KR102514036B1 - Electronic device and method for controlling the same - Google Patents

Abstract

An electronic device and a control method thereof are disclosed. An electronic device according to an embodiment of the present invention is an electronic device capable of performing complex biometric authentication, and includes: a first biometric sensor configured to detect first biometric information; a second biometric sensor configured to detect second biometric information; A multi-dimensional variable decision criterion is set including situation information upon detection of at least one of the first biometric information and the second biometric information, and the multi-dimensional variable decision criterion is set to the first biometric information or the second biometric information. a security module for performing first user authentication by applying a matching score for recognition information and determining whether to perform second user authentication using the remaining biometric information based on a result of the first user authentication; and a control unit controlling an operation of the electronic device based on at least one of the first or second user authentication results performed by the security module.

Description

Electronic device and its control method {ELECTRONIC DEVICE AND METHOD FOR CONTROLLING THE SAME}

The present invention relates to an electronic device capable of complex biometric authentication.

2. Description of the Related Art Along with technological development, functions of electronic devices are diversifying. For example, there are functions of data and voice communication, photographing and video recording through a camera, voice recording, music file reproduction through a speaker system, and outputting an image or video to a display unit. Some electronic devices have an electronic game play function added or perform a multimedia player function. In particular, recent electronic devices can receive multicast signals providing visual content such as broadcasting and video or television programs.

As the functions of such an electronic device diversify, it is implemented in the form of a multimedia player with complex functions such as taking pictures or videos, playing music or video files, playing games, and receiving broadcasts, for example. there is.

In order to support and increase the functions of these electronic devices, it may be considered to improve the structural part and/or the software part of the terminal.

As the functions of electronic devices diversify, the importance of user authentication for enhancing security is increasing. Various methods such as a password method, a pattern method, and a biometric recognition method may be used for user authentication.

Biometrics, a security authentication method, is a technology for performing user authentication using unique physical characteristics such as a user's fingerprint, face, voice, iris, retina, and blood vessels. In this field of biometric technology, the risk of theft or imitation is low and the usability is high.

Meanwhile, recently, in order to enhance security, a single mode biometric authentication using a single biometric information has been changed to a multimodal biometric authentication using a plurality of biometric information. Biometric) or multi-biometric authentication technology is being developed.

When implementing such a multi-mode biometric authentication technology, it is necessary to develop various methods utilizing multiple biometric information. The present invention proposes a method of performing biometric authentication by utilizing several pieces of biometric information.

An object of the present invention is to provide an electronic device capable of performing complex biometric authentication and a control method thereof according to criteria modified according to circumstances in consideration of various environmental factors at the time of multi-biometric authentication.

Another object of the present invention is to simultaneously improve authentication accuracy and usability of multi-biometric authentication.

An electronic device according to an embodiment of the present invention is an electronic device that performs complex biometric authentication, and includes a first biometric sensor configured to detect first biometric information; a second biometric sensor configured to detect second biometric information; A multi-dimensional variable criterion is set including situation information upon detection of at least one of the first biometric information and the second biometric information, and the multi-dimensional variable criterion is set to the first biometric information or the second biometric information. 2. A security module for performing first user authentication by applying a matching score for biometric information and determining whether to perform second user authentication using the remaining biometric information based on a result of the first user authentication; and a control unit controlling an operation of the electronic device based on at least one of the results of the first or second user authentication performed by the security module.

In one embodiment, the multi-dimensional variable criterion is determined by considering all of a biometric sensor for detecting biometric information, the situation information, the matching score, and a forgery-related score of biometric information. to be

Further, in an embodiment, the situation information includes ambient illumination, ambient noise, ambient temperature, characteristic information of biometric information, motion information, the electronic device itself, remaining battery capacity of the electronic device, and input order of biometric information. , user information, and the situation information is characterized in that one or more are selected based on the characteristics of the biometric information.

Further, in an embodiment, the security module calculates a matching score by comparing the first biometric information or the second biometric information with pre-registered user information, and calculates a matching score based on the biometric information. Combining forgery-related scores of to calculate a final score, and performing user authentication by applying a variable decision function generated based on the forgery-related score of the situation information and biometric information to the calculated final matching score. do.

In an embodiment, the forgery related score of the biometric information includes at least one of an anti-spoofing score and a quality score, and the variable decision function includes at least one of the anti-spoofing score and the quality score and the context information. Characterized in that it is produced by combining.

In an embodiment, the variable decision function is characterized in that an upper limit threshold and a lower limit threshold related to user authentication determination are generated to be varied according to the level of the context information.

In an embodiment, the upper limit threshold is a value at which a false acceptance rate (FAR) is 0, and the lower limit threshold is a value at which a false rejection rate (FRR) is 0, and the level of the situation information determines the value of the lower limit threshold. It is characterized in that at least one of the upper limit threshold and the lower limit threshold is decreased.

Further, in an embodiment, the second user authentication is characterized in that the authentication result of the first user authentication is performed only when it is impossible to determine that neither authentication success nor authentication failure corresponds.

Further, in an embodiment, the non-discrimination is when a final score considering all of the matching score, the forgery-related score of the biometric information, and the situation information is less than the lower limit threshold, and the lower limit threshold is the situation information It is characterized in that it varies according to.

Further, in an embodiment, when the second user authentication is performed, biometric information and context information for the second user authentication are selected based on the biometric information and context information used in the first user authentication. characterized by

In addition, in an embodiment, when the second user authentication is performed, both the first and second biometric information are used, and the multi-dimensional variable criterion in the second user authentication is the first user authentication. It is characterized in that it is determined by additionally considering the multidimensional variable criterion used in.

Further, in an embodiment, when the second user authentication is performed, the multi-dimensional variable decision criterion in the second user authentication is different from the multi-dimensional variable decision criterion used in the first user authentication and the first user authentication. It is characterized in that it is determined by considering all the situation information used in

An operating method of an electronic device according to an embodiment of the present invention is a method of operating an electronic device that performs complex biometric authentication, comprising: sensing biometric information from at least one of a first or second biometric sensor; setting a multi-dimensional variable criterion including situational information when biometric information of at least one of the first and second biometric sensors is sensed; performing first user authentication by applying the multi-dimensional variable criterion to a matching score for the first biometric information or the second biometric information; determining whether to perform second user authentication using remaining biometric information based on a result of the first user authentication; and controlling an operation of the electronic device based on at least one of the first and second user authentication results.

In addition, in one embodiment, the setting of the multi-dimensional variable criterion may include considering all of the biometric sensor for detecting biometric information, the situation information, the matching score, and the forgery-related score of the biometric information. It is characterized in that it is a setting step.

Further, in an embodiment, the performing of the first user authentication may include calculating a matching score by comparing the first biometric information or the second biometric information with pre-registered user information, and calculating a matching score. Calculating a final score by combining the matching score with a score related to forgery of the biometric information; and applying a variable decision function generated based on the situation information and the score related to forgery of the biometric information to the calculated final score. and performing the first user authentication by doing so.

Further, in an embodiment, the variable decision function is generated such that an upper limit threshold and a lower limit threshold related to user authentication determination are varied according to the level of the context information, and the second user authentication is based on the first user authentication. As a result of the execution, it is characterized in that the final score is performed when it is impossible to discriminate between the variable upper and lower limit thresholds.

The electronic device according to the present invention performs biometric authentication by determining a variable criterion in consideration of the surrounding environment at the time of biometric authentication and the forgery-related score related to the characteristics of biometric authentication, thereby improving the usability, convenience, and sensing of biometric authentication. Accuracy is all improved. In addition, by determining whether or not to perform secondary authentication according to a result of performing primary authentication, the authentication speed of biometric authentication can be improved. In addition, by applying a multi-dimensional function in which the threshold or threshold range of No Decision is variable every time, considering all of the forgery-related scores and various situational information collected when biometric information is detected, a multi-dimensional function is applied to authentication, even in secondary authentication. Authentication accuracy can be improved.

1 is a block diagram illustrating an electronic device related to the present invention.
2 is a conceptual diagram illustrating a single biometric authentication method.
3A to 3D are conceptual diagrams illustrating a complex biometric authentication method.
4A and 4B are graphs related to error rates of biometric authentication determination.
5 is a conceptual diagram illustrating a method of performing multi-biometric authentication in a serial manner in the conventional multi-biometric authentication.
6 and 7 are conceptual diagrams illustrating a method of performing serial biometric authentication.
8A to 8C are exemplary diagrams for explaining the implementation of a method of performing serial biometric authentication by applying a decision criterion that varies according to circumstances in complex biometric authentication according to the present invention.
9A to 9C are example graphs for describing a comparison between an authentication result according to an existing criterion and an authentication result according to a variable criterion according to the present invention in complex biometric authentication according to the present invention.
10 is a flowchart illustrating a method of performing serial biometric authentication by applying a variable decision criterion according to circumstances in complex biometric authentication according to the present invention.
11A to 14 are different examples showing specific multi-biometric authentication means and context information to which a variable criterion is applied in multi-biometric authentication according to the present invention.
FIG. 15 is a conceptual diagram illustrating a method of performing multi-biometric authentication in a parallel method by applying a variable decision criterion according to circumstances and converging a plurality of sensors, situation information, and variable decision criteria in complex biometric authentication according to the present invention.

