JP7416315B1 - Room access control system, information processing device, room access control method, and computer-readable recording medium - Google Patents

Abstract

An object of the present invention is to additionally determine whether a user who has entered a divided section within a facility has the authority to enter the section after entering the section. [Solution] The entry/exit management system includes an entry permission determination process that determines whether entry is allowed for each section based on ID information, and a face authentication process that authenticates entry for each section based on a face image captured within the section. Based on these results, a determination process is performed to determine user attributes. In the determination process, when it is determined that the user is allowed to enter the first section, the user attribute of the user who is authorized to enter the first section is determined to be a normal user, and the user attribute of the user who is authorized to enter the first section is determined as a normal user. The user attribute of a user who has not been authenticated to enter one section is determined to be an unconfirmed user, and when the user has not been authenticated to enter the first section, the user's entry to the second section is authenticated. If so, the user attribute of the user is determined to be a suspicious user. [Selection diagram] Figure 1

Description

The present disclosure relates to technology for an entry/exit management system that manages entry/exit of users into divided sections within a facility.

Patent Document 1 discloses a technology related to a wristband terminal that functions as an electronic ticket. In this technology, a wristband terminal is provided to a user at a ticket issuing office or the like. A camera is installed at the ticket issuing office, and an image of the user's face is captured when the wristband terminal is provided to the user. The photographed facial image is stored in the ticket authentication server along with user information and the like. The surveillance cameras are installed in each of a plurality of areas that users can pass through when entering the venue, capture images within each area, and transmit the captured images to the ticket authentication server. When it is detected that the user is wearing a wristband while heading to the venue, the user is authenticated by comparing the facial image registered in the ticket authentication server with the facial image extracted from the image captured by the surveillance camera.

Japanese Patent Application Publication No. 2015-194930

In the technique of Patent Document 1, since a face image of the user is captured when the wristband terminal is provided to the user at the ticket issuing office, it is not possible to cope with impersonation of the user when the wristband terminal is provided. Further, once the user enters the venue, it is impossible to identify the suspicious user. As described above, in the conventional technology, there is still room for improvement in additionally determining whether a user who has entered a managed section is a suspicious user after entering the section.

The present disclosure was made in order to solve the above-mentioned problems, and it is possible to check whether a user who has entered a divided section within a facility has the authority to enter the section. The purpose is to provide technology that is advantageous in making additional determinations after entry.

The entry/exit management system of the present disclosure is an entry/exit management system that manages entry and exit of users in each divided section of a facility, and is based on ID information stored in the user's belongings. A traffic control unit that performs entry permission determination processing that determines whether or not it is possible to enter each section; and a face recognition unit that performs facial recognition processing that authenticates the user's entry into each section based on the user's face image taken within the section. and a user determination unit that performs a determination process to determine user attributes regarding the user's access authority for each section based on the result of the entry permission determination process and the result of the face authentication process. In the determination process, the user determination unit determines whether the user is allowed to enter the first compartment in the entry permission determination process and who is authorized to enter the first compartment in the face authentication process. Use in which the user attribute is determined to be a normal user, the entry permission determination process determines that the user is allowed to enter the first section, and the user's entry to the first section is not authenticated in the face authentication process. The user attribute of the user is determined to be an unconfirmed user, and the user is determined to be allowed to enter the first section in the entry permission determination process, and the user's entry to the first section is authenticated in the face authentication process. If the user is not authorized to enter a second section different from the first section in the entry permission determination process, the user attribute of the user is determined to be a suspicious user.

Further, the information processing device of the present disclosure is an information processing device that manages entry and exit of users for each divided section within a facility, and the information processing device manages entry and exit of users in each divided section within a facility, and the information processing device manages user entry and exit based on ID information stored in the user's belongings. A traffic control unit that performs an entry permission determination process that determines whether or not it is possible to enter each section, and a face recognition processing unit that authenticates the user's entry into each section based on the user's face image taken within the section. A user determination unit that performs a determination process to determine a user attribute related to the user's access authority for each section based on the result of the permission determination process. In the determination process, the user determination unit determines whether the user is allowed to enter the first compartment in the entry permission determination process and who is authorized to enter the first compartment in the face authentication process. Use in which the user attribute is determined to be a normal user, the entry permission determination process determines that the user is allowed to enter the first section, and the user's entry to the first section is not authenticated in the face authentication process. The user attribute of the user is determined to be an unconfirmed user, and the user is determined to be allowed to enter the first section in the entry permission determination process, and the user's entry to the first section is authenticated in the face authentication process. If the user is not authorized to enter a second section different from the first section in the entry permission determination process, the user attribute of the user is determined to be a suspicious user.

In addition, the room entry/exit management method of the present disclosure is an entry/exit management method that causes a computer to manage the entry and exit of users for each divided section within a facility, and is a method for managing entry and exit that is stored in the user's belongings. a step of performing an entry permission determination process to determine whether or not a user can enter each section based on the ID information obtained from the user; and a face authentication process that authenticates the user's entry into each section based on a face image of the user taken within the section. The present invention includes a step of performing an authentication process, and a step of performing a determination process of determining a user attribute related to the user's access authority for each section based on the result of the entry permission determination process and the result of the face authentication process. In the determination process, the user attributes of the users who are determined to be allowed to enter the first compartment in the entry permission determination process and who are authenticated to enter the first compartment in the face authentication process are normally used. The user attribute of the user is determined to be a user, and the user is determined to be allowed to enter the first section in the entry permission determination process, and the user is not authorized to enter the first section in the face authentication process. If the user is determined to be an unconfirmed user, the entry permission determination process determines that the user is allowed to enter the first section, and the face authentication process does not authenticate the user's entry into the first section, the user enters the first section. If the user's entry into the second section, which is different from the first section, is authenticated in the permission determination process, the user attribute of the user is determined to be a suspicious user.

