JP7230074B2 - Authentication system and information processing method - Google Patents

Description

The present invention relates to an authentication system and an information processing method.

Conventionally, as an authentication system that performs authentication based on face data, an authentication system that performs personal authentication by matching input face data with registered face data that has been registered in advance is known (see, for example, Patent Document 1, 2).

The authentication system described in Patent Literature 1 authenticates a target person using an image of a face portion in an image captured by a camera. Further, in the authentication system described in Patent Document 2, for example, when four face images are registered, two face patterns are used for accuracy assurance, one face pattern is used for disturbance component absorption, and one face pattern is used for disturbance component absorption. This is a face pattern to be updated. Then, when a new face pattern is registered, the update target face pattern having the second lowest degree of similarity with the newly registered face pattern is deleted from among the four pre-registered face patterns. That is, by leaving the face pattern for disturbance component absorption that has the lowest degree of similarity with the face pattern to be newly registered, face authentication is performed while adapting to variations in the environment.

JP 2019-197426 A Japanese Patent Application Laid-Open No. 2006-72540

In the authentication systems disclosed in Patent Literatures 1 and 2, there is a problem that registered face image data cannot be used by an authentication engine that performs authentication other than face authentication, which is inconvenient.

The present invention has been made in consideration of such points, and is capable of improving convenience by using registered face image data in an authentication engine that performs authentication other than face authentication. An object is to provide a system and an information processing method.

The authentication system of the present invention is
An authentication system that authenticates a user using information received from a user terminal,
When a user is registered, face image data of a user is received from a user terminal, a feature amount of the user's face image is extracted based on the received face image data of the user, and information relating to the extracted feature amount of the user's face image. an information acquiring means for storing in a memory;
A feature amount of the user's face image extracted from the user's face image data received from the imaging unit of the service organization or a feature amount of the user's face image received from the imaging unit of the service organization at the time of user authentication, and stored in the memory authentication means for authenticating the user's face by comparing the feature amount of the user's face image that has been obtained;
User identification information other than biometric authentication information , which is used in an authentication engine of a service organization that authenticates users by authentication other than face authentication and biometric authentication , and the feature amount of the user's face image stored in the memory. a linking means for linking the
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that authenticates users by authentication other than face authentication and biometric authentication is newly registered, the newly registered The identification information of the user other than the information obtained by biometric authentication used in the authentication engine of the service organization and the feature amount of the user's face image stored in the memory are linked by the linking means.

The authentication system of the present invention is
An authentication system that authenticates a user using information received from a user terminal,
When a user is registered, face image data of a user is received from a user terminal, a feature amount of the user's face image is extracted based on the received face image data of the user, and information relating to the extracted feature amount of the user's face image. an information acquiring means for storing in a memory;
Transmitting means for transmitting the information related to the feature amount of the user's face image stored in the memory to the image capturing unit of each service organization in order to allow the image capturing unit of each service organization to perform authentication based on the user's face image. and,
User identification information other than biometric authentication information , which is used in an authentication engine of a service organization that authenticates users by authentication other than face authentication and biometric authentication , and the feature amount of the user's face image stored in the memory. a linking means for linking the
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that authenticates users by authentication other than face authentication and biometric authentication is newly registered, the newly registered The identification information of the user other than information obtained by biometric authentication used in the authentication engine of the service organization and the feature amount of the user's face image stored in the memory are linked by the linking means.

The authentication system of the present invention is
An authentication system that authenticates a user using information received from a user terminal,
information acquisition means for receiving face image data of a user from a user terminal at the time of user registration and storing the received face image data of the user in a memory;
authentication means for authenticating the user by comparing the user's face image data received from the imaging unit of the service organization with the user's face image data stored in the memory at the time of user authentication;
Extracted from user identification information other than biometric authentication information and user face image data stored in the memory , which is used in an authentication engine of a service organization that authenticates users by authentication other than face authentication and biometric authentication. a linking means for linking the feature amount of the face image of the user obtained ;
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that authenticates users by authentication other than face authentication and biometric authentication is newly registered, the newly registered The user's identification information other than the biometric authentication information used in the authentication engine of the service organization and the feature amount of the user's face image extracted from the user's face image data already stored in the memory are linked by the linking means. It is characterized by being linked by

The authentication system of the present invention is
An authentication system that authenticates a user using information received from a user terminal,
information acquisition means for receiving face image data of a user from a user terminal at the time of user registration and storing the received face image data of the user in a memory;
a transmission means for transmitting the user's face image data stored in the memory to the imaging unit of each service organization in order to perform authentication based on the user's face image in the imaging unit of each service organization;
Extracted from user identification information other than biometric authentication information and user face image data stored in the memory , which is used in an authentication engine of a service organization that authenticates users by authentication other than face authentication and biometric authentication. a linking means for linking the feature amount of the face image of the user obtained ;
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that authenticates users by authentication other than face authentication and biometric authentication is newly registered, the newly registered The user's identification information other than the biometric authentication information used in the authentication engine of the service organization and the feature amount of the user's face image extracted from the user's face image data already stored in the memory are linked by the linking means. It is characterized by being linked by
In each of the authentication systems described above, different strengths of authentication are set depending on the type of service organization. One type of service organization performs user authentication based on face authentication by the authentication means, and another type of service organization performs user authentication based on face recognition by the authentication means. Then, user authentication may be performed by using information other than biometric authentication in addition to face authentication by the authentication means.

The information processing method of the present invention comprises:
An information processing method by an authentication system that authenticates a user using information received from a user terminal,
When a user is registered, face image data of a user is received from a user terminal, a feature amount of the user's face image is extracted based on the received face image data of the user, and information relating to the extracted feature amount of the user's face image. in memory; and
A feature amount of the user's face image extracted from the user's face image data received from the imaging unit of the service organization or a feature amount of the user's face image received from the imaging unit of the service organization at the time of user authentication, and stored in the memory a step of authenticating the user by comparing the feature amount of the user's face image that has been obtained;
Associating user identification information other than biometric authentication information, which is used by an authentication engine of a user's service organization for authentication other than face authentication and biometric authentication, with the feature amount of the user's face image stored in the memory. process and
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that authenticates users by authentication other than face authentication and biometric authentication is newly registered, the newly registered It is characterized in that user identification information other than biometric authentication information used in an authentication engine of a service organization is associated with the feature amount of the user's face image stored in the memory.

The information processing method of the present invention comprises:
An information processing method by an authentication system that authenticates a user using information received from a user terminal,
When a user is registered, face image data of a user is received from a user terminal, a feature amount of the user's face image is extracted based on the received face image data of the user, and information relating to the extracted feature amount of the user's face image. in memory; and
a step of transmitting the information related to the feature amount of the user's face image stored in the memory to the image capturing unit of each service organization in order to allow the image capturing unit of each service organization to perform authentication based on the user's face image; ,
User identification information other than biometric authentication information , which is used in an authentication engine of a service organization that authenticates users by authentication other than face authentication and biometric authentication , and the feature amount of the user's face image stored in the memory. and
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that authenticates users by authentication other than face authentication and biometric authentication is newly registered, the newly registered It is characterized in that user identification information other than biometric authentication information used in an authentication engine of a service organization is associated with the feature amount of the user's face image stored in the memory.

The information processing method of the present invention comprises:
An information processing method by an authentication system that authenticates a user using information received from a user terminal,
a step of receiving face image data of a user from a user terminal at the time of user registration, and storing the received face image data of the user in a memory;
a step of authenticating the user by comparing the user's facial image data received from the imaging unit of the service institution with the user's facial image data stored in the memory at the time of user authentication;
Extracted from user identification information other than biometric authentication information and user face image data stored in the memory , which is used in an authentication engine of a service organization that authenticates users by authentication other than face authentication and biometric authentication. A step of linking the feature amount of the user's face image obtained ,
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that authenticates users by authentication other than face authentication and biometric authentication is newly registered, the newly registered User identification information other than biometric authentication information used in an authentication engine of a service organization is associated with the feature amount of the user's face image extracted from the user's face image data already stored in the memory. characterized by

The information processing method of the present invention comprises:
An information processing method by an authentication system that authenticates a user using information received from a user terminal,
a step of receiving face image data of a user from a user terminal at the time of user registration, and storing the received face image data of the user in a memory;
a step of transmitting the user's facial image data stored in the memory to the imaging unit of each service organization in order to perform authentication based on the user's facial image in the imaging unit of each service organization;
Extracted from user identification information other than biometric authentication information and user face image data stored in the memory , which is used in an authentication engine of a service organization that authenticates users by authentication other than face authentication and biometric authentication. A step of linking the feature amount of the user's face image obtained ,
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that authenticates users by authentication other than face authentication and biometric authentication is newly registered, the newly registered User identification information other than biometric authentication information used in an authentication engine of a service organization is associated with the feature amount of the user's face image extracted from the user's face image data already stored in the memory. characterized by
In each of the above-described information processing methods, different strengths of authentication are set depending on the type of service organization. In one type of service organization, user authentication is performed based on face recognition by the authentication means, and in another type of service. In addition to facial authentication by the authentication means, the institution may authenticate the user by using information other than biometric authentication.

According to the authentication system and the information processing method of the present invention, convenience can be improved by using registered face image data in an authentication engine that performs authentication other than face authentication.

It is a figure which shows roughly an example of the imaging unit arrange|positioned at the authentication system and each service institution by embodiment of this invention. 2 is a flow chart showing details of processing executed when a user's face image is registered by the authentication system shown in FIG. 1; 2 is a flow chart showing an example of processing contents executed when user authentication is performed by the authentication system and imaging unit shown in FIG. 1; FIG. 4 is a diagram schematically showing another example of an authentication system and an imaging unit arranged at each service facility according to an embodiment of the present invention; FIG. 5 is a flow chart showing details of processing executed when a user's face image is registered by the authentication system shown in FIG. 4; FIG. FIG. 5 is a flow chart showing an example of processing contents executed when user authentication is performed by the authentication system and imaging unit shown in FIG. 4 ; FIG. FIG. 4 is a diagram schematically showing still another example of an authentication system and an imaging unit arranged in each service facility according to an embodiment of the present invention; FIG. 8 is a flow chart showing details of processing executed when a user's face image is registered by the authentication system shown in FIG. 7; FIG. FIG. 8 is a flow chart showing an example of processing executed when user authentication is performed by the authentication system and imaging unit shown in FIG. 7; FIG. It is a figure which shows the initial screen displayed on a user terminal. It is a figure which shows the registration screen displayed on a user terminal. It is a figure which shows the registration screen displayed on a user terminal. FIG. 10 is a diagram showing a service addition screen displayed on the user terminal; FIG. 10 is a diagram showing an authentication history screen displayed on the user terminal; FIG. 10 is a diagram showing a detailed screen of authentication history displayed on the user terminal; FIG. 10 is a diagram schematically showing still another example of the authentication system according to the embodiment of the present invention and imaging units arranged in each company; FIG. 4 is a diagram schematically showing still another example of an authentication system according to an embodiment of the present invention and imaging units arranged in each company;

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described with reference to the drawings. 1 to 15 are diagrams showing an authentication system according to the present embodiment and an imaging unit arranged in each service institution.

