WO2022149376A1 - Biometric authentication control unit, system, control method for biometric authentication control unit, and recording medium - Google Patents

Biometric authentication control unit, system, control method for biometric authentication control unit, and recording medium Download PDF

Info

Publication number
WO2022149376A1
WO2022149376A1 PCT/JP2021/044024 JP2021044024W WO2022149376A1 WO 2022149376 A1 WO2022149376 A1 WO 2022149376A1 JP 2021044024 W JP2021044024 W JP 2021044024W WO 2022149376 A1 WO2022149376 A1 WO 2022149376A1
Authority
WO
WIPO (PCT)
Prior art keywords
person
authenticated
tracking
control unit
biometric authentication
Prior art date
Application number
PCT/JP2021/044024
Other languages
French (fr)
Japanese (ja)
Inventor
統 坂口
智弘 波多江
寿也 古城
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to JP2022573944A priority Critical patent/JPWO2022149376A5/en
Publication of WO2022149376A1 publication Critical patent/WO2022149376A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Definitions

  • the present invention relates to a biometric authentication control unit, a system, a control method of the biometric authentication control unit, and a recording medium.
  • face recognition has begun to be applied to various procedures at airports (for example, check-in, luggage deposit, security check, etc.).
  • procedures at airports for example, check-in, luggage deposit, security check, etc.
  • ticket gates that support face recognition is also underway.
  • Patent Document 1 it is determined whether or not it is appropriate as an image pickup target using the movement line of a pedestrian, and the face recognition performance is remarkably improved by changing the determination threshold in the face matching process according to the determination result. It is stated that it provides improved facial recognition devices, facial recognition methods and entry / exit management devices.
  • problems may occur. Specifically, although the authentication of a person located in front of the gate device is started, a problem may occur when another person interrupts in front of the person. In this case, it may allow unauthenticated persons to pass through.
  • Patent Document 1 The problem cannot be solved by applying the technique disclosed in Patent Document 1. This is because the technique of Patent Document 1 is limited to determining whether or not a pedestrian is suitable as an image pickup target.
  • the main object of the present invention is to provide a biometric authentication control unit, a system, a control method of the biometric authentication control unit, and a recording medium, which contribute to appropriately controlling the passage of a user.
  • an authenticated person detecting means for detecting a person at a predetermined position as an authenticated person and an authentication request including the detected biometric information of the authenticated person are transmitted to a server device.
  • a bioauthentication control unit is provided, which comprises a notification means for determining whether or not the person to be authenticated can pass through the gate device and notifying the gate device of the determination result.
  • a server device that stores biometric information of each of a plurality of users and performs biometric authentication
  • a biometric authentication unit connected to the server device and the biometric authentication control unit
  • the bioauthentication control unit includes an authenticated gate device, an authenticated person detecting means for detecting a person at a predetermined position as an authenticated person, and an authentication request including the detected biometric information of the authenticated person.
  • the requesting means for transmitting to the server device, the tracking means for tracking the detected authenticated person, the result of bioauthentication of the authenticated person by the server device, and the authenticated person at the entrance of the gate device.
  • a system including a notification means for determining whether or not the authenticated person can pass through the gate device based on the result of the tracking determination of the person and notifying the gate device of the determination result. ..
  • the biometric authentication control unit a person at a predetermined position is detected as a person to be authenticated, and an authentication request including the detected biometric information of the person to be authenticated is transmitted to the server device.
  • the authenticated person is tracked, and the person to be authenticated is tracked based on the result of the bioauthentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device.
  • a control method of the biometric authentication control unit which determines whether or not the user can pass through the gate device and notifies the gate device of the determination result.
  • a process of detecting a person at a predetermined position as a person to be authenticated on a computer mounted on a bioauthentication control unit and authentication including the detected biometric information of the person to be authenticated are included.
  • a recording medium is provided.
  • a biometric authentication control unit a system, a control method of the biometric authentication control unit, and a recording medium that contribute to appropriately controlling the passage of the user are provided.
  • the effect of the present invention is not limited to the above. According to the present invention, other effects may be produced in place of or in combination with the effect.
  • the biometric authentication control unit 100 includes a subject detection unit 101, a request unit 102, a tracking unit 103, and a notification unit 104 (see FIG. 1).
  • the authenticated person detection unit 101 detects a person at a predetermined position as an authenticated person.
  • the request unit 102 transmits an authentication request including the detected biometric information of the person to be authenticated to the server device.
  • the tracking unit 103 tracks the detected person to be authenticated.
  • the notification unit 104 determines whether or not the authenticated person can pass through the gate device based on the result of the biometric authentication of the authenticated person by the server device and the result of the tracking determination of the authenticated person at the entrance of the gate device. , Notify the gate device of the determination result.
  • the biometric authentication control unit 100 detects a user who is a predetermined distance away from the gate device as a person to be authenticated. When the biometric authentication control unit 100 detects the subject to be authenticated, the biometric authentication control unit 100 starts biometric authentication and tracking of the subject to be authenticated. After that, when the person to be authenticated arrives at the gate device (arrival at the entrance of the gate device), the biometric authentication control unit 100 determines whether or not the tracking of the person to be authenticated is successful. The biometric authentication control unit 100 permits the subject to pass through the gate when the subject is successfully authenticated and the tracking started from a predetermined position is successful at least at the entrance.
  • the biometric authentication control unit 100 succeeds in biometric authentication of the person to be authenticated and succeeds in tracking the person to be authenticated at the entrance of the gate device, the person to be authenticated can pass through the gate device.
  • the user who interrupts from the side of the person to be authenticated cannot pass through the gate device because biometric authentication and tracking are not successful. That is, the traffic of the user is appropriately controlled.
  • FIG. 2 is a diagram showing an example of a schematic configuration of the authentication system according to the first embodiment.
  • the authentication system includes a plurality of gate devices 10-1 to 10-3 and a server device 20.
  • gate device 10 In the following description, if there is no particular reason for distinguishing the gate devices 10-1 to 10-3, it is simply referred to as "gate device 10". Similarly, the other configurations are represented by the symbols on the left side of the hyphen.
  • the gate device 10 and the server device 20 are configured to enable communication by a wired or wireless communication means.
  • the server device 20 may be installed in the same building as the gate device 10 or may be installed on a network (cloud).
  • the gate device 10 is, for example, a device installed at an airport or a station.
  • the gate device 10 controls the passage of the user.
  • the gate device 10 will be described as a ticket gate installed at a station.
  • the purpose is not to limit the gate device 10 to the ticket gate installed at the station.
  • the server device 20 is a device that controls the entire authentication system.
  • the server device 20 is a device that performs biometric authentication of a user who is about to pass through the gate device 10. If the user has the qualification (authority) to pass through the gate device 10, the server device 20 permits the user to pass. If the user is not qualified to pass through the gate device 10, the server device 20 refuses the passage of the user.
  • the gate device 10 includes a camera 11 installed so as to be able to photograph a user walking toward the gate device 10. Further, the gate device 10 includes detection sensors 12 and 13 for detecting a user who has entered the own device, and a gate 14 for controlling the passage of the user.
  • the gate device 10 includes a biometric authentication control unit 15.
  • the biometric authentication control unit 15 is a unit that can be retrofitted (add-on) to the gate device 10.
  • the gate device 10 and the biometric authentication control unit 15 are connected by a bus standard such as USB (Universal Serial Bus) or PCI (Peripheral Component Interconnect), for example.
  • the biometric authentication control unit 15 is configured to be communicable with the camera 11, the detection sensors 12 and 13, and controls (uses) these devices to realize the biometric authentication function of the gate device 10.
  • the biometric authentication control unit 15 detects a person (user, passenger) existing at a predetermined distance (for example, position X1 in FIG. 3) from the gate device 10.
  • the biometric authentication control unit 15 When the user is detected at the position X1, the biometric authentication control unit 15 requests the server device 20 to perform biometric authentication of the detected user. Specifically, the biometric authentication control unit 15 transmits an "authentication request" including the biometric information of the user to the server device 20.
  • the biometric authentication control unit 15 starts tracking (tracking) of the user (the person to be authenticated detected at the position X1) at substantially the same timing as the transmission of the authentication request (start of authentication).
  • the biometric authentication control unit 15 detects the authenticated person at the position X1, the authentication request to the server device 20 and the tracking start of the authenticated person are performed at substantially the same timing.
  • the server device 20 that has received the authentication request identifies the user by a collation process (authentication process) using biometric information registered in advance.
  • the server device 20 determines whether or not the specified user is qualified to pass through the gate device 10. For example, the server device 20 confirms the charge amount of the pre-registered user and determines whether or not the authenticated person can pass.
  • the server device 20 may make an inquiry to an external server or the like when determining whether or not the authenticated person can pass. Whether or not to inquire about an external server or the like depends on the specifications, design, etc. of the system, and is different from the purpose of the disclosure of the present application. Therefore, the description regarding the configuration of the system including the external server will be omitted.
  • the server device 20 transmits a response (authentication result) to the authentication request to the biometric authentication control unit 15 that is the source of the request. Specifically, when the server device 20 is determined to be “passable”, the server device 20 notifies the biometric authentication control unit 15 of "authentication success”. When it is determined that "passage is not possible", the server device 20 notifies the biometric authentication control unit 15 of "authentication failure”.
  • the person to be authenticated moves toward the gate device 10.
  • the biometric authentication control unit 15 receives the response of the authentication request from the server device 20 at the timing when the person to be authenticated moves to the location X2.
  • the biometric authentication control unit 15 Even if the authentication result is received from the server device 20, the biometric authentication control unit 15 continues to track the person to be authenticated. Even if the biometric authentication control unit 15 receives the authentication result from the server device 20, the biometric authentication control unit 15 does not instruct the gate device 10 to open or close the gate 14 at that timing.
  • the authenticated person further approaches the gate device 10 and enters the inside thereof (the authenticated person reaches the position X3).
  • the gate device 10 detects that the person to be authenticated has entered the inside of the gate device 10 based on the detection signal from the detection sensor 12 installed at the entrance of the gate device 10.
  • the gate device 10 detects the person to be authenticated, it notifies the biometric authentication control unit 15 to that effect.
  • the biometric authentication control unit 15 Upon recognizing the fact that the user has entered the gate device 10, the biometric authentication control unit 15 makes a final determination regarding the tracking of the person to be authenticated. The biometric authentication control unit 15 makes a final determination of tracking at the timing (position X3) when it is determined that the person to be authenticated has entered the inside of the gate device 10. The biometric authentication control unit 15 determines that the tracking is completed when the face of the same person can be tracked between the position X1 and the position X3.
  • the biometric authentication control unit 15 When the biometric authentication control unit 15 succeeds in authenticating the server device 20 and the tracking is completed at the timing when the final determination regarding the tracking is performed, the user (certified person) presses the gate device 10. It is determined that the vehicle can pass through, and the gate device 10 is notified to that effect. More specifically, the biometric authentication control unit 15 transmits a "passage permission notification" to the gate device 10.
  • the authenticated person goes further inside from the entrance of the gate device 10.
  • the gate device 10 detects the person to be authenticated based on the detection signal from the detection sensor 13 installed in the middle of the own device.
  • the gate device 10 If the gate device 10 receives the "passage permission notification" at the timing when the user is detected, the gate device 10 maintains the open state of the gate 14 and permits the user to pass through the gate.
  • the gate device 10 closes the gate 14 to restrict the passage of the user.
  • the biometric information of the user exemplifies data (feature amount) calculated from physical characteristics peculiar to an individual such as a face and an iris pattern (pattern).
  • the biometric information of the user may be image data such as a face image and an iris image.
  • the biometric information of the user may be any information that includes the physical characteristics of the user.
  • a human face image or a feature amount generated from the face image is used as biological information for explanation.
  • tracking using a facial image or tracking using a body shape image can be used.
  • face tracking using a face image face area
  • the authentication system may include at least one gate device 10.
  • Each gate device 10 may be installed in the same place (for example, the same station) or may be installed in a different place.
  • FIG. 4 is a diagram showing an example of a processing configuration (processing module) of the biometric authentication control unit 15 according to the first embodiment.
  • the biometric authentication control unit 15 includes a communication control unit 201, a subject detection unit 202, an authentication request unit 203, a subject tracking unit 204, a passage permission notification unit 205, and table management.
  • a unit 206, a message output unit 207, and a storage unit 208 are included.
  • the communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the server device 20. Further, the communication control unit 201 transmits data to the server device 20. The communication control unit 201 passes the data received from the other device to the other processing module. The communication control unit 201 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 201.
  • the authenticated person detection unit 202 is a means for detecting the authenticated person.
  • the authenticated person detection unit 202 detects a person at a position (predetermined position) separated from the gate device 10 by a predetermined distance as the authenticated person. More specifically, the authenticated person detection unit 202 detects whether or not a person is present at a place (position X1 in FIG. 3) at a predetermined distance from the gate device 10.
  • the authenticated person detection unit 202 acquires image data from the camera 11 on a regular basis or at a predetermined timing. The authenticated person detection unit 202 attempts to extract a face image from the acquired image data.
  • the subject detection unit 202 may extract a face image (face region) from the image data by using a learning model learned by CNN (Convolutional Neural Network).
  • the authenticated person detection unit 202 may extract a face image by using a technique such as template matching.
  • the authenticated person detection unit 202 calculates the distance between the eyes from the face image. Specifically, the authenticated person detection unit 202 extracts the left and right eyes from the face image, and calculates the length (number of pixels) of the straight line connecting the extracted eyes.
  • the authenticated person detection unit 202 executes a threshold value process for the calculated inter-eye distance, and determines whether or not the authenticated person exists at the predetermined position (position X1) according to the result. Specifically, if the distance between the eyes is longer than the threshold value, the authenticated person detection unit 202 determines that the authenticated person has been detected at a predetermined position. If the eye-to-eye distance is equal to or less than the threshold value, the authenticated person detection unit 202 determines that the person to be authenticated does not exist at the predetermined position.
  • the authenticated person detection unit 202 When the authenticated person is detected at a predetermined position (position X1), the authenticated person detection unit 202 adds an entry to the authenticated person information table.
  • the authenticated person detection unit 202 assigns an authenticated person ID (identifier) that identifies the authenticated person, and stores the authenticated person ID in a new entry.
  • the authenticated person detection unit 202 also stores the time when the authenticated person is registered in the authenticated person information table (the time when a new entry is added) in the authenticated person information table.
  • FIG. 5 is a diagram showing an example of the authenticated person information table according to the first embodiment.
  • the authenticated person information table is constructed on the memory of the biometric authentication control unit 15. As shown in the lowermost part of FIG. 5, when the authenticated person detection unit 202 detects a person at the position X1, an entry is added to the authenticated person information table, and the detected person is set as the authenticated person. At the timing when the entry is added, nothing is set in the authentication status field, the tracking ID field, and the tracking status field.
  • the authentication status field is a field for managing the status of the biometric authentication of the person to be authenticated.
  • the tracking ID field is a field for storing the tracking ID described later.
  • the tracking status field is a field for managing the tracking status of the authenticated person.
  • the authenticated person detection unit 202 hands over the authenticated person ID and the face image at the time of detecting the authenticated person to the authentication request unit 203 and the authenticated person tracking unit 204. More precisely, the authenticated person detection unit 202 outputs an "authentication request instruction" accompanied by an authenticated person ID and a face image to the authentication request unit 203. The authenticated person detection unit 202 outputs a "tracking start instruction" accompanied by the authenticated person ID and a face image to the authenticated person tracking unit 204.
  • the authentication request unit 203 is a means for requesting the server device 20 to authenticate the authenticated person detected by the authenticated person detection unit 202. Upon receiving the authentication request instruction from the authenticated person detection unit 202, the authentication request unit 203 generates a feature amount (feature vector composed of a plurality of feature amounts) from the acquired face image.
  • the authentication requesting unit 203 extracts eyes, nose, mouth, etc. as feature points from the face image. After that, the authentication requesting unit 203 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector (vector information that characterizes the face image) composed of a plurality of feature amounts.
  • a feature vector vector information that characterizes the face image
  • the authentication request unit 203 generates an authentication request including the generated feature amount (biological information), the person to be authenticated ID, and the gate ID, and transmits the authentication request to the server device 20 (see FIG. 6).
  • the gate ID is identification information for identifying the gate device 10.
  • a MAC (Media Access Control) address or an IP (Internet Protocol) address of the gate device 10 can be used.
  • the gate ID may be system-specific identification information (identification ID). By holding the identification ID as a master on the server device 20 side as well, it can be determined that the transmitted authentication request is from the permitted gate device 10.
  • the authentication request unit 203 sets "authenticating" in the authentication status field of the corresponding entry (the entry having the same authenticated person ID) in the authenticated person information table (FIG. 5). See the second entry from the bottom).
  • the authentication request unit 203 receives a response (a response including an authentication result) from the server device 20 to the authentication request.
  • the authentication request unit 203 extracts the authenticated person ID from the received response.
  • the authentication request unit 203 identifies the person to be authenticated based on the extracted ID of the person to be authenticated, and registers the authentication result in the corresponding entry of the person to be authenticated information table (the first and second entries from the top of FIG. 5). reference).
  • the authenticated person tracking unit 204 is a means for tracking the authenticated person (user at position X1) detected by the authenticated person detection unit 202. Upon receiving the tracking start instruction from the authenticated person detection unit 202, the authenticated person tracking unit 204 starts tracking the person corresponding to the acquired face image. The authenticated person tracking unit 204 assigns a "tracking ID" to the face image that has started tracking, and manages the face image being tracked.
  • the authenticated person tracking unit 204 manages the tracking of the authenticated person by using the table information in which the face image of the tracking target and the tracking ID are associated with each other, as shown in FIG. 7, for example.
  • the authenticated person tracking unit 204 When the tracking of the authenticated person is started (when the tracking ID is given to the face image), the authenticated person tracking unit 204 indicates the corresponding entry corresponding to the authenticated person (authentication person ID acquired from the authenticated person detection unit 202). ), The tracking ID is stored in the tracking ID field. In addition, the subject tracking unit 204 sets "tracking" in the corresponding subject tracking status field (see the third entry from the bottom of FIG. 5).
  • the authenticated person tracking unit 204 acquires image data from the camera 11 on a regular basis or at a predetermined timing.
  • the authenticated person tracking unit 204 makes a tracking determination of the authenticated person using the acquired image data. Specifically, if the subject tracking unit 204 can obtain the same face image as the previous face image (for example, the face image at the start of tracking) by translation, rotation, and scale in the acquired image data, " It is judged as "tracking successful". If such a facial image cannot be obtained, the authenticated person tracking unit 204 determines that the tracking has failed.
  • the existing process can be used, so further description will be omitted.
  • the authenticated person tracking unit 204 reflects the result of the tracking determination in the authenticated person information table. Specifically, the authenticated person tracking unit 204 sets the tracking status of the entry corresponding to the tracking ID determined to be successful among the tracking IDs of the tracking target to "tracking". On the other hand, the authenticated person tracking unit 204 sets the tracking status of the entry corresponding to the tracking ID determined to be tracking failure among the tracking IDs of the tracking target to "tracking failure" (third from the top of FIG. 5). See entry).
  • the authenticated person tracking unit 204 overwrites the tracking status of the authenticated person who succeeded in tracking with "tracking", and sets the tracking status of the authenticated person who failed in tracking to "tracking failed”. do. If the image data is acquired and the tracking determination is executed at the timing when another user crosses in front of the authenticated person, "tracking failure" can be set in the authenticated person information table. Further, “tracking failure” may be set when the person to be authenticated leaves the gate device 10 and turns back. However, even if the entry is set to "tracking failure", “tracking” is set if the subsequent tracking determination is successful.
  • the authenticated person tracking unit 204 acquires a "tracking final determination instruction" from the intruder detection unit 302 of the gate device 10 described later.
  • the authenticated person tracking unit 204 receives a tracking final determination instruction accompanied by image data from the intruder detection unit 302.
  • the authenticated person tracking unit 204 makes a tracking determination using the image data acquired from the intruder detection unit 302. That is, the authenticated person tracking unit 204 makes a final determination (final tracking determination) regarding the tracking of the authenticated person according to the detection of the intruder by the intruder detection unit 302.
  • the authenticated person tracking unit 204 registers the determination result in the authenticated person information table. More specifically, when the final tracking determination is successful, the authenticated person tracking unit 204 sets the tracking status of the entry corresponding to the tracking ID that succeeded in the determination to "tracking completed" (at the top of FIG. 5). See entry).
  • the authenticated person tracking unit 204 does not perform any special processing.
  • the subject tracking unit 204 does not set "tracking failure" for the subject who failed to track.
  • the authenticated person tracking unit 204 is authenticated. Set "Tracking completed" in the person information table.
  • the authenticated person tracking unit 204 finishes the final determination (final tracking determination) regarding the tracking of the authenticated person, it notifies the passage permission notification unit 205 to that effect.
  • the passage permission notification unit 205 is a means for notifying the gate device 10 whether or not the authenticated person (user) is permitted to pass through the gate device 10.
  • the passage permission notification unit 205 allows the authenticated person to pass through the gate device 10 based on the result of biometric authentication of the authenticated person by the server device 20 and the result of the tracking determination of the authenticated person at the entrance of the gate device 10. Whether or not it is determined, and the determination result is notified to the gate device 10.
  • the passage permission notification unit 205 accesses the authenticated person information table at the timing when the authenticated person tracking unit 204 finishes the final tracking determination regarding the authenticated person.
  • the passage permission notification unit 205 confirms the authentication status field and the tracking status field of each entry included in the authenticated person information table. If there is an entry in which the setting value of the authentication status field is "authentication successful" and the setting value of the tracking status field is "tracking completed", the passage permission notification unit 205 allows the authenticated person to pass through the gate device 10. Allow. Specifically, if there is an entry that satisfies the above two conditions, the passage permission notification unit 205 notifies the gate device 10 that the user can pass through the gate device 10. The passage permission notification unit 205 transmits a “passage permission notification” to the gate device 10.
  • the passage permission notification unit 205 transmits the "passage permission notification" to the gate device 10.
  • the pass permission notification unit 205 allows the authenticated person to pass through the gate device 10. Determine if it can be done. That is, the passage permission notification unit 205 determines whether or not the person to be authenticated can pass through the gate device based on the result of biometric authentication and the result of final determination.
  • the passage permission notification unit 205 indicates that the person to be authenticated can pass through the gate device 10 when the result of biometric authentication by the server device 20 is successful and the result of the final determination of tracking is successful.
  • the notification is transmitted to the gate device 10.
  • the passage permission notification unit 205 When the passage permission notification unit 205 permits the user (certified person) to pass through the gate, the passage permission notification unit 205 deletes the entry that is the basis for the permission. In the example of FIG. 5, the passage permission notification unit 205 deletes the entry at the top.