Hereinafter, the embodiments disclosed in this specification will be described in detail with reference to the accompanying drawings, but the same reference numerals will be assigned to the same or similar components regardless of reference numerals, and overlapping descriptions thereof will be omitted. The suffixes "module" and "unit" for components used in the following description are given or used together in consideration of ease of writing the specification, and do not have meanings or roles that are distinct from each other by themselves. In addition, in describing the embodiments disclosed in this specification, if it is determined that a detailed description of a related known technology may obscure the gist of the embodiment disclosed in this specification, the detailed description thereof will be omitted. In addition, the accompanying drawings are only for easy understanding of the embodiments disclosed in this specification, the technical idea disclosed in this specification is not limited by the accompanying drawings, and all changes included in the spirit and technical scope of the present invention , it should be understood to include equivalents or substitutes.

Terms including ordinal numbers, such as first and second, may be used to describe various components, but the components are not limited by the terms. These terms are only used for the purpose of distinguishing one component from another.

It is understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, but other elements may exist in the middle. It should be. On the other hand, when an element is referred to as “directly connected” or “directly connected” to another element, it should be understood that no other element exists in the middle.

Singular expressions include plural expressions unless the context clearly dictates otherwise.

In this application, terms such as "comprise" or "have" are intended to designate that there is a feature, number, step, operation, component, part, or combination thereof described in the specification, but one or more other features It should be understood that the presence or addition of numbers, steps, operations, components, parts, or combinations thereof is not precluded.

Portable electronic devices described herein include mobile phones, smart phones, laptop computers, digital broadcasting terminals, personal digital assistants (PDAs), portable multimedia players (PMPs), navigation devices, and slate PCs. ), tablet PC, ultrabook, wearable device (eg, watch type terminal (smartwatch), glass type terminal (smart glass), HMD (head mounted display)), smart car etc. may be included.

However, those skilled in the art can easily recognize that the configuration according to the embodiment described in this specification may be applied to fixed terminals such as digital TVs, desktop computers, digital signage, etc., except when applicable only to portable electronic devices. There will be.

1 is a block diagram illustrating an electronic device related to the present invention.

Referring to FIG. 1 , an input unit 120, a detection unit 140, an output unit 150, an interface unit 160, a memory 170, a control unit 180, a security module 181, and a power supply unit 190 etc. may be included. The components shown in FIG. 1 are not essential to implement the electronic device, so the electronic device described in this specification may have more or fewer components than the components listed above.

More specifically, among the components, the wireless communication unit 110 is between the electronic device 100 and the wireless communication system, between the electronic device 100 and another electronic device 100, or between the electronic device 100 and an external server. It may include one or more modules enabling wireless communication between Also, the wireless communication unit 110 may include one or more modules that connect the electronic device 100 to one or more networks.

The wireless communication unit 110 may include at least one of a broadcast reception module 111, a mobile communication module 112, a wireless Internet module 113, a short-distance communication module 114, and a location information module 115. .

The input unit 120 includes a camera 121 or video input unit for inputting a video signal, a microphone 122 for inputting an audio signal, or a user input unit 123 for receiving information from a user, for example , a touch key, a push key (mechanical key, etc.). Voice data or image data collected by the input unit 120 may be analyzed and processed as a user's control command.

The sensing unit 140 may include one or more sensors for sensing at least one of information within the electronic device, surrounding environment information surrounding the electronic device, and user information. For example, the sensing unit 140 may include a proximity sensor 141, an illumination sensor 142, a touch sensor, an acceleration sensor, a magnetic sensor, and gravity. Sensor (G-sensor), gyroscope sensor (gyroscope sensor), motion sensor (motion sensor), RGB sensor, infrared sensor (IR sensor), finger scan sensor, ultrasonic sensor , an optical sensor (eg, a camera (see 121)), a microphone (see 122), a battery gauge, an environmental sensor (eg, a barometer, a hygrometer, a thermometer, a radiation detection sensor, It may include at least one of a heat detection sensor, a gas detection sensor, etc.), a chemical sensor (eg, an electronic nose, a healthcare sensor, a biometric sensor, etc.). The biometric sensor 143 may include an iris sensor, a face recognition sensor, a PPG sensor, a voice sensor, and the like. Meanwhile, the electronic device disclosed in this specification may combine and utilize information sensed by at least two or more of these sensors.

The output unit 150 is for generating an output related to sight, hearing, or touch, and includes at least one of a display unit 151, a sound output unit 152, a haptic module 153, and an optical output unit 154. can do. The display unit 151 may implement a touch screen by forming a mutual layer structure or integrally with the touch sensor. Such a touch screen may function as a user input unit 123 providing an input interface between the electronic device 100 and the user and provide an output interface between the electronic device 100 and the user.

The interface unit 160 serves as a passage for various types of external devices connected to the electronic device 100 . The interface unit 160 connects a device equipped with a wired/wireless headset port, an external charger port, a wired/wireless data port, a memory card port, and an identification module. It may include at least one of a port, an audio input/output (I/O) port, a video input/output (I/O) port, and an earphone port. In response to the external device being connected to the interface unit 160, the electronic device 100 may perform appropriate control related to the connected external device.

Also, the memory 170 stores data supporting various functions of the electronic device 100 . The memory 170 may store a plurality of application programs (applications) running in the electronic device 100 , data for operating the electronic device 100 , and commands. At least some of these application programs may be downloaded from an external server through wireless communication. In addition, at least some of these application programs may exist on the electronic device 100 from the time of shipment for the basic functions of the electronic device 100 (eg, incoming and outgoing calls, outgoing functions, message receiving, and outgoing functions). Meanwhile, the application program may be stored in the memory 170, installed on the electronic device 100, and driven by the control unit 180 to perform an operation (or function) of the electronic device.

The controller 180 controls general operations of the electronic device 100 in addition to operations related to the application program. The control unit 180 may provide or process appropriate information or functions to the user by processing signals, data, information, etc. input or output through the components described above or by running an application program stored in the memory 170.

In addition, the controller 180 may control at least some of the components reviewed in conjunction with FIG. 1A in order to drive an application program stored in the memory 170 . Furthermore, the controller 180 may combine and operate at least two or more of the components included in the electronic device 100 to drive the application program.

The power supply unit 190 receives external power and internal power under the control of the controller 180 and supplies power to each component included in the electronic device 100 . The power supply unit 190 includes a battery, and the battery may be a built-in battery or a replaceable battery.

At least some of the components may operate in cooperation with each other in order to implement an operation, control, or control method of an electronic device according to various embodiments described below. Also, the operation, control, or control method of the electronic device may be implemented on the electronic device by driving at least one application program stored in the memory 170 .

Hereinafter, prior to examining various embodiments implemented through the electronic device 100 described above, the above-listed components will be described in more detail with reference to FIG. 1A.

First, looking at the wireless communication unit 110, the broadcast reception module 111 of the wireless communication unit 110 receives a broadcast signal and/or broadcast-related information from an external broadcast management server through a broadcast channel. The broadcast channel may include a satellite channel and a terrestrial channel. Two or more broadcast receiving modules may be provided in the mobile terminal 100 to receive simultaneous broadcasting of at least two broadcast channels or to switch broadcast channels.

The mobile communication module 112 complies with technical standards or communication methods for mobile communication (eg, Global System for Mobile communication (GSM), Code Division Multi Access (CDMA), Code Division Multi Access 2000 (CDMA2000), EV) -DO(Enhanced Voice-Data Optimized or Enhanced Voice-Data Only), WCDMA(Wideband CDMA), HSDPA(High Speed Downlink Packet Access), HSUPA(High Speed Uplink Packet Access), LTE(Long Term Evolution), LTE-A (Long Term Evolution-Advanced), etc.) to transmit and receive radio signals with at least one of a base station, an external terminal, and a server on a mobile communication network.

The wireless signal may include a voice call signal, a video call signal, or various types of data according to text/multimedia message transmission/reception.

The wireless Internet module 113 refers to a module for wireless Internet access, and may be built into or external to the electronic device 100 . The wireless Internet module 113 is configured to transmit and receive radio signals in a communication network according to wireless Internet technologies.

Wireless Internet technologies include, for example, WLAN (Wireless LAN), Wi-Fi (Wireless-Fidelity), Wi-Fi (Wireless Fidelity) Direct, DLNA (Digital Living Network Alliance), WiBro (Wireless Broadband), WiMAX (World Interoperability for Microwave Access), HSDPA (High Speed Downlink Packet Access), HSUPA (High Speed Uplink Packet Access), LTE (Long Term Evolution), LTE-A (Long Term Evolution-Advanced), etc., and the wireless Internet module ( 113) transmits and receives data according to at least one wireless Internet technology within a range including Internet technologies not listed above.

From the viewpoint that wireless Internet access by WiBro, HSDPA, HSUPA, GSM, CDMA, WCDMA, LTE, LTE-A, etc. is made through a mobile communication network, the wireless Internet module (113) performing wireless Internet access through the mobile communication network ) may be understood as a kind of the mobile communication module 112.