As shown in FIG. 1, imaging units 30A, 30B, and 30C for authenticating users are arranged in service organizations such as restaurants, hotels, transportation facilities, office buildings, collective housing facilities, and convenience stores. Although three imaging units 30A, 30B, and 30C are illustrated in FIG. 1, two or four or more imaging units may be used. An authentication system 10 installed in a company different from each service organization is communicably connected to each imaging unit 30A, 30B, 30C via a network such as an Internet line. A user terminal 20 such as a smartphone owned by a user is communicably connected to the authentication system 10 and the imaging units 30A, 30B, and 30C via a network such as an Internet line. Details of the authentication system 10 and the imaging units 30A, 30B, and 30C will be described below.

The authentication system 10 is composed of, for example, a computer, etc. The authentication system 10 has a processor 12 such as a CPU, a memory 16 and a communication section 18 . Based on the facial image data received from the user terminal 20, the processor 12 includes feature extraction means 14 for extracting, as a hash value, the feature of the facial image of the user corresponding to each of the imaging units 30A, 30B, and 30C; and registering means 13 for registering the feature amount of the face image of the user. Then, the processor 12 executes the program stored in the memory 16 to extract the feature amount of the user's face image corresponding to each of the imaging units 30A, 30B, and 30C in the feature amount extraction means 14 as a hash value. It's like Specifically, the feature quantity extraction unit 14 extracts a hash value obtained from the received face image data of the user by a predetermined hash function as the feature quantity of the face image of the user. Note that even if the user's face image data is the same, the feature amount of the user's face image may differ depending on the type of the imaging units 30A, 30B, and 30C. This is because the specifications of the imaging units 30A, 30B, and 30C used by these service organizations differ when the service organizations such as business companies are different. Therefore, the feature quantity extraction means 14 extracts the feature quantity of the user's face image for each of the imaging units 30A, 30B, and 30C. That is, from one piece of face image data, feature amounts of face images of a plurality of users corresponding to the imaging units 30A, 30B, and 30C are extracted. Further, the processor 12 executes the program stored in the memory 16 to perform the feature amount (specifically, , hash value) are stored in the memory 16 by the registration means 13 in association with the identification information of the user and the identification information of the imaging units 30A, 30B, and 30C. Note that the programs executed by the processor 12 are not limited to those stored in the memory 16 . The processor 12 executes a program transmitted from an external device to the authentication system 10 or a program stored in a recording medium detachably attached to the authentication system 10, so that the feature quantity extraction means 14 and the registration means 13 Processing may be performed in each. Further, in the present embodiment, information acquisition means 17 is configured by feature quantity extraction means 14 and registration means 13 . The information acquisition means 17 receives face image data of the user at the time of user registration, extracts the feature amount of the user's face image based on the received face image data of the user, and extracts the feature amount of the extracted user's face image. is stored in the memory 16 as user identification information.

As described above, the memory 16 stores the feature amount (specifically, hash value) of the user's face image extracted by the feature amount extraction means 14, the identification information of the user and the imaging units 30A, 30B, and 30C. It is stored in association with the identification information. As described above, the feature amount of the user's face image extracted by the feature amount extraction means 14 may differ depending on the type of the imaging units 30A, 30B, and 30C. Therefore, the feature quantity extraction means 14 extracts the feature quantity of the user's face image for each of the imaging units 30A, 30B, and 30C. Accordingly, it is also necessary to store the feature amount of the user's face image extracted by the feature amount extracting means 14 in the memory 16 in association with each imaging unit 30A, 30B, 30C. The memory 16 also stores user identification information in association with the service organization selected by the user. In addition, as described above, the memory 16 stores programs for causing the processor 12 to perform various processes. Also, the processor 12 transmits and receives signals to and from the imaging units 30A, 30B, and 30C or the user terminal 20 arranged at each service facility via a network such as the Internet line by the communication section 18 .

Each of the imaging units 30A, 30B, 30C arranged in each service facility is composed of, for example, a computer or the like. 36B and 36C, imaging units 38A, 38B and 38C, processing units 40A, 40B and 40C, and communication units 42A, 42B and 42C. Processors 32A, 32B, and 32C include feature amount extracting means 34A, 34B, and 34C for extracting feature amounts of user's facial images as hash values based on user's facial image data captured by imaging units 38A, 38B, and 38C. , authentication means 35A, 35B, and 35C. Then, the processors 32A, 32B, 32C execute the programs stored in the memories 36A, 36B, 36C to extract the feature amounts of the user's facial images as hash values in the feature amount extraction means 34A, 34B, 34C. It is designed to Specifically, the feature amount extracting units 34A, 34B, and 34C extract hash values obtained from the received user's face image data using a predetermined hash function as feature amounts of the user's face image. The processors 32A, 32B, 32C execute programs stored in the memories 36A, 36B, 36C to perform user authentication in authentication means 35A, 35B, 35C. The details of such processing will be described later. The programs executed by the processors 32A, 32B, 32C are not limited to those stored in the memories 36A, 36B, 36C. The processors 32A, 32B, and 32C execute programs transmitted from an external device to the imaging units 30A, 30B, and 30C, and programs stored in recording media detachably attached to the imaging units 30A, 30B, and 30C. Accordingly, various processes may be performed in each of the feature quantity extraction means 34A, 34B, 34C and authentication means 35A, 35B, 35C. Further, each imaging unit 30A, 30B, 30C is not limited to one corresponding to one service institution. For example, the imaging unit 30A may correspond to a plurality of service organizations.

In addition, the memories 36A, 36B, and 36C are configured to associate and store pre-registered user identification information and feature amounts of the user's face images. Also, as described above, the memories 36A, 36B, 36C store programs for causing the processors 32A, 32B, 32C to perform various processes. In addition, the imaging units 38A, 38B, and 38C have cameras, for example, and acquire facial image data of the user by imaging the user.

Moreover, the processing units 40A, 40B, and 40C are adapted to perform various processes for authenticated users. For example, if the imaging units 30A, 30B, and 30C are arranged in an office building, a collective housing facility, or the like, the processing units 40A, 40B, and 40C, when the user is authenticated, Doors arranged at entrances and exits of collective housing facilities will be unlocked. In addition, when the imaging units 30A, 30B, and 30C are arranged in restaurants, hotels, transportation facilities, convenience stores, etc., cashless settlement is possible when paying fees at these service facilities. . In this case, the payment information is sent from the imaging units 30A, 30B, and 30C to the server of the financial institution or credit card company, whereby the payment amount is automatically debited from the user's bank account or the credit card statement is entered. It will be added to Further, the processors 32A, 32B, 32C are adapted to transmit and receive signals to and from the authentication system 10 or the user terminal 20 via a network such as the Internet line by communication units 42A, 42B, 42C.

In addition, in each of the imaging units 30A, 30B, and 30C, the user's face image is captured by the imaging units 38A, 38B, and 38C, and the feature amount of the user's face image is registered in each of the imaging units 30A, 30B, and 30C. It is possible to do so. Specifically, when the user's facial image is captured by the imaging units 38A, 38B, and 38C when the feature amount of the user's facial image is registered by each of the imaging units 30A, 30B, and 30C, the processors 32A, 32B, Based on the user's face image data captured by the imaging units 38A, 38B, and 38C, the feature quantity extraction means 34A, 34B, and 34C extract the feature quantity of the user's face image as a hash value. Then, the extracted feature amount (specifically, hash value) of the user's face image is stored in memories 36A, 36B, and 36C. In this way, the feature amount of the user's face image is registered in each imaging unit 30A, 30B, 30C.

In the user terminal 20, a face authentication application can be installed from an online store or the like. When such a face authentication application is installed, the user can use the user terminal 20 to register face image data, register a service institution that uses the service, and the like. The processing contents of such a face authentication application will be described later. Note that such a face authentication application may be provided by the authentication system 10, or may be provided by a system separate from the authentication system 10. FIG.

In this embodiment, the authentication system 10 and the imaging units 30A, 30B, and 30C arranged in each service organization are API-linked (application programming interface). As a result, the system of each imaging unit 30A, 30B, 30C can be configured more easily than when the system of each imaging unit 30A, 30B, 30C is independently configured.

Next, details of processing when user authentication is performed by the authentication system 10 and the imaging units 30A, 30B, and 30C will be described with reference to FIGS. 2, 3, and 10 to 12. FIG.

First, a process in which a user uses the user terminal 20 to register face image data in the authentication system 10 will be described. First, the user installs a face authentication application on the user terminal 20. FIG. A screen shown in FIG. 10 is displayed as an initial screen of such a face authentication application. A user first performs user registration using such a face authentication application on the user terminal 20 . Specifically, when an account button is pressed on the screen shown in FIG. 10, a user registration screen such as that shown in FIG. 11 is displayed. Enter registration information such as name, date of birth, phone number, e-mail address, password, etc. on such a user registration screen, check the box to agree to the terms of use, and press the registration button, as shown in FIG. The imaged screen of the face image is as follows. When the user captures a facial image with the user terminal 20 on such an imaging screen, various information input on the user registration screen and the user's facial image data are transmitted from the user terminal 20 to the authentication system 10 . Thus, the processor 12 of the authentication system 10 receives face image data from the user terminal 20 (STEP 1). The processor 12 of the authentication system 10 also receives from the user terminal 20 the identification information of the user terminal 20 and the registration information such as the user's name, date of birth, telephone number, e-mail address, and password input to the user terminal 20. . The processor 12 also issues a user ID as user identification information, and causes the memory 16 to store the issued user ID.

Next, based on the face image data received from the user terminal 20, the processor 12 of the authentication system 10 extracts the feature quantity of the face image corresponding to each imaging unit 30A, 30B, 30C as a hash value by the feature quantity extraction means 14. Extract (STEP 2). At this time, the feature amount of the user's face image extracted by the feature amount extraction means 14 may differ depending on the type of the imaging units 30A, 30B, and 30C. Therefore, the feature quantity extraction means 14 extracts the feature quantity of the user's face image for each of the imaging units 30A, 30B, and 30C. Further, the feature quantity extracting means 14 extracts only the feature quantity of the user's face image corresponding to the imaging units 30A, 30B, and 30C of the service organization selected in advance by the user. For example, the user is permitted to use the face image data at the service facility where the imaging unit 30A is installed, but the user is not permitted to use the face image data at the service facility where the imaging unit 30B is installed. In this case, the feature quantity extraction means 14 extracts only the feature quantity of the face image of the user corresponding to the imaging unit 30A. As described above, the memory 16 stores the identification information of the user and the service organization selected by the user in association with each other. Then, the processor 12 stores the feature amounts of the facial images corresponding to the imaging units 30A, 30B, and 30C extracted by the feature amount extraction means 14 in the memory 16 of the authentication system 10 by the registration means 13. information) and the identification information of the imaging units 30A, 30B, and 30C are stored in association with each other (STEP 3). Thus, the registration of the user's face image captured by the user terminal 20 is completed. Also, information relating to the feature amount of the user's face image stored in the memory 16 is transmitted from the authentication system 10 to the imaging units 30A, 30B, and 30C of the service organization selected by the user (STEP 4). At this time, the feature amounts of the facial images of the users corresponding to the imaging units 30A, 30B, and 30C are transmitted to the imaging units 30A, 30B, and 30C. The imaging units 30A, 30B, and 30C store the information related to the feature amount of the user's face image transmitted from the authentication system 10 in the memories 36A, 36B, and 36C in association with the user's identification information.