  • the passage permission notification unit 205 determines whether or not the user can pass through the gate based on the setting value of the authentication status field and the setting value of the tracking status field of the authenticated person information table.
  • the authenticated person detection unit 202 detects the authenticated person at a predetermined position
  • the authenticated person detecting unit 202 adds an entry to the authenticated person information table.
  • the authentication request unit 203 receives the biometric authentication result from the server device 20
  • the authentication request unit 203 sets the received biometric authentication result in the authentication status field of the added entry.
  • the authenticated person tracking unit 204 sets the result of the tracking determination in the tracking status field of the added entry.
  • the passage permission notification unit 205 may receive a "gate closing notification" from the gate device 10. Upon receiving the notification, the passage permission notification unit 205 continues to access the authenticated person information table for a predetermined period of time, and confirms whether or not an entry satisfying the above two conditions appears (whether or not it exists). If an entry satisfying the above two conditions appears during the predetermined period, the passage permission notification unit 205 permits the authenticated person (user) to pass through the gate. Specifically, when an entry satisfying the above two conditions appears, the passage permission notification unit 205 transmits a "passage permission notification" to the gate device 10.
  • the above phenomenon occurs when the authentication result (authentication success) from the server device 20 is delayed to be reflected in the authenticated person information table due to the network environment between the gate device 10 and the server device 20, the above phenomenon occurs. Can occur. Alternatively, the above phenomenon may occur when the person to be authenticated tries to run through the gate device 10.
  • the passage permission notification unit 205 notifies the station staff (terminal used by the station staff) of the occurrence of a problem.
  • the pass permission notification unit 205 may urge the authenticated person to go to the station staff via the message output unit 207.
  • the table management unit 206 is a means for managing the authenticated person information table.
  • the table management unit 206 accesses the authenticated person information table periodically or at a predetermined timing, and deletes unnecessary entries.
  • the table management unit 206 confirms the registration time field of each entry, and deletes the entry for which a predetermined period has passed since the entry was added to the authenticated person information table. That is, the table management unit 206 deletes an entry that does not satisfy the above two conditions (authentication success, tracking completion) even after a predetermined period has elapsed from the entry registration.
  • the table management unit 206 may notify the server device 20 and the authenticated person tracking unit 204 to that effect.
  • the table management unit 206 may transmit the authenticated person ID to the server device 20 and cancel the authentication of the corresponding authenticated person. Further, the table management unit 206 may transmit the tracking ID to the authenticated person tracking unit 204 and instruct the face image corresponding to the tracking ID to be excluded from the face tracking target.
  • the message output unit 207 is a means for outputting a message or the like to be notified to the user.
  • the message output unit 207 notifies the user of a necessary message by using a display (not shown), a speaker (not shown), or the like.
  • the message output unit 207 outputs a message regarding the countermeasure (for example, contacting the station staff) to that effect.
  • the storage unit 208 is a means for storing information necessary for the operation of the biometric authentication control unit 15.
  • FIG. 8 is a diagram showing an example of a processing configuration (processing module) of the gate device 10 according to the first embodiment.
  • the communication control unit 301, the gate device 10 include an intruder detection unit 302, a gate control unit 303, and a storage unit 304.
  • the communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packet) from the biometric authentication control unit 15. Further, the communication control unit 301 transmits data to the biometric authentication control unit 15. The communication control unit 301 passes the data received from the other device to the other processing module. The communication control unit 301 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 301.
  • the intruder detection unit 302 is a means for detecting an intruder into the own device (gate device 10). More specifically, the intruder detection unit 302 detects an intruder to the entrance of the gate device 10. The intruder detection unit 302 detects an intruder by using the detection signal from the detection sensor 12. When the intruder is detected, the intruder detection unit 302 acquires image data from the camera 11. The intruder detection unit 302 transmits a "tracking final determination instruction" accompanied by the acquired image data to the biometric authentication control unit 15.
  • the intruder detection unit 302 detects the user who has reached the intermediate point (position X4 in FIG. 3) of the gate device 10 by using the detection signal from the detection sensor 13.
  • the intruder detection unit 302 detects the user at the position X4
  • the intruder detection unit 302 notifies the gate control unit 303 to that effect.
  • the gate control unit 303 is a means for controlling the gate 14 included in the gate device 10.
  • the gate control unit 303 controls the opening and closing of the gate 14 at the timing when the user reaches a predetermined position (position X4 in FIG. 3) of the gate device 10.
  • the gate control unit 303 maintains the open state of the gate 14 if the "passage permission notification" has already been received from the biometric authentication control unit 15 at the timing when the user reaches the position X4. On the other hand, if the gate control unit 303 has not received the "passage permission notification" from the biometric authentication control unit 15 at that timing, the gate control unit 303 closes the gate 14.
  • the gate control unit 303 When the gate is closed, the gate control unit 303 notifies the biometric authentication control unit 15 to that effect. Specifically, the gate control unit 303 transmits a "gate closing notification" to the biometric authentication control unit 15. When the gate control unit 303 receives the "user passage permission" within a predetermined period after transmitting the gate closing notification, the gate control unit 303 opens the gate 14.
  • the gate control unit 303 notifies the server device 20 of the fact that the person to be authenticated has passed through the gate 14 via the biometric authentication control unit 15. Specifically, when the user is detected at the position X4 and the pass permission notification is received from the biometric authentication control unit 15, the gate control unit 303 permits the user to pass through the gate. Notify the biometric authentication control unit 15 to that effect.
  • the passage permission notification unit 205 of the biometric authentication control unit 15 has the authenticated person ID and the gate ID of the gate device 10 described in the entry (entry in the authenticated person information table) on which the passage permission notification is transmitted. A "gate passage notification" including the above is transmitted to the server device 20. That is, the gate device 10 (biometric authentication control unit 15) transmits a "gate passage notification" including the authenticated person ID and the gate ID of the authenticated person who has passed through the gate 14 to the server device 20.
  • the storage unit 304 is a means for storing information necessary for the operation of the gate device 10.
  • FIG. 9 is a sequence diagram showing an example of the operation of the biometric authentication control unit 15 and the gate device 10 according to the first embodiment.
  • the biometric authentication control unit 15 attempts to detect the authenticated person at a place separated from the gate device 10 by a predetermined distance (step S101). If the person to be authenticated is not detected (step S101, No branch), the biometric authentication control unit 15 repeats the process of step S101.
  • the biometric authentication control unit 15 starts authentication request and tracking regarding the person to be authenticated (steps S102, S103).
  • the biometric authentication control unit 15 starts tracking the authenticated person at the same time as the authentication request unit 203 transmits the authentication request.
  • the biometric authentication control unit 15 receives the authentication result from the server device 20 (step S104).
  • the biometric authentication control unit 15 reflects the authentication result in the authenticated person information table.
  • the gate device 10 determines whether or not the authenticated person has reached the entrance of the gate device 10 (step S201). If the person to be authenticated has not reached the entrance (step S201, No branch), the gate device 10 repeats the process of step S201.
  • the gate device 10 transmits a tracking final determination instruction to the biometric authentication control unit 15 (step S202).
  • the biometric authentication control unit 15 makes a final determination of tracking (step S105).
  • the biometric authentication control unit 15 reflects the result of the final determination of tracking in the authenticated person information table.
  • the biometric authentication control unit 15 If the biometric authentication control unit 15 succeeds in authenticating the authenticated person at the timing of the final determination and the tracking of the authenticated person is completed, the biometric authentication control unit 15 transmits a passage permission notification to the gate device 10 (step S106). ).
  • the gate device 10 determines whether or not the authenticated person has reached a predetermined position of the gate device 10 (step S203). If the person to be authenticated has not reached the predetermined position (step S203, No branch), the gate device 10 repeats the process of step S203.
  • the gate device 10 controls the opening / closing of the gate 14 (step S204). If the gate device 10 has received the passage permission notification, the gate device 10 permits the passage of the authenticated person. In other words, the gate device 10 closes the gate 14 and the user's Block traffic.
  • the person to be authenticated opens the gate 14. Allow to pass.
  • the gate device 10 If the gate device 10 permits the passage of the authenticated person, the gate device 10 notifies the server device 20 of the fact.
  • FIG. 10 is a diagram showing an example of a processing configuration (processing module) of the server device 20 according to the first embodiment.
  • the server device 20 includes a communication control unit 401, a user registration unit 402, an authentication unit 403, a gate passage notification processing unit 404, and a storage unit 405.
  • the communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packet) from the biometric authentication control unit 15. Further, the communication control unit 401 transmits data to the biometric authentication control unit 15. The communication control unit 401 passes the data received from the other device to the other processing module. The communication control unit 401 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 401.
  • the user registration unit 402 is a means for system registration of users who can pass through the gate device 10.
  • the user registration unit 402 acquires biometric information (for example, a face image) of a user who can pass through the gate device 10 by any means.
  • the system user inputs biometric information and personal information (name, address, etc.) into the server device 20 using the WEB (web) page of the railway company or the kiosk terminal installed at the station.
  • WEB web
  • the user registration unit 402 When the user registration unit 402 acquires a face image, the user registration unit 402 calculates the feature amount from the face image.
  • the user registration unit 402 puts the user's biometric information (for example, the feature amount calculated from the face image) into the "user information database" together with the user ID that identifies the system user (registrant of biometric information). Register (see Figure 11).
  • the user registration unit 402 registers the information (business information) necessary for the user authentication process in the user information database as necessary. For example, when the server device 20 processes an authentication request from a ticket gate (gate device 10) installed at a station, the user registration unit 402 associates information such as a charge amount with biometric information and uses the user. Store in the information database.
  • the server device 20 processes an authentication request from a ticket gate (gate device 10) installed at a station
  • the user registration unit 402 associates information such as a charge amount with biometric information and uses the user. Store in the information database.
  • the user information database shown in FIG. 11 is an example, and other items may be stored in association with biometric information (feature amount). For example, the user's name and face image may be registered in the user information database.
  • the authentication unit 403 is a means for processing the authentication request received from the biometric authentication control unit 15 (gate device 10). Upon receiving the authentication request, the authentication unit 403 extracts the gate ID and the authenticated person ID from the authentication request. The authentication unit 403 adds a new entry to the authentication status database and stores the extracted gate ID and authenticated person ID (see FIG. 12). In addition, the authentication unit 403 sets the processing status of the added entry to "processing". In FIG. 12, for ease of understanding, the code of the gate device 10 is used for the gate ID.
  • the authentication unit 403 sets the biometric information (feature amount) included in the authentication request as the collation target, and performs collation processing with the biometric information registered in the user information database. conduct.
  • the authentication unit 403 sets the feature amount extracted from the authentication request as a collation target, and sets 1 to N (N is positive) with a plurality of feature amounts registered in the user information database. Integer, the same applies below) Perform matching.
  • the authentication unit 403 calculates the degree of similarity between the feature amount (feature vector) to be collated and each of the plurality of feature amounts on the registration side. For the similarity, a chi-square distance, an Euclidean distance, or the like can be used. The farther the distance is, the lower the similarity is, and the closer the distance is, the higher the similarity is.
  • the authentication unit 403 sets "authentication failure" in the authentication result.
  • the authentication unit 403 determines whether or not the user identified by the collation process is eligible to pass through the gate device 10. ..
  • the authentication unit 403 determines whether or not the charge amount of the specified user is a balance equal to or greater than the initial fare. If the balance of the charge amount is equal to or less than the initial fare, the authentication unit 403 determines that the specified user is not eligible to pass through the gate device 10. If the balance of the charge amount is larger than the initial fare, the authentication unit 403 determines that the specified user is eligible to pass through the gate device 10.
  • the authentication unit 403 determines whether or not the boarding station is set for the specified user. If the boarding station is not set, the authentication unit 403 determines that the identified user is not eligible to pass through the gate device 10. When the boarding station is set, the authentication unit 403 calculates the fare according to the user's route (the route between the boarding station and the getting-off station). If the calculated fare exceeds the charge amount, the authentication unit 403 determines that the user is not eligible to pass through the gate device 10. If the calculated fare is less than or equal to the charge amount, the authentication unit 403 determines that the identified user is eligible to pass through the gate device 10.
  • the authentication unit 403 sets "authentication failure" in the authentication result.
  • the authentication unit 403 sets "authentication successful" in the authentication result.
  • the authentication unit 403 transmits the authentication result (authentication success, authentication failure) to the biometric authentication control unit 15 (gate device 10). If the authentication is successful, the authentication unit 403 sends an acknowledgment indicating the authentication success to the biometric authentication control unit 15. At that time, the authentication unit 403 transmits an acknowledgment including the authenticated person ID of the user who is the target of the authentication process to the biometric authentication control unit 15.
  • the authentication unit 403 sends a negative response indicating the authentication failure to the biometric authentication control unit 15.
  • the authentication unit 403 may notify the biometric authentication control unit 15 together with the cause of the authentication failure.
  • the authentication unit 403 may transmit to the biometric authentication control unit 15 factors related to the authentication failure such as the biometric information is not registered in the system, the charge amount is insufficient, and the boarding station is not set. .. Further, even when the authentication fails, the authentication unit 403 transmits a negative response including the authenticated person ID of the user who is the target of the authentication process to the biometric authentication control unit 15.
  • the authentication unit 403 sets "Responded" in the entry of the corresponding authentication status database.
  • the authentication unit 403 sets the user ID of the successful authentication person (user determined to be successful authentication) in the user ID of the corresponding entry.
  • the gate passage notification processing unit 404 is a means for processing the gate passage notification received from the gate device 10 (biometric authentication control unit 15).
  • the gate passage notification processing unit 404 extracts the gate ID and the authenticated person ID from the received notification.
  • the gate passage notification processing unit 404 searches the authentication status database using the gate ID and the authenticated person ID as keys, and identifies the corresponding entry.
  • the gate passage notification processing unit 404 reads the user ID from the user ID field of the specified entry.
  • the gate passage notification processing unit 404 searches the user information database using the read user ID as a key, and identifies the corresponding entry.
  • the gate passage notification processing unit 404 executes processing associated with the user's gate passage for the specified entry.
  • the gate passage notification processing unit 404 sets a station where the gate device 10 is installed at the boarding station of the specified entry. ..
  • the gate passage notification processing unit 404 calculates the fare of the user and deducts the fare from the charge amount. Further, the gate passage notification processing unit 404 clears the set value of the boarding station field.
  • the storage unit 405 stores various information necessary for the operation of the server device 20.
  • a user information database and an authentication status database are constructed in the storage unit 405.
  • FIG. 13 is a flowchart showing an example of the operation of the server device 20 according to the first embodiment.
  • the server device 20 receives an authentication request from the biometric authentication control unit 15 (step S301).
  • the server device 20 executes a collation process using the biometric information included in the authentication request and the biometric information registered in the user information database (step S302).
  • the server device 20 determines whether or not there is an entry having a similarity between biometric information of a predetermined value or more (step S303).
  • step S303 If such an entry does not exist (step S303, No branch), the server device 20 sets the authentication result to authentication failure (step S304).
  • step S303 If such an entry exists (step S303, Yes branch), the server device 20 determines whether or not the person to be authenticated is eligible to pass through the gate device 10 (step S305).
  • step S305 If the person to be authenticated is not qualified to pass through the gate device 10 (step S305, No branch), the server device 20 sets the authentication result to authentication failure (step S304).
  • the server device 20 sets the authentication result to authentication success (step S306).
  • the server device 20 transmits the authentication result (authentication success, authentication failure) to the biometric authentication control unit 15 (step S307).
  • FIG. 14 is a sequence diagram showing an example of the operation of the authentication system according to the first embodiment. Prior to the operation shown in FIG. 14, it is assumed that the system user has been registered in advance. Further, in FIG. 14, the biometric authentication control unit 15 is regarded as integrated with the gate device 10, and the operation of the system will be described.
  • the gate device 10 detects a person to be authenticated at a place separated from the own device by a predetermined distance (step S01).
  • the gate device 10 acquires the biometric information of the person to be authenticated and transmits an authentication request including the biometric information to the server device 20 (step S02).
  • the gate device 10 starts tracking the authenticated person (step S03).
  • the server device 20 executes the authentication process and transmits the result to the gate device 10 (steps S11 and S12).
  • the gate device 10 receives the authentication result and reflects the authentication result in the authenticated person information table (reflection of the authentication result; step S04).
  • the gate device 10 makes a final determination of tracking regarding the authenticated person (step S05).
  • the gate device 10 reflects the result of the final determination in the authenticated person information table.
  • the gate device 10 When the authenticated person reaches a predetermined position of the gate device 10, the gate device 10 performs gate control (step S06). Specifically, the gate device 10 permits the passage of the person to be authenticated, which is set as successful authentication and complete tracking.
  • the gate device 10 transmits a gate passage notification to the server device 20 (step S07).
  • the server device 20 Upon receiving the gate passage notification, the server device 20 updates the information of the gate passer (authentication successful person; authenticated person determined to have succeeded in authentication) (step S13). Specifically, the server device 20 updates the entry in the user information database corresponding to the gate passer.
  • the user 30 is set as the authenticated person, and the user 31 is a user who is not the authentication target.
  • the person to be authenticated is shown in gray, and the user who is not the target of authentication is shown in white.
  • the user 31 is not the authenticated person because it is not detected as the authenticated person at the position X1. Therefore, the entry regarding the user 31 does not exist in the authenticated person information table.
  • User 30 walks toward the gate device 10.
  • the user 31 moves so as to enter the inside of the gate device 10 from the side of the user 30.
  • the positional relationship between the two becomes as shown in the lower part of FIG.
  • the gate 14 closes when the user 31 reaches the position X4. Further, even if a predetermined period has elapsed since the gate 14 was closed, the authentication result of the user 31 is not registered in the authenticated person information table, so that the gate 14 does not open.
  • the person to be authenticated overtakes another person to be authenticated walking in front of him.
  • the user 32 and the user 33 walk toward the gate device 10, as shown in the upper part of FIG.
  • both the user 32 and the user 33 are set as the authenticated person (gray person) because the biometric information is acquired at the position X1 and the tracking is started.
  • the user 33 walking behind moves like the alternate long and short dash line shown in the upper part of FIG. 16 and overtakes the previous user 32. In this case, with the passage of time, the positional relationship between the two becomes as shown in the lower part of FIG.
  • the entries of the user 32 and the user 33 are registered in the authenticated person information table, and when the authentication process of the user 33 (authentication process in the server device 20) is successful, the user 33 is located at the position X4.
  • the gate 14 remains open even when it reaches. Further, even if the user 32 reaches the position X4 following the user 33, the gate 14 does not close.
  • the biometric information is acquired at the position X1, and the user set as the authenticated person is normally processed without reaching (entering) the gate device 10 in the set order. That is, the user can pass through the gate device 10 even if the user does not reach the gate device 10 in the order registered as the person to be authenticated due to the difference in walking speed of the person to be authenticated.
  • the authentication system according to the first embodiment allows irregular situations, so that the system throughput is improved.
  • the authentication system detects the authenticated person at a place away from the gate device 10 by a predetermined position.
  • the gate device 10 detects the subject to be authenticated, the gate device 10 starts authentication and tracking regarding the subject to be authenticated at substantially the same timing. Since the server device 20 can start the authentication process from a place away from the gate device 10, the execution time of biometric authentication can be secured. Further, the gate device 10 determines that the tracking of the same person is successful if the same face image as the face image of the previous frame is obtained by translation, rotation, and scale in the subsequent frame from the above-mentioned distant place. Tracking) is started.
  • the gate device 10 (biometric authentication control unit 15) makes a final determination of face tracking at the timing when the person to be authenticated enters the inside of the own device.
  • face tracking since the feature amount having a high processing load is not generated (extracted), the final determination result of face tracking can be obtained in a short time. That is, the face tracking determination result is obtained immediately after the person to be authenticated enters the gate device 10, and the biometric authentication by the server device 20 is usually completed at that timing.
  • the gate device 10 can allow the passage of a properly qualified person to be authenticated.
  • the gate device 10 determines whether or not the person to be authenticated (entrant) can pass through the gate. , Control the gate 14.
  • FIG. 17 is a diagram showing an example of the hardware configuration of the biometric authentication control unit 15.
  • the biometric authentication control unit 15 includes a processor 311, a memory 312, a communication interface 313, and the like.
  • the components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
  • the biometric authentication control unit 15 may include hardware (not shown). Further, the number of processors 311 and the like included in the biometric authentication control unit 15 is not limited to the example of FIG. 17, and for example, a plurality of processors 311 may be included in the biometric authentication control unit 15.
  • the processor 311 is a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), and a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
  • OS operating system
  • the memory 312 is a RAM (RandomAccessMemory), a ROM (ReadOnlyMemory), an HDD (HardDiskDrive), an SSD (SolidStateDrive), or the like.
  • the memory 312 stores an OS program, an application program, and various data.
  • the communication interface 313 is a circuit, module, etc. that communicates with other devices.
  • the communication interface 313 includes a NIC (Network Interface Card) and the like.
  • the function of the biometric authentication control unit 15 is realized by various processing modules.
  • the processing module is realized, for example, by the processor 311 executing a program stored in the memory 312.
  • the program can also be recorded on a computer-readable storage medium.
  • the storage medium may be a non-transitory such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. That is, the present invention can also be embodied as a computer program product. Further, the above program can be downloaded via a network or updated by using a storage medium in which the program is stored. Further, the processing module may be realized by a semiconductor chip.
  • the biometric authentication control unit 15 is equipped with a computer, and the function of the biometric authentication control unit 15 can be realized by causing the computer to execute a program. Further, the biometric authentication control unit 15 executes the control method of the biometric authentication control unit by the program.
  • the gate device 10 includes a camera 11, detection sensors 12, 13 and a gate 14 (see FIG. 18). Similar to the biometric authentication control unit 15, the gate device 10 includes hardware such as a processor, a memory, and a communication interface, but illustration and description of these configurations will be omitted.
  • the camera 11 is a camera device capable of acquiring a visible light image.
  • the gate device 10 includes one camera 11 has been described, but the purpose is not to limit the number or installation of the cameras 11.
  • a plurality of cameras 11 may be installed in the gate device 10 for different purposes.
  • a camera 11 for detecting the person to be authenticated, a camera 11 for tracking, and a camera 11 for final determination of tracking may be installed in the gate device 10.
  • the authenticated person may be detected by other means.
  • a person at a predetermined distance from the gate device 10 may be detected by using a motion sensor or the like.
  • the camera 11 may acquire the image data when the person is detected by the motion sensor, and the person to be authenticated may be detected.
  • the detection sensors 12 and 13 are sensors that detect a person.
  • a sensor composed of a light transmitting device and a light receiving device can be used.
  • the light transmitting device and the light receiving device are installed so as to face each other (two devices are installed on the inner wall of the main body).
  • the transmitting device constantly transmits light, and the receiving device receives the transmitted light.