The short-range communication module 114 is for short-range communication, and includes Bluetooth™, Radio Frequency Identification (RFID), Infrared Data Association (IrDA), Ultra Wideband (UWB), ZigBee, and NFC. Near Field Communication (Near Field Communication), Wi-Fi (Wireless-Fidelity), Wi-Fi Direct, and wireless USB (Wireless Universal Serial Bus) technology may be used to support short-distance communication. The short-range communication module 114 may be used between the electronic device 100 and a wireless communication system, between the electronic device 100 and other electronic devices 100, or between the electronic device 100 through a local area network (Wireless Area Networks). ) and a network where another electronic device 100 (or an external server) is located. The local area wireless communication network may be a local area wireless personal area network (Wireless Personal Area Networks).

Here, the other electronic device 100 is a wearable device capable of exchanging (or interlocking) data with the electronic device 100 according to the present invention (for example, a smartwatch, smart glasses) (smart glass) or HMD (head mounted display). The short-range communication module 114 may detect (or recognize) a wearable device capable of communicating with the electronic device 100 in the vicinity of the electronic device 100 . Furthermore, if the detected wearable device is a device authorized to communicate with the electronic device 100 according to the present invention, the control unit 180 transmits at least a portion of data processed by the electronic device 100 to the short-range communication module ( 114) can be transmitted to the wearable device. Accordingly, a user of the wearable device may use data processed by the electronic device 100 through the wearable device. For example, according to this, when a call is received in the electronic device 100, the user makes a phone call through the wearable device, or when a message is received in the electronic device 100, the user receives the received message through the wearable device. It is possible to check the message.

The location information module 115 is a module for acquiring the location (or current location) of the electronic device, and representative examples thereof include a Global Positioning System (GPS) module or a Wireless Fidelity (WiFi) module. For example, the electronic device may obtain the location of the electronic device using a signal transmitted from a GPS satellite by using a GPS module. As another example, if the electronic device utilizes the Wi-Fi module, the location of the electronic device may be obtained based on information of the Wi-Fi module and a wireless access point (AP) that transmits or receives a wireless signal. If necessary, the location information module 115 may perform any function among other modules of the wireless communication unit 110 to obtain data on the location of the electronic device in substitution or addition. The location information module 115 is a module used to obtain the location (or current location) of the electronic device, and is not limited to a module that directly calculates or obtains the location of the electronic device.

Next, the input unit 120 is for inputting image information (or signals), audio information (or signals), data, or information input from a user. For inputting image information, the electronic device 100 has one Alternatively, a plurality of cameras 121 may be provided. The camera 121 processes an image frame such as a still image or a moving image obtained by an image sensor in a video call mode or a photographing mode. The processed image frame may be displayed on the display unit 151 or stored in the memory 170 . Meanwhile, the plurality of cameras 121 provided in the electronic device 100 may be arranged to form a matrix structure, and through the cameras 121 forming the matrix structure, various angles or focal points may be provided to the electronic device 100. A plurality of image information having may be input. In addition, the plurality of cameras 121 may be arranged in a stereo structure to obtain left and right images for realizing a stereoscopic image.

The microphone 122 processes external sound signals into electrical voice data. The processed voice data may be utilized in various ways according to the function (or application program being executed) being performed in the electronic device 100 . Meanwhile, various noise cancellation algorithms for removing noise generated in the process of receiving an external sound signal may be implemented in the microphone 122 .

The user input unit 123 is for receiving information from a user, and when information is input through the user input unit 123, the control unit 180 can control the operation of the electronic device 100 to correspond to the input information. . The user input unit 123 is a mechanical input means (or a mechanical key, for example, a button located on the front, rear or side of the electronic device 100, a dome switch, a jog wheel, jog switch, etc.) and a touch input means. As an example, the touch input means consists of a virtual key, soft key, or visual key displayed on a touch screen through software processing, or a part other than the touch screen. On the other hand, the virtual key or visual key can be displayed on the touch screen while having various forms, for example, graphic, text ), icon, video, or a combination thereof.

Meanwhile, the sensing unit 140 senses at least one of information in the electronic device, surrounding environment information surrounding the electronic device, and user information, and generates a sensing signal corresponding thereto. Based on these sensing signals, the controller 180 may control driving or operation of the electronic device 100 or may process data, function, or operate related to an application program installed in the electronic device 100 . Representative sensors among various sensors that may be included in the sensing unit 140 will be described in more detail.

First, the proximity sensor 141 refers to a sensor that detects the presence or absence of an object approaching a predetermined detection surface or an object existing nearby without mechanical contact by using the force of an electromagnetic field or infrared rays. The proximity sensor 141 may be disposed in an inner area of the electronic device covered by the touch screen as described above or in the vicinity of the touch screen.

Examples of the proximity sensor 141 include a transmission type photoelectric sensor, a direct reflection type photoelectric sensor, a mirror reflection type photoelectric sensor, a high frequency oscillation type proximity sensor, a capacitance type proximity sensor, a magnetic type proximity sensor, an infrared proximity sensor, and the like. If the touch screen is a capacitive type, the proximity sensor 141 may be configured to detect the proximity of a conductive object as a change in electric field according to the proximity of the object. In this case, the touch screen (or touch sensor) itself may be classified as a proximity sensor.

On the other hand, for convenience of description, an action of approaching a touch screen without contacting an object to recognize that the object is located on the touch screen is referred to as a "proximity touch", and the touch An act of actually touching an object on a screen is called a "contact touch". The location at which an object is proximity-touched on the touch screen means a location at which the object corresponds vertically to the touch screen when the object is proximity-touched. The proximity sensor 141 may detect a proximity touch and a proximity touch pattern (eg, proximity touch distance, proximity touch direction, proximity touch speed, proximity touch time, proximity touch position, proximity touch movement state, etc.) there is. Meanwhile, as described above, the controller 180 processes data (or information) corresponding to the proximity touch operation and proximity touch pattern detected through the proximity sensor 141, and furthermore, visual information corresponding to the processed data. It can be output on the touch screen. Furthermore, the controller 180 may control the electronic device 100 to process different operations or data (or information) depending on whether a touch to the same point on the touch screen is a proximity touch or a contact touch. .

The touch sensor detects a touch (or touch input) applied to the touch screen (or the display unit 151) using at least one of various touch methods such as a resistive film method, a capacitive method, an infrared method, an ultrasonic method, and a magnetic field method. detect

As an example, the touch sensor may be configured to convert a change in pressure applied to a specific part of the touch screen or capacitance generated in a specific part into an electrical input signal. The touch sensor may be configured to detect a location, area, pressure upon touch, capacitance upon touch, and the like, at which a touch object that applies a touch to the touch screen is touched on the touch sensor. Here, the touch object is an object that applies a touch to the touch sensor, and may be, for example, a finger, a touch pen, a stylus pen, or a pointer.

As such, when there is a touch input to the touch sensor, the corresponding signal(s) is sent to the touch controller. The touch controller processes the signal(s) and then transmits corresponding data to the controller 180. Thus, the controller 180 can know which area of the display unit 151 has been touched. Here, the touch controller may be a component separate from the controller 180 or may be the controller 180 itself.

Meanwhile, the controller 180 may perform different controls or the same control according to the type of the touch object that touches the touch screen (or a touch key provided other than the touch screen). Whether different or the same control is to be performed according to the type of touch object may be determined according to an operating state of the electronic device 100 or an application program being executed.

On the other hand, the touch sensor and proximity sensor described above are independently or combined, short (or tap) touch, long touch, multi-touch, drag touch on the touch screen ), flick touch, pinch-in touch, pinch-out touch, swipe touch, hovering touch, etc. Touch can be sensed.

The ultrasonic sensor may recognize location information of a sensing object by using ultrasonic waves. Meanwhile, the controller 180 may calculate the location of the wave generating source through information detected by the optical sensor and the plurality of ultrasonic sensors. The position of the wave generating source can be calculated using the property that light is much faster than ultrasonic waves, that is, the time for light to reach the optical sensor is much faster than the time for ultrasonic waves to reach the ultrasonic sensor. More specifically, the location of the wave generating source may be calculated by using light as a reference signal and a time difference between the arrival time of ultrasonic waves.

Meanwhile, looking at the configuration of the input unit 120, the camera 121 includes at least one of a camera sensor (eg, CCD, CMOS, etc.), a photo sensor (or image sensor), and a laser sensor.

The camera 121 and the laser sensor may be combined with each other to detect a touch of a sensing target for a 3D stereoscopic image. A photo sensor may be stacked on a display device, and the photo sensor is configured to scan a motion of a sensing target close to the touch screen. More specifically, the photo sensor scans the content placed on the photo sensor by mounting photo diodes and transistors (TRs) in rows/columns and using electrical signals that change according to the amount of light applied to the photo diodes. That is, the photo sensor calculates the coordinates of the sensing object according to the change in light, and through this, the location information of the sensing object can be obtained.

The display unit 151 displays (outputs) information processed by the electronic device 100 . For example, the display unit 151 may display execution screen information of an application program driven in the electronic device 100 or UI (User Interface) and GUI (Graphic User Interface) information according to such execution screen information. .

Also, the display unit 151 may be configured as a 3D display unit that displays a 3D image.

A 3D display method such as a stereoscopic method (glasses method), an auto stereoscopic method (non-glasses method), or a projection method (holographic method) may be applied to the 3D display unit.