Next, processing for user authentication in each of the imaging units 30A, 30B, and 30C will be described. When user authentication is required at the service facility where each of the imaging units 30A, 30B, and 30C is installed, first, the imaging units 38A, 38B, and 38C of the imaging units 30A, 30B, and 30C take images of the user. acquires the face image data of the user (STEP 11). In the imaging units 30A, 30B, and 30C, the processors 32A, 32B, and 32C extract the feature amount of the user's face image as a hash value by the feature amount extraction means 34A, 34B, and 34C based on the acquired face image data. (STEP 12). Then, the processors 32A, 32B, 32C store the feature amounts (specifically, hash values) of the facial images of the users extracted by the feature amount extraction means 34A, 34B, 34C and the The user is authenticated by comparing the feature amount (more specifically, hash value) of the user's face image (STEP 13). More specifically, the rate of matching between the feature amounts of the user's facial images extracted by the feature amount extracting means 34A, 34B, and 34C and the feature amounts of the user's facial images stored in the memories 36A, 36B, and 36C. exceeds a predetermined threshold (eg, 80%), the authentication means 35A, 35B, 35C authenticate the user. As described above, the memories 36A, 36B, and 36C store pre-registered identification information of users in association with feature amounts of facial images of the users.

Then, when the user is authenticated by the authentication means 35A, 35B, and 35C ("YES" in STEP 14), the processors 32A, 32B, and 32C send the imaging units 30A, 30B, and 30C to the imaging units 30A, 30B, and 30C by the respective processing units 40A, 40B, and 40C. The corresponding service is enabled (STEP 15). Specifically, as described above, when the imaging units 30A, 30B, and 30C are arranged in an office building, a collective housing facility, or the like, the processing units 40A, 40B, and 40C perform user authentication. In such cases, the doors placed at the entrances and exits of these office buildings and collective housing facilities are unlocked. In addition, when the imaging units 30A, 30B, and 30C are arranged in restaurants, hotels, transportation facilities, convenience stores, etc., cashless settlement is possible when paying fees at these service facilities. . Note that two-factor authentication may be performed when cashless payment is performed. After that, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C transmit information on the usage status of the service to the authentication system 10 (STEP 17). As a result, in the authentication system 10, information relating to the service utilization status of each service organization is stored in the memory 16 for each user.

On the other hand, the feature amounts of the user's facial images extracted by the feature amount extracting means 34A, 34B, and 34C do not substantially match the feature amounts of the user's facial images stored in the memories 36A, 36B, and 36C. If user authentication could not be performed by 35A, 35B, and 35C ("NO" in STEP 14), processors 32A, 32B, and 32C cause image pickup units 30A, 30B, The service corresponding to 30C is disabled (STEP 16). In this case as well, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C receive information on service usage (specifically, when the user tried to authenticate with the imaging units 30A, 30B, and 30C, (Information that the service could not be used because the user was not authorized to use the service) is sent to the authentication system 10 (STEP 17).

According to such an authentication method, although a feature value of a user's face image is registered by an image capturing engine (for example, the image capturing unit 30A) of a service organization, the image capturing engine (for example, the image capturing unit 30B) of another service organization ), the feature amount of the user's face image is stored in the memory 16 of the authentication system 10 and the memories 36A, 36B, and 36C of the imaging units 30A, 30B, and 30C to identify the imaging units 30A, 30B, and 30C. By storing the information in association with the information, even a service organization in which the feature amount of the user's face image is not registered can perform user authentication by capturing the user's face image with the imaging unit. In this case, the user does not need to register face image data for all of the plurality of imaging units, thus saving the user time and effort.

The authentication system 10 and the authentication method according to this embodiment are not limited to those shown in FIGS. 1 to 3. FIG. Other examples of the authentication system 10 and the authentication method according to this embodiment will be described with reference to FIGS. 4 to 6. FIG. Regarding the authentication system 10 and the imaging units 30A, 30B, and 30C shown in FIG. 4, the same components as those of the authentication system 10 and the imaging units 30A, 30B, and 30C shown in FIG. omitted.

As shown in FIG. 4, the processor 12 of the authentication system 10, based on the face image data received from the user terminal 20, uses the feature amount of the user's face image corresponding to each imaging unit 30A, 30B, 30C as a hash value. A feature amount extraction means 14 for extracting, a registration means 13 for registering the extracted feature amount of the user's face image, and a user's face image imaged by the image pickup units 38A to 38C of the image pickup units 30A, 30B, and 30C. and authentication means 15 for authenticating the user based on the feature amount (specifically, the hash value). The processor 12 executes a program stored in the memory 16 to transfer the feature amount (specifically, hash value) of the user's face image extracted by the feature amount extraction means 14 in the registration means 13 to the user's facial image. and the identification information of the imaging units 30A, 30B, and 30C. In addition, the processor 12 executes a program stored in the memory 16 to obtain the feature amount of the user's face image captured by the imaging units 38A to 38C of the imaging units 30A, 30B, and 30C in the authentication means 15. (Specifically, hash values) are compared with the feature values (specifically, hash values) of the user's face images corresponding to the imaging units 30A, 30B, and 30C stored in the memory 16. is used to authenticate the user. Note that the programs executed by the processor 12 are not limited to those stored in the memory 16 . The processor 12 executes a program transmitted from an external device to the authentication system 10 or a program stored in a recording medium detachably attached to the authentication system 10, whereby the feature quantity extracting means 14, the registering means 13 and Processing may be performed in each of the authentication means 15 . Also in the present embodiment, the information acquisition means 17 is configured by the feature quantity extraction means 14 and the registration means 13 . The information acquisition means 17 receives face image data of the user at the time of user registration, extracts the feature amount of the user's face image based on the received face image data of the user, and extracts the feature amount of the extracted user's face image. is stored in the memory 16 as user identification information.

Each of the imaging units 30A, 30B, 30C arranged in each service facility is composed of, for example, a computer or the like. 36B and 36C, imaging units 38A, 38B and 38C, processing units 40A, 40B and 40C, and communication units 42A, 42B and 42C. Processors 32A, 32B, and 32C include feature amount extraction means 34A, 34B, and 34C for extracting feature amounts of user's face images as hash values based on the user's face image data captured by imaging units 38A, 38B, and 38C. have. Note that in the example shown in FIG. 4, the processors 32A, 32B, 32C do not have authentication means 35A, 35B, 35C as shown in FIG. Processors 32A, 32B, and 32C execute programs stored in memories 36A, 36B, and 36C so that feature amount extraction means 34A, 34B, and 34C extract feature amounts of user's facial images as hash values. It has become. Specifically, the feature amount extracting units 34A, 34B, and 34C extract hash values obtained from the received user's face image data using a predetermined hash function as feature amounts of the user's face image. The programs executed by the processors 32A, 32B, 32C are not limited to those stored in the memories 36A, 36B, 36C. The processors 32A, 32B, and 32C execute programs transmitted from an external device to the imaging units 30A, 30B, and 30C, and programs stored in recording media detachably attached to the imaging units 30A, 30B, and 30C. Accordingly, various processing may be performed in the feature amount extraction means 34A, 34B, and 34C. Further, in the example shown in FIG. 4, the memories 36A, 36B, and 36C do not store the feature amount of the user's face image.

In the example shown in FIG. 4 as well, the authentication system 10 and the imaging units 30A, 30B, and 30C arranged in each service organization are API linked (application programming interface). As a result, the system of each imaging unit 30A, 30B, 30C can be configured more easily than the system of each imaging unit 30A, 30B, 30C independently configured.

Next, details of processing when user authentication is performed by the authentication system 10 and the imaging units 30A, 30B, and 30C as shown in FIG. 4 will be described with reference to FIGS. 5 and 6. FIG.

First, a process in which a user uses the user terminal 20 to register face image data in the authentication system 10 will be described. Since the specific method for the user to take a face image using the user terminal 20 has already been explained, the explanation is omitted here. When the user first performs user registration with such a face authentication application on the user terminal 20, various information input on the user registration screen and the user's face image data are transmitted from the user terminal 20 to the authentication system 10. Thus, the processor 12 of the authentication system 10 receives face image data from the user terminal 20 (STEP 21). The processor 12 of the authentication system 10 also receives from the user terminal 20 the identification information of the user terminal 20 and the registration information such as the user's name, date of birth, telephone number, e-mail address, and password input to the user terminal 20. . The processor 12 also issues a user ID as user identification information, and stores the issued user ID in the memory 16 .

Next, based on the face image data received from the user terminal 20, the processor 12 of the authentication system 10 extracts the feature quantity of the face image corresponding to each imaging unit 30A, 30B, 30C as a hash value by the feature quantity extraction means 14. Extract (STEP 22). At this time, the feature amount of the user's face image extracted by the feature amount extraction unit 14 may differ depending on the type of the imaging units 30A, 30B, and 30C. The feature amount of the user's face image is extracted every 30C. Further, the feature quantity extracting means 14 extracts only the feature quantity of the user's face image corresponding to the imaging units 30A, 30B, and 30C of the service organization selected in advance by the user. Then, the processor 12 stores the feature amounts of the facial images corresponding to the imaging units 30A, 30B, and 30C extracted by the feature amount extraction means 14 in the memory 16 of the authentication system 10 by the registration means 13. information) and the identification information of the imaging units 30A, 30B, and 30C are stored in association with each other (STEP 23). Thus, the registration of the user's face image captured by the user terminal 20 is completed. In the example shown in FIG. 4, the information related to the feature amount of the user's face image stored in the memory 16 is not transmitted from the authentication system 10 to the imaging units 30A, 30B, and 30C of the service organization selected by the user. .

Next, processing for user authentication in each of the imaging units 30A, 30B, and 30C will be described. When user authentication is required at the service facility where each of the imaging units 30A, 30B, and 30C is installed, first, the imaging units 38A, 38B, and 38C of the imaging units 30A, 30B, and 30C take images of the user. acquires the face image data of the user (STEP 31). In the imaging units 30A, 30B, and 30C, the processors 32A, 32B, and 32C extract the feature amount of the user's face image as a hash value by the feature amount extraction means 34A, 34B, and 34C based on the acquired face image data. (STEP 32). Then, the processors 32A, 32B, 32C transmit the feature amounts (specifically, hash values) of the facial images of the users extracted by the feature amount extraction means 34A, 34B, 34C to the authentication system through the communication units 42A, 42B, 42C. 10 to the processor 12 (STEP 33). In addition, when the processor 12 of the authentication system 10 receives the information related to the feature amount of the user's face image from the imaging units 30A, 30B, and 30C, the imaging unit of the service organization selected by the user stored in the memory 16 Information relating to the feature amount of the user's face image transmitted only from 30A, 30B, and 30C is accepted. Then, in the authentication system 10, the processor 12 stores the feature values (specifically, hash values) of the user's face images received from the imaging units 30A, 30B, and 30C and the user's face image stored in the memory 16. The user is authenticated by comparing the feature amount (specifically, hash value) of the authentication unit 15 (STEP 34). More specifically, the rate of matching between the feature amount of the user's facial image received from the imaging units 30A, 30B, and 30C and the feature amount of the user's facial image stored in the memory 16 exceeds a predetermined threshold value (for example, 80%), the authentication means 15 authenticates the user. As described above, the memory 16 stores pre-registered identification information of users and identification information of the imaging units 30A, 30B, and 30C in association with feature amounts of facial images of the users.