  • the biometric authentication control unit 15 determines that a person has been detected when the receiving device cannot receive the light. Note that FIG. 3 illustrates one of the two devices constituting the detection sensors 12 and 13.
  • the gate device 10 may perform final tracking determination and gate control of the person to be authenticated by using the integrated detection sensor (for example, the detection sensor 12 installed at the entrance). In this case, the gate device 10 may control the gate 14 after the final tracking determination result is obtained.
  • the integrated detection sensor for example, the detection sensor 12 installed at the entrance
  • the gate 14 is a device that controls the passage of users.
  • the method of the gate 14 is not particularly limited, and is, for example, a flapper gate that opens and closes a flapper provided from one side or both sides of the passage, a turnstile gate in which three bars rotate, and the like.
  • the function of the biometric authentication control unit 15 may be realized by a CPU or the like that controls the entire gate device 10. Conversely, the function of the gate device 10 may be realized by the processor 311 included in the biometric authentication control unit 15.
  • the server device 20 can be configured by an information processing device. Similar to the biometric authentication control unit 15, the server device 20 may be provided with a processor, a memory, a communication interface, and the like, and since the configuration is clear to those skilled in the art, detailed description thereof will be omitted.
  • the gate device 10 has been described as a ticket gate installed at a station. However, it goes without saying that the purpose is not to limit the gate device 10 to the ticket gate.
  • the gate device 10 may be any device installed at an airport, an event venue, an office, or the like to control the passage of users.
  • the server device 20 has a user information database
  • the database may be built on a database server different from the server device 20.
  • the authentication system may include various means (authentication requesting unit 203, authenticated person tracking unit 204, etc.) described in the above embodiment.
  • the authentication process executed by the server device 20 may be executed by the gate device 10 (biometric authentication control unit 15). Some or all of the functions of the server device 20 may be realized by the gate device 10.
  • the biometric information related to the feature amount generated from the face image is transmitted from the biometric authentication control unit 15 to the server device 20 has been described.
  • the "face image" itself may be transmitted from the biometric authentication control unit 15 to the server device 20 as biometric information.
  • the server device 20 may generate a feature amount from the acquired face image and execute an authentication process (1 to N collation).
  • the biometric authentication control unit 15 may detect the person to be authenticated at a place distant from the gate device 10 by using the image obtained from the stereo camera instead of the threshold processing for the eye distance. Specifically, the biometric authentication control unit 15 analyzes two images obtained from a stereo camera (analysis using parallax) and calculates the position of the user with reference to the gate device 10. The biometric authentication control unit 15 sets the user as the person to be authenticated if the calculated position is included in a predetermined place.
  • the form of data transmission / reception between the biometric authentication control unit 15 and the server device 20 is not particularly limited, but the data transmitted / received between these devices may be encrypted.
  • the face image and the feature amount calculated from the face image are personal information, and in order to appropriately protect the personal information, it is desirable that encrypted data is transmitted and received.
  • the biometric authentication control unit 15 may refuse to pass through the gate 14 of the subject who has failed to track even once.
  • the biometric authentication control unit 15 may not overwrite the field set as "tracking failure" in the tracking status field of the subject information table with "tracking". In this way, the gate device 10 can realize stricter control (passer management) by refusing the person to be authenticated who has failed to pass through the gate.
  • the tracking process related to the movement from the position X1 to the position X3 regarding the authenticated person may not be executed. That is, the biometric authentication control unit 15 stores the face image of the person to be authenticated at the position X1, and records the tracking result when the face image taken at the position X3 and the face image at the position X1 are the same person's face image. It may be set to "tracking completed". As described above, the gate device 10 may omit tracking from the position X1 to the position X3 of the person to be authenticated.
  • the entry of the authenticated person may be deleted from the authenticated person information table.
  • the biometric authentication control unit 15 stores the number of tracking failures for each tracking target.
  • the biometric authentication control unit 15 may delete the corresponding entry if the number of tracking failures exceeds a predetermined threshold value. That is, it is usually not possible to assume a situation in which the tracking of the authenticated person fails multiple times. In such a situation, it is assumed that the subject is heading to another place instead of the gate device 10, and it is desirable that such a subject is promptly excluded from the target of gate control.
  • the gate device 10 may include an authenticated person detection unit 111, a request unit 112, a tracking unit 113, and a gate control unit 114 (see FIG. 19).
  • the authenticated person detection unit 111 detects a person at a predetermined position as an authenticated person.
  • the request unit 112 transmits an authentication request including the detected biometric information of the person to be authenticated to the server device 20.
  • the tracking unit 113 tracks the detected person to be authenticated.
  • the gate control unit 114 controls the gate 14 based on the result of biometric authentication of the person to be authenticated by the server device 20 and the result of the tracking determination of the person to be authenticated at the entrance of the own device.
  • the gate device 10 includes an intruder detection unit that detects an intruder entering the entrance, and the tracking unit 113 makes a final determination regarding the tracking of the authenticated person according to the detection of the intruder. May be good.
  • the gate control unit 114 may control the gate 14 based on the result of biometric authentication and the result of final determination. The gate control unit 114 may allow the person to be authenticated to pass through the gate 14 when the result of biometric authentication is successful and the result of the final determination regarding tracking is successful.
  • information about the authenticated person is stored and managed using the authenticated person information table.
  • information about the authenticated person may be stored and managed using a database (certified person information database).
  • each embodiment may be used alone or in combination. For example, it is possible to replace a part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Further, it is possible to add, delete, or replace a part of the configuration of the embodiment with another configuration.
  • the present invention is suitably applicable to an authentication system installed at an airport, a station, or the like.
  • the tracking unit makes a final determination regarding the tracking of the authenticated person in response to the detection of an intruder at the entrance of the gate device.
  • the biometric authentication control unit according to Appendix 1, wherein the notification unit determines whether or not the person to be authenticated can pass through the gate device based on the result of the biometric authentication and the result of the final determination.
  • the notification unit issues a pass permission notification indicating that the person to be authenticated can pass through the gate device when the result of the biometric authentication is successful and the result of the final determination regarding the tracking is successful.
  • the biometric authentication control unit according to Appendix 2 which is transmitted to the gate device.
  • the authenticated person detection unit detects the person to be authenticated based on the inter-eye distance calculated from the face image included in the image data taken at the predetermined position, any one of Supplementary note 1 to 3.
  • the biometric authentication control unit according to any one of Supplementary note 1 to 4, wherein the tracking unit starts tracking the authenticated person at the same time as the requesting unit transmits the authentication request.
  • the authenticated person detection unit detects the authenticated person, it adds an entry to the authenticated person information table and adds an entry to the authenticated person information table.
  • the requesting unit sets the received biometric authentication result in the authentication status field of the added entry.
  • the tracking unit sets the result of the tracking determination in the tracking status field of the added entry.
  • the notification unit is described in any one of Supplementary note 1 to 5, which determines whether or not the authenticated person can pass through the gate device based on the set value of the authentication status field and the set value of the tracking status field.
  • Biometric control unit [Appendix 7] The biometric authentication control unit according to Appendix 6, further comprising a table management unit that deletes an entry for which a predetermined period has passed since it was added to the authenticated person information table. [Appendix 8] The biometric authentication control unit according to any one of Supplementary note 1 to 7, wherein the tracking unit tracks the face of the detected person to be authenticated.
  • the biometric authentication control unit according to any one of Supplementary note 1 to 8, wherein the biometric information is a face image or a feature amount generated from the face image.
  • a server device that stores biometric information for each of multiple users and performs biometric authentication, The biometric authentication control unit connected to the server device, The gate device connected to the biometric authentication control unit and Including The biometric authentication control unit is An authenticated person detection unit that detects a person at a predetermined position as an authenticated person, A request unit that sends an authentication request including the detected biometric information of the person to be authenticated to the server device, and A tracking unit that tracks the detected person to be authenticated, Based on the result of the biometric authentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device, it is determined whether or not the person to be authenticated can pass through the gate device.
  • a notification unit that notifies the gate device of the determination result The system.
  • Appendix 11 The system according to Appendix 10, wherein the server device performs collation processing using the biometric information of each of the plurality of users and the biometric information included in the authentication request.
  • Appendix 12 The system according to Appendix 11, wherein the server device determines whether or not the user specified as a result of the collation process is qualified to pass through the gate device.
  • Appendix 13 In the biometric control unit Detects a person in a predetermined position as a person to be authenticated, An authentication request including the detected biometric information of the person to be authenticated is transmitted to the server device, and the authentication request is transmitted to the server device.

Abstract

In order to provide a biometric authentication control unit that can appropriately control the passage of users, this biometric authentication control unit is provided with an authentication subject detection means, a request means, a tracking means, and a notification means. The authentication subject detection means detects a person in a prescribed position as an authentication subject. The request means transmits to a server device an authentication request that includes biometric information of the detected authentication subject. The tracking means tracks the detected authentication subject. On the basis of the result of a biometric authentication of the authentication subject by the server device and the result of a tracking determination about the authentication subject at an entrance of a gate device, the notification means determines whether the detection subject is able to pass through a gate device, and notifies the gate device regarding the determination result.

Description

生体認証制御ユニット、システム、生体認証制御ユニットの制御方法及び記録媒体Biometric authentication control unit, system, control method and recording medium of biometric authentication control unit
 本発明は、生体認証制御ユニット、システム、生体認証制御ユニットの制御方法及び記録媒体に関する。 The present invention relates to a biometric authentication control unit, a system, a control method of the biometric authentication control unit, and a recording medium.
 顔認証を用いたサービスの普及が始まっている。例えば、空港における各種手続き(例えば、チェックイン、荷物預け入れ、セキュリティチェック等)に顔認証の適用が始まっている。あるいは、顔認証に対応した改札機の開発も進められている。 The spread of services using face recognition has begun. For example, face recognition has begun to be applied to various procedures at airports (for example, check-in, luggage deposit, security check, etc.). Alternatively, the development of ticket gates that support face recognition is also underway.
 生体認証に関する種々の技術開発が行われている。例えば、特許文献1には、歩行者の動線を用いて撮像対象として適切か否かを判定し、この判定結果に応じて顔照合処理における判定用閾値を変更することで顔認証性能が著しく向上する顔認証装置、顔認証方法および入退場管理装置を提供する、と記載されている。 Various technologies related to biometric authentication are being developed. For example, in Patent Document 1, it is determined whether or not it is appropriate as an image pickup target using the movement line of a pedestrian, and the face recognition performance is remarkably improved by changing the determination threshold in the face matching process according to the determination result. It is stated that it provides improved facial recognition devices, facial recognition methods and entry / exit management devices.
特開2006-236260号公報Japanese Unexamined Patent Publication No. 2006-236260
 駅に設置された改札機のように多くの利用者により利用されるゲート装置に生体認証を適用する場合、問題が生じることがある。具体的には、ゲート装置の前に位置する人物の認証を開始したが、当該人物の前に他人が割り込んできた場合に問題が生じ得る。この場合、認証をしていない人物の通過を許す可能性がある。 When applying biometric authentication to a gate device used by many users, such as a ticket gate installed at a station, problems may occur. Specifically, although the authentication of a person located in front of the gate device is started, a problem may occur when another person interrupts in front of the person. In this case, it may allow unauthenticated persons to pass through.
 なお、当該問題点は、特許文献1に開示された技術を適用しても解決することができない。特許文献1の技術は、歩行者が撮像対象として適切か否かを判定するに留まるためである。 The problem cannot be solved by applying the technique disclosed in Patent Document 1. This is because the technique of Patent Document 1 is limited to determining whether or not a pedestrian is suitable as an image pickup target.
 本発明は、利用者の通行を適切に制御することに寄与する、生体認証制御ユニット、システム、生体認証制御ユニットの制御方法及び記録媒体を提供することを主たる目的とする。 The main object of the present invention is to provide a biometric authentication control unit, a system, a control method of the biometric authentication control unit, and a recording medium, which contribute to appropriately controlling the passage of a user.
 本発明の第1の視点によれば、所定の位置における人物を被認証者として検出する、被認証者検出手段と、前記検出された被認証者の生体情報を含む認証要求をサーバ装置に送信する、要求手段と、前記検出された被認証者を追跡する、追跡手段と、前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する、通知手段と、を備える、生体認証制御ユニットが提供される。 According to the first aspect of the present invention, an authenticated person detecting means for detecting a person at a predetermined position as an authenticated person and an authentication request including the detected biometric information of the authenticated person are transmitted to a server device. The requesting means, the tracking means for tracking the detected subject, the result of the bioauthentication of the subject by the server device, and the result of the tracking determination of the subject at the entrance of the gate device. A bioauthentication control unit is provided, which comprises a notification means for determining whether or not the person to be authenticated can pass through the gate device and notifying the gate device of the determination result.
 本発明の第2の視点によれば、複数の利用者それぞれの生体情報を記憶し、生体認証を行うサーバ装置と、前記サーバ装置と接続された生体認証ユニットと、前記生体認証制御ユニットと接続されたゲート装置と、を含み、前記生体認証制御ユニットは、所定の位置における人物を被認証者として検出する、被認証者検出手段と、前記検出された被認証者の生体情報を含む認証要求を前記サーバ装置に送信する、要求手段と、前記検出された被認証者を追跡する、追跡手段と、前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する、通知手段と、を備える、システムが提供される。 According to the second viewpoint of the present invention, a server device that stores biometric information of each of a plurality of users and performs biometric authentication, a biometric authentication unit connected to the server device, and the biometric authentication control unit are connected. The bioauthentication control unit includes an authenticated gate device, an authenticated person detecting means for detecting a person at a predetermined position as an authenticated person, and an authentication request including the detected biometric information of the authenticated person. The requesting means for transmitting to the server device, the tracking means for tracking the detected authenticated person, the result of bioauthentication of the authenticated person by the server device, and the authenticated person at the entrance of the gate device. Provided is a system including a notification means for determining whether or not the authenticated person can pass through the gate device based on the result of the tracking determination of the person and notifying the gate device of the determination result. ..
 本発明の第3の視点によれば、生体認証制御ユニットにおいて、所定の位置における人物を被認証者として検出し、前記検出された被認証者の生体情報を含む認証要求をサーバ装置に送信し、前記検出された被認証者を追跡し、前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する、生体認証制御ユニットの制御方法が提供される。 According to the third viewpoint of the present invention, in the biometric authentication control unit, a person at a predetermined position is detected as a person to be authenticated, and an authentication request including the detected biometric information of the person to be authenticated is transmitted to the server device. The authenticated person is tracked, and the person to be authenticated is tracked based on the result of the bioauthentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device. Provided is a control method of the biometric authentication control unit, which determines whether or not the user can pass through the gate device and notifies the gate device of the determination result.
 本発明の第4の視点によれば、生体認証制御ユニットに搭載されたコンピュータに、所定の位置における人物を被認証者として検出する処理と、前記検出された被認証者の生体情報を含む認証要求をサーバ装置に送信する処理と、前記検出された被認証者を追跡する処理と、前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する処理と、を実行させるためのプログラムが記録されたコンピュータ読み取り可能な記録媒体が提供される。 According to the fourth aspect of the present invention, a process of detecting a person at a predetermined position as a person to be authenticated on a computer mounted on a bioauthentication control unit and authentication including the detected biometric information of the person to be authenticated are included. The process of sending a request to the server device, the process of tracking the detected person to be authenticated, the result of the bioauthentication of the person to be authenticated by the server device, and the tracking determination of the person to be authenticated at the entrance of the gate device. A computer-readable program for executing a process of determining whether or not the authenticated person can pass through the gate device based on the result of the above and notifying the gate device of the determination result. A recording medium is provided.
 本発明の各視点によれば、利用者の通行を適切に制御することに寄与する、生体認証制御ユニット、システム、生体認証制御ユニットの制御方法及び記録媒体が提供される。なお、本発明の効果は上記に限定されない。本発明により、当該効果の代わりに、又は当該効果と共に、他の効果が奏されてもよい。 According to each viewpoint of the present invention, a biometric authentication control unit, a system, a control method of the biometric authentication control unit, and a recording medium that contribute to appropriately controlling the passage of the user are provided. The effect of the present invention is not limited to the above. According to the present invention, other effects may be produced in place of or in combination with the effect.
一実施形態の概要を説明するための図である。It is a figure for demonstrating the outline of one Embodiment. 第1の実施形態に係る認証システムの概略構成の一例を示す図である。It is a figure which shows an example of the schematic structure of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの概略動作を説明するための図である。It is a figure for demonstrating the schematic operation of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る生体認証制御ユニットの処理構成の一例を示す図である。It is a figure which shows an example of the processing structure of the biometric authentication control unit which concerns on 1st Embodiment. 第1の実施形態に係る被認証者情報テーブルの一例を示す図である。It is a figure which shows an example of the subject information table which concerns on 1st Embodiment. 第1の実施形態に係る認証要求の一例を示す図である。It is a figure which shows an example of the authentication request which concerns on 1st Embodiment. 第1の実施形態に係るテーブル情報の一例を示す図である。It is a figure which shows an example of the table information which concerns on 1st Embodiment. 第1の実施形態に係るゲート装置の処理構成の一例を示す図である。It is a figure which shows an example of the processing structure of the gate apparatus which concerns on 1st Embodiment. 第1の実施形態に係る生体認証制御ユニットとゲート装置の動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation of the biometric authentication control unit and the gate device which concerns on 1st Embodiment. 第1の実施形態に係るサーバ装置の処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the server apparatus which concerns on 1st Embodiment. 第1の実施形態に係る利用者情報データベースの一例を示す図である。It is a figure which shows an example of the user information database which concerns on 1st Embodiment. 第1の実施形態に係る認証状況データベースの一例を示す図である。It is a figure which shows an example of the authentication status database which concerns on 1st Embodiment. 第1の実施形態に係るサーバ装置の動作の一例を示すフローチャートである。It is a flowchart which shows an example of the operation of the server apparatus which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係るゲート装置の動作を説明するための図である。It is a figure for demonstrating the operation of the gate apparatus which concerns on 1st Embodiment. 第1の実施形態に係るゲート装置の動作を説明するための図である。It is a figure for demonstrating the operation of the gate apparatus which concerns on 1st Embodiment. 本願開示に係る生体認証制御ユニットのハードウェア構成の一例を示す図である。It is a figure which shows an example of the hardware composition of the biometric authentication control unit which concerns on the disclosure of this application. 本願開示に係るゲート装置のハードウェア構成の一例を示す図である。It is a figure which shows an example of the hardware composition of the gate apparatus which concerns on the disclosure of this application. 本願開示の変形例に係るゲート装置の処理構成の一例を示す図である。It is a figure which shows an example of the processing structure of the gate apparatus which concerns on the modification of the present disclosure.
 はじめに、一実施形態の概要について説明する。なお、この概要に付記した図面参照符号は、理解を助けるための一例として各要素に便宜上付記したものであり、この概要の記載はなんらの限定を意図するものではない。また、特段の釈明がない場合には、各図面に記載されたブロックはハードウェア単位の構成ではなく、機能単位の構成を表す。各図におけるブロック間の接続線は、双方向及び単方向の双方を含む。一方向矢印については、主たる信号(データ)の流れを模式的に示すものであり、双方向性を排除するものではない。なお、本明細書及び図面において、同様に説明されることが可能な要素については、同一の符号を付することにより重複説明が省略され得る。 First, the outline of one embodiment will be explained. It should be noted that the drawing reference reference numerals added to this outline are added to each element for convenience as an example for assisting understanding, and the description of this outline is not intended to limit anything. Further, unless otherwise specified, the blocks described in each drawing represent not the configuration of hardware units but the configuration of functional units. The connecting lines between the blocks in each figure include both bidirectional and unidirectional. The one-way arrow schematically shows the flow of the main signal (data), and does not exclude bidirectionality. In the present specification and the drawings, the same reference numerals may be given to elements that can be similarly described, so that duplicate description may be omitted.
 一実施形態に係る生体認証制御ユニット100は、被認証者検出部101と、要求部102と、追跡部103と、通知部104と、を備える(図1参照)。被認証者検出部101は、所定の位置における人物を被認証者として検出する。要求部102は、検出された被認証者の生体情報を含む認証要求をサーバ装置に送信する。追跡部103は、検出された被認証者を追跡する。通知部104は、サーバ装置による被認証者の生体認証の結果と、ゲート装置の入り口における被認証者の追跡判定の結果と、に基づいて被認証者がゲート装置を通行できるか否か判定し、判定結果をゲート装置に通知する。 The biometric authentication control unit 100 according to one embodiment includes a subject detection unit 101, a request unit 102, a tracking unit 103, and a notification unit 104 (see FIG. 1). The authenticated person detection unit 101 detects a person at a predetermined position as an authenticated person. The request unit 102 transmits an authentication request including the detected biometric information of the person to be authenticated to the server device. The tracking unit 103 tracks the detected person to be authenticated. The notification unit 104 determines whether or not the authenticated person can pass through the gate device based on the result of the biometric authentication of the authenticated person by the server device and the result of the tracking determination of the authenticated person at the entrance of the gate device. , Notify the gate device of the determination result.
 生体認証制御ユニット100は、ゲート装置から所定の距離離れた利用者を被認証者として検出する。生体認証制御ユニット100は、被認証者を検出すると、当該被認証者の生体認証と追跡(トラッキング)を開始する。その後、被認証者がゲート装置に到着(ゲート装置の入り口に到着)すると、生体認証制御ユニット100は、被認証者の追跡に成功したか否かを判定する。生体認証制御ユニット100は、被認証者の認証に成功し、且つ、所定の位置から開始した追跡が少なくとも入り口にて成功した場合に、被認証者のゲート通過を許可する。このように、生体認証制御ユニット100が被認証者の生体認証に成功し、当該被認証者に関してゲート装置の入り口における追跡に成功した場合に、被認証者はゲート装置を通過できる。換言すれば、被認証者の横から割り込んできた利用者に関しては、生体認証及び追跡に成功することはないので、ゲート装置を通過することができない。即ち、利用者の通行は適切に制御される。 The biometric authentication control unit 100 detects a user who is a predetermined distance away from the gate device as a person to be authenticated. When the biometric authentication control unit 100 detects the subject to be authenticated, the biometric authentication control unit 100 starts biometric authentication and tracking of the subject to be authenticated. After that, when the person to be authenticated arrives at the gate device (arrival at the entrance of the gate device), the biometric authentication control unit 100 determines whether or not the tracking of the person to be authenticated is successful. The biometric authentication control unit 100 permits the subject to pass through the gate when the subject is successfully authenticated and the tracking started from a predetermined position is successful at least at the entrance. In this way, when the biometric authentication control unit 100 succeeds in biometric authentication of the person to be authenticated and succeeds in tracking the person to be authenticated at the entrance of the gate device, the person to be authenticated can pass through the gate device. In other words, the user who interrupts from the side of the person to be authenticated cannot pass through the gate device because biometric authentication and tracking are not successful. That is, the traffic of the user is appropriately controlled.