Furthermore, the computer-readable recording medium of the present disclosure is a computer-readable recording medium that records a program that causes a computer to manage entry and exit of users in each divided section of the facility, The program performs an entry permission determination process that determines whether or not a user can enter each compartment based on the ID information stored in the user's belongings, and determines whether or not the user can enter each compartment based on the user's face image taken within the compartment. Performs face recognition processing to authenticate entry into each section, and performs judgment processing to determine user attributes regarding the user's access authority for each section based on the results of entry permission determination processing and the results of face authentication processing. It is composed of In the determination process, the program determines the user attributes of the users who are determined to be allowed to enter the first compartment in the entry permission determination process and who are authenticated to enter the first compartment in the face authentication process. is determined to be a normal user, the user is determined to be allowed to enter the first section in the entry permission determination process, and the user is not authenticated to enter the first section in the face authentication process. A state in which the user's attributes are determined to be an unconfirmed user, the entry permission determination process determines that the user is allowed to enter the first section, and the user's entry into the first section is not authenticated in the face authentication process. In this case, when the user is authenticated to enter the second section different from the first section in the entry permission determination process, the user attribute of the user is determined to be a suspicious user.

According to the technology of the present disclosure, the technology is advantageous in additionally determining whether a user who has entered a divided section within a facility has the authority to enter the section after entering the section. It becomes possible to provide

FIG. 1 is a diagram illustrating a configuration example of a room entry/exit management system in an embodiment. FIG. 1 is a diagram illustrating a configuration example of a room entry/exit management system in an embodiment. It is a flowchart for explaining the function of the ID reading section of the first authentication device. It is a flowchart for explaining the function of the ID authentication section of the first authentication device. It is a flowchart for explaining the function of the traffic control section of the first authentication device. It is a flowchart for explaining the function of the user determination part of the first authentication device. It is a flowchart for explaining the function of the grace time calculation part of the first authentication device. It is a flowchart for explaining the function of the map generation part of the first authentication device. 3 is a flowchart for explaining the functions of a face image acquisition unit of the face image acquisition device. It is a flowchart for explaining the function of the face authentication section of the second authentication device. FIG. 2 is a diagram schematically showing an example of the operation of the room entry/exit management system. It is a diagram showing an example of hardware resources of a first authentication device. FIG. 7 is a diagram showing another example of hardware resources of the first authentication device.

Embodiments will be described below with reference to the drawings. Note that common elements in each figure are denoted by the same reference numerals, and redundant explanations will be omitted.

Embodiment.
1. Configuration Example of Room Entry/Exit Management System in Embodiment FIGS. 1 and 2 are diagrams showing a configuration example of the room entry/exit management system in the embodiment. The room entry/exit management system 100 is a system that manages user entry/exit for each section within a facility such as a building. The room entry/exit management system 100 includes a first authentication device 10, a second authentication device 20, a face image acquisition device 30, a card reader 40, an external device 50, and an imaging device 60. The first authentication device 10 is configured to be able to communicate with the second authentication device 20, the card reader 40, and the external device 50 via a network. The face image acquisition device 30 is configured to be able to communicate with the second authentication device 20 via a network. The second authentication device 20 is configured to be able to communicate with the first authentication device 10 and the facial image acquisition device 30 via a network. The face image acquisition device 30 is configured to be able to communicate with the imaging device 60 and the second authentication device 20 via a network.

The first authentication device 10 is an information processing device that determines user attributes for each section within a facility. As an example, the first authentication device 10 is realized by a server device. The first authentication device 10 is installed in the same building as the building that has the division to be managed. Alternatively, the first authentication device 10 may be installed in a building different from the building concerned. As another example, the first authentication device 10 may be realized by a server on the cloud. The user attribute here is an attribute related to whether the user in each section has the authority to enter the section. Specifically, the user attributes are normal users who have normal access authority, undetermined users who have normal access authority or not, and undetermined users who have normal access authority. There are three types of suspicious users:

The first authentication device 10 includes, as its functional blocks, an ID reading unit 101, an ID authentication unit 102, a traffic control unit 103, a user determination unit 104, a grace time calculation unit 105, a map generation unit 106, It includes a user data section 110 and a section data section 111.

The second authentication device 20 as a face authentication system is a device that authenticates the user's entry into the compartment based on the user's face image captured in the compartment. As an example, the second authentication device 20 is realized by a server device similarly to the first authentication device 10. The second authentication device 20 may be provided in a building that has a managed section, may be provided in another building, or may be realized by a server on the cloud. The second authentication device 20 includes a face authentication section 201 and a face data section 210 as its functional blocks.

The facial image acquisition device 30 is a device that acquires a facial image included in an image captured by an imaging device 60 that images the inside of a section. As an example, the face image acquisition device 30 is realized by a server device. The face image acquisition device 30 is installed in the same building as the building that has the division to be managed. Alternatively, the facial image acquisition device 30 may be installed in a building different from the building concerned. As another example, the facial image acquisition device 30 may be realized by a server on the cloud.

The imaging device 60 is exemplified by, for example, one or more surveillance cameras. In this case, the facial image acquisition device 30 is configured as part of a surveillance camera system, for example. The face image acquisition device 30 includes a face image acquisition unit 301 as its functional block.

The card reader 40 is an ID reading device that reads ID information from a user's belongings in which readable ID information is stored. Examples of such belongings include an ID card with an ID number stored thereon, a mobile terminal, and the like. The card reader 40 is installed, for example, near the entrance to each section. The card reader 40 is operated when a user enters the target section associated with the card reader 40.

The external device 50 is a device that performs operations based on user attributes. Examples of the external device 50 include a display device that displays an image, a notification device that issues an alarm, and a restriction device such as a gate that restricts entry from an entrance to each section.