Then, when the user is authenticated by the authentication means 15 (“YES” in STEP 35), information related to the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C through the communication unit 18 ( STEP36). The processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C that have received the information related to the authentication results can implement services corresponding to the imaging units 30A, 30B, and 30C by the respective processing units 40A, 40B, and 40C. (STEP 37). After that, the processors 32A, 32B, 32C of the imaging units 30A, 30B, 30C transmit the information regarding the usage status of the service to the authentication system 10 . As a result, in the authentication system 10, information relating to the service utilization status of each service organization is stored in the memory 16 for each user.

On the other hand, the feature amount of the user's face image received from the imaging units 30A, 30B, and 30C does not substantially match the feature amount of the user's face image stored in the memory 16, and the user is authenticated by the authentication means 15. Even if the authentication fails ("NO" in STEP 35), information on the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C through the communication section 18 (STEP 38). Then, the processors 32A, 32B, and 32C of the image pickup units 30A, 30B, and 30C that have received the information related to the authentication result disable the services corresponding to the image pickup units 30A, 30B, and 30C by the respective processing units 40A, 40B, and 40C. (STEP 39). In this case as well, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C receive information on service usage (specifically, when the user tried to authenticate with the imaging units 30A, 30B, and 30C, (information that the service could not be used because the user was not authorized to use the service) is transmitted to the authentication system 10.例文帳に追加

According to such an authentication method, although a feature value of a user's face image is registered by an image capturing engine (for example, the image capturing unit 30A) of a service organization, the image capturing engine (for example, the image capturing unit 30B) of another service organization ), the feature amount of the user's face image is stored in the memory 16 of the authentication system 10 in association with the identification information of the image pickup units 30A, 30B, and 30C, so that the user's face image can be recognized. Even in a service organization where the feature amount is not registered, the user can be authenticated by capturing the user's face image with the imaging unit. In this case, the user does not need to register face image data for all of the plurality of imaging units, thus saving the user time and effort.

again. Still another example of the authentication system 10 and the authentication method according to this embodiment will be described with reference to FIGS. 7 to 9. FIG. 7 and the imaging units 30A, 30B and 30C shown in FIG. 7, the same components as those of the authentication system 10 and the imaging units 30A, 30B and 30C shown in FIGS. 1 and 4 are denoted by the same reference numerals. We omit the explanation.

As shown in FIG. 7, based on the face image data received from the user terminal 20, the processor 12 of the authentication system 10 uses the feature amounts of the user's face images corresponding to the imaging units 30A, 30B, and 30C as hash values. A feature amount extraction means 14 for extracting, a registration means 13 for registering the extracted feature amount of the user's face image, and a user's face image imaged by the image pickup units 38A to 38C of the image pickup units 30A, 30B, and 30C. and authentication means 15 for authenticating the user based on the feature amount (specifically, the hash value). The processor 12 executes a program stored in the memory 16 to transfer the feature amount (specifically, hash value) of the user's face image extracted by the feature amount extraction means 14 in the registration means 13 to the user's facial image. and the identification information of the imaging units 30A, 30B, and 30C. In addition, the processor 12 executes a program stored in the memory 16 to obtain the feature amount of the user's face image captured by the imaging units 38A to 38C of the imaging units 30A, 30B, and 30C in the authentication means 15. (Specifically, hash values) are compared with the feature values (specifically, hash values) of the user's face images corresponding to the imaging units 30A, 30B, and 30C stored in the memory 16. is used to authenticate the user. Note that the programs executed by the processor 12 are not limited to those stored in the memory 16 . The processor 12 executes a program transmitted from an external device to the authentication system 10 or a program stored in a recording medium detachably attached to the authentication system 10, whereby the feature quantity extracting means 14, the registering means 13 and Processing may be performed in each of the authentication means 15 . Also in the present embodiment, the information acquisition means 17 is configured by the feature quantity extraction means 14 and the registration means 13 . The information acquisition means 17 receives face image data of the user at the time of user registration, extracts the feature amount of the user's face image based on the received face image data of the user, and extracts the feature amount of the extracted user's face image. is stored in the memory 16 as user identification information.

Each of the imaging units 30A, 30B, 30C arranged in each service facility is composed of, for example, a computer or the like. 36B and 36C, imaging units 38A, 38B and 38C, processing units 40A, 40B and 40C, and communication units 42A, 42B and 42C. In the example shown in FIG. 7, the processors 32A, 32B, 32C do not have the feature extraction means 34A, 34B, 34C and authentication means 35A, 35B, 35C shown in FIG. Further, in the example shown in FIG. 7, the memories 36A, 36B, and 36C do not store the feature amount of the user's face image.

In the example shown in FIG. 7 as well, the authentication system 10 and the imaging units 30A, 30B, and 30C arranged in each service organization are API linked (application programming interface). As a result, the system of each imaging unit 30A, 30B, 30C can be configured more easily than when the system of each imaging unit 30A, 30B, 30C is independently configured.

Next, details of processing when user authentication is performed by the authentication system 10 and the imaging units 30A, 30B, and 30C as shown in FIG. 7 will be described with reference to FIGS. 8 and 9. FIG.

First, a process in which a user uses the user terminal 20 to register face image data in the authentication system 10 will be described. Since the specific method for the user to take a face image using the user terminal 20 has already been explained, the explanation is omitted here. When the user first performs user registration with such a face authentication application on the user terminal 20, various information input on the user registration screen and the user's face image data are transmitted from the user terminal 20 to the authentication system 10. Thus, the processor 12 of the authentication system 10 receives face image data from the user terminal 20 (STEP 41). The processor 12 of the authentication system 10 also receives from the user terminal 20 the identification information of the user terminal 20 and the registration information such as the user's name, date of birth, telephone number, e-mail address, and password input to the user terminal 20. . The processor 12 also issues a user ID as user identification information, and causes the memory 16 to store the issued user ID.

Next, based on the face image data received from the user terminal 20, the processor 12 of the authentication system 10 extracts the feature quantity of the face image corresponding to each imaging unit 30A, 30B, 30C as a hash value by the feature quantity extraction means 14. Extract (STEP 42). At this time, the feature amount of the user's face image extracted by the feature amount extraction unit 14 may differ depending on the type of the imaging units 30A, 30B, and 30C. The feature amount of the user's face image is extracted every 30C. Further, the feature quantity extracting means 14 extracts only the feature quantity of the user's face image corresponding to the imaging units 30A, 30B, and 30C of the service organization selected in advance by the user. Then, the processor 12 stores the feature amounts of the facial images corresponding to the imaging units 30A, 30B, and 30C extracted by the feature amount extraction means 14 in the memory 16 of the authentication system 10 by the registration means 13. information) and the identification information of the imaging units 30A, 30B, and 30C are stored in association with each other (STEP 43). Thus, the registration of the user's face image captured by the user terminal 20 is completed. In the example shown in FIG. 7, the information related to the feature amount of the user's face image stored in the memory 16 is not transmitted from the authentication system 10 to the imaging units 30A, 30B, and 30C of the service organization selected by the user. .

Next, processing for user authentication in each of the imaging units 30A, 30B, and 30C will be described. When user authentication is required at the service facility where each of the imaging units 30A, 30B, and 30C is installed, first, the imaging units 38A, 38B, and 38C of the imaging units 30A, 30B, and 30C take images of the user. acquires the face image data of the user (STEP 51). Processors 32A, 32B, and 32C of imaging units 30A, 30B, and 30C transmit user face image data captured by imaging sections 38A, 38B, and 38C to processor 12 of authentication system 10 via communication sections 42A, 42B, and 42C. (STEP 52). Note that when the processor 12 of the authentication system 10 receives the user's face image data from the imaging units 30A, 30B, and 30C, the imaging units 30A, 30B, and 30C of the service organization selected by the user, which are stored in the memory 16, are selected. The user's face image data transmitted from only is accepted. Then, in the authentication system 10, the processor 12 extracts the feature quantity of the user's face image as a hash value by the feature quantity extraction means 14 based on the face image data received from the imaging units 30A, 30B, and 30C (STEP 53). Then, the processor 12 extracts the feature amount (specifically, hash value) of the user's facial image extracted by the feature amount extracting means 14 and the feature amount (specifically, the hash value) of the user's facial image stored in the memory 16 . , a hash value) is compared by the authentication means 15 to authenticate the user (STEP 54). More specifically, the rate of matching between the feature amount of the user's facial image extracted by the feature amount extracting means 14 and the feature amount of the user's facial image stored in the memory 16 exceeds a predetermined threshold value (for example, 80 %), the authentication means 15 authenticates the user. As described above, the memory 16 stores pre-registered identification information of users and identification information of the imaging units 30A, 30B, and 30C in association with feature amounts of facial images of the users.

When the user is authenticated by the authentication means 15 ("YES" in STEP 55), information related to the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C through the communication unit 18 ( STEP 56). The processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C that have received the information related to the authentication results can implement services corresponding to the imaging units 30A, 30B, and 30C by the respective processing units 40A, 40B, and 40C. (STEP 57). After that, the processors 32A, 32B, 32C of the imaging units 30A, 30B, 30C transmit the information regarding the usage status of the service to the authentication system 10 . As a result, in the authentication system 10, information relating to the service utilization status of each service organization is stored in the memory 16 for each user.

On the other hand, the feature amount of the user's face image received from the imaging units 30A, 30B, and 30C does not substantially match the feature amount of the user's face image stored in the memory 16, and the user is authenticated by the authentication means 15. Even if the authentication fails ("NO" in STEP 55), information on the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C through the communication section 18 (STEP 58). Then, the processors 32A, 32B, and 32C of the image pickup units 30A, 30B, and 30C that have received the information related to the authentication result disable the services corresponding to the image pickup units 30A, 30B, and 30C by the respective processing units 40A, 40B, and 40C. (STEP 59). In this case as well, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C receive information on service usage (specifically, when the user tried to authenticate with the imaging units 30A, 30B, and 30C, (information that the service could not be used because the user was not authorized to use the service) is transmitted to the authentication system 10.例文帳に追加

According to such an authentication method, although a feature value of a user's face image is registered by an image capturing engine (for example, the image capturing unit 30A) of a service organization, the image capturing engine (for example, the image capturing unit 30B) of another service organization ), the feature amount of the user's face image is stored in the memory 16 of the authentication system 10 in association with the identification information of the image pickup units 30A, 30B, and 30C, so that the user's face image can be recognized. Even in a service organization where the feature amount is not registered, the user can be authenticated by capturing the user's face image with the imaging unit. In this case, the user does not need to register face image data for all of the plurality of imaging units, thus saving the user time and effort.

