarding the user A in the lower left, when the face detection position (center of the face) and the lower limit value in the X direction of the face tracking area are compared, it is determined that the user A is below the lower limit value. Then, the process proceeds to step S506.

On the other hand, regarding the user B on the upper right, when the face detection position (center of the face) and the lower limit value of the face tracking area in the X direction are compared, it is determined that the lower limit value or more is obtained, and the process proceeds to step S502.

That is, when the face exists in the range surrounded by the dotted line indicating the outermost shell of the face recognition area and the vertical line in the Y-axis direction with the lower limit value in the X direction as the value of the X coordinate, the detection position of the face is the lower limit. If it is judged to be less than or equal to the value and exists in the range surrounded by the solid line indicating the outermost shell of the face recognition area and the vertical line in the Y-axis direction with the lower limit value in the X direction as the value of the X coordinate, the detection position of the face is It is judged that it is not below the lower limit.

In step S502, the face detection position is compared with the upper limit value of the face tracking area in the X direction to determine whether or not the face is within the range. If the detection position is equal to or less than the upper limit value in the X direction, step S503 will be described later. Compare with the lower limit in the Y direction. When the detection position is larger than the upper limit value in the X direction, it is determined as the face recognition area in step S506 described later.

As an example of this determination, as shown in FIG. 9, regarding the user A on the upper right, when the face detection position (center of the face) and the upper limit value of the face tracking area in the X direction are compared, it is not less than the upper limit value. , And proceed to step S506.

On the other hand, regarding the user B on the center, when the face detection position (center of the face) and the upper limit value of the face tracking area in the X direction are compared, it is determined that the user B is equal to or less than the upper limit value, and the process proceeds to step S503.

That is, the range in which the face exists within the range in step S501 and is surrounded by a solid line indicating the outermost shell of the face recognition area and a vertical line in the Y-axis direction having the upper limit value in the X direction as the value of the X coordinate. If it exists in, it is judged that the face detection position is below the upper limit value, and it is surrounded by a dotted line indicating the outermost shell of the face recognition area and a vertical line in the Y-axis direction with the upper limit value in the X direction as the value of the X coordinate. If it is within the range, it is determined that the face detection position is not less than or equal to the upper limit.

In step S503, the face detection position is compared with the lower limit of the face tracking area in the Y direction to determine whether or not the face is within the range. If the detection position is equal to or greater than the lower limit in the Y direction, step S504 will be described later. Compare with the upper limit in the Y direction. If the detection position is less than the lower limit in the Y direction, it is determined to be a face recognition area in step S506 described later.

As an example of this determination, as shown in FIG. 10, with respect to the user A on the center, when the face detection position (center of the face) and the lower limit value in the Y direction of the face tracking area are compared, the lower limit value or more is obtained. It is determined that there is no such thing, and the process proceeds to step S506.

On the other hand, regarding the user B at the lower center, when the face detection position (which is the center of the face) and the lower limit value in the Y direction of the face tracking area are compared, it is determined that the lower limit value or more is determined, and the process proceeds to step S504.

That is, the range in which the face exists within the range in step S502 and is surrounded by a dotted line indicating the outermost shell of the face recognition area and a vertical line in the X-axis direction having the lower limit value in the Y direction as the value of the Y coordinate. If it exists in, it is determined that the face detection position is not above the lower limit, and it is surrounded by a solid line indicating the outermost shell of the face recognition area and a vertical line in the X-axis direction with the lower limit in the Y direction as the value of the Y coordinate. If it exists in the above range, it is determined that the face detection position is equal to or higher than the lower limit.

In step S504, the face detection position is compared with the upper limit value of the face tracking area in the Y direction, and it is determined whether or not the face is within the range. If the detection position is equal to or less than the upper limit value in the Y direction, step S505 described later. Judges as a face tracking area. When the detection position is larger than the upper limit value in the Y direction, it is determined as the face recognition area in step S506 described later.