 以下に具体的な実施形態について、図面を参照してさらに詳しく説明する。 The specific embodiments will be described in more detail below with reference to the drawings.
[第1の実施形態]
 第1の実施形態について、図面を用いてより詳細に説明する。 [First Embodiment]
The first embodiment will be described in more detail with reference to the drawings.
[システム構成]
 図2は、第1の実施形態に係る認証システムの概略構成の一例を示す図である。図2を参照すると、認証システムは、複数のゲート装置10-1~10-3と、サーバ装置20と、を含む。 [System configuration]
FIG. 2 is a diagram showing an example of a schematic configuration of the authentication system according to the first embodiment. Referring to FIG. 2, the authentication system includes a plurality of gate devices 10-1 to 10-3 and a server device 20.
 以降の説明において、ゲート装置10-1~10-3を区別する特段の理由がない場合には、単に「ゲート装置10」と表記する。他の構成についても同様に、ハイフンより左側の符号にて当該構成を代表して表記する。 In the following description, if there is no particular reason for distinguishing the gate devices 10-1 to 10-3, it is simply referred to as "gate device 10". Similarly, the other configurations are represented by the symbols on the left side of the hyphen.
 ゲート装置10とサーバ装置20は、有線又は無線の通信手段により通信が可能に構成されている。サーバ装置20は、ゲート装置10と同じ建物内に設置されていてもよいし、ネットワーク(クラウド)上に設置されていてもよい。 The gate device 10 and the server device 20 are configured to enable communication by a wired or wireless communication means. The server device 20 may be installed in the same building as the gate device 10 or may be installed on a network (cloud).
 ゲート装置10は、例えば、空港や駅に設置される装置である。ゲート装置10は、利用者の通行を制御する。第1の実施形態では、ゲート装置10は、駅に設置される改札機として説明を行う。ただし、ゲート装置10を駅に設置された改札機に限定する趣旨ではないことは勿論である。 The gate device 10 is, for example, a device installed at an airport or a station. The gate device 10 controls the passage of the user. In the first embodiment, the gate device 10 will be described as a ticket gate installed at a station. However, it goes without saying that the purpose is not to limit the gate device 10 to the ticket gate installed at the station.
 サーバ装置20は、認証システムの全体を制御する装置である。サーバ装置20は、ゲート装置10を通過しようとする利用者の生体認証を行う装置である。サーバ装置20は、利用者がゲート装置10を通過する資格(権限)を備えていれば、当該利用者の通行を許可する。サーバ装置20は、利用者がゲート装置10を通過する資格を備えていなければ、当該利用者の通行を拒否する。 The server device 20 is a device that controls the entire authentication system. The server device 20 is a device that performs biometric authentication of a user who is about to pass through the gate device 10. If the user has the qualification (authority) to pass through the gate device 10, the server device 20 permits the user to pass. If the user is not qualified to pass through the gate device 10, the server device 20 refuses the passage of the user.
[システムの動作概略]
 続いて、図面を参照しつつ、第1の実施形態に係る認証システムの動作の概略を説明する。 [Overview of system operation]
Subsequently, the outline of the operation of the authentication system according to the first embodiment will be described with reference to the drawings.
 図3に示すように、ゲート装置10は、ゲート装置10に向かって歩いてくる利用者を撮影可能に設置されたカメラ11を備える。また、ゲート装置10は、自装置内に進入した利用者を検出するための検出センサ12及び13と、利用者の通行を制御するためのゲート14と、を備える。 As shown in FIG. 3, the gate device 10 includes a camera 11 installed so as to be able to photograph a user walking toward the gate device 10. Further, the gate device 10 includes detection sensors 12 and 13 for detecting a user who has entered the own device, and a gate 14 for controlling the passage of the user.
 さらに、ゲート装置10は、生体認証制御ユニット15を備える。生体認証制御ユニット15は、ゲート装置10に後付け(アドオン)可能なユニットである。ゲート装置10と生体認証制御ユニット15は、例えば、USB(Universal Serial Bus)やPCI(Peripheral Component Interconnect)等のバス規格で接続される。また、生体認証制御ユニット15は、カメラ11、検出センサ12及び13と通信可能に構成されており、これらのデバイスを制御(使用)してゲート装置10の生体認証機能を実現する。 Further, the gate device 10 includes a biometric authentication control unit 15. The biometric authentication control unit 15 is a unit that can be retrofitted (add-on) to the gate device 10. The gate device 10 and the biometric authentication control unit 15 are connected by a bus standard such as USB (Universal Serial Bus) or PCI (Peripheral Component Interconnect), for example. Further, the biometric authentication control unit 15 is configured to be communicable with the camera 11, the detection sensors 12 and 13, and controls (uses) these devices to realize the biometric authentication function of the gate device 10.
 生体認証制御ユニット15は、ゲート装置10から所定の距離離れた場所(例えば、図3の位置X1)に存在する人物(利用者、乗客)を検出する。 The biometric authentication control unit 15 detects a person (user, passenger) existing at a predetermined distance (for example, position X1 in FIG. 3) from the gate device 10.
 位置X1にて利用者を検出すると、生体認証制御ユニット15は、サーバ装置20に対して当該検出された利用者の生体認証を要求する。具体的には、生体認証制御ユニット15は、利用者の生体情報を含む「認証要求」をサーバ装置20に送信する。 When the user is detected at the position X1, the biometric authentication control unit 15 requests the server device 20 to perform biometric authentication of the detected user. Specifically, the biometric authentication control unit 15 transmits an "authentication request" including the biometric information of the user to the server device 20.
 また、生体認証制御ユニット15は、認証要求の送信(認証の開始)と実質的に同じタイミングにて、上記利用者(位置X1で検出された被認証者)の追跡(トラッキング)を開始する。 Further, the biometric authentication control unit 15 starts tracking (tracking) of the user (the person to be authenticated detected at the position X1) at substantially the same timing as the transmission of the authentication request (start of authentication).
 このように、生体認証制御ユニット15は、位置X1にて被認証者を検出すると、サーバ装置20に対する認証要求と当該被認証者の追跡開始を実質的に同じタイミングで行う。 As described above, when the biometric authentication control unit 15 detects the authenticated person at the position X1, the authentication request to the server device 20 and the tracking start of the authenticated person are performed at substantially the same timing.
 認証要求を受信したサーバ装置20は、事前に登録された生体情報を用いた照合処理(認証処理)により、利用者を特定する。サーバ装置20は、当該特定された利用者がゲート装置10を通行する資格を備えているか否か判定する。例えば、サーバ装置20は、事前登録された利用者のチャージ金額等を確認し、被認証者の通行可否を判定する。なお、サーバ装置20は、被認証者の通行可否の判定をする際、外部のサーバ等に問合せをする場合もある。外部サーバ等に問合わせるか否かはシステムの仕様、設計等に依存し、且つ、本願開示の趣旨とも異なるので当該外部サーバを含むシステムの構成に関する説明を省略する。 The server device 20 that has received the authentication request identifies the user by a collation process (authentication process) using biometric information registered in advance. The server device 20 determines whether or not the specified user is qualified to pass through the gate device 10. For example, the server device 20 confirms the charge amount of the pre-registered user and determines whether or not the authenticated person can pass. The server device 20 may make an inquiry to an external server or the like when determining whether or not the authenticated person can pass. Whether or not to inquire about an external server or the like depends on the specifications, design, etc. of the system, and is different from the purpose of the disclosure of the present application. Therefore, the description regarding the configuration of the system including the external server will be omitted.
 サーバ装置20は、認証要求に対する応答(認証結果)を当該要求の送信元である生体認証制御ユニット15に送信する。具体的には、サーバ装置20は、「通行可」と判定された場合には、「認証成功」を生体認証制御ユニット15に通知する。「通行不可」と判定された場合には、サーバ装置20は、「認証失敗」を生体認証制御ユニット15に通知する。 The server device 20 transmits a response (authentication result) to the authentication request to the biometric authentication control unit 15 that is the source of the request. Specifically, when the server device 20 is determined to be "passable", the server device 20 notifies the biometric authentication control unit 15 of "authentication success". When it is determined that "passage is not possible", the server device 20 notifies the biometric authentication control unit 15 of "authentication failure".
 サーバ装置20が認証要求を処理している間、被認証者(位置X1で撮影された人物)はゲート装置10に向かって移動する。例えば、被認証者が位置X2の場所まで移動したタイミングで、生体認証制御ユニット15は、サーバ装置20から認証要求の応答を受信する。 While the server device 20 is processing the authentication request, the person to be authenticated (the person photographed at the position X1) moves toward the gate device 10. For example, the biometric authentication control unit 15 receives the response of the authentication request from the server device 20 at the timing when the person to be authenticated moves to the location X2.
 サーバ装置20から認証結果を受信しても、生体認証制御ユニット15は、被認証者の追跡を継続する。生体認証制御ユニット15は、サーバ装置20から認証結果を受信しても当該タイミングではゲート14の開閉をゲート装置10に指示しない。 Even if the authentication result is received from the server device 20, the biometric authentication control unit 15 continues to track the person to be authenticated. Even if the biometric authentication control unit 15 receives the authentication result from the server device 20, the biometric authentication control unit 15 does not instruct the gate device 10 to open or close the gate 14 at that timing.
 被認証者は、さらにゲート装置10に近づき、その内部に進入する(被認証者は、位置X3に到達する)。ゲート装置10は、ゲート装置10の入り口に設置された検出センサ12からの検出信号に基づき被認証者がゲート装置10の内部に進入したことを検出する。ゲート装置10は、被認証者を検出すると、その旨を生体認証制御ユニット15に通知する。 The authenticated person further approaches the gate device 10 and enters the inside thereof (the authenticated person reaches the position X3). The gate device 10 detects that the person to be authenticated has entered the inside of the gate device 10 based on the detection signal from the detection sensor 12 installed at the entrance of the gate device 10. When the gate device 10 detects the person to be authenticated, it notifies the biometric authentication control unit 15 to that effect.
 利用者がゲート装置10に進入した事実を認識すると、生体認証制御ユニット15は、被認証者の追跡に関する最終判定を行う。生体認証制御ユニット15は、被認証者がゲート装置10の内部に進入したと判断されたタイミング(位置X3)にて、追跡の最終判定を行う。生体認証制御ユニット15は、位置X1から位置X3までの間で同一人物の顔追跡が行えた場合に、「追跡完了」とする。 Upon recognizing the fact that the user has entered the gate device 10, the biometric authentication control unit 15 makes a final determination regarding the tracking of the person to be authenticated. The biometric authentication control unit 15 makes a final determination of tracking at the timing (position X3) when it is determined that the person to be authenticated has entered the inside of the gate device 10. The biometric authentication control unit 15 determines that the tracking is completed when the face of the same person can be tracked between the position X1 and the position X3.
 生体認証制御ユニット15は、追跡に関する最終判定を行ったタイミングにて、サーバ装置20の認証が成功し、且つ、追跡が完了している場合に、利用者(被認証者)はゲート装置10を通行できると判断し、その旨をゲート装置10に通知する。より具体的には、生体認証制御ユニット15は、「通行許可通知」をゲート装置10に送信する。 When the biometric authentication control unit 15 succeeds in authenticating the server device 20 and the tracking is completed at the timing when the final determination regarding the tracking is performed, the user (certified person) presses the gate device 10. It is determined that the vehicle can pass through, and the gate device 10 is notified to that effect. More specifically, the biometric authentication control unit 15 transmits a "passage permission notification" to the gate device 10.
 被認証者は、ゲート装置10の入り口からさらに内部に進む。利用者がゲート装置10の所定位置(位置X4)まで進むと、ゲート装置10は、自装置の中間に設置された検出センサ13からの検出信号に基づき当該被認証者を検出する。 The authenticated person goes further inside from the entrance of the gate device 10. When the user advances to a predetermined position (position X4) of the gate device 10, the gate device 10 detects the person to be authenticated based on the detection signal from the detection sensor 13 installed in the middle of the own device.
 ゲート装置10は、利用者が検出されたタイミングで、「通行許可通知」を受信していれば、ゲート14の開状態を維持して利用者のゲート通行を許可する。 If the gate device 10 receives the "passage permission notification" at the timing when the user is detected, the gate device 10 maintains the open state of the gate 14 and permits the user to pass through the gate.
 対して、ゲート装置10は、利用者が検出されたタイミングで「通行許可通知」を受信していない場合、ゲート14を閉じて利用者の通行を制限する。 On the other hand, if the gate device 10 does not receive the "passage permission notification" at the timing when the user is detected, the gate device 10 closes the gate 14 to restrict the passage of the user.
 なお、利用者の生体情報には、例えば、顔、虹彩の模様(パターン)といった個人に固有な身体的特徴から計算されるデータ(特徴量)が例示される。あるいは、利用者の生体情報は、顔画像、虹彩画像等の画像データであってもよい。利用者の生体情報は、利用者の身体的特徴を情報として含むものであればよい。第1の実施形態では、人の顔画像又は当該顔画像から生成された特徴量を生体情報として用いて説明を行う。 Note that the biometric information of the user exemplifies data (feature amount) calculated from physical characteristics peculiar to an individual such as a face and an iris pattern (pattern). Alternatively, the biometric information of the user may be image data such as a face image and an iris image. The biometric information of the user may be any information that includes the physical characteristics of the user. In the first embodiment, a human face image or a feature amount generated from the face image is used as biological information for explanation.
 利用者の追跡(トラッキング)には種々の方法が考えられる。例えば、本願開示では、顔画像を用いた追跡や体形画像を用いた追跡を用いることができる。第1の実施形態では、顔画像(顔領域)を用いた顔追跡を用いて被認証者の追跡を行う場合について説明する。 Various methods can be considered for tracking users. For example, in the disclosure of the present application, tracking using a facial image or tracking using a body shape image can be used. In the first embodiment, a case where the subject is tracked by using face tracking using a face image (face area) will be described.
 図2等に示す構成は例示であって、システムの構成を限定する趣旨ではない。例えば、認証システムには少なくとも1台以上のゲート装置10が含まれていればよい。各ゲート装置10は同じ場所(例えば、同じ駅)に設置されていてもよいし、異なる場所に設置されていてもよい。 The configuration shown in FIG. 2 and the like is an example, and does not mean to limit the configuration of the system. For example, the authentication system may include at least one gate device 10. Each gate device 10 may be installed in the same place (for example, the same station) or may be installed in a different place.
 続いて、第1の実施形態に係る認証システムに含まれる生体認証制御ユニット15、ゲート装置10及びサーバ装置20の詳細について説明する。 Subsequently, the details of the biometric authentication control unit 15, the gate device 10, and the server device 20 included in the authentication system according to the first embodiment will be described.
[生体認証制御ユニット]
 図4は、第1の実施形態に係る生体認証制御ユニット15の処理構成(処理モジュール)の一例を示す図である。図4を参照すると、生体認証制御ユニット15は、通信制御部201と、被認証者検出部202と、認証要求部203と、被認証者追跡部204と、通行許可通知部205と、テーブル管理部206と、メッセージ出力部207、記憶部208と、を含む。 [Biometric authentication control unit]
FIG. 4 is a diagram showing an example of a processing configuration (processing module) of the biometric authentication control unit 15 according to the first embodiment. Referring to FIG. 4, the biometric authentication control unit 15 includes a communication control unit 201, a subject detection unit 202, an authentication request unit 203, a subject tracking unit 204, a passage permission notification unit 205, and table management. A unit 206, a message output unit 207, and a storage unit 208 are included.
 通信制御部201は、他の装置との間の通信を制御する手段である。例えば、通信制御部201は、サーバ装置20からデータ(パケット)を受信する。また、通信制御部201は、サーバ装置20に向けてデータを送信する。通信制御部201は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部201は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部201を介して他の装置とデータの送受信を行う。 The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the server device 20. Further, the communication control unit 201 transmits data to the server device 20. The communication control unit 201 passes the data received from the other device to the other processing module. The communication control unit 201 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 201.
 被認証者検出部202は、被認証者を検出する手段である。被認証者検出部202は、ゲート装置10から所定の距離離れた位置(所定の位置)における人物を被認証者として検出する。より具体的には、被認証者検出部202は、ゲート装置10から所定の距離離れた場所(図3の位置X1)に人が存在するか否か検出する。 The authenticated person detection unit 202 is a means for detecting the authenticated person. The authenticated person detection unit 202 detects a person at a position (predetermined position) separated from the gate device 10 by a predetermined distance as the authenticated person. More specifically, the authenticated person detection unit 202 detects whether or not a person is present at a place (position X1 in FIG. 3) at a predetermined distance from the gate device 10.
 被認証者検出部202は、定期的又は所定のタイミングでカメラ11から画像データを取得する。被認証者検出部202は、取得した画像データから顔画像の抽出を試みる。 The authenticated person detection unit 202 acquires image data from the camera 11 on a regular basis or at a predetermined timing. The authenticated person detection unit 202 attempts to extract a face image from the acquired image data.
 被認証者検出部202による顔画像の抽出処理には、既存の技術を用いることができるので詳細な説明を省略する。例えば、被認証者検出部202は、CNN(Convolutional Neural Network)により学習された学習モデルを用いて、画像データの中から顔画像(顔領域)を抽出してもよい。あるいは、被認証者検出部202は、テンプレートマッチング等の手法を用いて顔画像を抽出してもよい。 Since the existing technique can be used for the face image extraction process by the authenticated person detection unit 202, detailed description thereof will be omitted. For example, the subject detection unit 202 may extract a face image (face region) from the image data by using a learning model learned by CNN (Convolutional Neural Network). Alternatively, the authenticated person detection unit 202 may extract a face image by using a technique such as template matching.
 顔画像が抽出されると、被認証者検出部202は、顔画像から目間距離を計算する。具体的には、被認証者検出部202は、顔画像から左右の目を抽出し、当該抽出された両目を結ぶ直線の長さ(画素数)を計算する。 When the face image is extracted, the authenticated person detection unit 202 calculates the distance between the eyes from the face image. Specifically, the authenticated person detection unit 202 extracts the left and right eyes from the face image, and calculates the length (number of pixels) of the straight line connecting the extracted eyes.
 被認証者検出部202は、計算した目間距離に対して閾値処理を実行し、その結果に応じて被認証者が上記所定の位置(位置X1)に存在するか否か判定する。具体的には、目間距離が閾値よりも長ければ、被認証者検出部202は、所定の位置にて被認証者を検出したと判定する。目間距離が閾値以下であれば、被認証者検出部202は、当該所定の位置には被認証者は存在しないと判定する。 The authenticated person detection unit 202 executes a threshold value process for the calculated inter-eye distance, and determines whether or not the authenticated person exists at the predetermined position (position X1) according to the result. Specifically, if the distance between the eyes is longer than the threshold value, the authenticated person detection unit 202 determines that the authenticated person has been detected at a predetermined position. If the eye-to-eye distance is equal to or less than the threshold value, the authenticated person detection unit 202 determines that the person to be authenticated does not exist at the predetermined position.
 所定の位置(位置X1)において被認証者を検出すると、被認証者検出部202は、被認証者情報テーブルにエントリを追加する。被認証者検出部202は、被認証者を識別する被認証者ID(identifier)を採番し、当該被認証者IDを新たなエントリに記憶する。また、被認証者検出部202は、被認証者を被認証者情報テーブルに登録した時刻(新たなエントリを追加した時刻)も併せて被認証者情報テーブルに記憶する。 When the authenticated person is detected at a predetermined position (position X1), the authenticated person detection unit 202 adds an entry to the authenticated person information table. The authenticated person detection unit 202 assigns an authenticated person ID (identifier) that identifies the authenticated person, and stores the authenticated person ID in a new entry. In addition, the authenticated person detection unit 202 also stores the time when the authenticated person is registered in the authenticated person information table (the time when a new entry is added) in the authenticated person information table.
 図5は、第1の実施形態に係る被認証者情報テーブルの一例を示す図である。被認証者情報テーブルは生体認証制御ユニット15のメモリ上に構築される。図5の最下段に示すように、被認証者検出部202は、位置X1において人を検出すると、被認証者情報テーブルにエントリを追加し、当該検出された人物を被認証者に設定する。なお、エントリが追加されたタイミングでは、認証ステータスフィールド、追跡IDフィールド、追跡ステータスフィールドには何も設定されない。 FIG. 5 is a diagram showing an example of the authenticated person information table according to the first embodiment. The authenticated person information table is constructed on the memory of the biometric authentication control unit 15. As shown in the lowermost part of FIG. 5, when the authenticated person detection unit 202 detects a person at the position X1, an entry is added to the authenticated person information table, and the detected person is set as the authenticated person. At the timing when the entry is added, nothing is set in the authentication status field, the tracking ID field, and the tracking status field.
 認証ステータスフィールドは、被認証者の生体認証に関する状況を管理するためのフィールドである。追跡IDフィールドは、後述する追跡IDを記憶するためのフィールドである。追跡ステータスフィールドは、被認証者の追跡状況を管理するためのフィールドである。 The authentication status field is a field for managing the status of the biometric authentication of the person to be authenticated. The tracking ID field is a field for storing the tracking ID described later. The tracking status field is a field for managing the tracking status of the authenticated person.
 被認証者の登録が終了すると、被認証者検出部202は、被認証者IDと被認証者検出時の顔画像を、認証要求部203及び被認証者追跡部204に引き渡す。より正確には、被認証者検出部202は、認証要求部203に対しては、被認証者IDと顔画像を伴った「認証要求指示」を出力する。被認証者検出部202は、被認証者追跡部204に対しては、被認証者IDと顔画像を伴った「追跡開始指示」を出力する。 When the registration of the authenticated person is completed, the authenticated person detection unit 202 hands over the authenticated person ID and the face image at the time of detecting the authenticated person to the authentication request unit 203 and the authenticated person tracking unit 204. More precisely, the authenticated person detection unit 202 outputs an "authentication request instruction" accompanied by an authenticated person ID and a face image to the authentication request unit 203. The authenticated person detection unit 202 outputs a "tracking start instruction" accompanied by the authenticated person ID and a face image to the authenticated person tracking unit 204.
 認証要求部203は、被認証者検出部202により検出された被認証者の認証をサーバ装置20に要求する手段である。被認証者検出部202から認証要求指示を受信すると、認証要求部203は、取得した顔画像から特徴量(複数の特徴量からなる特徴ベクトル)を生成する。 The authentication request unit 203 is a means for requesting the server device 20 to authenticate the authenticated person detected by the authenticated person detection unit 202. Upon receiving the authentication request instruction from the authenticated person detection unit 202, the authentication request unit 203 generates a feature amount (feature vector composed of a plurality of feature amounts) from the acquired face image.