The audio output unit 152 may output audio data received from the wireless communication unit 110 or stored in the memory 170 in a call signal reception, a call mode or a recording mode, a voice recognition mode, a broadcast reception mode, and the like. The sound output unit 152 also outputs sound signals related to functions performed by the electronic device 100 (eg, call signal reception sound, message reception sound, etc.). The sound output unit 152 may include a receiver, a speaker, a buzzer, and the like.

The haptic module 153 generates various tactile effects that a user can feel. A representative example of the tactile effect generated by the haptic module 153 may be vibration. The strength and pattern of the vibration generated by the haptic module 153 may be controlled by a user's selection or a setting of a controller. For example, the haptic module 153 may synthesize and output different vibrations or sequentially output them.

In addition to vibration, the haptic module 153 responds to stimuli such as an array of pins that move vertically with respect to the contact skin surface, air blowing force or suction force through a nozzle or suction port, rubbing against the skin surface, electrode contact, and electrostatic force. It is possible to generate various tactile effects, such as the effect of heat absorption and the effect of reproducing the feeling of coolness and warmth using an element capable of absorbing heat or generating heat.

The haptic module 153 not only transmits a tactile effect through direct contact, but also can be implemented so that a user can feel a tactile effect through a muscle sense such as a finger or an arm. Two or more haptic modules 153 may be provided according to configuration aspects of the electronic device 100 .

The light output unit 154 outputs a signal for notifying occurrence of an event using light from a light source of the electronic device 100 . Examples of events occurring in the electronic device 100 may include message reception, call signal reception, missed calls, alarms, schedule notifications, e-mail reception, and information reception through applications.

A signal output from the light output unit 154 is implemented as the electronic device emits light of a single color or multiple colors to the front or back side. The signal output may be terminated when the electronic device detects the user's confirmation of the event.

The interface unit 160 serves as a passage for all external devices connected to the electronic device 100 . The interface unit 160 receives data from an external device, receives power and transmits it to each component inside the electronic device 100, or transmits data inside the electronic device 100 to an external device. For example, a wired/wireless headset port, an external charger port, a wired/wireless data port, a memory card port, and a port for connecting a device having an identification module. The interface unit 160 may include an audio I/O (Input/Output) port, a video I/O (Input/Output) port, an earphone port, and the like.

On the other hand, the identification module is a chip that stores various types of information for authenticating the right to use the electronic device 100, and includes a user identification module (UIM), a subscriber identity module (SIM), and universal user authentication. module (universal subscriber identity module; USIM) and the like. A device equipped with an identification module (hereinafter referred to as 'identification device') may be manufactured in the form of a smart card. Accordingly, the identification device may be connected to the terminal 100 through the interface unit 160 .

In addition, when the electronic device 100 is connected to an external cradle, the interface unit 160 serves as a passage through which power from the cradle is supplied to the electronic device 100 or is input from the cradle by a user. It may be a passage through which various command signals are transmitted to the electronic device 100 . Various command signals or the power input from the cradle may operate as a signal for recognizing that the electronic device 100 is correctly mounted on the cradle.

The memory 170 may store programs for operation of the controller 180 and may temporarily store input/output data (eg, phonebook, message, still image, video, etc.). The memory 170 may store data related to vibration and sound of various patterns output when a touch is input on the touch screen.

The memory 170 may be a flash memory type, a hard disk type, a solid state disk type, a silicon disk drive type, or a multimedia card micro type. ), card-type memory (eg SD or XD memory, etc.), RAM (random access memory; RAM), SRAM (static random access memory), ROM (read-only memory; ROM), EEPROM (electrically erasable programmable read -only memory), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, and an optical disk. The electronic device 100 may operate in relation to a web storage that performs a storage function of the memory 170 on the Internet.

Meanwhile, as described above, the controller 180 controls operations related to application programs and general operations of the electronic device 100 in general. For example, if the state of the electronic device satisfies a set condition, the controller 180 may execute or release a locked state that restricts a user's control command input to applications.

In addition, the controller 180 may perform control and processing related to voice calls, data communications, video calls, etc., or perform pattern recognition processing capable of recognizing handwriting input or drawing input performed on the touch screen as characters and images, respectively. can Furthermore, the control unit 180 may control any one or a combination of the components described above in order to implement various embodiments described below on the electronic device 100 according to the present invention.

The security module 181 controls operations related to security during the operation of the electronic device. For example, when the biometric authentication function is executed, the security module 181 may perform biometric authentication related control. For example, the security module 181 may perform biometric authentication using an artificial neural network algorithm or an SVM algorithm, which are algorithms for biometric authentication. In addition, the security module 181 is an algorithm for biometric authentication, Fuzzy logic, Dempster-Shafer theory, SVM, RVM (relevance vector machine) Mean rule, Monte Carlo approach, Phase stretch transform (PST), neural network, Principal Component Analysis , Fisherfaces, Wavelet and Elastic Matching, etc. can be operated.

The security module 181 may transmit and receive data through communication with the control unit 180, and through this, it may control the overall operation of the electronic device. For example, the control unit 180 may receive user authentication result data from the security module 181 and control the operation of the electronic device based on this. In addition, the security module 181 may receive a control command for performing biometric authentication from the control unit 180 and perform biometric authentication accordingly.

Meanwhile, in FIG. 1, the security module 181 and the control unit 180 are shown as separate components, but the present invention is not limited thereto, and the security module 181 may be configured as one component of the control unit 180. there is.

The power supply unit 190 receives external power and internal power under the control of the controller 180 and supplies power necessary for the operation of each component. The power supply unit 190 includes a battery, and the battery may be a built-in battery capable of being charged, or may be detachably coupled to the terminal body for charging.

In addition, the power supply unit 190 may have a connection port, and the connection port may be configured as an example of an interface 160 electrically connected to an external charger that supplies power to charge the battery.

As another example, the power supply unit 190 may charge the battery in a wireless manner without using the connection port. In this case, the power supply unit 190 uses at least one of an inductive coupling method based on magnetic induction from an external wireless power transmitter or a magnetic resonance coupling method based on electromagnetic resonance. power can be delivered.

Meanwhile, various embodiments hereinafter may be embodied in a recording medium readable by a computer or a similar device using, for example, software, hardware, or a combination thereof.

Hereinafter, a method of performing biometric authentication in the electronic device described in FIG. 1 will be described in detail. 2 is a conceptual diagram illustrating a single biometric authentication method.

Referring to FIG. 2 , single biometric authentication may include acquisition (210), feature point extraction (220), matching (230), and decision (240) steps.

In an acquisition step 210, biometric information may be obtained through a biometric sensor. The biometric information may include user's unique biometric information such as fingerprint, face, voice, vein, and iris.

In the feature point extraction (220, feature extraction) step, feature points of biometric information may be extracted. Characteristic points are information capable of recognizing unique characteristics of different people for each person. For example, in the case of a fingerprint, a point representing a unique shape of the fingerprint may be set as a feature point. These feature points are set differently for each biometric authentication method.

In the matching step (230, Matching), a matching score between pre-registered user information and sensed biometric information may be calculated. Pre-registered user information is biometric information previously stored by the user before biometric authentication is performed. The user may store fingerprint information, face information, voice information, vein information, iris information, and the like in the memory 170 in the form of a template.

The matching score represents a similarity between pre-registered user information and biometric information as a score. As an algorithm for calculating a matching score, various conventionally known algorithms may be used.

In the decision step 240 (decision), user authentication may be performed using a matching score and a decision function. The decision function is a function that serves as a criterion for determining whether a user inputting biometric information is a genuine user or an imposter user. The decision function may be set to a specific threshold or a multi-dimensional function.

For the decision function, a default may be set by a manufacturer of the biometric authentication function. Also, the decision function may change an initial setting value using biometric information of the user sensed through the biometric sensor. Therefore, the electronic device can improve the speed and accuracy of biometric recognition as more biometric operations are performed.

Also, the decision function may be generated differently according to information used to generate the decision function. In addition, a plurality of decision functions generated differently may be stored in the memory 170 . For example, the decision function may be generated using only matching scores or using matching scores and spoofing scores. In this case, both decision functions may be stored in the memory 170, and biometric authentication may be performed using either one of the decision functions, if necessary.

In the above, the single biometric authentication method has been described. Hereinafter, a multi-biometric authentication method will be described. 3A to 3D are conceptual diagrams illustrating a complex biometric authentication method.

Complex biometric authentication can be classified into four types according to the point at which a plurality of biometric information is fused. Here, fusion refers to an operation of combining a plurality of pieces of information according to a preset algorithm and calculating them as one piece of information, and may also be used as terms such as combination, combination, convergence, and matching.

3A shows a sensor fusion scheme 310 . The sensor fusion method 310 is a method of combining a plurality of pieces of biometric information obtained from different sensors in the step of obtaining biometric information. Specifically, the sensor fusion method is a method of fusion of biometric information sensed from different biometric sensors and extracting feature points from the fusion information.

3B shows a feature point fusion scheme 320 . The feature point fusion method 320 is a method of extracting feature points from a plurality of pieces of biometric information obtained from different biometric sensors in the step of extracting feature points of biometric information, and combining the extracted feature points.

3C shows the score fusion scheme 330 . The score fusion method 330 is a method of combining matching scores calculated for each of a plurality of pieces of biometric information in the matching step of biometric information.