As an example of this determination, as shown in FIG. 11, for the user A in the lower center, when the face detection position (center of the face) and the upper limit value in the Y direction of the face tracking area are compared, the value is below the upper limit value. It is determined that there is no such thing, and the process proceeds to step S506.

On the other hand, regarding the user B in the center, when the face detection position (center of the face) and the upper limit value of the face tracking area in the Y direction are compared, it is determined that the user B is equal to or less than the upper limit value, and the process proceeds to step S505.

That is, the range in which the face exists within the range in step S503 and is surrounded by the dotted line indicating the outermost shell of the face recognition area and the vertical line in the X-axis direction with the upper limit value in the Y direction as the value of the Y coordinate. If it exists in, it is judged that the detection position of the face is not above the lower limit value, and if it exists in the range surrounded by the vertical line in the X-axis direction with the upper limit value in the Y direction as the value of the Y coordinate, the face is detected. It is determined that the position is below the upper limit.

In step S505, the face tracking area is stored in the RAM 203 as a determination result. The determination result is used in step S410.

In step S506, the face recognition area is stored in the RAM 203 as a determination result. The determination result is used in step S410.

Hereinafter, a description example of the setting file of the present embodiment will be described with reference to FIG.

FIG. 6 is an example of setting the size of the webcam image, the face tracking area, the threshold value of the similarity at the time of personal authentication, and the cycle of the personal authentication process. In this example, each setting item is surrounded by tags.

The size of the webcam image is specified by the image_size tag 601. Specify in pixels in the format of "number of horizontal pixels x number of vertical pixels".

The face tracking area is designated by the tracking_area tag 602. The upper left corner of the image is set to 0, and the upper and lower limits of the horizontal and vertical areas are specified in pixels.

The lower limit value in the horizontal direction (X-axis direction) is specified by the X_lower tag 603 and the upper limit value is specified by the X_upper tag 604, the lower limit value in the vertical direction (Y-axis direction) is specified by the Y_lower tag 605, and the upper limit value is specified by the Y_upper tag 606.

The range of the specified value is within the size range of the image obtained by shooting with the webcam 210. For example, when the image size is 640 × 480, the upper and lower limits of X are 0 to 640, and Y is 0 to 480. If it exceeds the image size range, it is automatically corrected to the image size range in step S409. The relationship with the face recognition area when the face tracking area is specified is as shown in FIG.

The threshold value of the similarity at the time of personal authentication is specified by the similarity_threshold tag 607. If the similarity calculated at the time of authentication processing is less than the threshold value set here, it is judged to be another person. For example, from the viewpoint of false negative, the range that can be specified is 0.5 to 1.0.

The cycle of personal authentication processing is specified by the processing_cycle tag 608. The unit of the specified value is, for example, milliseconds.

Hereinafter, an example of the management screen by the web management console of the present embodiment will be described with reference to FIG.

FIG. 12 is a management screen 700 using the web management console on the administrator PC 121. On the management screen 700, in addition to the list of teleworkers to be managed, an image that is a trail of the detected event, an event occurrence date and time, and the communication status of the teleworkers can be confirmed.

The management screen 700 is composed of a teleworker list panel 701, a calendar panel 702, and a trail confirmation panel 703.

On the teleworker list panel 701, the names of the teleworkers to be managed and the authentication photos are displayed in a list. By clicking the teleworker in the list, you can specify the teleworker for which you want to check the trail data. When the teleworker in the list is displayed in blue, it indicates that the teleworker PC 111 is in communication connection with the management server 101.

In the calendar panel 702, the date of the trail data of the event to be confirmed can be specified. By clicking the date on the calendar panel 702, you can specify the date of the trail data you want to check. The specified date is displayed in blue.

The trail confirmation panel 703 displays trail data of events related to the teleworker and date specified by the teleworker list panel 701 and the calendar panel 702. Event trail data consists of event classification, date and time of occurrence, and images that serve as trails. The event classification includes "leaving a seat", "spoofing", and "peeping", and these classifications are classified within the dedicated application of the teleworker PC111.