 特徴量の生成処理に関しては既存の技術を用いることができるのでその詳細な説明を省略する。例えば、認証要求部203は、顔画像から目、鼻、口等を特徴点として抽出する。その後、認証要求部203は、特徴点それぞれの位置や各特徴点間の距離を特徴量として計算し、複数の特徴量からなる特徴ベクトル(顔画像を特徴づけるベクトル情報)を生成する。 Since existing techniques can be used for the feature quantity generation process, detailed description thereof will be omitted. For example, the authentication requesting unit 203 extracts eyes, nose, mouth, etc. as feature points from the face image. After that, the authentication requesting unit 203 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector (vector information that characterizes the face image) composed of a plurality of feature amounts.
 認証要求部203は、当該生成された特徴量(生体情報)、被認証者ID及びゲートIDを含む認証要求を生成し、サーバ装置20に送信する(図6参照)。ゲートIDは、ゲート装置10を識別するための識別情報である。ゲートIDには、ゲート装置10のMAC(Media Access Control)アドレスやIP(Internet Protocol)アドレスを用いることができる。あるいは、ゲートIDは、システム固有の識別情報(識別ID)であってもよい。サーバ装置20側にも識別IDをマスタとして保持することにより、送信した認証要求が許可されたゲート装置10からのものであることが判定できる。 The authentication request unit 203 generates an authentication request including the generated feature amount (biological information), the person to be authenticated ID, and the gate ID, and transmits the authentication request to the server device 20 (see FIG. 6). The gate ID is identification information for identifying the gate device 10. As the gate ID, a MAC (Media Access Control) address or an IP (Internet Protocol) address of the gate device 10 can be used. Alternatively, the gate ID may be system-specific identification information (identification ID). By holding the identification ID as a master on the server device 20 side as well, it can be determined that the transmitted authentication request is from the permitted gate device 10.
 認証要求をサーバ装置20に送信すると、認証要求部203は、被認証者情報テーブルの該当するエントリ(被認証者IDが同じエントリ)の認証ステータスフィールドに「認証中」を設定する(図5の下から2番目のエントリ参照)。 When the authentication request is transmitted to the server device 20, the authentication request unit 203 sets "authenticating" in the authentication status field of the corresponding entry (the entry having the same authenticated person ID) in the authenticated person information table (FIG. 5). See the second entry from the bottom).
 認証要求部203は、認証要求に対するサーバ装置20からの応答(認証結果を含む応答)を受信する。認証要求部203は、受信した応答から被認証者IDを抽出する。認証要求部203は、抽出した被認証者IDに基づいて被認証者を特定し、認証結果を被認証者情報テーブルの対応するエントリに登録する(図5の上から1番目、2番目のエントリ参照)。 The authentication request unit 203 receives a response (a response including an authentication result) from the server device 20 to the authentication request. The authentication request unit 203 extracts the authenticated person ID from the received response. The authentication request unit 203 identifies the person to be authenticated based on the extracted ID of the person to be authenticated, and registers the authentication result in the corresponding entry of the person to be authenticated information table (the first and second entries from the top of FIG. 5). reference).
 被認証者追跡部204は、被認証者検出部202により検出された被認証者(位置X1の利用者)を追跡する手段である。被認証者検出部202から追跡開始指示を受信すると、被認証者追跡部204は、取得した顔画像に対応する人物の追跡を開始する。被認証者追跡部204は、追跡を開始した顔画像に「追跡ID」を付与し、追跡中の顔画像を管理する。 The authenticated person tracking unit 204 is a means for tracking the authenticated person (user at position X1) detected by the authenticated person detection unit 202. Upon receiving the tracking start instruction from the authenticated person detection unit 202, the authenticated person tracking unit 204 starts tracking the person corresponding to the acquired face image. The authenticated person tracking unit 204 assigns a "tracking ID" to the face image that has started tracking, and manages the face image being tracked.
 被認証者追跡部204は、例えば、図7に示すような、追跡対象の顔画像と追跡IDを対応付けたテーブル情報を用いて被認証者の追跡を管理する。 The authenticated person tracking unit 204 manages the tracking of the authenticated person by using the table information in which the face image of the tracking target and the tracking ID are associated with each other, as shown in FIG. 7, for example.
 被認証者の追跡を開始すると(顔画像に追跡IDを付与すると)、被認証者追跡部204は、対応する被認証者(被認証者検出部202から取得した被認証者IDに対応するエントリ)の追跡IDフィールドに追跡IDを記憶する。また、被認証者追跡部204は、対応する被認証者の追跡ステータスフィールドに「追跡中」を設定する(図5の下から3番目のエントリ参照)。 When the tracking of the authenticated person is started (when the tracking ID is given to the face image), the authenticated person tracking unit 204 indicates the corresponding entry corresponding to the authenticated person (authentication person ID acquired from the authenticated person detection unit 202). ), The tracking ID is stored in the tracking ID field. In addition, the subject tracking unit 204 sets "tracking" in the corresponding subject tracking status field (see the third entry from the bottom of FIG. 5).
 被認証者追跡部204は、定期的又は所定のタイミングでカメラ11から画像データを取得する。被認証者追跡部204は、取得した画像データを用いて被認証者の追跡判定を行う。具体的には、被認証者追跡部204は、取得した画像データにおいて、平行移動、回転、スケールにより前の顔画像(例えば、追跡開始時の顔画像)と同じ顔画像を得ることができれば「追跡成功」と判定する。そのような顔画像が得られなければ、被認証者追跡部204は、「追跡失敗」と判定する。なお、顔画像を用いた追跡処理に関しては既存の処理を使用することができるのでさらなる説明を省略する。 The authenticated person tracking unit 204 acquires image data from the camera 11 on a regular basis or at a predetermined timing. The authenticated person tracking unit 204 makes a tracking determination of the authenticated person using the acquired image data. Specifically, if the subject tracking unit 204 can obtain the same face image as the previous face image (for example, the face image at the start of tracking) by translation, rotation, and scale in the acquired image data, " It is judged as "tracking successful". If such a facial image cannot be obtained, the authenticated person tracking unit 204 determines that the tracking has failed. As for the tracking process using the face image, the existing process can be used, so further description will be omitted.
 被認証者追跡部204は、追跡判定の結果を被認証者情報テーブルに反映する。具体的には、被認証者追跡部204は、追跡対象の追跡IDのうち追跡成功と判定された追跡IDに対応するエントリの追跡ステータスに「追跡中」と設定する。対して、被認証者追跡部204は、追跡対象の追跡IDのうち追跡失敗と判定された追跡IDに対応するエントリの追跡ステータスに「追跡失敗」と設定する(図5の上から3番目のエントリ参照)。 The authenticated person tracking unit 204 reflects the result of the tracking determination in the authenticated person information table. Specifically, the authenticated person tracking unit 204 sets the tracking status of the entry corresponding to the tracking ID determined to be successful among the tracking IDs of the tracking target to "tracking". On the other hand, the authenticated person tracking unit 204 sets the tracking status of the entry corresponding to the tracking ID determined to be tracking failure among the tracking IDs of the tracking target to "tracking failure" (third from the top of FIG. 5). See entry).
 このように、被認証者追跡部204は、追跡に成功した被認証者の追跡ステータスには「追跡中」を上書きし、追跡に失敗した被認証者の追跡ステータスには「追跡失敗」を設定する。なお、被認証者の前を他の利用者が横切ったタイミングで画像データが取得され追跡判定が実行されると、「追跡失敗」が被認証者情報テーブルに設定され得る。また、被認証者がゲート装置10から離れて引き返した場合等にも、「追跡失敗」が設定されることもある。しかしながら、「追跡失敗」が設定されたエントリであっても、その後の追跡判定に成功すれば、「追跡中」が設定される。 In this way, the authenticated person tracking unit 204 overwrites the tracking status of the authenticated person who succeeded in tracking with "tracking", and sets the tracking status of the authenticated person who failed in tracking to "tracking failed". do. If the image data is acquired and the tracking determination is executed at the timing when another user crosses in front of the authenticated person, "tracking failure" can be set in the authenticated person information table. Further, "tracking failure" may be set when the person to be authenticated leaves the gate device 10 and turns back. However, even if the entry is set to "tracking failure", "tracking" is set if the subsequent tracking determination is successful.
 被認証者追跡部204は、後述するゲート装置10の進入者検出部302から「追跡最終判定指示」を取得する。被認証者追跡部204は、進入者検出部302から画像データを伴った追跡最終判定指示を受信する。 The authenticated person tracking unit 204 acquires a "tracking final determination instruction" from the intruder detection unit 302 of the gate device 10 described later. The authenticated person tracking unit 204 receives a tracking final determination instruction accompanied by image data from the intruder detection unit 302.
 当該指示に従い、被認証者追跡部204は、進入者検出部302から取得した画像データを用いて追跡判定を行う。即ち、被認証者追跡部204は、進入者検出部302によって進入者が検出されたことに応じて、被認証者の追跡に関する最終判定(最後の追跡判定)を行う。 According to the instruction, the authenticated person tracking unit 204 makes a tracking determination using the image data acquired from the intruder detection unit 302. That is, the authenticated person tracking unit 204 makes a final determination (final tracking determination) regarding the tracking of the authenticated person according to the detection of the intruder by the intruder detection unit 302.
 最後の追跡判定が終了すると、被認証者追跡部204は、判定結果を被認証者情報テーブルに登録する。より具体的には、最後の追跡判定に成功すると、被認証者追跡部204は、判定に成功した追跡IDに対応するエントリの追跡ステータスに「追跡完了」と設定する(図5の最上段のエントリ参照)。 When the final tracking determination is completed, the authenticated person tracking unit 204 registers the determination result in the authenticated person information table. More specifically, when the final tracking determination is successful, the authenticated person tracking unit 204 sets the tracking status of the entry corresponding to the tracking ID that succeeded in the determination to "tracking completed" (at the top of FIG. 5). See entry).
 最後の追跡判定に失敗した場合には、被認証者追跡部204は、特段の処理を行わない。最後の追跡判定では、被認証者追跡部204は、追跡に失敗した被認証者に関して「追跡失敗」を設定することはない。 If the final tracking determination fails, the authenticated person tracking unit 204 does not perform any special processing. In the final tracking determination, the subject tracking unit 204 does not set "tracking failure" for the subject who failed to track.
 このように、被認証者が検出された位置X1と被認証者がゲート装置10の内部に進入した位置X3の間において被認証者の追跡に成功すると、被認証者追跡部204は、被認証者情報テーブルに「追跡完了」を設定する。 As described above, when the authenticated person is successfully tracked between the position X1 where the authenticated person is detected and the position X3 where the authenticated person enters the inside of the gate device 10, the authenticated person tracking unit 204 is authenticated. Set "Tracking completed" in the person information table.
 被認証者追跡部204は、被認証者の追跡に関する最終判定(最後の追跡判定)を終えると、その旨を通行許可通知部205に通知する。 When the authenticated person tracking unit 204 finishes the final determination (final tracking determination) regarding the tracking of the authenticated person, it notifies the passage permission notification unit 205 to that effect.
 通行許可通知部205は、被認証者(利用者)がゲート装置10を通行することを許可するか否かをゲート装置10に通知する手段である。通行許可通知部205は、サーバ装置20による被認証者の生体認証の結果と、ゲート装置10の入り口における被認証者の追跡判定の結果と、に基づいて被認証者がゲート装置10を通行できるか否か判定し、判定結果をゲート装置10に通知する。 The passage permission notification unit 205 is a means for notifying the gate device 10 whether or not the authenticated person (user) is permitted to pass through the gate device 10. The passage permission notification unit 205 allows the authenticated person to pass through the gate device 10 based on the result of biometric authentication of the authenticated person by the server device 20 and the result of the tracking determination of the authenticated person at the entrance of the gate device 10. Whether or not it is determined, and the determination result is notified to the gate device 10.
 通行許可通知部205は、被認証者追跡部204は被認証者に関する最後の追跡判定が終了したタイミングにおいて、被認証者情報テーブルにアクセスする。 The passage permission notification unit 205 accesses the authenticated person information table at the timing when the authenticated person tracking unit 204 finishes the final tracking determination regarding the authenticated person.
 通行許可通知部205は、被認証者情報テーブルに含まれる各エントリの認証ステータスフィールドと追跡ステータスフィールドを確認する。通行許可通知部205は、認証ステータスフィールドの設定値が「認証成功」、且つ、追跡ステータスフィールドの設定値が「追跡終了」のエントリが存在すれば、被認証者がゲート装置10を通行することを許可する。具体的には、上記2つの条件が満たすエントリが存在すれば、通行許可通知部205は、利用者がゲート装置10を通行できることをゲート装置10に通知する。通行許可通知部205は、「通行許可通知」をゲート装置10に送信する。 The passage permission notification unit 205 confirms the authentication status field and the tracking status field of each entry included in the authenticated person information table. If there is an entry in which the setting value of the authentication status field is "authentication successful" and the setting value of the tracking status field is "tracking completed", the passage permission notification unit 205 allows the authenticated person to pass through the gate device 10. Allow. Specifically, if there is an entry that satisfies the above two conditions, the passage permission notification unit 205 notifies the gate device 10 that the user can pass through the gate device 10. The passage permission notification unit 205 transmits a “passage permission notification” to the gate device 10.
 図5の例では、最上段のエントリが上記2つの条件を満たすので、通行許可通知部205は、「通行許可通知」をゲート装置10に送信する。このように、ゲート装置10の入り口における進入者が検出されたことに応じて、被認証者の追跡に関する最終判定が行われると、通行許可通知部205は、被認証者がゲート装置10を通行できるか否かを判定する。即ち、通行許可通知部205は、生体認証の結果と最終判定の結果に基づいて、被認証者がゲート装置を通行できるか否か判定する。通行許可通知部205は、サーバ装置20による生体認証の結果が認証成功であり、且つ、追跡の最終判定の結果が成功である場合に、被認証者がゲート装置10を通過できることを示す通行許可通知をゲート装置10に送信する。 In the example of FIG. 5, since the entry in the uppermost row satisfies the above two conditions, the passage permission notification unit 205 transmits the "passage permission notification" to the gate device 10. In this way, when the final determination regarding the tracking of the authenticated person is made in response to the detection of the intruder at the entrance of the gate device 10, the pass permission notification unit 205 allows the authenticated person to pass through the gate device 10. Determine if it can be done. That is, the passage permission notification unit 205 determines whether or not the person to be authenticated can pass through the gate device based on the result of biometric authentication and the result of final determination. The passage permission notification unit 205 indicates that the person to be authenticated can pass through the gate device 10 when the result of biometric authentication by the server device 20 is successful and the result of the final determination of tracking is successful. The notification is transmitted to the gate device 10.
 通行許可通知部205は、利用者(被認証者)のゲート通過を許可した場合には、その根拠となったエントリを削除する。図5の例では、通行許可通知部205は、最上段のエントリを削除する。 When the passage permission notification unit 205 permits the user (certified person) to pass through the gate, the passage permission notification unit 205 deletes the entry that is the basis for the permission. In the example of FIG. 5, the passage permission notification unit 205 deletes the entry at the top.
 このように、通行許可通知部205は、被認証者情報テーブルの認証ステータスフィールドの設定値と追跡ステータスフィールドの設定値に基づき、利用者のゲート通行可否を判定する。なお、上述のように、被認証者検出部202は、所定の位置で被認証者を検出すると、被認証者情報テーブルにエントリを追加する。認証要求部203は、サーバ装置20から生体認証の結果を受信すると、当該受信した生体認証の結果を追加されたエントリの認証ステータスフィールドに設定する。被認証者追跡部204は、追跡判定の結果を追加されたエントリの追跡ステータスフィールドに設定する。 In this way, the passage permission notification unit 205 determines whether or not the user can pass through the gate based on the setting value of the authentication status field and the setting value of the tracking status field of the authenticated person information table. As described above, when the authenticated person detection unit 202 detects the authenticated person at a predetermined position, the authenticated person detecting unit 202 adds an entry to the authenticated person information table. When the authentication request unit 203 receives the biometric authentication result from the server device 20, the authentication request unit 203 sets the received biometric authentication result in the authentication status field of the added entry. The authenticated person tracking unit 204 sets the result of the tracking determination in the tracking status field of the added entry.
 通行許可通知部205は、ゲート装置10から「ゲート閉通知」を受信することがある。通行許可通知部205は、当該通知を受信すると、所定期間、被認証者情報テーブルにアクセスを続け、上記2つの条件を満たすエントリが現れるか否か(存在するか否か)を確認する。当該所定期間の間に上記2つの条件を満たすエントリが出現すれば、通行許可通知部205は、被認証者(利用者)のゲート通過を許可する。具体的には、上記2つの条件を満たすエントリが出現すれば、通行許可通知部205は、「通行許可通知」をゲート装置10に送信する。 The passage permission notification unit 205 may receive a "gate closing notification" from the gate device 10. Upon receiving the notification, the passage permission notification unit 205 continues to access the authenticated person information table for a predetermined period of time, and confirms whether or not an entry satisfying the above two conditions appears (whether or not it exists). If an entry satisfying the above two conditions appears during the predetermined period, the passage permission notification unit 205 permits the authenticated person (user) to pass through the gate. Specifically, when an entry satisfying the above two conditions appears, the passage permission notification unit 205 transmits a "passage permission notification" to the gate device 10.
 例えば、ゲート装置10とサーバ装置20の間のネットワーク環境等に起因して、サーバ装置20からの認証結果(認証成功)が被認証者情報テーブルに反映されることが遅れた場合に、上記現象が起こり得る。あるいは、被認証者がゲート装置10を駆け抜けようとした場合にも、上記現象が起こり得る。 For example, when the authentication result (authentication success) from the server device 20 is delayed to be reflected in the authenticated person information table due to the network environment between the gate device 10 and the server device 20, the above phenomenon occurs. Can occur. Alternatively, the above phenomenon may occur when the person to be authenticated tries to run through the gate device 10.
 所定期間経過しても上記2つの条件を満たすエントリが現れない場合には、通行許可通知部205は、駅員(駅員が使用する端末)に問題発生を通知する。あるいは、通行許可通知部205は、メッセージ出力部207を介して被認証者に駅員のもとに向かうように促してもよい。 If an entry satisfying the above two conditions does not appear even after the lapse of a predetermined period, the passage permission notification unit 205 notifies the station staff (terminal used by the station staff) of the occurrence of a problem. Alternatively, the pass permission notification unit 205 may urge the authenticated person to go to the station staff via the message output unit 207.
 テーブル管理部206は、被認証者情報テーブルを管理する手段である。テーブル管理部206は、定期的又は所定のタイミングで被認証者情報テーブルにアクセスし、不要となったエントリを削除する。 The table management unit 206 is a means for managing the authenticated person information table. The table management unit 206 accesses the authenticated person information table periodically or at a predetermined timing, and deletes unnecessary entries.
 テーブル管理部206は、各エントリの登録時刻フィールドを確認し、エントリが被認証者情報テーブルに追加されてから所定期間経過しているエントリを削除する。即ち、テーブル管理部206は、エントリの登録から所定期間経過しても上記2つの条件(認証成功、追跡完了)を満たさないエントリを削除する。 The table management unit 206 confirms the registration time field of each entry, and deletes the entry for which a predetermined period has passed since the entry was added to the authenticated person information table. That is, the table management unit 206 deletes an entry that does not satisfy the above two conditions (authentication success, tracking completion) even after a predetermined period has elapsed from the entry registration.
 このようなテーブル管理部206の動作により、被認証者として検出された利用者がゲート装置10に向かわず他に移動した場合であっても、そのような被認証者のエントリが削除される。 By such an operation of the table management unit 206, even if the user detected as the authenticated person moves to another place without going to the gate device 10, such an entry of the authenticated person is deleted.
 エントリを削除した場合には、テーブル管理部206は、その旨をサーバ装置20や被認証者追跡部204に通知してもよい。テーブル管理部206は、サーバ装置20に対しては被認証者IDを伝え、対応する被認証者の認証をキャンセルしてもよい。また、テーブル管理部206は、被認証者追跡部204に対しては追跡IDを伝え、当該追跡IDに対応する顔画像を顔追跡の対象から外すように指示してもよい。 When the entry is deleted, the table management unit 206 may notify the server device 20 and the authenticated person tracking unit 204 to that effect. The table management unit 206 may transmit the authenticated person ID to the server device 20 and cancel the authentication of the corresponding authenticated person. Further, the table management unit 206 may transmit the tracking ID to the authenticated person tracking unit 204 and instruct the face image corresponding to the tracking ID to be excluded from the face tracking target.
 メッセージ出力部207は、利用者に通知するメッセージ等を出力する手段である。メッセージ出力部207は、ディスプレイ(図示せず)やスピーカー(図示せず)等を用いて必要なメッセージを利用者に通知する。例えば、ゲート装置10のゲート制御部303が利用者の通行を拒否した場合には、メッセージ出力部207は、その旨と共に対応策に関するメッセージ(例えば、駅員に連絡)を出力する。 The message output unit 207 is a means for outputting a message or the like to be notified to the user. The message output unit 207 notifies the user of a necessary message by using a display (not shown), a speaker (not shown), or the like. For example, when the gate control unit 303 of the gate device 10 refuses the passage of the user, the message output unit 207 outputs a message regarding the countermeasure (for example, contacting the station staff) to that effect.
 記憶部208は、生体認証制御ユニット15の動作に必要な情報を記憶する手段である。 The storage unit 208 is a means for storing information necessary for the operation of the biometric authentication control unit 15.
 図8は、第1の実施形態に係るゲート装置10の処理構成(処理モジュール)の一例を示す図である。図8を参照すると、通信制御部301と、ゲート装置10は、進入者検出部302と、ゲート制御部303と、記憶部304と、を備える。 FIG. 8 is a diagram showing an example of a processing configuration (processing module) of the gate device 10 according to the first embodiment. Referring to FIG. 8, the communication control unit 301, the gate device 10 include an intruder detection unit 302, a gate control unit 303, and a storage unit 304.
 通信制御部301は、他の装置との間の通信を制御する手段である。例えば、通信制御部301は、生体認証制御ユニット15からデータ(パケット)を受信する。また、通信制御部301は、生体認証制御ユニット15に向けてデータを送信する。通信制御部301は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部301は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部301を介して他の装置とデータの送受信を行う。 The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packet) from the biometric authentication control unit 15. Further, the communication control unit 301 transmits data to the biometric authentication control unit 15. The communication control unit 301 passes the data received from the other device to the other processing module. The communication control unit 301 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 301.