2. Functions of the room entry/exit management system 100 The functions of the entry/exit management system 100 will be described below with reference to FIGS. 3 to 10 as well. Note that the processes in the flowcharts shown in FIGS. 3 to 10 also represent a part of a room entry/exit management method that causes a computer to manage user entry/exit for each divided section within the facility.

2-1. User data section 110
The user data section 110 functions as a storage section that stores data for each user. The user data section 110 stores ID information in which a user's unique user ID is associated with an ID number.

2-2. Section data section 111
The partition data section 111 functions as a storage section that stores data for each partition. The section data section 111 stores entry permission information, section information, and camera information for each section. Specifically, the entry permission information is information in which whether each user can enter is determined for each section in association with the user ID. The section information is information for each section about the area of the section, the position coordinate range, the number of cameras, and the location where the cameras are installed. The camera information is information including the position coordinates and IP addresses of cameras installed in each section. Note that the position coordinates here are position coordinates of an absolute position coordinate system.

2-3. ID reading section 101
FIG. 3 is a flowchart for explaining the functions of the ID reading section 101 of the first authentication device 10. The ID reading unit 101 performs an ID reading process of reading the ID number of the ID card by executing the steps shown in FIG. Specifically, in step S001, the ID reading unit 101 determines whether the user has performed an operation to cause the card reader 40 to read the ID card. If the determination result is not established, the process of step S001 is executed again. On the other hand, if the determination is successful, the process proceeds to step S002.

In step S002, the ID reading unit 101 acquires the ID number stored in the ID card. The acquired ID number is sent to the ID authentication unit 102 in association with the section identifier of the target section associated with the card reader 40 .

2-4. ID authentication section 102
FIG. 4 is a flowchart for explaining the functions of the ID authentication section 102 of the first authentication device 10. The ID authentication unit 102 performs a user ID identification process to identify the user ID of the user by executing the steps shown in FIG. The user data section 110 stores user ID information that associates a user's unique user ID with an ID number. Here, specifically, the ID authentication unit 102 determines whether or not an ID number has been acquired from the ID reading unit 101 in step S101. If the determination result is not established, the process of step S101 is executed again. On the other hand, if the determination is successful, the process proceeds to step S102. In step S102, the ID authentication section 102 compares the ID number sent from the ID reading section 101 with the user ID information in the user data section 110 to identify the user ID corresponding to the ID number. The identified user ID is sent to the ID authentication unit 102 in association with the partition identifier that was associated with the ID number.

2-5. Traffic control section 103
FIG. 5 is a flowchart for explaining the functions of the traffic control unit 103 of the first authentication device 10. The traffic control unit 103 executes the steps shown in FIG. 5 when the ID authentication unit 102 specifies the user ID, and performs an entry permission determination process to determine whether the user can enter the target section. Specifically, in step S201, the traffic control section 103 refers to the access permission information in the section data section 111 and confirms the access permission corresponding to the user ID and section identifier acquired from the ID authentication section 102. . The confirmed entry permission is sent to the user determination unit 104 in step S202 as an entry permission result associated with the user ID and the partition identifier.

2-6. User determination unit 104
FIG. 6 is a flowchart for explaining the functions of the user determination unit 104 of the first authentication device 10. The user determination unit 104 executes the steps shown in FIG. 6 when the entry permission result confirmed by the traffic control unit 103 includes a result indicating that the user is allowed to enter the target section. The user determination unit 104 performs user attribute determination processing to determine user attributes by executing the steps shown in FIG. In step S301, the user determination unit 104 determines that the user attribute of the user whose user ID is included in the entry permission/rejection result is "unconfirmed user." In the next step S302, the user determination unit 104 measures the elapsed time since the user entered the target section, and determines whether the elapsed time is within the grace period. As the grace time here, a value calculated by a grace time calculation unit 105, the details of which will be described later, is used. If the determination result is not established, the process proceeds to step S303, and if the determination result is established, the process proceeds to step S304.

In step S303, the user determination unit 104 determines that the user attribute of the user with the user ID is "suspicious user." Further, in step S303, the user determination unit 104 performs an alarm process to issue an alarm to notify that there is a suspicious user. Here, an alarm command is distributed to the pre-registered terminals of all users, security guards, administrators, etc. in the section where the suspicious user is located.

In step S304, the user determination unit 104 collates the face authentication results of users located in the target section from the face authentication results obtained from the face authentication unit 201 of the second authentication device 20, details of which will be described later, and in step It is determined whether the user ID of the user determined to be an unconfirmed user in S301 is correctly face-authenticated based on the face-authentication result. If the determination result is not established, the process advances to step S305.

In step S305, the user determination unit 104 determines whether the user has operated the card reader 40 corresponding to a section different from the target section. Here, the user determination unit 104 determines whether the user ID of the user associated with a different partition identifier has been acquired from the ID authentication unit 102. If the determination result is not established, the process proceeds to step S302 again. On the other hand, if the determination result is positive, it can be determined that the unconfirmed user has moved to the entrance of another section. In this case, the process proceeds to step S303, and the user attribute of the user with the user ID is determined to be "suspicious user."

If the determination result in step S304 is positive, the process proceeds to step S306. In step S306, the user determination unit 104 determines that the user attribute of the user with the user ID is "normal user."

2-7. Grace time calculation unit 105
FIG. 7 is a flowchart for explaining the function of the grace time calculation unit 105 of the first authentication device 10. The grace time calculation unit 105 performs a grace time setting process for setting a grace time by executing the steps shown in FIG. In step S401, the grace period calculation unit 105 calculates the grace period based on the partition information stored in the partition data unit 111. Here, for example, the grace period is set to be longer as the area of the section is larger. Alternatively, the grace period is set to be shorter as the number of cameras as the imaging devices 60 increases. In step S402, grace time calculation unit 105 transmits the calculated grace time to user determination unit 104.