Next, in the authentication system 10 as shown in FIGS. 1 to 9, processing when the user wants to increase the number of service organizations to which the face authentication service described above is applied will be described. After the user has completed the user registration described above, when the user presses the "add service" button on the initial screen of the user terminal 20 as shown in FIG. 10, a list of service organizations as shown in FIG. 13 is displayed. be done. A list of such service institutions is registered in the authentication system 10 in advance. On the screen as shown in FIG. 13, the icon of the unregistered service and the icon of the registered service are displayed in different colors, or the icon of the unregistered service is displayed lightly. Icons of registered services are displayed separately. Then, when the user presses the icon of the unregistered service with a finger, the terms of the service to be added are displayed. An unregistered service becomes a registered service when the user enters an instruction to agree to the terms of service. At this time, in the authentication system 10 , the service agency associated with this registered service is associated with the user ID (user identification information) and stored in the memory 16 . After that, the user terminal 20 displays a face image pickup screen as shown in FIG. 12 . When the user captures a face image with the user terminal 20 on such an imaging screen, the user's face image data is transmitted from the user terminal 20 to the authentication system 10 . In this manner, processor 12 of authentication system 10 receives facial image data from user terminal 20 . Based on the face image data received from the user terminal 20, the processor 12 of the authentication system 10 extracts the feature quantity of the face image corresponding to the imaging unit of the new service organization as a hash value by the feature quantity extraction means 14. . The processor 12 stores the feature amount of the face image corresponding to the new imaging unit extracted by the feature amount extraction means 14 in the memory 16 of the authentication system 10 by the registration means 13 as a user ID (user identification information) and a new service. It is stored in association with the identification information of the imaging unit of the institution. In this way, the registration of the new service institution is completed. As will be described later, when the user's face image data is stored in the memory 16, when the user registers a new service facility with the user terminal 20, the user's face image is picked up by the user terminal 20. Alternatively, based on the user's face image data stored in the memory 16, the feature quantity of the face image corresponding to the imaging unit of the new service organization may be extracted as a hash value by the feature quantity extraction means 14. . Also, the screen as shown in FIG. 13 may allow the user to delete the registered service. In this case, the registered service becomes an unregistered service. Also, the information related to the feature amount of the user's face image corresponding to the imaging unit of the service organization related to the deleted registered service, which is stored in the memory 16, is deleted.

After the user has completed the above-described user registration, when the user presses the "authentication history" button on the initial screen of the user terminal 20 as shown in FIG. 10, the past authentication history as shown in FIG. A list of information (in other words, a list of information relating to the usage status of the service facility by the user) is displayed on the user terminal 20 . More specifically, the memory 16 of the authentication system 10 stores the user's past authentication history information in association with the user's identification information. Then, when the user presses the "authentication history" button on the initial screen of the user terminal 20 as shown in FIG. A signal is sent. When the processor 12 of the authentication system 10 receives a signal requesting the user's past authentication history information from the user terminal 20, the processor 12 sends the past authentication history information corresponding to the user's identification information stored in the memory 16 to the communication unit 18. to the user terminal 20. As a result, a list of past authentication history information of this user is displayed on the user terminal 20 . Further, when the user presses the display of a certain authentication history in the list of past authentication history information as shown in FIG. 14, the details of this authentication history are displayed on the user terminal 20 as shown in FIG. become.

Further, in the present embodiment, instead of the user using the user terminal 20 to register the user's face authentication feature amount in the authentication system 10, the user uses the imaging units 30A, 30B, and 30C to register the authentication system 10. , the user's face authentication feature amount may be registered. Specifically, when the user inputs the registration information in certain imaging units 30A, 30B, and 30C and the user's face image is captured by the imaging units 38A, 38B, and 38C, the input registration information and the user's face image data are It is transmitted to the authentication system 10 from the imaging units 30A, 30B, and 30C. In this manner, processor 12 of authentication system 10 receives facial image data from imaging units 30A, 30B, 30C. The processor 12 also issues a user ID as user identification information based on the registration information received from the imaging units 30A, 30B, and 30C, and causes the memory 16 to store the issued user ID.

Next, based on the face image data received from the imaging units 30A, 30B, and 30C, the processor 12 of the authentication system 10 uses the feature amounts of the face images corresponding to the imaging units 30A, 30B, and 30C as hash values. The extraction means 14 extracts. At this time, the feature quantity extraction means 14 extracts the feature quantity of the user's face image for each of the imaging units 30A, 30B, and 30C. Further, the feature quantity extracting means 14 extracts only the feature quantity of the user's face image corresponding to the imaging units 30A, 30B, and 30C of the service organization selected in advance by the user. For example, the user is permitted to use the face image data at the service facility where the imaging unit 30A is installed, but the user is not permitted to use the face image data at the service facility where the imaging unit 30B is installed. In this case, the feature quantity extraction means 14 extracts only the feature quantity of the face image of the user corresponding to the imaging unit 30A. As described above, the memory 16 stores the identification information of the user and the service organization selected by the user in association with each other. Then, the processor 12 stores the feature amounts of the facial images corresponding to the imaging units 30A, 30B, and 30C extracted by the feature amount extraction means 14 in the memory 16 of the authentication system 10 by the registration means 13. information) and the identification information of the imaging units 30A, 30B, and 30C. Thus, the registration of the user's face image captured by the imaging sections 38A, 38B, and 38C of the imaging units 30A, 30B, and 30C is completed. In such a mode, even if the user does not use the user terminal 20, the user's face authentication feature amount can be registered in the authentication system 10. FIG.

According to the authentication method performed by the authentication system 10 according to the present embodiment configured as described above, the user's face image data and the user's identification information are accepted, and based on the accepted user's face image data The feature amount of this user's face image is extracted for each of the plurality of imaging units 30A, 30B, and 30C. Then, information related to the extracted feature amount of the user's face image for each of the plurality of imaging units 30A, 30B, and 30C is stored in the memory 16 in association with the received identification information of the user. According to such an authentication method, face authentication can be easily performed with the plurality of imaging units 30A, 30B, and 30C.

Specifically, although the provision of an authentication engine using face authentication has been common in the past as well, in the authentication system of the conventional technology, face authentication cannot be performed by an authentication engine that does not register face data. could not. Therefore, in order to perform authentication with each of the plurality of authentication engines, the user has to register face data with each of the plurality of authentication engines, which is troublesome and stressful. On the other hand, in the present embodiment, a feature amount of a user's face image is registered by an authentication engine (for example, imaging unit 30A) of a service organization, but is registered by an authentication engine (for example, imaging unit 30A) of another service organization. 30B), the feature amount of the user's face image is stored in the memory 16 of the authentication system 10 for each of the imaging units 30A, 30B, and 30C. Even the imaging units 30A, 30B, and 30C of unregistered service organizations can perform user authentication by imaging the user's face image with the imaging sections 38A, 38B, and 38C. In this case, the user does not need to register face image data for all of the plurality of imaging units 30A, 30B, and 30C, so that the user's trouble can be saved. As a result, users who have not used various services using an imaging unit with no registered face image data due to troublesome registration of face image data can be urged to casually use various services. .

Further, when extracting a feature amount of the user's facial image such as a hash value and storing it in the memory 16, compared to the case where the user's facial image data itself is stored in the memory 16, the amount of data stored in the memory 16 is The amount of data can be significantly reduced. This is because the data amount of the feature amount of the user's face image is smaller than the data amount of the user's face image data itself. In this case, the user's face image data itself is not stored in the memory 16, so the user's privacy can be protected more reliably. Further, in the case of sending information related to the feature amount of the user's face image between the authentication system 10 and each of the imaging units 30A, 30B, and 30C, the user's face image data is transmitted between the authentication system 10 and each of the imaging units 30A and 30B. , 30C.

Further, in the authentication method of the present embodiment, as described above, when the feature amount of the user's face image is extracted based on the received face image data of the user, the feature amount of the user's face image is Each of the image pickup units 30A, 30B, and 30C is extracted, and the feature amount of the user's face image for each of the plurality of image pickup units 30A, 30B, and 30C extracted is stored in a memory in association with user identification information by a registration means 13. . At this time, it is possible to cope with the case where the feature amount of the user's face image extracted by the feature amount extraction means 14 differs depending on the type of the imaging units 30A, 30B, and 30C. Note that when the same program is used in a plurality of imaging units 30A, 30B, and 30C, and the feature amount of the user's face image extracted by the feature amount extraction means 14 is common to the imaging units 30A, 30B, and 30C, It is not necessary to extract the feature amount of the user's face image for each of the imaging units 30A, 30B, and 30C.

Further, in the authentication method of the present embodiment, as described above, the memory 16 stores information related to the service organization selected by the user in association with the user's identification information. The service selected by the user stored in the memory 16 in the step of extracting the feature amount of the face image of the user for each of the plurality of imaging units 30A, 30B, and 30C based on the image data by the feature amount extracting means 14. A feature quantity extraction means 14 extracts the feature quantity of the user's face image corresponding only to the imaging unit of the institution. In this case, since the features of the user's facial images corresponding to the image pickup units 30A, 30B, and 30C of the service organization not selected by the user are not stored in the memory 16, security can be improved, and the user can be can reassure you. In addition, a company or the like participating in a group of authentication engines managed centrally by the authentication system 10 can be authenticated by a large number of authentication engines simply by registering face image data on the user terminal 20 or the like, which is customer convenience. It will be possible to appeal to customers the improvement of

In addition, in the authentication method of the present embodiment, as described above, the feature quantity extraction means 14 extracts the hash value obtained from the received face image data of the user by a predetermined hash function as the feature quantity of the face image of the user. are extracted for each of the plurality of imaging units 30A, 30B, and 30C. In this case, since the hash value is stored in the memory 16 as the feature amount of the user's face image, the amount of data stored in the memory 16 is reduced compared to the case where the face image data itself is stored in the memory 16. be able to. Moreover, since it is difficult to restore or guess the face image data from the hash value, only the hash value is stored in the authentication system 10, so that user privacy and security can be enhanced.

Note that, in the present embodiment, the feature amount extraction means 14 extracts the feature amount of the user's face image as a hash value for each of the plurality of imaging units 30A, 30B, and 30C based on the received face image data of the user. It is not limited to Based on the received face image data of the user, the feature quantity extraction means 14 extracts the feature quantity of the user's face image with a value of a type different from the hash value for each of the plurality of imaging units 30A, 30B, and 30C. can be For example, the relative position, size, shape, etc. of each part of the face (eyes, nose, ears, etc.) may be extracted as the feature quantity of the user's face image. Even in this case, the amount of data stored in the memory 16 can be reduced if the amount of data of values other than the hash value is smaller than the amount of data of the face image itself.

Further, in the authentication method of the present embodiment, as described above, based on the received face image data of the user, the feature quantity of the user's face image is extracted for each of the plurality of imaging units 30A, 30B, and 30C. In the step of extracting by means 14, based on the face image data of the user transmitted from the user terminal 20 owned by the user, the feature quantity of the face image of the user is extracted for each of the plurality of imaging units 30A, 30B, and 30C. The extraction means 14 extracts. Alternatively, in the step of extracting the feature amount of the user's face image for each of the plurality of imaging units 30A, 30B, and 30C based on the received face image data of the user, the plurality of imaging units 30A, Based on the user's facial image data transmitted from one of the imaging units 30B and 30C, the feature amount of the user's facial image is extracted by the feature amount extracting means 14 for each of the plurality of imaging units 30A, 30B, and 30C. good too.