Regarding the information displayed on the management screen 700, the telework information (including each event and the trail data corresponding to each event) transmitted from the teleworker PC 111 to the database server 102 via the management server 101 is referred to.

In the present embodiment, the face recognition process in step S412 is performed only when the face tracking area first appears, but in the process of step S411, the authentication state is "unapproved" including the first appearance. After determining that, the number of times is incremented, and if the number of times exceeds a predetermined number of times, the face recognition process in step S412 is performed, and after the face recognition process is completed, this number of times is cleared. Is also possible.

This makes it possible to perform face recognition at a predetermined timing with less frequency than performing face recognition processing on a regular basis, not only when it first appears in the face tracking area, and improve the accuracy of spoofing detection. Is also possible.

Further, the face recognition process in step S412 was performed only when it first appeared in the face tracking area, but in the process of step S411, after determining that the authentication state was "authenticated" when it first appeared, step S411 After the processing of is executed a predetermined number of times while the authentication status is continuously "authenticated", the authentication status may be determined as "unauthenticated" and the face recognition process in step S412 may be performed.

This makes it possible to switch the frequency of authentication between the face tracking area and the face recognition area, so it is better than performing face recognition processing on a regular basis, not only when the face tracking area first appears. Face recognition can be performed with a low frequency, and it is possible to improve the accuracy of spoofing detection in the face tracking area.

As described above, according to the present invention, in a system that requires periodic personal authentication, the authentication frequency is suppressed as compared with the area where face authentication is performed to suppress spoofing and the area for suppressing false authentication. By providing an area, it is possible to prevent unauthorized use of the system and deterioration of authentication accuracy.

Although examples of embodiments have been described in detail above, the present invention can take an embodiment as, for example, a method, a program, a storage medium, or the like, and specifically, a system composed of a plurality of devices. It may be applied, or it may be applied to a device consisting of one device.

Further, the program in the present invention is a program in which a computer can execute (read) each processing method, and the storage medium of the present invention stores a program in which a computer can execute each processing method.

The program in the present invention may be a program for each processing method of each device.

As described above, a recording medium on which a program for realizing the functions of the above-described embodiment is recorded is supplied to the system or device, and the computer (or CPU or MPU) of the system or device stores the program in the recording medium. It goes without saying that the object of the present invention is achieved by reading and executing.

In this case, the program itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program constitutes the present invention.

Recording media for supplying programs include, for example, flexible disks, hard disks, optical disks, magneto-optical disks, CD-ROMs, CD-Rs, DVD-ROMs, magnetic tapes, non-volatile memory cards, ROMs, EEPROMs, and silicon. A disc or the like can be used.

Further, by executing the program read by the computer, not only the function of the above-described embodiment is realized, but also the OS or the like running on the computer is a part of the actual processing or based on the instruction of the program. Needless to say, there are cases where the functions of the above-described embodiment are realized by performing all of the processes.

Further, the program read from the recording medium is written to the memory provided in the function expansion board inserted in the computer or the function expansion unit connected to the computer, and then the function expansion board is based on the instruction of the program code. It goes without saying that there are cases where the CPU or the like provided in the function expansion unit performs a part or all of the actual processing, and the processing realizes the functions of the above-described embodiment.

Further, the present invention may be applied to a system composed of a plurality of devices or a device composed of one device.

It goes without saying that the present invention can also be applied when it is achieved by supplying a program to a system or device. In this case, by reading the recording medium in which the program for achieving the present invention is stored into the system or device, the system or device can enjoy the effect of the present invention.

Further, by downloading and reading a program for achieving the present invention from a server, database, or the like on the network by a communication program, the system or device can enjoy the effect of the present invention. It should be noted that all the configurations in which the above-described embodiments and modifications thereof are combined are also included in the present invention.