2-8. Map generation unit 106
FIG. 8 is a flowchart for explaining the functions of the map generation unit 106 of the first authentication device 10. The map generation unit 106 executes the steps shown in FIG. 8 to perform a map generation process that generates a heat map in which the user's position and user attributes are visualized on the division map. In step S501, the map generation unit 106 determines whether a heat map creation request has been issued from the first authentication device 10. The heat map creation request includes information specifying the section for which the heat map is to be created and the output destination. If the determination result is true, the process advances to step S502, and if the determination result is not true, the process advances to step S503.

In step S502, the map generation unit 106 plots the user attributes of each user, distinguishing them by color etc., on the division map requested in the heat map creation request, at the position coordinates of all users located in the division. generate a heat map. As the positional coordinates of each user, the positional coordinates of the imaging device 60 that imaged the user are used in the face image acquisition process described later. The generated heat map is distributed to the output destination requested by the heat map creation request.

In step S503, the map generation unit 106 determines whether the user determination unit 104 has issued an alarm regarding the presence of a suspicious user. If the determination result is positive, the process proceeds to step S504, and if the determination result is negative, the process returns to step S501.

In step S504, the map generation unit 106 generates a heat map in which the user attributes of each user are plotted at the positions of all users in the section where the suspicious user who is the target of the alarm is located, with the user attributes of each user distinguished by color etc. do. The generated heat map is distributed to pre-registered mobile terminals of users, security guards, administrators, etc. located in the area.

2-9. Face image acquisition unit 301
FIG. 9 is a flowchart for explaining the functions of the face image acquisition unit 301 of the face image acquisition device 30. The face image acquisition unit 301 performs a face image acquisition process of acquiring a face image from the captured image of the imaging device 60 by executing the steps shown in FIG. In step S601, the facial image acquisition unit 301 acquires an image captured by the imaging device 60. In the next step S602, the facial image acquisition unit 301 uses a known image recognition technique to determine whether a facial image included in the acquired captured image has been detected. Note that there are no limitations to the face image detection method. If the determination result is negative, the process moves to step S601 again, and if the determination result is positive, the process moves to step S603. In step S<b>603 , the face image acquisition unit 301 transmits face image data in which the detected face image is associated with camera information of the imaging device 60 that captured the image to the face authentication unit 201 of the second authentication device 20 .

2-10. Face data section 210
The face data section 210 functions as a storage section that stores data. The face data section 210 stores face information in which each user ID is associated with a user's face image captured in advance.

2-11. Face recognition section 201
FIG. 10 is a flowchart for explaining the functions of the face authentication section 201 of the second authentication device 20. The face authentication unit 201 executes the steps shown in FIG. 10 to perform face authentication processing to determine whether the face image acquired by the face image acquisition device 30 is of a user who has been assigned a user ID. . In step S701, the face authentication unit 201 determines whether face image data has been received from the face image acquisition device 30. If the determination result is not established, the process returns to step S701 again. On the other hand, if the determination result is positive, the process advances to step S702.

In step S702, the face authentication unit 201 compares the face image data from the face image acquisition device 30 with the face information stored in the face data unit 210, and compares the face image of the same person with the face image of the face image data. Search from information. Then, the face authentication unit 201 sends the face authentication result in which the camera information is associated with the user ID of the facial image that has been successfully matched to the user determination unit 104 of the first authentication device 10 . In this way, according to the face authentication process, it is authenticated that the user corresponding to the face image captured by the face image acquisition process has entered the area where the image was captured.

3. Operation Examples of the Room Entry/Exit Management System of the Embodiment Next, several operation examples executed in the room entry/exit management system 100 of the present embodiment will be described. FIG. 11 is a diagram schematically showing an example of the operation of the room entry/exit management system 100. In the example shown in this figure, the inside of the building to which the entry/exit control system 100 is applied is divided into a first section S1 and a second section S2. Each compartment S1, S2 is provided with an entrance G1, G2 for entering the compartment. Regulating devices are installed at the entrances G1 and G2 to restrict entry of users into the sections S1 and S2. Furthermore, card readers 40 are installed near the entrances G1 and G2, respectively. A plurality of imaging devices 60 are installed in each of the compartments S1 and S2 to take images of the interior of the compartment. Note that in FIG. 11, positions within the building are defined using an XY coordinate system. Inside a building, layers may be further defined by Z coordinates.

3-1. First Operation Example In the first operation example, the entry/exit management system 100 determines the user attribute of the user H1 who has entered the first section S1. First, when the user H1 reads an ID card into the card reader 40 corresponding to the first section S1, the ID reading unit 101 executes an ID reading process to obtain the ID number of the user H1. Next, the ID authentication unit 102 executes user ID identification processing,
Identify the user ID corresponding to the ID number of user H1.

The user ID of the identified user H1 is sent to the traffic control unit 103 in association with the section identifier of the first section S1. The traffic control unit 103 executes an entry permission determination process to confirm whether the user H1 has permission to enter the first section S1. The confirmed entry permission is sent to the user determination unit 104 as an entry permission result associated with the user ID and the section identifier.

The user determination unit 104 executes user attribute determination processing to determine the attributes of the user H1. Here, if the entry permission/denial result includes a result indicating that the user H1 is allowed to enter, the user determination unit 104 determines the user attribute of the user H1 as "unconfirmed user" in the entry permission/denial determination process. . On the other hand, if the entry permission/denial results include a result indicating that the user H1 is not allowed to enter, the user determination unit 104 determines the user attribute of the user H1 as "suspicious user" in the entry permission/denial determination process.

If the user H1 is determined to be an "unconfirmed user", the user H1 is allowed to enter the first section S1. Here, for example, the entrance G1 of the first section S1 is unlocked. On the other hand, if the user H1 is determined to be a "suspicious user," for example, a restriction device at the entrance G1 of the first section S1 is operated, and the user H1 is restricted from entering the first section S1.