Further, in the present embodiment, a program for performing an authentication method by the authentication system 10, which is executed by the processor 12, and a recording medium on which this program is recorded are used. Here, the processor 12 executes a program to accept the user's face image data and the user's identification information, and based on the accepted user's face image data, the feature amount of the user's face image is captured by the plurality of imaging units 30A. , 30B, and 30C. Then, information related to the extracted feature amount of the user's face image for each of the plurality of imaging units 30A, 30B, and 30C is stored in the memory 16 in association with the received identification information of the user. According to such a program and recording medium, it becomes possible to easily perform face authentication with a plurality of imaging units 30A, 30B, and 30C.

Also, in this embodiment, an authentication system 10 having a processor 12 is used. In such an authentication system 10, the processor 12 receives the user's face image data and the user's identification information by executing a program, and based on the received user's face image data, the feature amount of the user's face image. are extracted for each of the plurality of imaging units 30A, 30B, and 30C. Then, information relating to the extracted feature amount of the user's face image for each of the plurality of imaging units 30A, 30B, and 30C is stored in the memory 16 in association with the received identification information of the user. According to such an authentication system 10, it becomes possible to easily perform face authentication using the plurality of imaging units 30A, 30B, and 30C.

It should be noted that the authentication method and authentication system according to the present invention are not limited to the aspects described above, and various modifications can be made.

For example, an authentication system as shown in FIG. 16 may be used. The authentication system 50 shown in FIG. 16 has a processor 52 , a first server 56 , a second server 58 and a third server 60 . Here, each server 56, 58, 60 corresponds to each imaging unit 30A, 30B, 30C. Specifically, the first server 56 corresponds to the imaging unit 30A, the second server 58 corresponds to the imaging unit 30B, and the third server 60 corresponds to the imaging unit 30C. 16 shows three imaging units 30A, 30B, and 30C, when two or four or more imaging units are used, a server corresponding to each imaging unit is provided in the authentication system 10. be done. The processor 52 also has server management means 52 a , feature quantity extraction means 54 , registration means 53 , and authentication means 55 . The feature quantity extraction means 54, the registration means 53 and the authentication means 55 of the processor 52 are abbreviated as the feature quantity extraction means 14, the registration means 13 and the authentication means 15 of the processor 12 of the authentication system 10 shown in FIGS. have the same function. The server management means 52a manages each of the servers 56, 58 and 60. FIG.

Each server 56, 58, 60 stores the feature amount of the face image data of the user corresponding to each imaging unit 30A, 30B, 30C in association with the identification information of the user. Each server 56, 58, 60 is communicably connected to each corresponding imaging unit 30A, 30B, 30C via a network such as an Internet line. Each server 56, 58, 60 is configured to be collectively manageable by a server management means 52a using an API (application programming interface). As a result, the system of each server 56, 58, 60 can be configured more easily than when the system (program) of each server 56, 58, 60 is configured independently. Also, the server management means 52a and the service organization in which the imaging units 30A, 30B, and 30C are installed are linked by an API. For example, by opening the platform of the server management means 52a to each service organization and using the same platform as the server management means 52a at each service organization, a system for performing services at each service organization can be easily constructed. can do.

The authentication system 50 having such a processor 52 and servers 56 , 58 , 60 can perform the same processing as the authentication system 10 having the processor 12 . That is, according to the authentication method performed by authentication system 50 shown in FIG. is extracted by the feature amount extraction means 54, and the extracted feature amount of the user's face image is stored in each server 56, 58, 60 in association with the user's identification information and the imaging units 30A, 30B, 30C by the registration means 53. Let

Information related to the feature amount of the user's face image stored in each server 56, 58, 60 is transmitted from each server 56, 58, 60 to each corresponding imaging unit 30A, 30B, 30C. As a result, when performing user authentication in each of the imaging units 30A, 30B, and 30C, the user's face image data is acquired by imaging the user with the imaging units 38A, 38B, and 38C, and the acquired face image data By extracting the feature amount of the user's face image by the feature amount extracting means 34A, 34B, and 34C based on , it becomes possible to authenticate the user in each of the imaging units 30A, 30B, and 30C. After that, the processors 32A, 32B, 32C of the imaging units 30A, 30B, 30C transmit the information regarding the usage status of the service to the authentication system 10 . As a result, in the authentication system 50, information relating to the service utilization status of each service organization is stored in each server 56, 58, 60 for each user.

As another method for user authentication, when performing user authentication in each of the imaging units 30A, 30B, and 30C, the user's face image data is acquired by imaging the user with the imaging units 38A, 38B, and 38C, Based on the acquired face image data, feature quantity extraction means 34A, 34B, and 34C extract the feature quantity of the user's face image. Then, information relating to the feature amount of the user's face image is transmitted from each of the imaging units 30A, 30B, and 30C to the authentication system 50 . As a result, the authentication means 55 can authenticate the user. After that, the authentication result of the user is transmitted from the authentication system 50 to the original imaging units 30A, 30B, and 30C.

As still another method of user authentication, when performing user authentication in each of the imaging units 30A, 30B, and 30C, the user's face image data is acquired by imaging the user with the imaging units 38A, 38B, and 38C. . Then, the user's face image data is transmitted to the authentication system 50 from each of the imaging units 30A, 30B, and 30C. Then, the processor 52 extracts the feature amount of the user's facial image by the feature amount extracting means 54 based on the user's facial image data transmitted to each of the servers 56, 58, and 60, and extracts the extracted user's facial image. is compared with the feature amount of the user's face image stored in each server 56, 58, 60 by the authentication means 55. FIG. As a result, the authentication means 55 can authenticate the user. After that, the authentication result of the user is transmitted from the authentication system 50 to the original imaging units 30A, 30B, and 30C.

According to these authentication methods, it becomes possible to easily perform face authentication using the plurality of imaging units 30A, 30B, and 30C.

In the authentication system 10 as shown in FIGS. 1, 4, 7, etc., the processor 12 stores in the memory 16 the face image data of the user transmitted from the user terminal 20 and the image pickup units 30A, 30B, and 30C. You may let

In the above example, the authentication systems 10 and 50 are installed separately from the imaging units 30A, 30B, and 30C installed at each service institution. One of the imaging units 30A, 30B, and 30C may also function as the authentication systems 10 and 50 . That is, the processor of one of the imaging units 30A, 30B, and 30C installed in each service organization is the feature extraction means 14 in the processor 12 of the authentication system 10 shown in FIGS. It may have feature extraction means, registration means, and authentication means having functions equivalent to those of means 13 and authentication means 15 .

As yet another example, the authentication system 10 includes a feature amount (specifically, a hash value, for example) of the user's face image extracted from the user's face image data, and a feature amount other than the feature amount of the user's face image. User authentication may be performed in two steps (two-factor authentication) by using elements (specifically, for example, a password entered into the user terminal 20 at the time of user registration and identification information of the user terminal 20). At this time, elements required for authentication may be combined according to the security level required for the imaging units 30A, 30B, and 30C of the service organization.

Further, in the above description, when the user registers face image data in the authentication system 10 using the user terminal 20, registration information such as name, date of birth, telephone number, e-mail address, and password is entered on the user registration screen. After entering and checking the box to agree to the terms of use, press the registration button. Also, when the user captures a face image with the user terminal 20 on the imaging screen, various information input on the user registration screen and the user's face image data are transmitted from the user terminal 20 to the authentication system 10 . After that, the processor 12 issues a user ID as user identification information, and stores the issued user ID in the memory 16 . However, this embodiment is not limited to such an aspect. As another aspect, the user ID is the feature amount (specifically, hash value, for example) of the user's face image extracted from the user's face image data by the feature amount extraction means 14 for each of the imaging units 30A, 30B, and 30C. may be used as In this case, the imaging units 30A, 30B, and 30C have different user IDs (that is, hash values). It is designed to be linked.

Further, the processor 12 of the authentication system 10 receives various information input on the user registration screen and the face image data of the user, and then performs authentication other than the user ID issued as the identification information of the user and the face authentication. User IDs (user identification information) used in the authentication engines 30D of various service organizations may be linked. That is, the authentication system 10 includes a user ID (user identification information) used by the authentication engine 30D of the service organization that performs authentication other than face authentication, and a user ID related to the feature amount of the user's face image stored in the memory 16. A linking means 19 for linking an ID (user identification information) may be further provided. Specifically, as the user ID used in the authentication engine 30D of various service organizations that perform authentication other than face authentication, identification information of the user terminal 20 such as a smartphone owned by the user, fingerprint information of the user, vein information, etc. User identification information (e.g., hash value) obtained from biometric information, a several-digit code (specifically, for example, a combination of numbers and Roman letters) and a password entered by the user into the user terminal 20 such as a smartphone. Conceivable. In this case, when the user authenticates with the authentication engines 30D of various service organizations that perform authentication other than face authentication, the user's face image data obtained by capturing the face image with the user terminal is used. An ID (specifically, a hash value extracted from face image data) can be substituted, thereby improving convenience for the user. Further, even after the linking by the linking means 19 is performed, the user ID used by the authentication engine 30D of the service organization may be left as it is. In this case, user authentication can be appropriately performed even when user authentication is performed stand-alone by the authentication engine 30D of the service organization without using the authentication system 10, which is a cloud.

Also, different levels of authentication may be set depending on the type of service organization. Specifically, for example, when a locking system of an office building where a user works or a home is used as an authentication engine of a service organization, a so-called smart system that unlocks a door according to identification information of a user terminal 20 such as a smartphone is used. A lock is used. Specifically, the identification information of the user terminal 20 is read by the function of Bluetooth (registered trademark) simply by bringing the user terminal 20 close to the receiving device installed near the door of the office building or home where the user works or the locking system of the user's home. or when the user inputs a command to lock/unlock the door using a smart lock application installed in the user terminal 20, the user is authenticated based on the identification information of the user terminal 20.例文帳に追加When the user is authenticated as a pre-registered user, the door of the office building or home where the user works is unlocked. On the other hand, when a system for transferring money to an account of a financial institution or a settlement system is used as an authentication engine of a service institution, face authentication is required when logging in to the financial institution service or settlement service on the user terminal 20, and furthermore, authentication to the account is required. In addition to face authentication, authentication by SMS (Short Message Service) delivery and password input are required when transferring money or making payments. In this way, by varying the strength of authentication of the user ID according to the application, the strength of authentication is lowered for the authentication engine of the frequently used service organization, thereby improving the user's convenience and saving money. Security can be improved by increasing the strength of authentication for the authentication engine of the service organization that handles, etc.