3D shows a crystal fusion scheme 340 . The decision fusion method 340 is a method of combining a decision result calculated for each of a plurality of pieces of biometric information in the step of determining the biometric information.

In the above, various methods of complex biometric authentication have been described. Hereinafter, when authenticating a user through biometric authentication, an error rate of biometric recognition related to a decision function will be described. 4A and 4B are graphs related to error rates of biometric authentication determination.

Graph a of FIG. 4a is a graph showing similarity distribution between biometric information of a real user and pre-registered user information during biometric authentication, and graph b of FIG. 4a shows similarity distribution between biometric information of a fake user and pre-registered user information. is the graph shown.

Graph a and graph b have portions overlapping each other, and the electronic device 100 determines that the electronic device 100 is a genuine user when the similarity is higher than the threshold indicated by the dotted line aa', and when the similarity is lower than the threshold, the electronic device 100 is counterfeit. can be judged by the user. Here, the threshold value may be a value determined by a provider providing a biometric authentication function, and refers to the above-described decision function.

On the other hand, a false rejection rate (FRR) shown in FIG. 4a represents a ratio of genuine users but determined to be fake users. The higher the FRR, the higher the threshold value, and accordingly, the probability that the user who inputs the biometric information is determined to be a genuine user decreases, so the security of biometric authentication can be increased. The lower the FRR, the lower the threshold value, and accordingly, the higher the probability that the user who inputs the biometric information is determined to be a genuine user, the lower the security of biometric authentication.

A false acceptance rate (FAR) represents an error in determining that a fake user is a genuine user. FAR is a concept opposite to FRR, and the higher the FAR, the lower the threshold value, and accordingly, the probability that the user who inputs the biometric information is determined to be a genuine user increases, so the security of biometric authentication may be lowered.

4B is a graph showing the relationship between FRR and FAR. FRR and FAR may be inversely proportional to each other. The threshold value corresponding to the area of d where the FRR is high and the FAR is low can be used for applications requiring high security although the authentication speed is slow. For example, a threshold in this area may be set in a payment application or a banking application that strictly determines a genuine user. Conversely, the threshold value corresponding to the area of c where FRR is low and FAR is high can be used for applications that speed up authentication and require low security. For example, a threshold value corresponding to this area may be used for an unlock function or the like. In this way, the threshold value (ie, the determination function) of the biometric authentication function may be determined in consideration of the security level of functions to be executed through biometric authentication. In the above, parameters related to errors in biometric authentication have been described.

Hereinafter, an algorithm that can be used in the score fusion method among complex biometric authentication methods will be described.

In the score fusion scheme, various artificial intelligence algorithms that combine matching scores may be used. Algorithms that can be used in the score fusion method include a combination-based score fusion algorithm, a classifier-based score fusion algorithm, and a density-based score fusion algorithm.

Combination-based score fusion algorithms may include statical rules, dynamic weighting, and triangular norms. Classifier-based score fusion algorithms may include a support vector machine (SVM), AdaBoost (RS-ADA), Dampster-Shafer (DS), and the like. The density-based score fusion algorithm may include a Liklihood feature (LF) and the like.

In addition, in the present invention, various conventionally known algorithms may be used in the skew fusion method, and a detailed description thereof is omitted in order not to deviate from the spirit of the present invention.

Hereinafter, serial biometric authentication in which biometric authentication is performed by sequentially performing two or more different biometric authentication methods together with drawings will be described.

5 are conceptual diagrams illustrating a method of performing serial biometric authentication in the conventional complex biometric authentication.

Biometric authentication may be classified according to biometric information. For example, biometric authentication includes face authentication, fingerprint authentication, voice authentication, iris authentication, vein authentication, and the like, and biometric authentication can be performed using various types of human body information that can represent individual characteristics.

Complex biometric authentication is a method of performing biometric authentication using different biometric information.

The multi-biometric authentication method includes serial biometric authentication and parallel biometric authentication according to the acquisition time point of biometric information. Specifically, the serial method is a method of acquiring a plurality of biometric information in sequence, and the parallel method is a method of acquiring a plurality of biometric information at the same time, fusing the biometric information obtained at the same time, and performing biometric authentication.

The serial method has an advantage in that the time required for biometric authentication is short and usability is good because one method of biometric authentication is performed at a time. However, compared to the parallel method, accuracy is lowered.

In the present invention, a method of performing biometric authentication using a serial method will be described. Hereinafter, the conventional series method will be described in more detail together with drawings.

Referring to FIG. 5 , in serial biometric authentication, biometric authentication is performed by obtaining one piece of biometric information (first user authentication, 510). As a result of performing the primary user authentication (510), authentication success (520) in which the pre-registered user information and the acquired biometric information match or authentication failure in which the pre-registered user information and the acquired biometric information do not match ( 530). In serial biometric authentication, when authentication fails (530), other biometric information is acquired and additional authentication is performed (secondary user authentication, 540).

That is, in serial biometric authentication, different biometric information is sequentially recognized and authenticated according to a preset sequence. Such serial biometric authentication may also be referred to as sequential authentication, cascaded authentication, and multi-stage fusion authentication.

Such serial biometric authentication includes an optimization of thresholds based on linear model, symmetric rejection method, marcialis' method, SPRT-based method, and serial fusion based on semi-supervised learning techniques. , Quality-based adaptive context switching algorithm, etc. may be used.

Hereinafter, serial biometric authentication will be described in more detail. 6 and 7 are conceptual views illustrating a specific method of performing complex biometric authentication in a serial manner.

Referring to FIG. 6 , serial biometric authentication is divided into primary user authentication 610 and secondary user authentication 650 . The primary user authentication 610 and the secondary user authentication 650 are biometric methods using different biometric information. For example, fingerprint recognition may be used as primary user authentication 610 and face recognition may be used as secondary user authentication 650 .

The result of performing the primary user authentication 610 is divided into authentication success 620, authentication failure 630, and non-determination 640.

Specifically, the security module 181 processing the biometric information is a comparison result between the pre-registered user information and the acquired biometric information, when the similarity exceeds (or is greater than) the first reference value (P1 in FIG. 7), It is determined that authentication is successful (620).

The first reference value P1 is a value at which a false acceptance rate (FAR) becomes zero. Here, FAR (False Acceptance Rate) is the rate at which fake users are mistakenly judged as genuine users. The value at which FAR becomes 0 can be said to be a critical value at which a fake user is not mistakenly determined as a genuine user. Therefore, if the similarity is the first reference value, that is, the FAR exceeds 0 (or more), it will be determined as authentication success (620).

In addition, the security module 181 judges authentication failure 630 when the similarity is less than (or less than) the second reference value (P2 in FIG. 7) as a result of comparison between the pre-registered user information and the obtained biometric information. .

The second reference value P2 is a value at which a false rejection rate (FRR) becomes zero. Here, FRR (False rejection rate) is the rate of true users but misrecognized. The value at which FRR becomes 0 can be said to be a threshold at which a true user is not misrecognized. Therefore, if the similarity is the second reference value, that is, the FRR is less than (or less than) 0, it will be determined as authentication failure (630).

In case of authentication failure 630, the security module 181 may perform an authentication initialization operation. The authentication initialization operation refers to an operation of switching to a standby state in which primary user authentication can be performed again.

In addition, the security module 181 determines that the determination is impossible 640 when the similarity between the pre-registered user information and the obtained biometric information is greater than or equal to the second reference value P2 and less than or equal to the first reference value P1. . In this case, the security module 181 performs secondary user authentication 650 . That is, in serial biometric authentication, it can be performed only when the secondary user authentication 650 is undeterminable.

In serial biometric authentication, the secondary user authentication 650 may perform biometric authentication using the biometric information acquired in the primary user authentication and the newly acquired biometric information. At this time, the newly acquired biometric information is different from the biometric information obtained in the first user authentication. For example, when fingerprint recognition information is obtained in primary user authentication, face recognition information may be obtained in secondary user authentication.

The secondary user authentication 650 may perform biometric authentication using one of the fusion methods described above with reference to FIGS. 3A to 3D .

For example, secondary user authentication is performed by comparing a comparison result of pre-registered user information and first biometric information performed at the time of primary user authentication with second biometric information and pre-registered user information. User authentication may be performed by combining the comparison results according to a preset algorithm. Accordingly, the second user authentication 650 may have higher accuracy than the first user authentication 610 .

The security module 181 determines a result of performing the secondary user authentication 650 as one of authentication success and authentication failure. And, the secondary user authentication 650 may terminate user authentication.

Meanwhile, when the secondary user authentication 650 is completed, the security module 181 may perform an authentication initialization operation. Accordingly, the user may retry primary user authentication again.

On the other hand, in the above-described serial biometric authentication, user authentication is sequentially performed according to a preset order or an order determined according to a predetermined criterion. At this time, biometric information that can be obtained varies according to the surrounding environment at the time of biometric recognition, the user's situation, and the operating state of the electronic device. In addition, biometric sensing accuracy varies depending on the surrounding environment at the time of biometric recognition, a user's situation, and an operating state of an electronic device. However, conventionally, complex biometric authentication has been performed without considering such a situation.

Further, in the serial biometric authentication, subsequent biometric authentication is performed according to the authentication result of the preceding biometric authentication. At this time, the succeeding biometric authentication may be performed only when the preceding biometric authentication is NO Decision.