The face image acquisition unit 301 executes a face image acquisition process to acquire a face image from an image captured by the imaging device 60 installed in the first section S1. When the user H1 enters the first section S1 as an "unconfirmed user", the image capturing device 60 captures an image of the user H1, and thereby a facial image of the user H1 is also obtained in the facial image obtaining process. The face image acquisition unit 301 transmits face image data in which the detected face image of the user H1 is associated with the camera information of the image capturing device 60 to the face authentication unit 201 of the second authentication device 20.

The face authentication unit 201 executes face authentication processing to determine whether the user H1 is a user assigned a user ID. When the determination is confirmed, the face authentication unit 201 sends the face authentication result in which the user ID of the user H1 is associated with the camera information to the user determination unit 104 of the first authentication device 10.

The user determination unit 104 executes a user attribute determination process to determine the user attribute of the user H1. In the user attribute determination process, if the face authentication result of the user H1 is received before the elapsed time since the user H1 entered the first section S1 exceeds the grace period, the user determination unit 104 determines that the user The user attribute of the person H1 is determined to be "normal user." On the other hand, if the elapsed time exceeds the grace period without receiving the face authentication result of user H1, the user determination unit 104 determines that there is a possibility that user H1 is impersonating another person, and person” and issues an alarm.

In addition, in the user attribute determination process, when the user H1 reads the ID card into the card reader 40 corresponding to the second section S2 without receiving the face authentication result of the user H1, the user attribute determination process is performed. The unit 104 determines that the behavior of the user H1 may be suspicious and determines that the user H1 is a "suspicious user." At this time, the user determination unit 104 operates the restriction device at the entrance G2 of the second section S2 to restrict entry from the entrance G2 and also issues an alarm.

According to the first operation example of the entry/exit management system 100 described above, the user H1 who is allowed to enter the first section S1 as an "unconfirmed user" through the entry permission determination process based on the user ID. On the other hand, additional authentication can be performed by face authentication processing after entering the first section S1. This makes it possible to prevent user impersonation and to determine with high accuracy whether the user H1 is a "normal user" or a "suspicious user."

Furthermore, since the imaging device 60 used for face recognition processing can be a camera installed for crime prevention or monitoring purposes in the first section S1, a system for face recognition processing can be constructed at low cost. be able to.

3-2. Second Operation Example In a second operation example, the entry/exit management system 100 calculates the grace period based on the section information of the first section S1. The grace time calculation unit 105 calculates the grace time by executing a grace time setting process. In the face image acquisition process in the face image acquisition unit 301, the wider the range of the first section S1 or the narrower the imaging range of the imaging device 60, the fewer opportunities to acquire the user's face image. In the grace time setting process, the block information of the first block S1 is used to calculate the grace time according to the opportunity to acquire the user's face image. According to the room entry/exit management system 100 of the second operation example, erroneous determinations in user attribute determination processing can be reduced.

3-3. Third Operation Example In a third operation example, the entry/exit management system 100 creates a heat map that visualizes the location and user attributes of a plurality of users in the first section S1. The map generation unit 106 executes map generation processing upon receiving the heat map generation request, and generates a heat map. In the map generation process, the map generation unit 106 calculates the position coordinates of the imaging device 60 that captured each user's image from the camera information included in the face authentication result of each user located in the first section S1. Acquire each as position coordinates. The map generation unit 106 visually distinguishes and plots the user attributes of each user determined by the user attribute determination process on the acquired position coordinates of each user on the map of the first section S1. Generate a heatmap with . The generated heat map is distributed to pre-registered mobile terminals of users, security guards, administrators, etc. located in the area.

According to the third operation example of the room entry/exit management system 100 described above, it is possible to visually grasp the positions and user attributes of users located in each section. Thereby, it is possible to improve the efficiency of monitoring work of users located in each section, and to promote safe behavior of users.

4. Modifications The room entry/exit management system 100 of the present embodiment may adopt a modified form as described below.

4-1. Hardware resources of the access control system 100

FIG. 12 is a diagram showing an example of hardware resources of the first authentication device 10. The first authentication device 10 includes a processing circuit 16 including a processor 12 and a memory 14 as hardware resources. The processing circuit 16 may include a plurality of processors 12. The processing circuit 16 may include a plurality of memories 14.

In the present embodiment, each section indicated by reference numeral 101 to reference numeral 111 indicates a function that the first authentication device 10 has. The functions of the user data section 110 and section data section 111 as storage sections are realized by the memory 14. The functions of each unit indicated by reference numerals 101 to 111 can be realized by software written as a program, firmware, or a combination of software and firmware. The program is stored in the memory 14. Alternatively, the program may be recorded on a computer-readable recording medium. The first authentication device 10 realizes the functions of each section indicated by reference numerals 101 to 111 by executing a program stored in the memory 14 by the processor 12 (computer).

The processor 12 is also called a CPU (Central Processing Unit), central processing unit, processing unit, arithmetic unit, microprocessor, microcomputer, or DSP. As the memory 14, a semiconductor memory, a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, or a DVD may be used. Semiconductor memories that can be employed include RAM, ROM, flash memory, EPROM, EEPROM, and the like.

FIG. 13 is a diagram showing another example of the hardware resources of the first authentication device 10. In the example shown in FIG. 13, the first authentication device 10 includes a processing circuit 16 including a processor 12, a memory 14, and dedicated hardware 18. FIG. 13 shows an example in which part of the functions of the first authentication device 10 are realized by dedicated hardware 18. All the functions of the first authentication device 10 may be realized by dedicated hardware 18. The dedicated hardware 18 can be a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, an ASIC, an FPGA, or a combination thereof.

The hardware resources of the second authentication device 20 are similar to the example shown in FIG. 12 or 13. The second authentication device 20 includes a processing circuit including a processor and a memory as hardware resources. The second authentication device 20 realizes the functions of each section indicated by reference numerals 201 and 202 by having a processor execute a program stored in a memory. The second authentication device 20 may include a processor, a memory, and a processing circuit including dedicated hardware as hardware resources. Some or all of the functions of the second authentication device 20 may be realized by dedicated hardware.