In addition, the user can add or delete service institutions that perform authentication other than face authentication, in addition to service institutions related to face authentication, using the user terminal 20 on a screen as shown in FIG. good too. That is, in addition to the list of service institutions related to face authentication, a list of service institutions that perform authentication other than face authentication is also registered in the authentication system 10 in advance. Then, when the user registers an unregistered service on the screen of the user terminal 20 as shown in FIG. At this time, the user IDs of other service organizations already stored in the memory 16 and the newly registered user ID used by the authentication engine of the service organization (for example, identification information of the user terminal 20, new (a code of several digits, a password, etc.) input by the user when registering the service institution in the . In this case, when a service organization that performs authentication other than face authentication is newly registered, when the user authenticates with the authentication engine of this service organization, the face image is obtained by capturing the face image with the user terminal. A user ID based on the face image data of the user (specifically, a hash value extracted from the face image data) can be substituted, thereby improving convenience for the user. Further, in the screen as shown in FIG. 13, when a service organization that performs authentication other than face authentication has already been registered, this registered service can be deleted. In this case, the registered service becomes an unregistered service. Also, the user ID stored in the memory 16 and corresponding to the authentication engine of the service agency associated with the deleted registered service is deleted.

According to the authentication system 10 having the above aspect, the authentication system 10 shown in FIGS. 4 to 6 and the authentication system 10 shown in FIGS. 7 to 9 accept the user's face image data from the user terminal at the time of user registration an information acquiring means for extracting a feature amount of the user's face image based on the received face image data of the user and storing information relating to the extracted feature amount of the user's face image in the memory 16 as user identification information; 17, at the time of user authentication, the feature amount of the user's face image extracted from the user's face image data received from the imaging units 30A, 30B, and 30C of the service organization, or the user's face received from the imaging units 30A, 30B, and 30C; An authentication means 15 that authenticates a user by comparing the feature amount of the image with the feature amount of the user's face image stored in the memory 16, and an authentication engine 30D of a service organization that performs authentication other than face authentication. A linking means 19 is provided for linking the user identification information used and the user identification information related to the feature amount of the user's face image stored in the memory 16 . According to the authentication system 10 as described above, the registered face image data (specifically, the feature amount of the user's face image) is used by the authentication engine 30D for performing authentication other than face authentication, thereby improving convenience. can be improved.

Further, in the authentication system 10 shown in FIGS. 1 to 3, the authentication system 10 receives face image data of the user from the user terminal at the time of user registration, and creates a face image of the user based on the received face image data of the user. Information acquisition means 17 for extracting a feature amount and storing information relating to the extracted feature amount of the facial image of the user in a memory 16 as user identification information; A communication unit as transmission means for transmitting information related to the feature amount of the user's face image stored in the memory 16 to the imaging units 30A, 30B, and 30C of each service organization in order to perform authentication based on the face image. 18, the user identification information used in the authentication engine 30D of the service organization that performs authentication other than face authentication, and the user identification information related to the feature amount of the user's face image stored in the memory 16. and attaching means 19 . In such an authentication system 10 as well, convenience is improved by using the registered face image data (specifically, the feature amount of the user's face image) in the authentication engine 30D that performs authentication other than face authentication. can be made

Further, in the authentication system 10 of the present embodiment, the user identification information used in the authentication engine 30D of the service organization that performs authentication other than face authentication includes the identification information of the user terminal owned by the user, the user's biometric information other than the face, It includes at least one of the group consisting of information derived from information, a code or password entered by the user into the user terminal.

Further, in the authentication system 10 of the present embodiment, when an instruction to add an authentication engine of a service organization is received from the user terminal, the linking means 19 is used for authentication of the authentication engine of the added service organization. The user's identification information and the user's identification information related to the feature amount of the user's face image stored in the memory 16 are linked.

Further, in the authentication system 10 of the present embodiment, even after the user's identification information is linked by the linking means 19, the user's identification information used by the authentication engine of each service organization is left as it is.

Further, in the information processing method by the authentication system 10 shown in FIGS. 4 to 6 and the authentication system 10 shown in FIGS. a step of extracting a feature amount of the user's facial image based on the image data, storing information relating to the extracted feature amount of the user's facial image as user identification information in a memory 16; the feature amount of the user's face image extracted from the user's face image data received from the imaging units 30A, 30B, and 30C of the service organization or the feature amount of the user's face image received from the imaging units 30A, 30B, and 30C of the service institution; A step of authenticating the user by comparing the feature amount of the user's face image stored in the memory 16, user identification information used in the authentication engine 30D of the service organization that performs authentication other than face authentication, and a step of linking the user's identification information related to the feature amount of the user's face image stored in the memory 16 . According to such an information processing method, the registered face image data (specifically, the feature amount of the user's face image) is used by the authentication engine 30D for performing authentication other than face authentication, thereby improving convenience. can be improved.

Further, in the information processing method by the authentication system 10 shown in FIGS. 1 to 3, the face image data of the user is received from the user terminal 20 at the time of user registration, and the face image of the user is generated based on the received face image data of the user. a step of extracting a feature quantity and storing information relating to the extracted feature quantity of the facial image of the user in the memory 16 as user identification information; In order to perform authentication based on the face recognition, a step of transmitting information related to the feature amount of the user's face image stored in the memory 16 to the imaging units 30A, 30B, and 30C of each service organization, and authentication other than face recognition. a step of associating the user identification information used in the authentication engine 30D of the service organization that performs the authentication with the user identification information related to the feature amount of the user's face image stored in the memory 16. Even in such an information processing method, the convenience is improved by using the registered face image data (specifically, the feature amount of the user's face image) in the authentication engine 30D that performs authentication other than face authentication. can be made

As still another example, an authentication system 10 shown in FIG. 17 may be used. Regarding the authentication system 10 and the imaging units 30A, 30B, and 30C shown in FIG. 17, the same reference numerals are used for the same components as the authentication system 10 and the imaging units 30A, 30B, and 30C shown in FIGS. and its explanation is omitted.

As shown in FIG. 17, the processor 12 of the authentication system 10 includes the registration means 13 for registering the face image data received from the user terminal 20, and the image pickup units 38A to 38C of the image pickup units 30A, 30B, and 30C. and authentication means 15 for authenticating the user based on the face image data of the user. The processor 12 executes a program stored in the memory 16 to associate the face image data of the user registered in the registration means 13 with the identification information of the user and the identification information of the imaging units 30A, 30B, and 30C. It is designed to be stored in the memory 16 . In addition, the processor 12 executes a program stored in the memory 16, so that the user's face image data captured by the imaging units 38A to 38C of the imaging units 30A, 30B, and 30C in the authentication means 15, By comparing the face image data of the user stored in the memory 16, the user is authenticated. Note that the programs executed by the processor 12 are not limited to those stored in the memory 16 . In each of the registration means 13 and the authentication means 15, the processor 12 executes a program transmitted from an external device to the authentication system 10 or a program stored in a recording medium detachably attached to the authentication system 10. processing may be performed. Further, in the present embodiment, the registration means 13 constitutes the information acquisition means 17 . The information acquisition means 17 receives the face image data of the user at the time of user registration, and stores the received face image data of the user in the memory 16 as user identification information.

Each of the imaging units 30A, 30B, and 30C arranged in each service facility is composed of, for example, a computer. 36B and 36C, imaging units 38A, 38B and 38C, processing units 40A, 40B and 40C, and communication units 42A, 42B and 42C.

In the example shown in FIG. 17 as well, the authentication system 10 and the imaging units 30A, 30B, and 30C arranged in each service organization are API linked (application programming interface). As a result, the system of each imaging unit 30A, 30B, 30C can be configured more easily than when the system of each imaging unit 30A, 30B, 30C is independently configured.

Next, a brief description will be given of processing contents when user authentication is performed by the authentication system 10 and the imaging units 30A, 30B, and 30C as shown in FIG.

First, a process in which a user uses the user terminal 20 to register face image data in the authentication system 10 will be described. Since the specific method for the user to take a face image using the user terminal 20 has already been explained, the explanation is omitted here. When the user first performs user registration with such a face authentication application on the user terminal 20, various information input on the user registration screen and the user's face image data are transmitted from the user terminal 20 to the authentication system 10. In this manner, processor 12 of authentication system 10 receives facial image data from user terminal 20 . The processor 12 of the authentication system 10 also receives from the user terminal 20 the identification information of the user terminal 20 and the registration information such as the user's name, date of birth, telephone number, e-mail address, and password input to the user terminal 20. . The processor 12 also issues a user ID as user identification information, and stores the issued user ID in the memory 16 .

Next, the processor 12 of the authentication system 10 stores the face image data received from the user terminal 20 in the memory 16 of the authentication system 10 by the registration means 13 as the user ID (user identification information) and the image pickup units 30A, 30B, and 30C. It is stored in association with identification information. Thus, the registration of the user's face image captured by the user terminal 20 is completed. In the example shown in FIG. 17, the user's face image data stored in the memory 16 is not transmitted from the authentication system 10 to the imaging units 30A, 30B, and 30C of the service organization selected by the user.

Next, processing for user authentication in each of the imaging units 30A, 30B, and 30C will be described. When user authentication is required at the service facility where each of the imaging units 30A, 30B, and 30C is installed, first, the imaging units 38A, 38B, and 38C of the imaging units 30A, 30B, and 30C take images of the user. acquires the face image data of the user. Processors 32A, 32B, and 32C of imaging units 30A, 30B, and 30C transmit user face image data captured by imaging sections 38A, 38B, and 38C to processor 12 of authentication system 10 via communication sections 42A, 42B, and 42C. . Note that when the processor 12 of the authentication system 10 receives the face image data of the user from the imaging units 30A, 30B, and 30C, the imaging units 30A, 30B, and 30C of the service organization selected by the user, which are stored in the memory 16, are selected. The user's face image data transmitted from only is accepted. In the authentication system 10, the processor 12 compares the face image data received from the imaging units 30A, 30B, and 30C with the user's face image data stored in the memory 16 by the authentication means 15, thereby identifying the user. Authenticate. More specifically, when the match rate between the user's face image data received from the imaging units 30A, 30B, and 30C and the user's face image data stored in the memory 16 exceeds a predetermined threshold value (for example, 80%). If it exceeds, the authentication means 15 authenticates the user. As described above, the memory 16 stores pre-registered user identification information and identification information of the imaging units 30A, 30B, and 30C in association with the user's face image data.

Then, when the user is authenticated by the authentication means 15, information related to the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C through the communication section 18. FIG. The processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C that have received the information related to the authentication results can implement services corresponding to the imaging units 30A, 30B, and 30C by the respective processing units 40A, 40B, and 40C. and After that, the processors 32A, 32B, 32C of the imaging units 30A, 30B, 30C transmit the information regarding the usage status of the service to the authentication system 10 . As a result, in the authentication system 10, information relating to the service utilization status of each service organization is stored in the memory 16 for each user.

On the other hand, the user's face image data received from the imaging units 30A, 30B, and 30C did not substantially match the user's face image data stored in the memory 16, and the authentication means 15 could not authenticate the user. Also in this case, information related to the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C by the communication section 18 (STEP 58). Then, the processors 32A, 32B, and 32C of the image pickup units 30A, 30B, and 30C that have received the information related to the authentication result disable the services corresponding to the image pickup units 30A, 30B, and 30C by the respective processing units 40A, 40B, and 40C. do. In this case as well, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C receive information on service usage (specifically, when the user tried to authenticate with the imaging units 30A, 30B, and 30C, (information that the service could not be used because the user was not authorized to use the service) is transmitted to the authentication system 10.例文帳に追加

According to such an authentication method, the user's face image data is registered by an authentication engine (for example, imaging unit 30A) of a certain service organization, but is registered by an authentication engine (for example, imaging unit 30B) of another service organization. By storing the user's face image data in the memory 16 of the authentication system 10 even if the user's face image data is not registered, the user's face image can be picked up by the image pick-up part even at the service institution where the user's face image data is not registered. By doing so, user authentication can be performed. In this case, the user does not have to register the face image data in all of the plurality of authentication engines, thus saving the user time and effort.