100 Telework management support system 101 Management server 102 Database server 103 Router 104 Service environment network 110 Home network 111 Teleworker PC
112 Router 120 Internal network 121 Administrator's PC121
122 Router 130 Internet 201 CPU
202 ROM
203 RAM
204 System Bus 205 Input Controller 206 Video Controller 207 Memory Controller 208 Communication I / F Controller 209 KB
210 webcam 211 CRT
212 external memory

Claims (11)

It is an information processing device that authenticates the person using the face information of the image obtained by shooting.
An acquisition method for acquiring face information about a face from an image obtained by taking a picture,
An authentication control means that repeatedly controls personal authentication using the face information acquired by the acquisition means, and
With
After the user is authenticated as the person, the authentication control means performs the person authentication when the continuation of the state in which the user is recognized based on the face information of the user who has been authenticated as the person satisfies a predetermined condition. An information processing device characterized by being controlled in such a manner. The information processing apparatus according to claim 1, wherein the condition for which the recognition is predetermined indicates that the state in which the user has been recognized has been continued for a predetermined number of times. The information processing apparatus according to claim 1 or 2, wherein the condition for which the recognition is predetermined indicates that the state in which the user has been recognized has been continued for a predetermined time. When the face information of the user who has been authenticated as the person is not acquired by the acquisition means after the user is authenticated as the person himself / herself, and then the face information of the user is newly acquired, the face information is used. The information processing device according to any one of claims 1 to 3, wherein the personal authentication is controlled. The information processing device according to any one of claims 1 to 4, wherein the authentication control means controls the personal authentication of the face when the number of faces is one by the acquisition means. The information processing according to any one of claims 1 to 5, characterized in that the acquisition means includes a notification means for notifying that a peep has occurred when the number of faces is two or more. apparatus. According to claim 5 or 6, the authentication control means is different from the number acquired last time by the acquisition means, and controls the personal authentication of the face when the number of one face is acquired. The information processing device described. An information processing system in which a client terminal, an administrator terminal, and a server are connected via a network.
An acquisition method for acquiring face information about a face from an image obtained by taking a picture,
An authentication control means that repeatedly controls personal authentication using the face information acquired by the acquisition means, and
With
After the user is authenticated as the person, the authentication control means performs the person authentication when the continuation of the state in which the user is recognized based on the face information of the user who has been authenticated as the person satisfies a predetermined condition. An information processing system characterized by being controlled in such a manner. It is a control method of an information processing device that authenticates the person using the face information of the image obtained by taking a picture.
The information processing device
The acquisition step to acquire face information about the face from the image obtained by shooting,
An authentication control step that repeatedly controls personal authentication using the face information acquired in the acquisition step, and
And
After the user is authenticated as the person, the authentication control step performs the person authentication when the continuation of the state in which the user is recognized based on the face information of the user who has been authenticated as the person satisfies a predetermined condition. A control method for an information processing device, which is characterized by such control. Computer,
An acquisition method for acquiring face information about a face from an image obtained by taking a picture,
An authentication control means that repeatedly performs personal authentication that recognizes the user's face from an image obtained by taking a picture using the face information acquired by the acquisition means.
To make it work
After the user is authenticated as the person, the authentication control means performs the person authentication when the continuation of the state in which the user is recognized based on the face information of the user who has been authenticated as the person satisfies a predetermined condition. A program to make it work to control. It is a control method of an information processing system in which a client terminal, an administrator terminal, and a server are connected via a network.
The information processing system
The acquisition step to acquire face information about the face from the image obtained by shooting,
Using the face information acquired in the acquisition step, an authentication control step that repeatedly controls personal authentication that recognizes the user's face from an image obtained by taking a picture, and
And
After the user is authenticated as the person, the authentication control step performs the person authentication when the continuation of the state in which the user is recognized based on the face information of the user who has been authenticated as the person satisfies a predetermined condition. A control method for an information processing system, which is characterized in that it is executed so as to be controlled.

Images