 進入者検出部302は、自装置(ゲート装置10)への進入者を検出する手段である。より具体的には、進入者検出部302は、ゲート装置10の入り口への進入者を検出する。進入者検出部302は、検出センサ12からの検出信号を用いて進入者を検出する。進入者を検出すると、進入者検出部302は、カメラ11から画像データを取得する。進入者検出部302は、取得した画像データを伴った「追跡最終判定指示」を生体認証制御ユニット15に送信する。 The intruder detection unit 302 is a means for detecting an intruder into the own device (gate device 10). More specifically, the intruder detection unit 302 detects an intruder to the entrance of the gate device 10. The intruder detection unit 302 detects an intruder by using the detection signal from the detection sensor 12. When the intruder is detected, the intruder detection unit 302 acquires image data from the camera 11. The intruder detection unit 302 transmits a "tracking final determination instruction" accompanied by the acquired image data to the biometric authentication control unit 15.
 また、進入者検出部302は、検出センサ13からの検出信号を用いて、ゲート装置10の中間地点(図3の位置X4)に到達した利用者を検出する。進入者検出部302は、位置X4にて利用者を検出すると、その旨をゲート制御部303に通知する。 Further, the intruder detection unit 302 detects the user who has reached the intermediate point (position X4 in FIG. 3) of the gate device 10 by using the detection signal from the detection sensor 13. When the intruder detection unit 302 detects the user at the position X4, the intruder detection unit 302 notifies the gate control unit 303 to that effect.
 ゲート制御部303は、ゲート装置10が備えるゲート14を制御する手段である。ゲート制御部303は、利用者がゲート装置10の所定位置(図3の位置X4)に到達したタイミングで、ゲート14の開閉制御を行う。 The gate control unit 303 is a means for controlling the gate 14 included in the gate device 10. The gate control unit 303 controls the opening and closing of the gate 14 at the timing when the user reaches a predetermined position (position X4 in FIG. 3) of the gate device 10.
 ゲート制御部303は、利用者が位置X4に到達したタイミングで、生体認証制御ユニット15から「通行許可通知」を既に受信していれば、ゲート14の開状態を維持する。対して、ゲート制御部303は、当該タイミングにて生体認証制御ユニット15から「通行許可通知」を受信していない場合には、ゲート14を閉じる。 The gate control unit 303 maintains the open state of the gate 14 if the "passage permission notification" has already been received from the biometric authentication control unit 15 at the timing when the user reaches the position X4. On the other hand, if the gate control unit 303 has not received the "passage permission notification" from the biometric authentication control unit 15 at that timing, the gate control unit 303 closes the gate 14.
 なお、ゲートを閉じた場合には、ゲート制御部303は、その旨を生体認証制御ユニット15に通知する。具体的には、ゲート制御部303は、「ゲート閉通知」を生体認証制御ユニット15に送信する。ゲート制御部303は、ゲート閉通知を送信してから所定期間の間に「利用者通行許可」を受信すると、ゲート14を開く。 When the gate is closed, the gate control unit 303 notifies the biometric authentication control unit 15 to that effect. Specifically, the gate control unit 303 transmits a "gate closing notification" to the biometric authentication control unit 15. When the gate control unit 303 receives the "user passage permission" within a predetermined period after transmitting the gate closing notification, the gate control unit 303 opens the gate 14.
 なお、ゲート制御部303は、被認証者がゲート14を通過した事実を、生体認証制御ユニット15を介してサーバ装置20に通知する。具体的には、ゲート制御部303は、位置X4にて利用者が検出され、生体認証制御ユニット15から通行許可通知を受信していることで、利用者のゲート通過を許可した場合には、その旨を生体認証制御ユニット15に通知する。生体認証制御ユニット15の通行許可通知部205は、通行許可通知を送信することの根拠となったエントリ(被認証者情報テーブルのエントリ)に記載された被認証者IDとゲート装置10のゲートIDを含む「ゲート通過通知」をサーバ装置20に送信する。即ち、ゲート装置10(生体認証制御ユニット15)は、ゲート14を通過した被認証者の被認証者ID、ゲートIDを含む「ゲート通過通知」をサーバ装置20に送信する。 The gate control unit 303 notifies the server device 20 of the fact that the person to be authenticated has passed through the gate 14 via the biometric authentication control unit 15. Specifically, when the user is detected at the position X4 and the pass permission notification is received from the biometric authentication control unit 15, the gate control unit 303 permits the user to pass through the gate. Notify the biometric authentication control unit 15 to that effect. The passage permission notification unit 205 of the biometric authentication control unit 15 has the authenticated person ID and the gate ID of the gate device 10 described in the entry (entry in the authenticated person information table) on which the passage permission notification is transmitted. A "gate passage notification" including the above is transmitted to the server device 20. That is, the gate device 10 (biometric authentication control unit 15) transmits a "gate passage notification" including the authenticated person ID and the gate ID of the authenticated person who has passed through the gate 14 to the server device 20.
 記憶部304は、ゲート装置10の動作に必要な情報を記憶する手段である。 The storage unit 304 is a means for storing information necessary for the operation of the gate device 10.
 図9は、第1の実施形態に係る生体認証制御ユニット15とゲート装置10の動作の一例を示すシーケンス図である。 FIG. 9 is a sequence diagram showing an example of the operation of the biometric authentication control unit 15 and the gate device 10 according to the first embodiment.
 生体認証制御ユニット15は、ゲート装置10から所定の距離離れた場所における被認証者の検出を試みる(ステップS101)。被認証者が検出されないと(ステップS101、No分岐)、生体認証制御ユニット15はステップS101の処理を繰り返す。 The biometric authentication control unit 15 attempts to detect the authenticated person at a place separated from the gate device 10 by a predetermined distance (step S101). If the person to be authenticated is not detected (step S101, No branch), the biometric authentication control unit 15 repeats the process of step S101.
 被認証者が検出されると(ステップS101、Yes分岐)、生体認証制御ユニット15は、当該被認証者に関する認証要求と追跡を開始する(ステップS102、S103)。生体認証制御ユニット15は、認証要求部203による認証要求の送信と同時に、被認証者の追跡を開始する。 When the person to be authenticated is detected (step S101, Yes branch), the biometric authentication control unit 15 starts authentication request and tracking regarding the person to be authenticated (steps S102, S103). The biometric authentication control unit 15 starts tracking the authenticated person at the same time as the authentication request unit 203 transmits the authentication request.
 生体認証制御ユニット15は、サーバ装置20から認証結果を受信する(ステップS104)。生体認証制御ユニット15は、認証結果を被認証者情報テーブルに反映する。 The biometric authentication control unit 15 receives the authentication result from the server device 20 (step S104). The biometric authentication control unit 15 reflects the authentication result in the authenticated person information table.
 ゲート装置10は、被認証者がゲート装置10の入り口に到達したか否か判定する(ステップS201)。被認証者が入り口に到達していなければ(ステップS201、No分岐)、ゲート装置10はステップS201の処理を繰り返す。 The gate device 10 determines whether or not the authenticated person has reached the entrance of the gate device 10 (step S201). If the person to be authenticated has not reached the entrance (step S201, No branch), the gate device 10 repeats the process of step S201.
 被認証者が入り口に到達していると(ステップS201、Yes分岐)、ゲート装置10は、生体認証制御ユニット15に対して追跡最終判定指示を送信する(ステップS202)。 When the person to be authenticated has reached the entrance (step S201, Yes branch), the gate device 10 transmits a tracking final determination instruction to the biometric authentication control unit 15 (step S202).
 当該指示に応じて、生体認証制御ユニット15は、追跡の最終判定を行う(ステップS105)。生体認証制御ユニット15は、追跡の最終判定の結果を被認証者情報テーブルに反映する。 In response to the instruction, the biometric authentication control unit 15 makes a final determination of tracking (step S105). The biometric authentication control unit 15 reflects the result of the final determination of tracking in the authenticated person information table.
 生体認証制御ユニット15は、最終判定のタイミングにおいて、被認証者の認証に成功し、且つ、当該被認証者の追跡に完了していれば、通行許可通知をゲート装置10に送信する(ステップS106)。 If the biometric authentication control unit 15 succeeds in authenticating the authenticated person at the timing of the final determination and the tracking of the authenticated person is completed, the biometric authentication control unit 15 transmits a passage permission notification to the gate device 10 (step S106). ).
 ゲート装置10は、被認証者がゲート装置10の所定位置に到達したか否か判定する(ステップS203)。被認証者が所定位置に到達していなければ(ステップS203、No分岐)、ゲート装置10はステップS203の処理を繰り返す。 The gate device 10 determines whether or not the authenticated person has reached a predetermined position of the gate device 10 (step S203). If the person to be authenticated has not reached the predetermined position (step S203, No branch), the gate device 10 repeats the process of step S203.
 被認証者が所定位置に到達していると(ステップS203、Yes分岐)、ゲート装置10は、ゲート14の開閉制御を行う(ステップS204)。ゲート装置10は、通行許可通知を受信していれば、被認証者の通過を許可する。換言すれば、ゲート装置10は、被認証者が所定位置(ゲート装置10のゲート14付近;位置X4)に到達したタイミングで通行許可通知を受信していなければ、ゲート14を閉じて利用者の通行を遮断する。 When the person to be authenticated has reached a predetermined position (step S203, Yes branch), the gate device 10 controls the opening / closing of the gate 14 (step S204). If the gate device 10 has received the passage permission notification, the gate device 10 permits the passage of the authenticated person. In other words, the gate device 10 closes the gate 14 and the user's Block traffic.
 このように、ゲート装置10は、被認証者の生体認証の結果が認証成功であり、且つ、当該被認証者の追跡に関する最終判定の結果が成功である場合に、被認証者がゲート14を通過することを許可する。 As described above, in the gate device 10, when the result of the biometric authentication of the person to be authenticated is successful and the result of the final determination regarding the tracking of the person to be authenticated is successful, the person to be authenticated opens the gate 14. Allow to pass.
 なお、ゲート装置10は、被認証者の通行を許可した場合には、当該事実をサーバ装置20に通知する。 If the gate device 10 permits the passage of the authenticated person, the gate device 10 notifies the server device 20 of the fact.
[サーバ装置]
 図10は、第1の実施形態に係るサーバ装置20の処理構成(処理モジュール)の一例を示す図である。図10を参照すると、サーバ装置20は、通信制御部401と、利用者登録部402と、認証部403と、ゲート通過通知処理部404と、記憶部405と、を含む。 [Server device]
FIG. 10 is a diagram showing an example of a processing configuration (processing module) of the server device 20 according to the first embodiment. Referring to FIG. 10, the server device 20 includes a communication control unit 401, a user registration unit 402, an authentication unit 403, a gate passage notification processing unit 404, and a storage unit 405.
 通信制御部401は、他の装置との間の通信を制御する手段である。例えば、通信制御部401は、生体認証制御ユニット15からデータ(パケット)を受信する。また、通信制御部401は、生体認証制御ユニット15に向けてデータを送信する。通信制御部401は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部401は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部401を介して他の装置とデータの送受信を行う。 The communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packet) from the biometric authentication control unit 15. Further, the communication control unit 401 transmits data to the biometric authentication control unit 15. The communication control unit 401 passes the data received from the other device to the other processing module. The communication control unit 401 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 401.
 利用者登録部402は、ゲート装置10を通過できる利用者をシステム登録する手段である。利用者登録部402は、任意の手段を用いてゲート装置10を通過できる利用者の生体情報(例えば、顔画像)を取得する。 The user registration unit 402 is a means for system registration of users who can pass through the gate device 10. The user registration unit 402 acquires biometric information (for example, a face image) of a user who can pass through the gate device 10 by any means.
 例えば、システム利用者は、鉄道会社のWEB(ウェブ)ページや駅に設置されたキオスク端末を用いて生体情報や個人情報(氏名、住所等)をサーバ装置20に入力する。 For example, the system user inputs biometric information and personal information (name, address, etc.) into the server device 20 using the WEB (web) page of the railway company or the kiosk terminal installed at the station.
 利用者登録部402は、顔画像を取得した場合には、当該顔画像から特徴量を計算する。利用者登録部402は、システム利用者(生体情報の登録者)を識別する利用者IDと共に、利用者の生体情報(例えば、顔画像から計算された特徴量)を「利用者情報データベース」に登録する(図11参照)。 When the user registration unit 402 acquires a face image, the user registration unit 402 calculates the feature amount from the face image. The user registration unit 402 puts the user's biometric information (for example, the feature amount calculated from the face image) into the "user information database" together with the user ID that identifies the system user (registrant of biometric information). Register (see Figure 11).
 利用者登録部402は、必要に応じて、利用者の認証処理に必要な情報(業務情報)を利用者情報データベースに登録する。例えば、サーバ装置20が駅に設置された改札機(ゲート装置10)からの認証要求を処理する場合には、利用者登録部402は、チャージ金額等の情報と生体情報を対応付けて利用者情報データベースに記憶する。 The user registration unit 402 registers the information (business information) necessary for the user authentication process in the user information database as necessary. For example, when the server device 20 processes an authentication request from a ticket gate (gate device 10) installed at a station, the user registration unit 402 associates information such as a charge amount with biometric information and uses the user. Store in the information database.
 図11に示す利用者情報データベースは例示であって、他の項目が生体情報(特徴量)と対応付けて記憶されていてもよい。例えば、利用者の氏名や顔画像が利用者情報データベースに登録されていてもよい。 The user information database shown in FIG. 11 is an example, and other items may be stored in association with biometric information (feature amount). For example, the user's name and face image may be registered in the user information database.
 認証部403は、生体認証制御ユニット15(ゲート装置10)から受信した認証要求を処理する手段である。認証部403は、認証要求を受信すると、当該認証要求からゲートID、被認証者IDを抽出する。認証部403は、認証状況データベースに新たなエントリを追加し、上記抽出されたゲートID、被認証者IDを記憶する(図12参照)。また、認証部403は、追記したエントリの処理ステータスに「処理中」を設定する。図12では、理解の容易のため、ゲートIDにはゲート装置10の符号を用いている。 The authentication unit 403 is a means for processing the authentication request received from the biometric authentication control unit 15 (gate device 10). Upon receiving the authentication request, the authentication unit 403 extracts the gate ID and the authenticated person ID from the authentication request. The authentication unit 403 adds a new entry to the authentication status database and stores the extracted gate ID and authenticated person ID (see FIG. 12). In addition, the authentication unit 403 sets the processing status of the added entry to "processing". In FIG. 12, for ease of understanding, the code of the gate device 10 is used for the gate ID.
 認証状況データベースに情報登録を行うと、認証部403は、認証要求に含まれる生体情報(特徴量)を照合対象に設定し、利用者情報データベースに登録された生体情報との間で照合処理を行う。 When the information is registered in the authentication status database, the authentication unit 403 sets the biometric information (feature amount) included in the authentication request as the collation target, and performs collation processing with the biometric information registered in the user information database. conduct.
 より具体的には、認証部403は、認証要求から取り出した特徴量を照合対象に設定し、利用者情報データベースに登録されている複数の特徴量との間で1対N(Nは正の整数、以下同じ)照合を実行する。 More specifically, the authentication unit 403 sets the feature amount extracted from the authentication request as a collation target, and sets 1 to N (N is positive) with a plurality of feature amounts registered in the user information database. Integer, the same applies below) Perform matching.
 認証部403は、照合対象の特徴量(特徴ベクトル)と登録側の複数の特徴量それぞれとの間の類似度を計算する。当該類似度には、カイ二乗距離やユークリッド距離等を用いることができる。なお、距離が離れているほど類似度は低く、距離が近いほど類似度が高い。 The authentication unit 403 calculates the degree of similarity between the feature amount (feature vector) to be collated and each of the plurality of feature amounts on the registration side. For the similarity, a chi-square distance, an Euclidean distance, or the like can be used. The farther the distance is, the lower the similarity is, and the closer the distance is, the higher the similarity is.
 類似度が所定の値以上の特徴量が利用者情報データベースに登録されていなければ、認証部403は、認証結果に「認証失敗」を設定する。 If the feature amount whose similarity is equal to or higher than the predetermined value is not registered in the user information database, the authentication unit 403 sets "authentication failure" in the authentication result.
 類似度が所定の値以上の特徴量が利用者情報データベースに登録されていれば、認証部403は、照合処理により特定された利用者に関してゲート装置10を通過する資格を有するか否か判定する。 If a feature amount having a similarity equal to or higher than a predetermined value is registered in the user information database, the authentication unit 403 determines whether or not the user identified by the collation process is eligible to pass through the gate device 10. ..
 例えば、駅に入場するためのゲート装置10から受信した認証要求を処理する場合には、認証部403は、特定された利用者のチャージ金額が初乗り運賃以上の残高か否かを判定する。チャージ金額の残高が初乗り運賃以下であれば、認証部403は、特定された利用者はゲート装置10を通過する資格はないと判定する。チャージ金額の残高が初乗り運賃より多ければ、認証部403は、特定された利用者はゲート装置10を通過する資格があると判定する。 For example, when processing an authentication request received from the gate device 10 for entering a station, the authentication unit 403 determines whether or not the charge amount of the specified user is a balance equal to or greater than the initial fare. If the balance of the charge amount is equal to or less than the initial fare, the authentication unit 403 determines that the specified user is not eligible to pass through the gate device 10. If the balance of the charge amount is larger than the initial fare, the authentication unit 403 determines that the specified user is eligible to pass through the gate device 10.
 例えば、駅から退場するためのゲート装置10から受信した認証要求を処理する場合には、認証部403は、特定された利用者に乗車駅が設定されているか否かを判定する。乗車駅が設定されていなければ、認証部403は、特定された利用者はゲート装置10を通過する資格はないと判定する。乗車駅が設定されていると、認証部403は、利用者の経路(乗車駅と降車駅の間の経路)に応じた運賃を計算する。計算された運賃がチャージ金額を超えていれば、認証部403は、利用者はゲート装置10を通過する資格はないと判定する。計算された運賃がチャージ金額以下であれば、認証部403は、特定された利用者はゲート装置10を通過する資格があると判定する。 For example, when processing the authentication request received from the gate device 10 for exiting from the station, the authentication unit 403 determines whether or not the boarding station is set for the specified user. If the boarding station is not set, the authentication unit 403 determines that the identified user is not eligible to pass through the gate device 10. When the boarding station is set, the authentication unit 403 calculates the fare according to the user's route (the route between the boarding station and the getting-off station). If the calculated fare exceeds the charge amount, the authentication unit 403 determines that the user is not eligible to pass through the gate device 10. If the calculated fare is less than or equal to the charge amount, the authentication unit 403 determines that the identified user is eligible to pass through the gate device 10.
 特定された利用者がゲート装置10を通過する資格を有さない場合には、認証部403は、認証結果に「認証失敗」を設定する。 If the specified user is not qualified to pass through the gate device 10, the authentication unit 403 sets "authentication failure" in the authentication result.
 特定された利用者がゲート装置10を通過する資格を有する場合には、認証部403は、認証結果に「認証成功」を設定する。 If the specified user is qualified to pass through the gate device 10, the authentication unit 403 sets "authentication successful" in the authentication result.
 認証部403は、認証結果(認証成功、認証失敗)を生体認証制御ユニット15(ゲート装置10)に送信する。認証成功の場合には、認証部403は、認証成功を示す肯定応答を生体認証制御ユニット15に送信する。その際、認証部403は、認証処理の対象となった利用者の被認証者IDを含む肯定応答を生体認証制御ユニット15に送信する。 The authentication unit 403 transmits the authentication result (authentication success, authentication failure) to the biometric authentication control unit 15 (gate device 10). If the authentication is successful, the authentication unit 403 sends an acknowledgment indicating the authentication success to the biometric authentication control unit 15. At that time, the authentication unit 403 transmits an acknowledgment including the authenticated person ID of the user who is the target of the authentication process to the biometric authentication control unit 15.
 認証失敗の場合には、認証部403は、認証失敗を示す否定応答を生体認証制御ユニット15に送信する。否定応答を送信する場合には、認証部403は、認証に失敗した原因を併せて生体認証制御ユニット15に通知してもよい。例えば、認証部403は、生体情報がシステムに登録されていない、チャージ金額が不足している、乗車駅が設定されていない等の認証失敗に関する要因を生体認証制御ユニット15に送信してもよい。また、認証失敗時にも、認証部403は、認証処理の対象となった利用者の被認証者IDを含む否定応答を生体認証制御ユニット15に送信する。 In the case of authentication failure, the authentication unit 403 sends a negative response indicating the authentication failure to the biometric authentication control unit 15. When transmitting a negative response, the authentication unit 403 may notify the biometric authentication control unit 15 together with the cause of the authentication failure. For example, the authentication unit 403 may transmit to the biometric authentication control unit 15 factors related to the authentication failure such as the biometric information is not registered in the system, the charge amount is insufficient, and the boarding station is not set. .. Further, even when the authentication fails, the authentication unit 403 transmits a negative response including the authenticated person ID of the user who is the target of the authentication process to the biometric authentication control unit 15.
 認証要求に対する応答をゲート装置10に送信すると、認証部403は、対応する認証状況データベースのエントリに「応答済」を設定する。また、認証成功をゲート装置10に通知した場合には、認証部403は、対応するエントリの利用者IDに認証成功者(認証成功と判定された利用者)の利用者IDを設定する。 When the response to the authentication request is transmitted to the gate device 10, the authentication unit 403 sets "Responded" in the entry of the corresponding authentication status database. When notifying the gate device 10 of the successful authentication, the authentication unit 403 sets the user ID of the successful authentication person (user determined to be successful authentication) in the user ID of the corresponding entry.
 ゲート通過通知処理部404は、ゲート装置10(生体認証制御ユニット15)から受信するゲート通過通知を処理する手段である。ゲート通過通知処理部404は、受信した通知からゲートID及び被認証者IDを抽出する。ゲート通過通知処理部404は、ゲートID及び被認証者IDをキーとして認証状況データベースを検索し、対応するエントリを特定する。 The gate passage notification processing unit 404 is a means for processing the gate passage notification received from the gate device 10 (biometric authentication control unit 15). The gate passage notification processing unit 404 extracts the gate ID and the authenticated person ID from the received notification. The gate passage notification processing unit 404 searches the authentication status database using the gate ID and the authenticated person ID as keys, and identifies the corresponding entry.
 ゲート通過通知処理部404は、当該特定したエントリの利用者IDフィールドから利用者IDを読み出す。ゲート通過通知処理部404は、当該読み出した利用者IDをキーとして利用者情報データベースを検索し、対応するエントリを特定する。 The gate passage notification processing unit 404 reads the user ID from the user ID field of the specified entry. The gate passage notification processing unit 404 searches the user information database using the read user ID as a key, and identifies the corresponding entry.
 ゲート通過通知処理部404は、特定したエントリに対して利用者のゲート通過に伴う処理を実行する。 The gate passage notification processing unit 404 executes processing associated with the user's gate passage for the specified entry.
 例えば、駅に入場するためのゲート装置10から受信したゲート通過通知を処理する場合には、ゲート通過通知処理部404は、特定したエントリの乗車駅にゲート装置10が設置された駅を設定する。 For example, when processing the gate passage notification received from the gate device 10 for entering a station, the gate passage notification processing unit 404 sets a station where the gate device 10 is installed at the boarding station of the specified entry. ..