The hardware resources of the face image acquisition device 30 are the same as the example shown in FIG. 12 or 13. The face image acquisition device 30 includes a processing circuit including a processor and a memory as hardware resources. The face image acquisition device 30 realizes a function indicated by reference numeral 301 by having a processor execute a program stored in a memory. The facial image acquisition device 30 may include a processor, a memory, and a processing circuit including dedicated hardware as hardware resources. Some or all of the functions of the facial image acquisition device 30 may be realized by dedicated hardware.

Note that in the room entry/exit management system 100, all or part of the functions of the first authentication device 10 may be installed in the second authentication device 20 or the facial image acquisition device 30.

4-2. Face image acquisition device 30
The face image acquisition device 30 may use, as the imaging device 60, a camera-equipped terminal device owned by a user located within the section. An example of such a terminal device is a smartphone. When the imaging device 60 is a camera-equipped terminal device that can acquire position coordinates in an absolute coordinate system, the facial image acquisition unit 301 performs facial image acquisition processing to acquire a facial image from a captured image captured by the camera-equipped terminal device. conduct.

Typically, in step S601 shown in FIG. 9, the face image acquisition unit 301 acquires an image captured by an imaging device 60 owned by a user within the section. In the next step S602, the facial image acquisition unit 301 uses a known image recognition technique to determine whether a facial image included in the acquired captured image has been detected. If the determination result is negative, the process moves to step S601 again, and if the determination result is positive, the process moves to step S602. In step S<b>602 , the face image acquisition unit 301 transmits face image data in which the detected face image is associated with the position coordinates of the camera-equipped terminal device to the face authentication unit 201 of the second authentication device 20 .

According to the configuration of the face image acquisition device 30 of such a modified example, even if a camera is not permanently installed in the compartment, the face image acquisition process and the face authentication process can be performed. In addition, since the camera-equipped terminal device carried by the user can obtain the user's position coordinates more accurately than a permanently installed fixed camera, the accuracy of the user attribute determination process and the accuracy of the map generation process can be improved. will improve.

4-3. Imaging device 60
The number and arrangement of the imaging devices 60 arranged within the section are not limited as long as they can capture images of the faces of users located within the section. Further, the imaging device 60 may be a combination of a camera-equipped terminal device owned by a user located within the division and a surveillance camera fixedly installed within the division.

4-4. User determination unit 104
If the determination result is positive in step S305, a restriction device at the entrance of another compartment may be operated in step S303 to restrict entry from the entrance. Furthermore, issuing an alarm in step S303 is not an essential process.

4-5. Alert Processing There is no limitation on the type of alerting process performed by the user determination unit 104. That is, in the alarm processing, a warning sound or a warning announcement may be emitted, or a warning message may be displayed.

5. Others Although the preferred embodiments have been described in detail above, the present disclosure is not limited to the embodiments described above, and the embodiments described above are not limited to the embodiments described above without departing from the scope of the claims. Various modifications and substitutions can be made to the above.

Hereinafter, various aspects of the present disclosure will be collectively described as supplementary notes.