The authentication system 10 shown in FIG. 17 is also provided with the linking means 19 . The linking means 19 links the user identification information used in the authentication engine 30D of the service organization that performs authentication other than face authentication and the user identification information related to the user's face image data stored in the memory 16. . According to such an authentication system 10, convenience is improved by using registered face image data (specifically, user's face image data) in the authentication engine 30D that performs authentication other than face authentication. can be made

Further, in a further modified example, in the authentication system 10 as shown in FIGS. The user may be authenticated using the face image data of the user. In this case, the face image data of the user registered in the authentication system 10 is transmitted to each imaging unit 30A, 30B, 30C. Also, in this case, the linking means 19 of the authentication system 10 as shown in FIGS. The user's identification information related to the user's face image data that has been stored is linked. In such an authentication system 10 as well, convenience is improved by using the registered face image data (specifically, the feature amount of the user's face image) in the authentication engine 30D that performs authentication other than face authentication. can be made

10 authentication system 12 processor 13 registration means 14 feature quantity extraction means 15 authentication means 16 memory 17 information acquisition means 18 communication section 19 linking means 20 user terminals 30A, 30B, 30C imaging unit 30D authentication engines 32A, 32B, 32C processor 34A, 34B, 34C feature extraction means 35A, 35B, 35C authentication means 36A, 36B, 36C memories 38A, 38B, 38C imaging units 40A, 40B, 40C processing units 42A, 42B, 42C communication unit 50 authentication system 52 processor 52a server management means 53 registration means 54 feature quantity extraction means 55 authentication means 56 first server 58 second server 60 third server

Claims (10)

An authentication system that authenticates a user using information received from a user terminal,
When a user is registered, face image data of a user is received from a user terminal, a feature amount of the user's face image is extracted based on the received face image data of the user, and information relating to the extracted feature amount of the user's face image. an information acquiring means for storing in a memory;
A feature amount of the user's face image extracted from the user's face image data received from the imaging unit of the service organization or a feature amount of the user's face image received from the imaging unit of the service organization at the time of user authentication, and stored in the memory authentication means for authenticating the user's face by comparing the feature amount of the user's face image that has been obtained;
User terminal identification information used in the authentication engines of various service organizations that perform authentication other than face authentication, user identification information obtained from biometric information such as the user's fingerprint information and vein information, or input by the user into the user terminal linking means for linking at least one of the several-digit code or password that has been entered with the feature amount of the user's face image stored in the memory;
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that performs authentication other than face recognition is newly registered, it will be used in the authentication engine of the newly registered service organization. at least one of identification information of the user terminal obtained from the user, identification information of the user obtained from biometric information such as fingerprint information and vein information of the user, or a several-digit code or password entered by the user into the user terminal; An authentication system in which the feature amount of the user's face image stored in the memory is linked by the linking means. An authentication system that authenticates a user using information received from a user terminal,
When a user is registered, face image data of a user is received from a user terminal, a feature amount of the user's face image is extracted based on the received face image data of the user, and information relating to the extracted feature amount of the user's face image. an information acquiring means for storing in a memory;
Transmitting means for transmitting the information related to the feature amount of the user's face image stored in the memory to the image capturing unit of each service organization in order to allow the image capturing unit of each service organization to perform authentication based on the user's face image. and,
User terminal identification information used in the authentication engines of various service organizations that perform authentication other than face authentication, user identification information obtained from biometric information such as the user's fingerprint information and vein information, or input by the user into the user terminal linking means for linking at least one of the several-digit code or password that has been entered with the feature amount of the user's face image stored in the memory;
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that performs authentication other than face recognition is newly registered, it will be used in the authentication engine of the newly registered service organization. at least one of identification information of the user terminal obtained from the user, identification information of the user obtained from biometric information such as fingerprint information and vein information of the user, or a several-digit code or password entered by the user into the user terminal; An authentication system in which the feature amount of the user's face image stored in the memory is linked by the linking means. An authentication system that authenticates a user using information received from a user terminal,
information acquisition means for receiving face image data of a user from a user terminal at the time of user registration and storing the received face image data of the user in a memory;
authentication means for authenticating the user by comparing the user's face image data received from the imaging unit of the service organization with the user's face image data stored in the memory at the time of user authentication;
User terminal identification information used in the authentication engines of various service organizations that perform authentication other than face authentication, user identification information obtained from biometric information such as the user's fingerprint information and vein information, or input by the user into the user terminal an associating means for associating at least one of the several-digit code or password with the feature amount of the user's facial image extracted from the user's facial image data stored in the memory;
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that performs authentication other than face recognition is newly registered, it will be used in the authentication engine of the newly registered service organization. at least one of identification information of the user terminal obtained from the user, identification information of the user obtained from biometric information such as fingerprint information and vein information of the user, or a several-digit code or password entered by the user into the user terminal; An authentication system in which the feature amount of the user's face image extracted from the user's face image data stored in the memory is linked by the linking means. An authentication system that authenticates a user using information received from a user terminal,
information acquisition means for receiving face image data of a user from a user terminal at the time of user registration and storing the received face image data of the user in a memory;
a transmission means for transmitting the user's face image data stored in the memory to the imaging unit of each service organization in order to perform authentication based on the user's face image in the imaging unit of each service organization;
User terminal identification information used in the authentication engines of various service organizations that perform authentication other than face authentication, user identification information obtained from biometric information such as the user's fingerprint information and vein information, or input by the user into the user terminal an associating means for associating at least one of the several-digit code or password with the feature amount of the user's facial image extracted from the user's facial image data stored in the memory;
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that performs authentication other than face recognition is newly registered, it will be used in the authentication engine of the newly registered service organization. at least one of identification information of the user terminal obtained from the user, identification information of the user obtained from biometric information such as fingerprint information and vein information of the user, or a several-digit code or password entered by the user into the user terminal; An authentication system in which the feature amount of the user's face image extracted from the user's face image data stored in the memory is linked by the linking means. Different strengths of authentication are set depending on the type of service organization, and user authentication is performed by one type of service organization based on face authentication by the authentication means, and another type of service organization is face authentication by the authentication means. 5. The authentication system according to any one of claims 1 to 4, wherein user authentication is performed by using information other than biometric authentication in addition to the above. An information processing method by an authentication system that authenticates a user using information received from a user terminal,
When a user is registered, face image data of a user is received from a user terminal, a feature amount of the user's face image is extracted based on the received face image data of the user, and information relating to the extracted feature amount of the user's face image. in memory; and
A feature amount of the user's face image extracted from the user's face image data received from the imaging unit of the service organization or a feature amount of the user's face image received from the imaging unit of the service organization at the time of user authentication, and stored in the memory a step of authenticating the user by comparing the feature amount of the user's face image that has been obtained;
User terminal identification information used in the authentication engines of various service organizations that perform authentication other than face authentication, user identification information obtained from biometric information such as the user's fingerprint information and vein information, or input by the user into the user terminal a step of associating at least one of the several-digit code or password obtained and the feature amount of the user's face image stored in the memory;
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that performs authentication other than face recognition is newly registered, it will be used in the authentication engine of the newly registered service organization. at least one of identification information of the user terminal obtained from the user, identification information of the user obtained from biometric information such as fingerprint information and vein information of the user, or a several-digit code or password entered by the user into the user terminal; An information processing method in which a feature amount of a user's face image stored in a memory is linked. An information processing method by an authentication system that authenticates a user using information received from a user terminal,
When a user is registered, face image data of a user is received from a user terminal, a feature amount of the user's face image is extracted based on the received face image data of the user, and information relating to the extracted feature amount of the user's face image. in memory; and
a step of transmitting the information related to the feature amount of the user's face image stored in the memory to the image capturing unit of each service organization in order to allow the image capturing unit of each service organization to perform authentication based on the user's face image; ,
User terminal identification information used in the authentication engines of various service organizations that perform authentication other than face authentication, user identification information obtained from biometric information such as the user's fingerprint information and vein information, or input by the user into the user terminal a step of associating at least one of the several-digit code or password obtained and the feature amount of the user's face image stored in the memory;
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that performs authentication other than face recognition is newly registered, it will be used in the authentication engine of the newly registered service organization. at least one of identification information of the user terminal obtained from the user, identification information of the user obtained from biometric information such as fingerprint information and vein information of the user, or a several-digit code or password entered by the user into the user terminal; An information processing method in which a feature amount of a user's face image stored in a memory is linked. An information processing method by an authentication system that authenticates a user using information received from a user terminal,
a step of receiving face image data of a user from a user terminal at the time of user registration, and storing the received face image data of the user in a memory;
a step of authenticating the user by comparing the user's facial image data received from the imaging unit of the service institution with the user's facial image data stored in the memory at the time of user authentication;
User terminal identification information used in the authentication engines of various service organizations that perform authentication other than face authentication, user identification information obtained from biometric information such as the user's fingerprint information and vein information, or input by the user into the user terminal a step of associating at least one of the several-digit code or password obtained and the feature amount of the user's facial image extracted from the user's facial image data stored in the memory;
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that performs authentication other than face recognition is newly registered, it will be used in the authentication engine of the newly registered service organization. at least one of identification information of the user terminal obtained from the user, identification information of the user obtained from biometric information such as fingerprint information and vein information of the user, or a several-digit code or password entered by the user into the user terminal; An information processing method in which a feature amount of a user's face image extracted from the user's face image data stored in the memory is associated with the feature amount. An information processing method by an authentication system that authenticates a user using information received from a user terminal,
a step of receiving face image data of a user from a user terminal at the time of user registration, and storing the received face image data of the user in a memory;
a step of transmitting the user's facial image data stored in the memory to the imaging unit of each service organization in order to perform authentication based on the user's facial image in the imaging unit of each service organization;
User terminal identification information used in the authentication engines of various service organizations that perform authentication other than face authentication, user identification information obtained from biometric information such as the user's fingerprint information and vein information, or input by the user into the user terminal a step of associating at least one of the several-digit code or password obtained and the feature amount of the user's facial image extracted from the user's facial image data stored in the memory;
with
It is possible to add or delete service organizations from the user terminal, and when a service organization that performs authentication other than face recognition is newly registered, it will be used in the authentication engine of the newly registered service organization. at least one of identification information of the user terminal obtained from the user, identification information of the user obtained from biometric information such as fingerprint information and vein information of the user, or a several-digit code or password entered by the user into the user terminal; An information processing method in which a feature amount of a user's face image extracted from the user's face image data stored in the memory is associated with the feature amount. Different strengths of authentication are set depending on the type of service organization, and user authentication is performed by one type of service organization based on face authentication by the authentication means, and another type of service organization is face authentication by the authentication means. 10. The information processing method according to any one of claims 6 to 9, wherein user authentication is performed by using information other than biometric authentication in addition to the above.

Images