At this time, although the authentication result of the preceding biometric recognition should be judged to be undeterminable, authentication failure may be determined according to the influence of the surrounding environment at the time of biometric recognition. Accordingly, if the number of cases in which the preceding biometric is judged to be undeterminable increases by emphasizing the surrounding environment, the sensing accuracy of the preceding biometric is reduced. On the other hand, if the sensing accuracy of the preceding biometric is emphasized, authentication of the succeeding biometric itself is not performed because many cases are determined as authentication failures. Accordingly, the usability of multi-biometric authentication deteriorates.

Accordingly, the present invention implements a method for improving both the usability and sensing accuracy of multi-biometric authentication by determining variable criteria according to the surrounding environment at the time of biometric recognition in serial multi-biometric authentication.

Meanwhile, hereinafter, the preceding biometric is referred to as 'first user authentication' or 'first user authentication'. In addition, the following biometrics are named 'secondary user authentication' or 'second user authentication'. In addition, in the present invention, serial biometric authentication has been described as an example, but is not necessarily limited thereto.

For example, it can also be applied to complex biometric authentication of a modified serial method in which secondary user authentication is sequentially performed even when the result of the first user authentication is authentication success according to the security level. Furthermore, it can be applied to complex biometric authentication in a parallel method within a range that is not contradictory.

8A to 8C show a method of performing serial biometric authentication by applying a variable decision criterion according to circumstances in complex biometric authentication according to the present invention.

Referring to FIG. 8A , the security module 181 of the electronic device 100 according to the present invention provides biometric authentication for executing primary user authentication 810 when an execution command for a function requiring complex biometric authentication is applied. activate the function For example, the security module 181 may execute a biometric authentication function in real time or at predetermined intervals by executing a related program in the background of the electronic device 100 .

Upon detection of biometric information for primary user authentication 810 or before that, the security module 181 of the electronic device 100 may detect context information (A) 820 .

Here, the situation information (A) 820 may include surrounding environment information, operating state information of the electronic device, and user-related information.

More specifically, the situation information may include surrounding environment information such as ambient illumination, ambient noise, ambient temperature, characteristic information of biometric information, motion information, and the like. In addition, the situation information is operation state information of the electronic device, such as the posture of the electronic device 100, shake information, whether or not a preset application is executed, the security level of the executed application, and the remaining battery power of the electronic device 100. can include In addition, the situation information may include input information such as an input sequence of biometric information and user related information such as user information.

In addition, various environmental sensors (eg, an illuminance sensor, a temperature sensor, etc.), a gyro sensor, a geomagnetic sensor, etc. provided in the electronic device 100 may be activated to collect situation information. Also, information stored in the memory 170 of the electronic device 100 may be used to collect context information.

In one embodiment, one or more context information may be selected based on characteristics of biometric information. Alternatively, contextual information representing a context related to the biometrics of the electronic device 100 may be collected, or the contextual information (A) 820 is an element for determining a biometric sensor to be used for primary user authentication 810. can be

Also, in one embodiment, the context information (A) 820 may be selected only related to the unique characteristics of the biometric information used for the first user authentication 810, and may not be selected. For example, when the primary user authentication 810 is face authentication, illuminance information may be selected and noise information may be excluded.

In the security module 181 of the electronic device 100, in the primary user authentication 810, for authentication of the biometric information detected through the biometric sensor, the multi-dimensional information including the context information 820 1 A variable judgment standard is set (830).

Here, the biometric information may be classified according to the type of biometric authentication. The biometric authentication includes face authentication, fingerprint authentication, voice authentication, iris authentication, vein authentication, blood vessel authentication, and the like, and represents a unique characteristic of an individual. Accordingly, the biometric information includes face recognition information, fingerprint recognition information, voice recognition information, iris recognition information, vein recognition information, blood vessel recognition information, and the like. Accordingly, the biometric sensor for detecting the biometric information refers to a sensor capable of detecting user's face recognition information, fingerprint recognition information, voice recognition information, iris recognition information, vein recognition information, blood vessel recognition information, and the like.

The security module 181 may perform complex biometric authentication using different biometric sensors according to the characteristic information of the biometric information.

Here, the characteristic information of the biometric information is information indicating the unique characteristics of the biometric information. In addition, the unique characteristics may include all of quality information of biometric information, spoofing information/anti-spoofing information of biometric information, characteristics related to a method of collecting biometric information, and the like.

For example, the quality information of the face recognition information is the resolution of the face recognition information. In addition, for example, the spoofing information/anti-spoofing information of the face recognition information is information in which the face recognition information recognizes a face photo as a real face, and the anti-spoofing information for this is motion detection, eye blink detection, and reflectivity information of a 2D image. , thermal image information, heart rate information, frequency spectrum information, synchronization information between voice and video, and the like. In addition, for example, the characteristic information related to the method of collecting face recognition information may include image capturing for obtaining a face image, characteristics of generating a photographing sound, and characteristics of photographing at a certain level of illumination or higher.

In addition, the first variable criterion includes a biometric sensor for detecting biometric information, collected situation information, a matching score between biometric information and pre-registered user information, and a forgery related score of biometric information. can be determined taking all of them into account.

Here, the pre-registered user information refers to characteristic points of biometric information pre-registered in the electronic device 100 . For example, in the case of face authentication, the height of the nose, the distance between the eyes, the shape of the eyebrows, etc., which are characteristics of pre-registered face recognition information, may all be included. In addition, for example, in the case of vein authentication, a blood vessel/vein pattern of a user's palm, finger, hand, etc. may become a feature of pre-registered vein recognition information.

In addition, the matching score refers to a value obtained by converting a similarity between characteristic points of the pre-registered user information and biometric information detected through a biometric sensor into a score. Genuine users show a high matching score. However, the matching score for the same user may vary according to various situational information collected when biometric information is sensed.

Also, the forgery-related score of the biometric information may include at least one of an anti-spoofing score and a quality score.

The spoofing score is a score obtained by converting the possibility that the biometric information is forged information into a score. Accordingly, the anti-spoofing score is a score obtained by converting a probability that the biometric information is not counterfeit information. If the spoofing score is a spoofing score related to a false acceptance rate (FAR), it can be said that the anti-spoofing score is a spoofing score related to a false rejection rate (FRR).

The quality score is related to the detection of characteristics of the biometric information, and is obtained by converting the quality of the detected biometric information into a score.

For example, the security module 181 may convert the resolution of the face recognition information and the signal-to-noise ratio of the voice recognition information into a standardized quality score according to a preset standard. Also, the security module 181 may perform authentication using biometric information having a higher score based on the converted quality score. Here, as the conversion standard of the standardized quality score, various conventionally known methods may all be used, and a detailed description thereof will be omitted here.

The security module 181 may generate a variable decision function based on the situation information and the forgery-related score of the biometric information. Here, the variable decision function may be generated differently each time biometric information is sensed by combining at least one of an anti-spoofing score and a quality score with the situation information.

The decision function is a function that serves as a criterion for determining whether a user inputting biometric information is a genuine user or an imposter user. This decision function may be set to a specific threshold or a multi-dimensional function. Although the initial value of the decision function may be changed as the use of the biometric authentication function of the electronic device 100 is accumulated, the initial setting value (default) is set by the manufacturer.

However, in the present invention, a multi-dimensional function in which the threshold value or threshold range of No Decision is varied each time is set as the authentication criterion in consideration of various situational information collected when biometric information is detected and forgery-related scores. Therefore, different decision functions may be set for the same biometric information as well as for different biometric information.

In addition, the variable decision function is generated not only during the first user authentication (810) but also during the second user authentication (880). This is the case not only in the case of complex biometric authentication in serial mode as shown in FIG. 8A, but also in case of complex biometric authentication in parallel mode in which primary and secondary user authentication are performed simultaneously.

The generated variable decision function may be stored in the memory 170 for each type of biometric information. In addition, the stored variable decision function may be automatically updated when recognizing the next biometric information.

In this way, matching (840) is performed by determining a variable decision function each time biometric information is sensed. In matching 840, a matching score is calculated by comparing biometric information used in the first user authentication 810 with pre-registered user information. In addition, a final score is calculated by combining the calculated matching score with a score related to forgery of biometric information (eg, an anti-spoofing score, a quality score, etc.). Then, authentication is performed by applying the variable decision function generated based on the situation information and forgery-related scores of the biometric information to the calculated final matching score.

According to this, the sensing accuracy of the first user authentication 810 is increased and the usability of the complex biometric authentication through the second user authentication 880 is further improved.

As a result of performing primary user authentication matching (840) by applying a variable decision function, one of authentication success (850), authentication failure (860), and no decision (870) is output as the authentication result. .

The authentication result may be immediately output to the display unit 151 of the electronic device 100 . Alternatively, the authentication result may be output as a final authentication result obtained by combining a plurality of authentication results after both the first user authentication 810 and the second user authentication 880 are completed.

In the present invention, if the authentication result of the primary user authentication 810 is authentication success 850 or authentication failure 860, secondary user authentication 880 may not be performed. In other words, when the authentication result of the primary user authentication 810 is undeterminable 870, the secondary user authentication 880 may be subsequently performed.