 例えば、駅から退場するためのゲート装置10から受信したゲート通過通知を処理する場合には、ゲート通過通知処理部404は、利用者の運賃を計算し、チャージ金額から当該運賃を減額する。また、ゲート通過通知処理部404は、乗車駅フィールドの設定値をクリアする。 For example, when processing the gate passage notification received from the gate device 10 for exiting from the station, the gate passage notification processing unit 404 calculates the fare of the user and deducts the fare from the charge amount. Further, the gate passage notification processing unit 404 clears the set value of the boarding station field.
 記憶部405は、サーバ装置20の動作に必要な各種情報を記憶する。記憶部405には、利用者情報データベース、認証状況データベースが構築される。 The storage unit 405 stores various information necessary for the operation of the server device 20. A user information database and an authentication status database are constructed in the storage unit 405.
 図13は、第1の実施形態に係るサーバ装置20の動作の一例を示すフローチャートである。 FIG. 13 is a flowchart showing an example of the operation of the server device 20 according to the first embodiment.
 サーバ装置20は、生体認証制御ユニット15から認証要求を受信する(ステップS301)。 The server device 20 receives an authentication request from the biometric authentication control unit 15 (step S301).
 サーバ装置20は、認証要求に含まれる生体情報と利用者情報データベースに登録された生体情報を用いた照合処理を実行する(ステップS302)。 The server device 20 executes a collation process using the biometric information included in the authentication request and the biometric information registered in the user information database (step S302).
 サーバ装置20は、生体情報間の類似度が所定の値以上のエントリが存在するか否か判定する(ステップS303)。 The server device 20 determines whether or not there is an entry having a similarity between biometric information of a predetermined value or more (step S303).
 そのようなエントリが存在しなければ(ステップS303、No分岐)、サーバ装置20は、認証結果を認証失敗に設定する(ステップS304)。 If such an entry does not exist (step S303, No branch), the server device 20 sets the authentication result to authentication failure (step S304).
 そのようなエントリが存在すれば(ステップS303、Yes分岐)、サーバ装置20は、被認証者がゲート装置10を通過する資格を有するか否か判定する(ステップS305)。 If such an entry exists (step S303, Yes branch), the server device 20 determines whether or not the person to be authenticated is eligible to pass through the gate device 10 (step S305).
 被認証者がゲート装置10を通過する資格を備えていなければ(ステップS305、No分岐)、サーバ装置20は、認証結果を認証失敗に設定する(ステップS304)。 If the person to be authenticated is not qualified to pass through the gate device 10 (step S305, No branch), the server device 20 sets the authentication result to authentication failure (step S304).
 被認証者がゲート装置10を通過する資格を備えていれば(ステップS305、Yes分岐)、サーバ装置20は、認証結果を認証成功に設定する(ステップS306)。 If the person to be authenticated is qualified to pass through the gate device 10 (step S305, Yes branch), the server device 20 sets the authentication result to authentication success (step S306).
 サーバ装置20は、認証結果(認証成功、認証失敗)を生体認証制御ユニット15に送信する(ステップS307)。 The server device 20 transmits the authentication result (authentication success, authentication failure) to the biometric authentication control unit 15 (step S307).
 なお、ゲート通過通知を受信した際のサーバ装置20の動作に関する説明は省略する。 The description of the operation of the server device 20 when the gate passage notification is received is omitted.
 続いて、図面を参照しつつ、第1の実施形態に係る認証システムの動作を説明する。図14は、第1の実施形態に係る認証システムの動作の一例を示すシーケンス図である。なお、図14の動作に先立ち、システム利用者の登録は予め行われているものとする。また、図14では、生体認証制御ユニット15はゲート装置10に一体化されたものと捉え、システムの動作を説明する。 Subsequently, the operation of the authentication system according to the first embodiment will be described with reference to the drawings. FIG. 14 is a sequence diagram showing an example of the operation of the authentication system according to the first embodiment. Prior to the operation shown in FIG. 14, it is assumed that the system user has been registered in advance. Further, in FIG. 14, the biometric authentication control unit 15 is regarded as integrated with the gate device 10, and the operation of the system will be described.
 ゲート装置10は、自装置から所定の距離離れた場所の被認証者を検出する(ステップS01)。 The gate device 10 detects a person to be authenticated at a place separated from the own device by a predetermined distance (step S01).
 ゲート装置10は、被認証者の生体情報を取得し、当該生体情報を含む認証要求をサーバ装置20に送信する(ステップS02)。 The gate device 10 acquires the biometric information of the person to be authenticated and transmits an authentication request including the biometric information to the server device 20 (step S02).
 また、認証要求の送信と実質的に同じタイミングにおいて、ゲート装置10は、被認証者の追跡を開始する(ステップS03)。 Further, at substantially the same timing as the transmission of the authentication request, the gate device 10 starts tracking the authenticated person (step S03).
 サーバ装置20は、認証処理を実行し、その結果をゲート装置10に送信する(ステップS11、S12)。 The server device 20 executes the authentication process and transmits the result to the gate device 10 (steps S11 and S12).
 ゲート装置10は、認証結果を受信し、認証結果を被認証者情報テーブルに反映する(認証結果の反映;ステップS04)。 The gate device 10 receives the authentication result and reflects the authentication result in the authenticated person information table (reflection of the authentication result; step S04).
 被認証者がゲート装置10の入り口に到達すると、ゲート装置10は、被認証者に関する追跡の最終判定を行う(ステップS05)。ゲート装置10は、最終判定の結果を被認証者情報テーブルに反映する。 When the authenticated person reaches the entrance of the gate device 10, the gate device 10 makes a final determination of tracking regarding the authenticated person (step S05). The gate device 10 reflects the result of the final determination in the authenticated person information table.
 被認証者がゲート装置10の所定位置に到達すると、ゲート装置10は、ゲート制御を行う(ステップS06)。具体的には、ゲート装置10は、認証成功及び追跡完了と設定されている被認証者の通過を許可する。 When the authenticated person reaches a predetermined position of the gate device 10, the gate device 10 performs gate control (step S06). Specifically, the gate device 10 permits the passage of the person to be authenticated, which is set as successful authentication and complete tracking.
 被認証者の通過を許可すると、ゲート装置10は、サーバ装置20に対してゲート通過通知を送信する(ステップS07)。 When the passage of the authenticated person is permitted, the gate device 10 transmits a gate passage notification to the server device 20 (step S07).
 ゲート通過通知を受信すると、サーバ装置20は、ゲート通過者(認証成功者;認証成功と判定された被認証者)の情報更新を行う(ステップS13)。具体的には、サーバ装置20は、ゲート通過者に対応する利用者情報データベースのエントリを更新する。 Upon receiving the gate passage notification, the server device 20 updates the information of the gate passer (authentication successful person; authenticated person determined to have succeeded in authentication) (step S13). Specifically, the server device 20 updates the entry in the user information database corresponding to the gate passer.
 続いて、図面を参照しつつ、利用者(被認証者、認証対象ではない利用者)による様々な移動を想定したゲート装置10の具体的な動作を説明する。 Subsequently, with reference to the drawings, the specific operation of the gate device 10 assuming various movements by the user (certified person, user who is not the authentication target) will be described.
 図15の上段に示すように、利用者30が被認証者に設定され、利用者31は認証対象ではない利用者とする。なお、図15を含む図面において被認証者を灰色、認証対象ではない利用者を白色でそれぞれ図示する。利用者31は、位置X1にて被認証者として検出されていないので、被認証者ではない。そのため、利用者31に関するエントリは被認証者情報テーブルには存在しない。 As shown in the upper part of FIG. 15, the user 30 is set as the authenticated person, and the user 31 is a user who is not the authentication target. In the drawings including FIG. 15, the person to be authenticated is shown in gray, and the user who is not the target of authentication is shown in white. The user 31 is not the authenticated person because it is not detected as the authenticated person at the position X1. Therefore, the entry regarding the user 31 does not exist in the authenticated person information table.
 利用者30は、ゲート装置10に向かって歩く。利用者31は、利用者30の横からゲート装置10の内部に進入するように移動する。この場合、時間の経過とともに、両者の位置関係は図15の下段に示すようになる。 User 30 walks toward the gate device 10. The user 31 moves so as to enter the inside of the gate device 10 from the side of the user 30. In this case, with the passage of time, the positional relationship between the two becomes as shown in the lower part of FIG.
 利用者31のエントリは被認証者情報テーブルに登録されていないので、利用者31が位置X4に到達するとゲート14は閉じる。また、ゲート14が閉じてから所定期間経過しても、利用者31の認証結果が被認証者情報テーブルに登録されることはないので、ゲート14が開くこともない。 Since the entry of the user 31 is not registered in the authenticated person information table, the gate 14 closes when the user 31 reaches the position X4. Further, even if a predetermined period has elapsed since the gate 14 was closed, the authentication result of the user 31 is not registered in the authenticated person information table, so that the gate 14 does not open.
 あるいは、被認証者が前を歩く他の被認証者を追い抜くことも考えられる。例えば、図16の上段に示すように、利用者32及び利用者33がゲート装置10に向かって歩く場合を考える。この場合、利用者32、利用者33は共に、位置X1にて生体情報が取得され、追跡が開始されているので、被認証者(灰色の人物)に設定される。 Alternatively, it is conceivable that the person to be authenticated overtakes another person to be authenticated walking in front of him. For example, consider the case where the user 32 and the user 33 walk toward the gate device 10, as shown in the upper part of FIG. In this case, both the user 32 and the user 33 are set as the authenticated person (gray person) because the biometric information is acquired at the position X1 and the tracking is started.
 後ろを歩く利用者33は、図16の上段に示す一点鎖線のように移動し、前の利用者32を追い抜く。この場合、時間の経過とともに、両者の位置関係は図16の下段に示すようになる。 The user 33 walking behind moves like the alternate long and short dash line shown in the upper part of FIG. 16 and overtakes the previous user 32. In this case, with the passage of time, the positional relationship between the two becomes as shown in the lower part of FIG.
 利用者32、利用者33のエントリは被認証者情報テーブルに登録されており、利用者33の認証処理(サーバ装置20における認証処理)が成功している場合には、利用者33が位置X4に到達してもゲート14は開状態を維持する。また、利用者33に続き利用者32が位置X4に到達してもゲート14が閉じることはない。 The entries of the user 32 and the user 33 are registered in the authenticated person information table, and when the authentication process of the user 33 (authentication process in the server device 20) is successful, the user 33 is located at the position X4. The gate 14 remains open even when it reaches. Further, even if the user 32 reaches the position X4 following the user 33, the gate 14 does not close.
 このように、位置X1にて生体情報が取得され、被認証者として設定された利用者は、設定された順番でゲート装置10に到達(進入)しなくとも、正常に処理される。即ち、被認証者の歩行速度の相違等により、被認証者として登録された順番通りに利用者がゲート装置10に到達しなくとも利用者はゲート装置10を通過できる。このように、第1の実施形態に係る認証システムは、イレギュラーな状況も許容するのでシステムのスループットが向上する。 In this way, the biometric information is acquired at the position X1, and the user set as the authenticated person is normally processed without reaching (entering) the gate device 10 in the set order. That is, the user can pass through the gate device 10 even if the user does not reach the gate device 10 in the order registered as the person to be authenticated due to the difference in walking speed of the person to be authenticated. As described above, the authentication system according to the first embodiment allows irregular situations, so that the system throughput is improved.
 以上のように、第1の実施形態に係る認証システムは、ゲート装置10から所定の位置離れた場所にて被認証者の検出を行う。ゲート装置10は、被認証者を検出すると、当該被認証者に関する認証と追跡を実質的に同じタイミングで開始する。サーバ装置20は、ゲート装置10から離れた場所から認証処理を開始できるので、生体認証の実行時間を確保できる。また、ゲート装置10は、上記離れた場所から顔追跡(後続のフレームにおいて、平行移動、回転、スケールにより前のフレームの顔画像と同一の顔画像が得られれば同一人物の追跡成功と判定する追跡)を開始する。また、ゲート装置10(生体認証制御ユニット15)は、被認証者が自装置の内部に進入したタイミングで顔追跡の最終判定を行う。ここで、顔追跡では、処理負荷の高い特徴量の生成(抽出)は行われないので、短時間で顔追跡の最終判定結果が得られる。即ち、被認証者がゲート装置10に進入した直後に顔追跡の判定結果が得られ、通常、当該タイミングではサーバ装置20による生体認証は完了している。その結果、ゲート装置10の入り口とゲート14の間の距離が短くても、ゲート装置10は、正しい資格を持った被認証者の通過を許可できる。即ち、ゲート装置10は、被認証者の移動経路(移動の軌跡)によらずゲート装置10に被認証者が進入していれば、当該被認証者(進入者)のゲート通過可否を判定し、ゲート14を制御する。 As described above, the authentication system according to the first embodiment detects the authenticated person at a place away from the gate device 10 by a predetermined position. When the gate device 10 detects the subject to be authenticated, the gate device 10 starts authentication and tracking regarding the subject to be authenticated at substantially the same timing. Since the server device 20 can start the authentication process from a place away from the gate device 10, the execution time of biometric authentication can be secured. Further, the gate device 10 determines that the tracking of the same person is successful if the same face image as the face image of the previous frame is obtained by translation, rotation, and scale in the subsequent frame from the above-mentioned distant place. Tracking) is started. Further, the gate device 10 (biometric authentication control unit 15) makes a final determination of face tracking at the timing when the person to be authenticated enters the inside of the own device. Here, in face tracking, since the feature amount having a high processing load is not generated (extracted), the final determination result of face tracking can be obtained in a short time. That is, the face tracking determination result is obtained immediately after the person to be authenticated enters the gate device 10, and the biometric authentication by the server device 20 is usually completed at that timing. As a result, even if the distance between the entrance of the gate device 10 and the gate 14 is short, the gate device 10 can allow the passage of a properly qualified person to be authenticated. That is, if the person to be authenticated has entered the gate device 10 regardless of the movement route (trajectory of movement) of the person to be authenticated, the gate device 10 determines whether or not the person to be authenticated (entrant) can pass through the gate. , Control the gate 14.
 続いて、認証システムを構成する各装置のハードウェアについて説明する。図17は、生体認証制御ユニット15のハードウェア構成の一例を示す図である。 Next, the hardware of each device that constitutes the authentication system will be described. FIG. 17 is a diagram showing an example of the hardware configuration of the biometric authentication control unit 15.
 生体認証制御ユニット15は、プロセッサ311、メモリ312及び通信インターフェイス313等を備える。上記プロセッサ311等の構成要素は内部バス等により接続され、相互に通信可能に構成されている。 The biometric authentication control unit 15 includes a processor 311, a memory 312, a communication interface 313, and the like. The components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
 但し、図17に示す構成は、生体認証制御ユニット15のハードウェア構成を限定する趣旨ではない。生体認証制御ユニット15は、図示しないハードウェアを含んでもよい。また、生体認証制御ユニット15に含まれるプロセッサ311等の数も図17の例示に限定する趣旨ではなく、例えば、複数のプロセッサ311が生体認証制御ユニット15に含まれていてもよい。 However, the configuration shown in FIG. 17 does not mean to limit the hardware configuration of the biometric authentication control unit 15. The biometric authentication control unit 15 may include hardware (not shown). Further, the number of processors 311 and the like included in the biometric authentication control unit 15 is not limited to the example of FIG. 17, and for example, a plurality of processors 311 may be included in the biometric authentication control unit 15.
 プロセッサ311は、例えば、CPU(Central Processing Unit)、MPU(Micro Processing Unit)、DSP(Digital Signal Processor)等のプログラマブルなデバイスである。あるいは、プロセッサ311は、FPGA(Field Programmable Gate Array)、ASIC(Application Specific Integrated Circuit)等のデバイスであってもよい。プロセッサ311は、オペレーティングシステム(OS;Operating System)を含む各種プログラムを実行する。 The processor 311 is a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), and a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
 メモリ312は、RAM(Random Access Memory)、ROM(Read Only Memory)、HDD(Hard Disk Drive)、SSD(Solid State Drive)等である。メモリ312は、OSプログラム、アプリケーションプログラム、各種データを格納する。 The memory 312 is a RAM (RandomAccessMemory), a ROM (ReadOnlyMemory), an HDD (HardDiskDrive), an SSD (SolidStateDrive), or the like. The memory 312 stores an OS program, an application program, and various data.
 通信インターフェイス313は、他の装置と通信を行う回路、モジュール等である。例えば、通信インターフェイス313は、NIC(Network Interface Card)等を備える。 The communication interface 313 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 313 includes a NIC (Network Interface Card) and the like.
 生体認証制御ユニット15の機能は、各種処理モジュールにより実現される。当該処理モジュールは、例えば、メモリ312に格納されたプログラムをプロセッサ311が実行することで実現される。また、当該プログラムは、コンピュータが読み取り可能な記憶媒体に記録することができる。記憶媒体は、半導体メモリ、ハードディスク、磁気記録媒体、光記録媒体等の非トランジェント(non-transitory)なものとすることができる。即ち、本発明は、コンピュータプログラム製品として具現することも可能である。また、上記プログラムは、ネットワークを介してダウンロードするか、あるいは、プログラムを記憶した記憶媒体を用いて、更新することができる。さらに、上記処理モジュールは、半導体チップにより実現されてもよい。 The function of the biometric authentication control unit 15 is realized by various processing modules. The processing module is realized, for example, by the processor 311 executing a program stored in the memory 312. The program can also be recorded on a computer-readable storage medium. The storage medium may be a non-transitory such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. That is, the present invention can also be embodied as a computer program product. Further, the above program can be downloaded via a network or updated by using a storage medium in which the program is stored. Further, the processing module may be realized by a semiconductor chip.
 生体認証制御ユニット15は、コンピュータを搭載し、当該コンピュータにプログラムを実行させることで生体認証制御ユニット15の機能が実現できる。また、生体認証制御ユニット15は、当該プログラムにより生体認証制御ユニットの制御方法を実行する。 The biometric authentication control unit 15 is equipped with a computer, and the function of the biometric authentication control unit 15 can be realized by causing the computer to execute a program. Further, the biometric authentication control unit 15 executes the control method of the biometric authentication control unit by the program.
 ゲート装置10は、上述のように、カメラ11、検出センサ12、13及びゲート14を備える(図18参照)。なお、ゲート装置10は、生体認証制御ユニット15と同様に、プロセッサ、メモリ、通信インターフェイス等のハードウェアを備えるが、これらの構成に関する図示と説明は省略する。 As described above, the gate device 10 includes a camera 11, detection sensors 12, 13 and a gate 14 (see FIG. 18). Similar to the biometric authentication control unit 15, the gate device 10 includes hardware such as a processor, a memory, and a communication interface, but illustration and description of these configurations will be omitted.
 カメラ11は、可視光画像を取得可能なカメラ装置である。図3では、ゲート装置10は、1つのカメラ11を備える場合について説明したが、カメラ11の数や設置を限定する趣旨ではない。例えば、用途別に複数のカメラ11がゲート装置10に設置されていてもよい。例えば、被認証者を検出するためのカメラ11、追跡のためのカメラ11、追跡の最終判定のためのカメラ11がゲート装置10に設置されていてもよい。 The camera 11 is a camera device capable of acquiring a visible light image. In FIG. 3, the case where the gate device 10 includes one camera 11 has been described, but the purpose is not to limit the number or installation of the cameras 11. For example, a plurality of cameras 11 may be installed in the gate device 10 for different purposes. For example, a camera 11 for detecting the person to be authenticated, a camera 11 for tracking, and a camera 11 for final determination of tracking may be installed in the gate device 10.
 あるいは、被認証者を検出するためのカメラ11に代えて、他の手段により被認証者が検出されてもよい。例えば、人感センサ等を用いてゲート装置10から所定の距離離れた場所の人物が検出されてもよい。あるいは、人感センサにより人物が検出されたことを契機としてカメラ11が画像データを取得し、被認証者の検出が行われてもよい。 Alternatively, instead of the camera 11 for detecting the authenticated person, the authenticated person may be detected by other means. For example, a person at a predetermined distance from the gate device 10 may be detected by using a motion sensor or the like. Alternatively, the camera 11 may acquire the image data when the person is detected by the motion sensor, and the person to be authenticated may be detected.
 検出センサ12及び13は、人を検出するセンサである。検出センサ12及び13には、例えば、光の送信デバイスと受信デバイスにより構成されたセンサ(所謂、光を用いた通過センサ)を利用できる。例えば、光の送信デバイスと受信デバイスのそれぞれが対向するように設置される(本体の内壁に2つのデバイスが設置される)。送信デバイスは、光を常時送信し、受信デバイスは、当該送信された光を受信する。生体認証制御ユニット15は、受信デバイスが光を受信できなかった場合に、人が検出されたと判定する。なお、図3では、検出センサ12及び13を構成する2つのデバイスのうち一方のデバイスを図示している。 The detection sensors 12 and 13 are sensors that detect a person. As the detection sensors 12 and 13, for example, a sensor composed of a light transmitting device and a light receiving device (so-called light passing sensor) can be used. For example, the light transmitting device and the light receiving device are installed so as to face each other (two devices are installed on the inner wall of the main body). The transmitting device constantly transmits light, and the receiving device receives the transmitted light. The biometric authentication control unit 15 determines that a person has been detected when the receiving device cannot receive the light. Note that FIG. 3 illustrates one of the two devices constituting the detection sensors 12 and 13.
 なお、上記説明では、ゲート装置10は、2つの検出センサ12及び13を備える構成を説明したが、これらのセンサが統合されていてもよい。具体的には、ゲート装置10は、当該統合された検出センサ(例えば、入り口に設置された検出センサ12)を用いて、被認証者の最終追跡判定とゲート制御を行ってもよい。この場合、ゲート装置10は、最終追跡判定結果が得られてからゲート14の制御を行えばよい。 Although the above description describes the configuration in which the gate device 10 includes two detection sensors 12 and 13, these sensors may be integrated. Specifically, the gate device 10 may perform final tracking determination and gate control of the person to be authenticated by using the integrated detection sensor (for example, the detection sensor 12 installed at the entrance). In this case, the gate device 10 may control the gate 14 after the final tracking determination result is obtained.
 ゲート14は、利用者の通行を制御するデバイスである。ゲート14の方式は、特に限定されるものではなく、例えば、通路の片側又は両側から設けられたフラッパーが開閉するフラッパーゲート、3本バーが回転するターンスタイルゲート等である。 The gate 14 is a device that controls the passage of users. The method of the gate 14 is not particularly limited, and is, for example, a flapper gate that opens and closes a flapper provided from one side or both sides of the passage, a turnstile gate in which three bars rotate, and the like.