(Additional note 1)
An entry/exit control system that manages entry and exit of users for each divided section within a facility,
a traffic control unit that performs an entry permission determination process that determines whether the user can enter each section based on ID information stored in the user's belongings;
a face authentication unit that performs face authentication processing to authenticate the user's entry into each of the sections based on a face image of the user captured in the section;
a user determination unit that performs a determination process that determines a user attribute regarding the user's access authority for each of the sections, based on the result of the entry permission determination process and the result of the face authentication process;
In the determination process, the user determination unit:
It is determined that the user is allowed to enter the first section in the entry permission determination process, and the user attributes of the user whose entry into the first section is authenticated in the face authentication process are normal. Determined as a user,
the user attribute of the user for whom it is determined in the entry permission determination process that the user is allowed to enter the first compartment, and the user is not authenticated to enter the first compartment in the face authentication process; is determined to be an unconfirmed user,
In a state in which it is determined that the user is allowed to enter the first section in the entry permission determination process, and the user's entry into the first partition is not authenticated in the face authentication process, the entry permission determination is performed. An entry/exit management system configured to determine that the user attribute of the user is a suspicious user when the user is authenticated to enter a second compartment different from the first compartment in processing.
(Additional note 2)
The room entry/exit management system according to supplementary note 1, wherein in the determination process, the user determination unit is configured to issue an alarm when the user attribute is determined to be the suspicious user.
(Additional note 3)
comprising a regulating device that regulates entry into the second compartment,
Supplementary note 1 or supplementary note configured such that, in the determination process, the user determination unit restricts entry into the second section by the restriction device when the user attribute is determined to be the suspicious user. The entry/exit control system described in 2.
(Additional note 4)
In the determination process, the user determination unit:
The grace period has elapsed in a state where it is determined in the entry permission determination process that the user is allowed to enter the first compartment, and the face authentication process does not authenticate the user's entry into the first compartment. The room entry/exit management system according to any one of Supplementary Notes 1 to 3, is configured to determine that the user attribute of the user is the suspicious user.
(Appendix 5)
The entry/exit management system according to appendix 4, further comprising a grace time calculation unit that sets the grace time based on the division information of the first division.
(Appendix 6)
a section data section that stores entry permission information that determines whether a user can enter for each section;
an ID reading device installed corresponding to the first section and reading the ID information from the belongings,
In the entry permission determination process, the user determination unit determines whether the user corresponding to the ID information read by the ID reading device can enter the first section based on the entry permission information. The room entry/exit control system according to any one of Supplementary Notes 1 to 5, configured as follows.
(Appendix 7)
a face data section that stores face information in which each face image is associated with the user ID of each user;
comprising an imaging device that images the face of a user located in the first section,
In the face authentication process, the face authentication unit:
A facial image of the same person as the facial image captured by the imaging device is searched from among the facial information stored in the facial data section, and for the user with the user ID corresponding to the searched facial image. The access control system according to any one of Supplementary Notes 1 to 6, configured to authenticate entry into the first compartment.
(Appendix 8)
The entry/exit control system according to appendix 7, wherein the imaging device includes one or more surveillance cameras installed in the first section.
(Appendix 9)
The entry/exit management system according to appendix 7 or 8, wherein the imaging device includes a camera-equipped mobile terminal owned by a user located in the first section.
(Appendix 10)
Generating a heat map that visualizes the user attributes at the position coordinates on a map of the first section based on the position coordinates at which the face image was captured and the user attributes determined in the determination process. The room entry/exit management system according to any one of Supplementary Notes 1 to 9, further comprising a map generation unit that generates a map.
(Appendix 11)
The map generation unit includes:
The entry/exit management system according to appendix 10, configured to distribute the heat map generated by the map generation unit to an output destination.
(Appendix 12)
An information processing device that manages entry and exit of users for each divided section within a facility,
a traffic control unit that performs an entry permission determination process that determines whether the user can enter each section based on ID information stored in the user's belongings;
Based on the result of the face authentication process for authenticating the user's entry into each of the sections based on the user's face image taken in the section and the result of the entry permission determination process, a user determination unit that performs determination processing to determine user attributes regarding access authority;
In the determination process, the user determination unit:
It is determined that the user is allowed to enter the first section in the entry permission determination process, and the user attributes of the user whose entry into the first section is authenticated in the face authentication process are normal. Determined as a user,
the user attribute of the user for whom it is determined in the entry permission determination process that the user is allowed to enter the first compartment, and the user is not authenticated to enter the first compartment in the face authentication process; is determined to be an unconfirmed user,
In a state in which it is determined that the user is allowed to enter the first section in the entry permission determination process, and the user's entry into the first partition is not authenticated in the face authentication process, the entry permission determination is performed. An information processing device configured to determine that the user attribute of the user is a suspicious user when the user is authenticated to enter a second compartment different from the first compartment in processing.
(Appendix 13)
An entry/exit management method for causing a computer to manage entry/exit of users for each divided section within a facility, the method comprising:
performing an entry permission determination process of determining whether the user can enter each of the sections based on ID information stored in the user's belongings;
performing face authentication processing to authenticate the user's entry into each of the sections based on the user's face image taken in the section;
performing a determination process for determining user attributes regarding the user's access authority for each section based on the result of the entry permission determination process and the result of the face authentication process;
In the determination process,
It is determined that the user is allowed to enter the first section in the entry permission determination process, and the user attributes of the user whose entry into the first section is authenticated in the face authentication process are normal. Determined as a user,
the user attribute of the user for whom it is determined in the entry permission determination process that the user is allowed to enter the first compartment, and the user is not authenticated to enter the first compartment in the face authentication process; is determined to be an unconfirmed user,
In a state in which it is determined that the user is allowed to enter the first section in the entry permission determination process, and the user's entry into the first partition is not authenticated in the face authentication process, the entry permission determination is performed. An entry/exit management method configured to determine that the user attribute of the user is a suspicious user when the user is authenticated to enter a second compartment different from the first compartment in processing.
(Appendix 14)
A computer-readable recording medium that records a program that causes a computer to manage entry and exit of users in each divided section of a facility,
The program is
Performing an entry permission determination process for determining whether the user can enter each of the sections based on ID information stored in the user's belongings;
Performing face authentication processing to authenticate the user's entry into each of the sections based on the user's face image captured in the section,
It is configured to perform a determination process for determining user attributes regarding the user's access authority for each of the sections, based on the result of the entry permission determination process and the result of the face authentication process,
In the determination process, the program:
In the entry permission determination process, it is determined that the user is allowed to enter the first compartment, and in the face authentication process, the user attribute of the user is authenticated to enter the first compartment. Determined as a user,
the user attribute of the user for whom it is determined in the entry permission determination process that the user is allowed to enter the first compartment, and the user is not authenticated to enter the first compartment in the face authentication process; is determined to be an unconfirmed user,
In a state where it is determined that the user is allowed to enter the first section in the entry permission determination process, and the user's entry into the first partition is not authenticated in the face authentication process, the entry permission determination process is performed. A computer-readable recording medium configured to determine the user attribute of the user as a suspicious user when the user is authenticated to enter a second compartment different from the first compartment in processing. .

10 first authentication device, 12 processor, 14 memory, 16 processing circuit, 18 dedicated hardware, 20 second authentication device, 30 face image acquisition device, 40 card reader, 50 external device, 60 imaging device, 100 room entry/exit control system , 101 ID reading unit, 102 ID authentication unit, 103 traffic control unit, 104 user determination unit, 105 grace time calculation unit, 106 map generation unit, 110 user data unit, 111 section data unit, 201 face authentication unit, 210 Face data section, 301 Face image acquisition section

Claims (14)