In the present invention, since primary user authentication is performed by applying a variable decision function generated including contextual information and forgery-related information, authentication of the genuine user fails (860) and secondary user authentication (880) is not performed. Accordingly, the problem of reduced usability of complex biometric authentication is solved. In addition, as the counterfeit user becomes authentication successful (850) and the secondary user authentication (880) is not performed, the problem of deterioration in sensing accuracy is also solved.

Also in the secondary user authentication 880, a multi-dimensional second variable decision criterion is set 830', including the context information (B) 820' collected when the biometric information is detected. The setting of the second variable criterion is similar to the setting of the first variable criterion.

However, the situation information (A) at the time of the first user authentication (810) and the situation information (B) at the time of the second user authentication (880) are different, and each forgery-related score (eg, anti-spoofing score, quality score) is also different. Since they are different, the variable decision function in the first user authentication 810 and the variable decision function in the second user authentication 880 are different from each other.

When the secondary user authentication 880 is matched 840', the second variable decision criterion 830' is applied to the final score. Accordingly, authentication success 850' or authentication failure 860' is output. At this time, a final authentication result in which the result of the first user authentication and the result of the second user authentication are converged may be output.

In this way, when the first and/or second user authentication result is output by the security module 181, an operation related to the authentication result of the control unit 180 of the electronic device 100 may be controlled.

FIG. 8B shows a process of performing primary user authentication in more detail, and FIG. 8C illustrates a process of performing secondary user authentication in more detail.

First, referring to FIG. 8B , an anti-scooping score 811, a quality score 812, and a matching score 813 are calculated based on the first biometric information sensed through sensor A. In addition, considering both the anti-scooping score SA, the quality score QA, and the matching score MA related to the characteristics of the first biometric information, including CA, which is the situation information 814 collected when the first biometric information is detected, A variable decision criterion is set (815). Then, a matching & decision 816 for applying the set variable decision criterion to the final score is performed.

Next, in FIG. 8C , an anti-scooping score 821, a quality score 822, and a matching score 823 are calculated based on the second biometric information sensed through the sensor B. At this time, the variables (SA, QA, MA, CA) 815' of the variable determination criteria set in the primary user authentication may be included as additional factors in the variable determination criterion setting 815' of the secondary user authentication. . That is, fusion 825 of the variable decision criterion may be performed. Next, a matching & decision 826 is performed in which the fusion 825 of the variable decision criterion is applied to the final score related to the second biometric information.

Hereinafter, with reference to FIGS. 9A to 9C , an authentication result according to the existing criterion and an authentication result according to the application of the variable criterion according to the present invention will be compared and described.

9A is an example of performing matching & determination according to existing fixed criteria for face authentication. The reference value/baseline at which the FAR (False Acceptance Rate) becomes 0 (hereinafter referred to as 'upper limit threshold' 901) has a standardized final score fixed at 0.8. In addition, the reference value/baseline at which the FRR (False Rejection Rate) becomes 0 (hereinafter referred to as 'lower limit threshold' 902) has a standardized final score fixed at 0.2.

If the final score of face authentication is equal to or greater than (or exceeds) the upper limit threshold 901 , authentication is successful, and if it is less than (or is less than) the lower limit threshold 902 , authentication fails. And, if it is between the upper limit threshold value 901 and the lower limit threshold value 902, discrimination becomes impossible.

However, depending on circumstances, it is necessary to increase or decrease the upper limit threshold 901 and/or the lower limit threshold 902 . For example, when the ambient illumination is dark, for example, 3 lux, authentication fails even for a true user. In this case, if a reduced lower limit threshold (903) is applied in order to make the authentication result come out as non-discrimination rather than authentication failure, now most of the counterfeit users in the 3 lux environment become indistinguishable rather than authentication failure, so primary user authentication The sensing accuracy and usability of the sensor are greatly deteriorated.

However, in the present invention, as shown in FIG. 9B , a variable upper limit threshold 910 and a variable lower limit threshold 920 are applied according to the level of ambient illumination (eg, Gen, GenLow, BenDark). Here, the upper and lower limit thresholds may be defined as continuous values of a multidimensional function that changes according to the level of contextual information, rather than specific values.

Accordingly, even if the score is the same, when the ambient illumination is dark, for example, 3 lux, the discrimination is impossible, and when the ambient illumination is bright, the authentication fails or the authentication succeeds, and the sensing accuracy is improved. Furthermore, when the ambient illumination is dark, for example, 3 lux, it is impossible to determine and the secondary user authentication is performed, so the usability of the complex biometric authentication with higher security is further improved.

Referring to FIG. 9C , in relation to the matching & determination of the final score, at the first point P1, both the conventional method and the method according to the present invention have the same result, that is, non-discrimination. However, at the second point (P2), as a variable judgment criterion is applied by reflecting environment information with dark surrounding illumination, discrimination becomes impossible in the present invention. However, in the conventional method, authentication fails at the second point P2.

In addition, at the third point P3, when the ambient illumination is normal, factors other than illumination information, for example, quality scores such as resolution, flow, and distortion, reflectance information of 2D images, A variable decision function considering all spoofing scores and the like is applied. Accordingly, in the present invention, authentication is determined to be successful, whereas in the existing method, determination is impossible according to a fixed criterion. Even if the first user authentication is authentication success, when the final authentication result is output by combining the results of the second user authentication, the authentication success determination at the third point P3 contributes to increasing the sensing accuracy.

As such, in the present invention, the variable decision function is applied to the upper limit threshold and the lower limit threshold related to the determination of user authentication to the level of situation information and/or the score related to falsification of biometric information (e.g., quality score, spoofing/anti-spoofing score). It is generated as a multi-dimensional function that varies according to the score and is applied to the final score.

Here, the upper limit threshold means a value or line at which a false acceptance rate (FAR) becomes 0, and the lower limit threshold means a value or line at which a false rejection rate (FRR) becomes 0. In addition, at least one of the upper limit threshold value and the lower limit threshold value is increased or decreased according to factors such as a level of situation information and/or a forgery-related score of biometric information.

Meanwhile, when the environment information is acceleration information or noise information, a variable decision function similar to the graph shown in FIG. 9B, that is, variable upper and lower limit thresholds may be generated. However, if the environment information is related to vein recognition information or iris recognition information, a variable decision function in a form opposite to the graph shown in FIG. 9B, that is, variable upper and lower limit thresholds may be generated.

10 is a flowchart of a process of performing serial biometric authentication by applying a variable decision criterion according to circumstances in complex biometric authentication according to the present invention.

When the biometric authentication function is activated, the electronic device 100 according to the present invention detects first biometric information through a first biometric sensor and detects situation information upon detection/recognition of the first biometric information. It can (S10). Next, multi-dimensional variable criteria for the first biometric information including the sensed context information are set (S20). Then, the first user authentication for the first biometric information is performed based on the set multi-dimensional variable judgment criteria (S30). Then, according to the result of performing the first user authentication, second user authentication using the second biometric information is performed (S40).

11A to 14 are examples showing specific complex biometric authentication means and situation information to which variable criteria according to the present invention are applied.

According to an embodiment of the present invention, the second user authentication is performed only when the authentication result of the first user authentication is undeterminable, which does not correspond to either authentication success or authentication failure.

In addition, in an embodiment, the second user authentication may include a comparison result of comparing pre-registered user information and first biometric information performed during first user authentication, and second biometric information and pre-registered user information. End user authentication may be performed by combining the compared comparison results.

First, in FIG. 11A , face authentication 1101 is used as first user authentication, and illuminance information (A) 1102 is selected as situation information. In addition, the multi-dimensional first variable judgment criterion takes into account the anti-spoofing score 1103, the quality score 1104, and the matching score 1105 related to the face recognition information, including the collected illuminance information (A) 1102. this is decided Then, when the first variable decision criterion is applied to the final score, one of authentication success (1106), authentication failure (1107), or non-determination (1108) is obtained.

Referring to FIG. 11B , when the authentication result of face authentication 1101 in FIG. 11A is undeterminable 1108 , second user authentication by fusion 1111 of face authentication and fingerprint authentication is performed. At this time, as the situation information, acceleration information (B) 1112 may be selected. In this case, acceleration information (B) 1112 may be different from acceleration information collected during face authentication 1101 . Next, including the acceleration information (B) 1112, the anti-spoofing score 1114, the quality score 1115, the matching score 1116 related to the fingerprint recognition information, and the value of the first variable judgment criterion determined in face authentication. In further consideration of (1113), a multidimensional second variable decision criterion is determined.

Then, when the second variable decision criterion is applied to the final score, either authentication success (1117) or authentication failure (1116) results.

FIG. 12 is a flowchart illustrating a detailed process of a method for determining variable criteria for multi-biometric authentication in relation to FIGS. 11A and 11B.

When the complex biometric authentication function according to the present invention is activated, as shown in FIG. 12 , a first variable decision criterion is set including first situation information related to first user authentication (S1210). And, as a result of performing the first user authentication according to the set first variable judgment criterion, it is determined whether discrimination is impossible (S1220). If the section is not discriminable, it is determined as authentication success or authentication failure (S1230).

Here, the non-discrimination is a case where a matching score related to first user authentication, a score related to forgery of biometric information of first user authentication, and a final score considering all of the situation information is less than the aforementioned lower limit threshold. In the present invention, the lower limit threshold is variable according to situational information and/or forgery-related scores.

If the result of performing the first user authentication is No Decision, a second variable decision criterion including second situation information related to the second user authentication is set in consideration of the first variable decision criterion (S1240). Then, the second user authentication is performed according to the set second variable determination criterion (S1250).

Meanwhile, in one embodiment, when the second user authentication is performed, both the first and second biometric information may be used. In addition, the multi-dimensional variable criterion in the second user authentication may be determined by additionally considering the multi-dimensional variable criterion used in the first user authentication.

FIG. 13 shows a process of performing complex biometric authentication in a serial manner according to the present invention, with voice authentication and iris authentication as complex biometric authentication. In the first user authentication, multi-dimensional variable criteria including noise information (A) are set. If the result of the voice authentication is not discriminable, the voice authentication and the iris authentication are fused, and a multi-dimensional variable criterion is set again including the illuminance information (B).

14 shows a process of performing complex biometric authentication in a serial manner according to the present invention by using face authentication and vein authentication as complex biometric authentication. In the first user authentication, multi-dimensional variable criteria are set including illuminance information (A). If the result of face authentication is non-discrimination, face authentication and vein authentication are fused, and a multi-dimensional variable criterion including illuminance information (A') is set again.

Also, in an embodiment, when performing the second user authentication, biometric information and context information for the second user authentication may be selected based on the biometric information and context information used in the first user authentication. For example, when the illuminance information (A) collected during face authentication is dark, vein authentication capable of authentication in a dark environment is selected, and it can be confirmed that illuminance information, which is contextual information related thereto, is selected again.

However, the illuminance information (A') collected during vein authentication is not only different from the illuminance information (A) collected during face authentication, but also acts as a different factor when setting a variable criterion. For example, in face authentication, as the level of illuminance information A' increases, a variable decision function similar to that of FIG. 9B is generated. On the other hand, since the vein authentication uses infrared rays to project the user's blood vessels, as the level of the illuminance information A' increases, a variable decision function opposite to that of FIG. 9B will be generated.

15 is a conceptual diagram illustrating a method of performing complex biometric authentication in a parallel method by applying variable criteria according to situations and converging a plurality of sensors, situation information, and variable criteria in complex biometric authentication according to the present invention.

15 is an example in which authentication is performed by applying a variable criterion according to the present invention in parallel multi-biometric authentication in which first user authentication using sensor A and second user authentication using sensor B are simultaneously performed.

In FIG. 15 , the first biometric information and the second biometric information may be sensed together by sensors A and B. At this time, when calculating the matching score of the first biometric information, the fused situation information, that is, both the situation information A and the situation information B may be considered. In addition, when calculating the matching score of the second biometric information, fused situational information, that is, both situational information (A) and situational information (B) may be considered.

In addition, the first variable judgment criterion 1510 applied to the final score of the first biometric information may also be applied to the final score of the second biometric information. In addition, the second variable judgment criterion 1520 applied to the final score of the second biometric information may also be applied to the final score of the first biometric information. Alternatively, the third variable criterion in which the first and second variable criterion are fused may be applied to the final score of the first biometric information and the final score of the second biometric information, respectively.

Furthermore, the authentication result of the first biometric information and the authentication result of the second biometric information may be fused (1530) to calculate a final authentication result.

As described above, the electronic device according to the present invention performs biometric authentication by determining a variable criterion in consideration of the forgery-related score related to the surrounding environment at the time of biometric authentication and the characteristics of biometric authentication. Usability, convenience, and sensing accuracy are all improved. In addition, by determining whether or not to perform secondary authentication according to a result of performing primary authentication, the authentication speed of biometric authentication can be improved. In addition, by applying a multi-dimensional function in which the threshold or threshold range of No Decision is variable every time, considering all of the forgery-related scores and various situational information collected when biometric information is detected, a multi-dimensional function is applied to authentication, even in secondary authentication. Authentication accuracy can be improved.

The above-described present invention can be implemented as computer readable code on a medium on which a program is recorded. The computer-readable medium includes all types of recording devices in which data that can be read by a computer system is stored. Examples of computer-readable media include Hard Disk Drive (HDD), Solid State Disk (SSD), Silicon Disk Drive (SDD), ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage device, etc. , and also includes those implemented in the form of a carrier wave (eg, transmission over the Internet). Also, the computer may include a control unit 180 in an electronic device. Accordingly, the above detailed description should not be construed as limiting in all respects and should be considered illustrative. The scope of the present invention should be determined by reasonable interpretation of the appended claims, and all changes within the equivalent scope of the present invention are included in the scope of the present invention.

Claims (16)

In an electronic device that performs complex biometric authentication,
a first biometric sensor configured to detect first biometric information;
a second biometric sensor configured to detect second biometric information;
Setting a multi-dimensional variable criterion including situational information at the time of detection of at least one of the first biometric information and the second biometric information;
Performing first user authentication by applying the multi-dimensional variable criterion to a matching score for the first biometric information or the second biometric information;
a security module for determining whether to perform second user authentication using remaining biometric information based on a result of the first user authentication; and
And a control unit for controlling the operation of the electronic device based on at least one of the first or second user authentication results performed by the security module,
The control unit,
User authentication is performed by applying a variable decision function generated based on the forgery related score of the situation information and biometric information;
The electronic device characterized in that the variable decision function is generated such that an upper limit threshold and a lower limit threshold related to user authentication determination are varied according to the level of the context information. According to claim 1,
The multidimensional variable criterion is,
An electronic device characterized in that the determination is made in consideration of all of a biometric sensor for detecting biometric information, the situation information, the matching score, and a forgery-related score of the biometric information. According to claim 1,
the situation information
At least one of ambient illumination, ambient noise, ambient temperature, characteristic information of biometric information, motion information, posture of electronic device, execution of a preset application, remaining battery capacity of electronic device, input order of biometric information, and user information include,
The electronic device characterized in that one or more context information is selected based on the characteristics of the biometric information. According to claim 3,
The security module,
Comparing the first biometric information or the second biometric information with pre-registered user information to calculate a matching score;
Calculating a final score by combining the forgery-related score of the biometric information with the calculated matching score;
The electronic device characterized in that performing user authentication by applying the variable decision function to the calculated final matching score. According to claim 4,
The forgery related score of the biometric information includes at least one of an anti-spoofing score and a quality score,
The variable decision function is generated by combining at least one of the anti-spoofing score and the quality score with the context information. delete According to claim 4,
The upper limit threshold is a value at which a false acceptance rate (FAR) is 0, and the lower limit threshold is a value at which a false rejection rate (FRR) is 0,
The electronic device characterized in that at least one of the upper limit threshold and the lower limit threshold is increased or decreased according to the level of the context information. According to claim 4,
The second user authentication,
The electronic device characterized in that the authentication result of the first user authentication is performed only when it is non-determinable that does not correspond to both authentication success and authentication failure. According to claim 8,
The judgment is impossible,
The electronic device according to claim 1 , wherein the matching score, the forgery-related score of the biometric information, and the final score considering all of the situation information are less than the lower limit threshold, and the lower limit threshold is variable according to the situation information. According to claim 1,
When performing the second user authentication,
The electronic device characterized in that biometric information and context information for the second user authentication are selected based on the biometric information and context information used in the first user authentication. According to claim 1,
When performing the second user authentication,
Using both the first and second biometric information,
The multi-dimensional variable criterion in the second user authentication is determined by additionally considering the multi-dimensional variable criterion used in the first user authentication. According to claim 11,
When performing the second user authentication,
The multi-dimensional variable criterion in the second user authentication is determined by considering both the multi-dimensional variable criterion used in the first user authentication and situation information used in the first user authentication. . As an operating method of an electronic device performing complex biometric authentication,
sensing biometric information from at least one of the first and second biometric sensors;
setting a multi-dimensional variable criterion including situational information when biometric information of at least one of the first and second biometric sensors is sensed;
performing first user authentication by applying the multi-dimensional variable criterion to a matching score for the at least one piece of biometric information;
determining whether to perform second user authentication using remaining biometric information based on a result of the first user authentication; and
Controlling the operation of the electronic device based on at least one of the first and second user authentication results;
When user authentication is performed, user authentication is performed by applying a variable decision function generated based on the forgery-related score of the situation information and biometric information;
The control method of an electronic device, characterized in that the variable decision function is generated such that an upper limit threshold and a lower limit threshold related to user authentication determination are varied according to the level of the context information. According to claim 13,
The step of setting the multi-dimensional variable criterion,
A control method of an electronic device, characterized in that the step of setting considering all of a biometric sensor for detecting biometric information, the situation information, the matching score, and a forgery-related score of the biometric information. According to claim 14,
The step of performing the first user authentication is
calculating a matching score by comparing the first biometric information or the second biometric information with pre-registered user information;
Calculating a final score by combining the calculated matching score with a score related to forgery of biometric information;
and performing the first user authentication by applying the variable decision function to the calculated final score. According to claim 15,
The variable decision function,
An upper limit threshold and a lower limit threshold related to user authentication determination are created to be variable according to the level of the context information,
The second user authentication,
The method of controlling an electronic device, characterized in that the first user authentication is performed when it is impossible to determine that a final score falls between a variable upper limit or lower limit threshold as a result of performing the first user authentication.

Images