An entry/exit control system that manages entry and exit of users for each divided section within a facility,
a traffic control unit that performs an entry permission determination process that determines whether the user can enter each section based on ID information stored in the user's belongings;
a face authentication unit that performs face authentication processing to authenticate the user's entry into each of the sections based on a face image of the user captured in the section;
a user determination unit that performs a determination process that determines a user attribute regarding the user's access authority for each of the sections, based on the result of the entry permission determination process and the result of the face authentication process;
In the determination process, the user determination unit:
It is determined that the user is allowed to enter the first section in the entry permission determination process, and the user attributes of the user whose entry into the first section is authenticated in the face authentication process are normal. Determined as a user,
the user attribute of the user for whom it is determined in the entry permission determination process that the user is allowed to enter the first compartment, and the user is not authenticated to enter the first compartment in the face authentication process; is determined to be an unconfirmed user,
In a state in which it is determined that the user is allowed to enter the first section in the entry permission determination process, and the user's entry into the first partition is not authenticated in the face authentication process, the entry permission determination is performed. An entry/exit management system configured to determine that the user attribute of the user is a suspicious user when the user is authenticated to enter a second compartment different from the first compartment in processing. 2. The room entry/exit management system according to claim 1, wherein in the determination process, the user determination unit is configured to issue an alarm when the user attribute is determined to be the suspicious user. comprising a regulating device that regulates entry into the second compartment,
2. In the determination process, the user determination unit is configured to restrict entry to the second section by the restriction device when the user attribute is determined to be the suspicious user. The room entry/exit control system according to claim 2. In the determination process, the user determination unit:
The grace period has elapsed in a state where it is determined in the entry permission determination process that the user is allowed to enter the first compartment, and the face authentication process does not authenticate the user's entry into the first compartment. The room entry/exit management system according to claim 1 or 2, wherein the user attribute of the user is determined to be the suspicious user. The entry/exit management system according to claim 4, further comprising a grace time calculation unit that sets the grace time based on the division information of the first division. a section data section that stores entry permission information that determines whether a user can enter for each section;
an ID reading device installed corresponding to the first section and reading the ID information from the belongings,
In the entry permission determination process, the user determination unit determines whether the user corresponding to the ID information read by the ID reading device can enter the first section based on the entry permission information. The room entry/exit management system according to claim 1 or 2, configured as follows. a face data section that stores face information in which each face image is associated with the user ID of each user;
comprising an imaging device that images the face of a user located in the first section,
In the face authentication process, the face authentication unit:
A facial image of the same person as the facial image captured by the imaging device is searched from among the facial information stored in the facial data section, and to the user with the user ID corresponding to the searched facial image. The entry/exit control system according to claim 1 or 2, configured to authenticate entry into the first compartment. The entry/exit control system according to claim 7, wherein the imaging device includes one or more surveillance cameras installed in the first section. The entry/exit management system according to claim 7 , wherein the imaging device includes a camera-equipped mobile terminal owned by a user located in the first section. Generate a heat map that visualizes the user attributes at the position coordinates on a map of the first section based on the position coordinates at which the face image was captured and the user attributes determined in the determination process. The room entry/exit management system according to claim 1 or claim 2, further comprising a map generation unit for generating a map. The map generation unit includes:
The entry/exit management system according to claim 10, configured to distribute the heat map generated by the map generation unit to an output destination. An information processing device that manages entry and exit of users for each divided section within a facility,
a traffic control unit that performs an entry permission determination process that determines whether the user can enter each section based on ID information stored in the user's belongings;
Based on the result of the face authentication process that authenticates the user's entry into each of the sections based on the user's face image taken in the section and the result of the entry permission determination process, a user determination unit that performs determination processing to determine user attributes regarding access authority;
In the determination process, the user determination unit:
It is determined that the user is allowed to enter the first section in the entry permission determination process, and the user attributes of the user whose entry into the first section is authenticated in the face authentication process are normal. Determined as a user,
the user attribute of the user for whom it is determined in the entry permission determination process that the user is allowed to enter the first compartment, and the user is not authenticated to enter the first compartment in the face authentication process; is determined to be an unconfirmed user,
In a state in which it is determined that the user is allowed to enter the first section in the entry permission determination process, and the user's entry into the first partition is not authenticated in the face authentication process, the entry permission determination is performed. An information processing device configured to determine that the user attribute of the user is a suspicious user when the user is authenticated to enter a second compartment different from the first compartment in processing. An entry/exit management method for causing a computer to manage entry/exit of users for each divided section within a facility, the method comprising:
performing an entry permission determination process of determining whether the user can enter each of the sections based on ID information stored in the user's belongings;
performing face authentication processing to authenticate the user's entry into each of the sections based on the user's face image taken in the section;
performing a determination process for determining user attributes regarding the user's access authority for each section based on the result of the entry permission determination process and the result of the face authentication process;
In the determination process,
It is determined that the user is allowed to enter the first section in the entry permission determination process, and the user attributes of the user whose entry into the first section is authenticated in the face authentication process are normal. Determined as a user,
the user attribute of the user for whom it is determined in the entry permission determination process that the user is allowed to enter the first compartment, and the user is not authenticated to enter the first compartment in the face authentication process; is determined to be an unconfirmed user,
In a state in which it is determined that the user is allowed to enter the first section in the entry permission determination process, and the user's entry into the first partition is not authenticated in the face authentication process, the entry permission determination is performed. An entry/exit management method configured to determine that the user attribute of the user is a suspicious user when the user is authenticated to enter a second compartment different from the first compartment in processing. A computer-readable recording medium that records a program that causes a computer to manage entry and exit of users in each divided section of a facility,
The program is
Performing an entry permission determination process for determining whether the user can enter each of the sections based on ID information stored in the user's belongings;
Performing face authentication processing to authenticate the user's entry into each of the sections based on the user's face image captured in the section,
It is configured to perform a determination process for determining user attributes regarding the user's access authority for each of the sections, based on the result of the entry permission determination process and the result of the face authentication process,
In the determination process, the program:
It is determined that the user is allowed to enter the first section in the entry permission determination process, and the user attributes of the user whose entry into the first section is authenticated in the face authentication process are normal. Determined as a user,
the user attribute of the user for whom it is determined in the entry permission determination process that the user is allowed to enter the first compartment, and the user is not authenticated to enter the first compartment in the face authentication process; is determined to be an unconfirmed user,
In a state in which it is determined that the user is allowed to enter the first section in the entry permission determination process, and the user's entry into the first partition is not authenticated in the face authentication process, the entry permission determination is performed. A computer-readable recording medium configured to determine the user attribute of the user as a suspicious user if the user is authenticated to enter a second compartment different from the first compartment in processing. .

Images