 生体認証制御ユニット15の機能は、ゲート装置10の全体を制御するCPU等により実現されてもよい。逆に、ゲート装置10の機能は、生体認証制御ユニット15が備えるプロセッサ311により実現されてもよい。 The function of the biometric authentication control unit 15 may be realized by a CPU or the like that controls the entire gate device 10. Conversely, the function of the gate device 10 may be realized by the processor 311 included in the biometric authentication control unit 15.
 なお、サーバ装置20は、情報処理装置により構成可能である。サーバ装置20は、生体認証制御ユニット15と同様に、プロセッサ、メモリ、通信インターフェイス等を備えていればよく、当業者にとってその構成は明らかであるので詳細な説明を省略する。 The server device 20 can be configured by an information processing device. Similar to the biometric authentication control unit 15, the server device 20 may be provided with a processor, a memory, a communication interface, and the like, and since the configuration is clear to those skilled in the art, detailed description thereof will be omitted.
[変形例]
 なお、上記実施形態にて説明した認証システムの構成、動作等は例示であって、システムの構成等を限定する趣旨ではない。 [Modification example]
The configuration, operation, and the like of the authentication system described in the above embodiment are examples, and are not intended to limit the system configuration and the like.
 上記実施形態では、ゲート装置10は駅に設置された改札機として説明を行った。しかし、ゲート装置10を改札機に限定する趣旨ではないことは勿論である。ゲート装置10は、空港、イベント会場、オフィス等に設置され利用者の通行を制御する装置であればよい。 In the above embodiment, the gate device 10 has been described as a ticket gate installed at a station. However, it goes without saying that the purpose is not to limit the gate device 10 to the ticket gate. The gate device 10 may be any device installed at an airport, an event venue, an office, or the like to control the passage of users.
 上記実施形態では、サーバ装置20が利用者情報データベースを有する場合について説明した。しかし、当該データベースは、サーバ装置20とは異なるデータベースサーバに構築されていてもよい。また、認証システムには、上記実施形態にて説明した各種手段(認証要求部203、被認証者追跡部204等)が含まれていればよい。例えば、サーバ装置20にて実行される認証処理はゲート装置10(生体認証制御ユニット15)にて実行されてもよい。サーバ装置20の一部又は全部の機能はゲート装置10にて実現されてもよい。 In the above embodiment, the case where the server device 20 has a user information database has been described. However, the database may be built on a database server different from the server device 20. Further, the authentication system may include various means (authentication requesting unit 203, authenticated person tracking unit 204, etc.) described in the above embodiment. For example, the authentication process executed by the server device 20 may be executed by the gate device 10 (biometric authentication control unit 15). Some or all of the functions of the server device 20 may be realized by the gate device 10.
 上記実施形態では、生体認証制御ユニット15からサーバ装置20に顔画像から生成された特徴量に係る生体情報が送信される場合について説明した。しかし、生体認証制御ユニット15からサーバ装置20に「顔画像」そのものが生体情報として送信されてもよい。サーバ装置20は、取得した顔画像から特徴量を生成し、認証処理(1対N照合)を実行してもよい。 In the above embodiment, the case where the biometric information related to the feature amount generated from the face image is transmitted from the biometric authentication control unit 15 to the server device 20 has been described. However, the "face image" itself may be transmitted from the biometric authentication control unit 15 to the server device 20 as biometric information. The server device 20 may generate a feature amount from the acquired face image and execute an authentication process (1 to N collation).
 上記実施形態では、カメラ11は単眼のカメラであることを前提としているが、カメラ11は、奥行方向を測定できるデプスカメラ(ステレオカメラ)であってもよい。この場合、生体認証制御ユニット15は、目間距離に対する閾値処理に代えて、ステレオカメラから得られる画像を用いてゲート装置10から所定の距離離れた場所の被認証者を検出してもよい。具体的には、生体認証制御ユニット15は、ステレオカメラから得らえる2枚の画像を解析(視差を利用した解析)し、ゲート装置10を基準とした利用者の位置を計算する。生体認証制御ユニット15は、当該計算された位置が予め定めた場所に含まれていれば、当該利用者を被認証者に設定する。 In the above embodiment, it is assumed that the camera 11 is a monocular camera, but the camera 11 may be a depth camera (stereo camera) capable of measuring the depth direction. In this case, the biometric authentication control unit 15 may detect the person to be authenticated at a place distant from the gate device 10 by using the image obtained from the stereo camera instead of the threshold processing for the eye distance. Specifically, the biometric authentication control unit 15 analyzes two images obtained from a stereo camera (analysis using parallax) and calculates the position of the user with reference to the gate device 10. The biometric authentication control unit 15 sets the user as the person to be authenticated if the calculated position is included in a predetermined place.
 生体認証制御ユニット15とサーバ装置20の間のデータ送受信の形態は特に限定されないが、これら装置間で送受信されるデータは暗号化されていてもよい。顔画像や当該顔画像から算出される特徴量は個人情報であり当該個人情報を適切に保護するためには、暗号化されたデータが送受信されることが望ましい。 The form of data transmission / reception between the biometric authentication control unit 15 and the server device 20 is not particularly limited, but the data transmitted / received between these devices may be encrypted. The face image and the feature amount calculated from the face image are personal information, and in order to appropriately protect the personal information, it is desirable that encrypted data is transmitted and received.
 上記実施形態では、被認証者が図3の位置X1から位置X3に移動するまでの間で追跡に失敗することを許容する場合について説明した。しかし、生体認証制御ユニット15(ゲート装置10)は、一度でも追跡に失敗した被認証者のゲート14の通過を拒否してもよい。この場合、生体認証制御ユニット15は、被認証者情報テーブルの追跡ステータスフィールドに「追跡失敗」と設定されたフィールドを「追跡中」で上書きしなければよい。このように、ゲート装置10は、追跡に失敗した被認証者のゲート通過を拒否することで、より厳格な制御(通行者の管理)を実現できる。 In the above embodiment, the case where the subject is allowed to fail in tracking between the position X1 and the position X3 in FIG. 3 has been described. However, the biometric authentication control unit 15 (gate device 10) may refuse to pass through the gate 14 of the subject who has failed to track even once. In this case, the biometric authentication control unit 15 may not overwrite the field set as "tracking failure" in the tracking status field of the subject information table with "tracking". In this way, the gate device 10 can realize stricter control (passer management) by refusing the person to be authenticated who has failed to pass through the gate.
 あるいは、被認証者に関する位置X1から位置X3までの移動に関する追跡処理は実行されなくともよい。即ち、生体認証制御ユニット15は、位置X1にて被認証者の顔画像を記憶し、位置X3にて撮影された顔画像と位置X1の顔画像が同一人物の顔画像の場合に追跡結果を「追跡完了」に設定してもよい。このように、ゲート装置10は、被認証者の位置X1から位置X3までの追跡を省略してもよい。 Alternatively, the tracking process related to the movement from the position X1 to the position X3 regarding the authenticated person may not be executed. That is, the biometric authentication control unit 15 stores the face image of the person to be authenticated at the position X1, and records the tracking result when the face image taken at the position X3 and the face image at the position X1 are the same person's face image. It may be set to "tracking completed". As described above, the gate device 10 may omit tracking from the position X1 to the position X3 of the person to be authenticated.
 あるいは、被認証者の追跡に複数回失敗した場合には、当該被認証者のエントリが被認証者情報テーブルから削除されてもよい。生体認証制御ユニット15は、各追跡対象について追跡失敗の回数を記憶する。生体認証制御ユニット15は、当該追跡失敗回数が所定の閾値よりも多くなれば、該当するエントリを削除してもよい。即ち、被認証者の追跡が複数回に亘り失敗する状況は通常想定できない。このような状況は、被認証者がゲート装置10に向かわず他の場所に向かっていると想定されるので、そのような被認証者はゲート制御の対象から速やかに除外されるのが望ましい。 Alternatively, if the tracking of the authenticated person fails multiple times, the entry of the authenticated person may be deleted from the authenticated person information table. The biometric authentication control unit 15 stores the number of tracking failures for each tracking target. The biometric authentication control unit 15 may delete the corresponding entry if the number of tracking failures exceeds a predetermined threshold value. That is, it is usually not possible to assume a situation in which the tracking of the authenticated person fails multiple times. In such a situation, it is assumed that the subject is heading to another place instead of the gate device 10, and it is desirable that such a subject is promptly excluded from the target of gate control.
 なお、上記実施形態では、ゲート装置10と生体認証制御ユニット15が分離している場合について説明した。しかし、これらの装置が統合されていてもよい。即ち、生体認証制御ユニット15はゲート装置10と一体化されていてもよい。この場合、ゲート装置10は、被認証者検出部111と、要求部112と、追跡部113と、ゲート制御部114と、を備えていてもよい(図19参照)。被認証者検出部111は、所定の位置における人物を被認証者として検出する。要求部112は、検出された被認証者の生体情報を含む認証要求をサーバ装置20に送信する。追跡部113は、検出された被認証者を追跡する。ゲート制御部114は、サーバ装置20による被認証者の生体認証の結果と、自装置の入り口における被認証者の追跡判定の結果と、に基づいてゲート14を制御する。 In the above embodiment, the case where the gate device 10 and the biometric authentication control unit 15 are separated has been described. However, these devices may be integrated. That is, the biometric authentication control unit 15 may be integrated with the gate device 10. In this case, the gate device 10 may include an authenticated person detection unit 111, a request unit 112, a tracking unit 113, and a gate control unit 114 (see FIG. 19). The authenticated person detection unit 111 detects a person at a predetermined position as an authenticated person. The request unit 112 transmits an authentication request including the detected biometric information of the person to be authenticated to the server device 20. The tracking unit 113 tracks the detected person to be authenticated. The gate control unit 114 controls the gate 14 based on the result of biometric authentication of the person to be authenticated by the server device 20 and the result of the tracking determination of the person to be authenticated at the entrance of the own device.
 さらに、ゲート装置10は、入り口への進入者を検出する、侵入者検出部を備え、追跡部113は、侵入者が検出されたことに応じて、被認証者の追跡に関する最終判定を行ってもよい。その際、ゲート制御部114は、生体認証の結果と最終判定の結果に基づいて、ゲート14を制御してもよい。ゲート制御部114は、生体認証の結果が認証成功であり、且つ、追跡に関する最終判定の結果が成功である場合に、被認証者がゲート14を通過することを許可してもよい。 Further, the gate device 10 includes an intruder detection unit that detects an intruder entering the entrance, and the tracking unit 113 makes a final determination regarding the tracking of the authenticated person according to the detection of the intruder. May be good. At that time, the gate control unit 114 may control the gate 14 based on the result of biometric authentication and the result of final determination. The gate control unit 114 may allow the person to be authenticated to pass through the gate 14 when the result of biometric authentication is successful and the result of the final determination regarding tracking is successful.
 上記実施形態では、被認証者情報テーブルを用いて被認証者に関する情報を記憶、管理する場合について説明した。しかし、被認証者に関する情報はデータベース(被認証者情報データベース)を用いて記憶、管理されてもよい。 In the above embodiment, a case where information about the authenticated person is stored and managed using the authenticated person information table has been described. However, information about the authenticated person may be stored and managed using a database (certified person information database).
 上記説明で用いた流れ図(フローチャート、シーケンス図)では、複数の工程(処理)が順番に記載されているが、実施形態で実行される工程の実行順序は、その記載の順番に制限されない。実施形態では、例えば各処理を並行して実行する等、図示される工程の順番を内容的に支障のない範囲で変更することができる。 In the flow chart (flow chart, sequence diagram) used in the above description, a plurality of processes (processes) are described in order, but the execution order of the processes executed in the embodiment is not limited to the order of description. In the embodiment, the order of the illustrated processes can be changed within a range that does not hinder the contents, for example, each process is executed in parallel.
 上記の実施形態は本願開示の理解を容易にするために詳細に説明したものであり、上記説明したすべての構成が必要であることを意図したものではない。また、複数の実施形態について説明した場合には、各実施形態は単独で用いてもよいし、組み合わせて用いてもよい。例えば、実施形態の構成の一部を他の実施形態の構成に置き換えることや、実施形態の構成に他の実施形態の構成を加えることも可能である。さらに、実施形態の構成の一部について他の構成の追加、削除、置換が可能である。 The above embodiment has been described in detail in order to facilitate understanding of the disclosure of the present application, and is not intended to require all the configurations described above. Moreover, when a plurality of embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace a part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Further, it is possible to add, delete, or replace a part of the configuration of the embodiment with another configuration.
 上記の説明により、本発明の産業上の利用可能性は明らかであるが、本発明は、空港や駅等に設置される認証システムなどに好適に適用可能である。 Although the industrial applicability of the present invention is clear from the above description, the present invention is suitably applicable to an authentication system installed at an airport, a station, or the like.
 上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。
[付記1]
 所定の位置における人物を被認証者として検出する、被認証者検出部と、
 前記検出された被認証者の生体情報を含む認証要求をサーバ装置に送信する、要求部と、
 前記検出された被認証者を追跡する、追跡部と、
 前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する、通知部と、
 を備える、生体認証制御ユニット。
[付記2]
 前記追跡部は、前記ゲート装置の入り口における進入者が検出されたことに応じて、前記被認証者の追跡に関する最終判定を行い、
 前記通知部は、前記生体認証の結果と前記最終判定の結果に基づいて、前記被認証者が前記ゲート装置を通行できるか否か判定する、付記1に記載の生体認証制御ユニット。
[付記3]
 前記通知部は、前記生体認証の結果が認証成功であり、且つ、前記追跡に関する最終判定の結果が成功である場合に、前記被認証者が前記ゲート装置を通過できることを示す通行許可通知を前記ゲート装置に送信する、付記2に記載の生体認証制御ユニット。
[付記4]
 前記被認証者検出部は、前記所定の位置で撮影された画像データに含まれる顔画像から計算された目間距離に基づいて前記被認証者の検出を行う、付記1乃至3のいずれか一に記載の生体認証制御ユニット。
[付記5]
 前記追跡部は、前記要求部による前記認証要求の送信と同時に、前記被認証者の追跡を開始する、付記1乃至4のいずれか一に記載の生体認証制御ユニット。
[付記6]
 前記被認証者検出部は、前記被認証者を検出すると、被認証者情報テーブルにエントリを追加し、
 前記要求部は、前記サーバ装置から前記生体認証の結果を受信すると、前記受信した生体認証の結果を前記追加されたエントリの認証ステータスフィールドに設定し、
 前記追跡部は、前記追跡判定の結果を前記追加されたエントリの追跡ステータスフィールドに設定し、
 前記通知部は、前記認証ステータスフィールドの設定値と前記追跡ステータスフィールドの設定値に基づき、前記被認証者が前記ゲート装置を通行できるか否か判定する、付記1乃至5のいずれか一に記載の生体認証制御ユニット。
[付記7]
 前記被認証者情報テーブルに追加されてから所定期間経過したエントリを削除する、テーブル管理部をさらに備える、付記6に記載の生体認証制御ユニット。
[付記8]
 前記追跡部は、前記検出された被認証者の顔追跡を行う、付記1乃至7のいずれか一に記載の生体認証制御ユニット。
[付記9]
 前記生体情報は、顔画像又は顔画像から生成された特徴量である、付記1乃至8のいずれか一に記載の生体認証制御ユニット。
[付記10]
 複数の利用者それぞれの生体情報を記憶し、生体認証を行うサーバ装置と、
 前記サーバ装置と接続された生体認証制御ユニットと、
 前記生体認証制御ユニットと接続されたゲート装置と、
 を含み、
 前記生体認証制御ユニットは、
 所定の位置における人物を被認証者として検出する、被認証者検出部と、
 前記検出された被認証者の生体情報を含む認証要求を前記サーバ装置に送信する、要求部と、
 前記検出された被認証者を追跡する、追跡部と、
 前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する、通知部と、
 を備える、システム。
[付記11]
 前記サーバ装置は、前記複数の利用者それぞれの生体情報と前記認証要求に含まれる生体情報を用いた照合処理を行う、付記10に記載のシステム。
[付記12]
 前記サーバ装置は、前記照合処理の結果特定された利用者が前記ゲート装置を通行する資格を備えているか否か判定する、付記11に記載のシステム。
[付記13]
 生体認証制御ユニットにおいて、
 所定の位置における人物を被認証者として検出し、
 前記検出された被認証者の生体情報を含む認証要求をサーバ装置に送信し、
 前記検出された被認証者を追跡し、
 前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する、生体認証制御ユニットの制御方法。
[付記14]
 生体認証制御ユニットに搭載されたコンピュータに、
 所定の位置における人物を被認証者として検出する処理と、
 前記検出された被認証者の生体情報を含む認証要求をサーバ装置に送信する処理と、
 前記検出された被認証者を追跡する処理と、
 前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する処理と、
 を実行させるためのプログラム。 Some or all of the above embodiments may also be described, but not limited to:
[Appendix 1]
An authenticated person detection unit that detects a person at a predetermined position as an authenticated person,
A request unit that sends an authentication request including the detected biometric information of the person to be authenticated to the server device, and
A tracking unit that tracks the detected person to be authenticated,
Based on the result of the biometric authentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device, it is determined whether or not the person to be authenticated can pass through the gate device. , A notification unit that notifies the gate device of the determination result,
A biometric authentication control unit.
[Appendix 2]
The tracking unit makes a final determination regarding the tracking of the authenticated person in response to the detection of an intruder at the entrance of the gate device.
The biometric authentication control unit according to Appendix 1, wherein the notification unit determines whether or not the person to be authenticated can pass through the gate device based on the result of the biometric authentication and the result of the final determination.
[Appendix 3]
The notification unit issues a pass permission notification indicating that the person to be authenticated can pass through the gate device when the result of the biometric authentication is successful and the result of the final determination regarding the tracking is successful. The biometric authentication control unit according to Appendix 2, which is transmitted to the gate device.
[Appendix 4]
The authenticated person detection unit detects the person to be authenticated based on the inter-eye distance calculated from the face image included in the image data taken at the predetermined position, any one of Supplementary note 1 to 3. The biometric authentication control unit described in.
[Appendix 5]
The biometric authentication control unit according to any one of Supplementary note 1 to 4, wherein the tracking unit starts tracking the authenticated person at the same time as the requesting unit transmits the authentication request.
[Appendix 6]
When the authenticated person detection unit detects the authenticated person, it adds an entry to the authenticated person information table and adds an entry to the authenticated person information table.
Upon receiving the biometric authentication result from the server device, the requesting unit sets the received biometric authentication result in the authentication status field of the added entry.
The tracking unit sets the result of the tracking determination in the tracking status field of the added entry.
The notification unit is described in any one of Supplementary note 1 to 5, which determines whether or not the authenticated person can pass through the gate device based on the set value of the authentication status field and the set value of the tracking status field. Biometric control unit.
[Appendix 7]
The biometric authentication control unit according to Appendix 6, further comprising a table management unit that deletes an entry for which a predetermined period has passed since it was added to the authenticated person information table.
[Appendix 8]
The biometric authentication control unit according to any one of Supplementary note 1 to 7, wherein the tracking unit tracks the face of the detected person to be authenticated.
[Appendix 9]
The biometric authentication control unit according to any one of Supplementary note 1 to 8, wherein the biometric information is a face image or a feature amount generated from the face image.
[Appendix 10]
A server device that stores biometric information for each of multiple users and performs biometric authentication,
The biometric authentication control unit connected to the server device,
The gate device connected to the biometric authentication control unit and
Including
The biometric authentication control unit is
An authenticated person detection unit that detects a person at a predetermined position as an authenticated person,
A request unit that sends an authentication request including the detected biometric information of the person to be authenticated to the server device, and
A tracking unit that tracks the detected person to be authenticated,
Based on the result of the biometric authentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device, it is determined whether or not the person to be authenticated can pass through the gate device. , A notification unit that notifies the gate device of the determination result,
The system.
[Appendix 11]
The system according to Appendix 10, wherein the server device performs collation processing using the biometric information of each of the plurality of users and the biometric information included in the authentication request.
[Appendix 12]
The system according to Appendix 11, wherein the server device determines whether or not the user specified as a result of the collation process is qualified to pass through the gate device.
[Appendix 13]
In the biometric control unit
Detects a person in a predetermined position as a person to be authenticated,
An authentication request including the detected biometric information of the person to be authenticated is transmitted to the server device, and the authentication request is transmitted to the server device.
Track the detected person to be authenticated and
Based on the result of the biometric authentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device, it is determined whether or not the person to be authenticated can pass through the gate device. , A method for controlling a biometric authentication control unit that notifies the gate device of a determination result.
[Appendix 14]
For the computer installed in the biometric authentication control unit,
The process of detecting a person in a predetermined position as a person to be authenticated,
The process of transmitting an authentication request including the detected biometric information of the person to be authenticated to the server device, and
The process of tracking the detected person to be authenticated and
Based on the result of the biometric authentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device, it is determined whether or not the person to be authenticated can pass through the gate device. , The process of notifying the gate device of the determination result,
A program to execute.
 なお、引用した上記の先行技術文献の各開示は、本書に引用をもって繰り込むものとする。以上、本発明の実施形態を説明したが、本発明はこれらの実施形態に限定されるものではない。これらの実施形態は例示にすぎないということ、及び、本発明のスコープ及び精神から逸脱することなく様々な変形が可能であるということは、当業者に理解されるであろう。即ち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得る各種変形、修正を含むことは勿論である。 The disclosures of the above-mentioned prior art documents cited shall be incorporated into this document by citation. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. It will be appreciated by those skilled in the art that these embodiments are merely exemplary and that various modifications are possible without departing from the scope and spirit of the invention. That is, it goes without saying that the present invention includes all disclosure including claims, various modifications and modifications that can be made by those skilled in the art in accordance with the technical idea.
 この出願は、2021年1月5日に出願された日本出願特願2021-000311号を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority based on Japanese Application Japanese Patent Application No. 2021-000311 filed on January 5, 2021, and incorporates all of its disclosures herein.
10、10-1~10-3 ゲート装置
11 カメラ
12、13 検出センサ
14 ゲート
15、100 生体認証制御ユニット
20 サーバ装置
30~33 利用者
101、111、202 被認証者検出部
102、112 要求部
103、113 追跡部
104 通知部
114 ゲート制御部
201、301、401 通信制御部
203 認証要求部
204 被認証者追跡部
205 通行許可通知部
206 テーブル管理部
207 メッセージ出力部
208、304,405 記憶部
302 進入者検出部
303 ゲート制御部
311 プロセッサ
312 メモリ
313 通信インターフェイス
402 利用者登録部
403 認証部
404 ゲート通過通知処理部 10, 10-1 to 10-3 Gate device 11 Camera 12, 13 Detection sensor 14 Gate 15, 100 Biometric authentication control unit 20 Server device 30 to 33 Users 101, 111, 202 Authenticated person detection unit 102, 112 Request unit 103, 113 Tracking unit 104 Notification unit 114 Gate control unit 201, 301, 401 Communication control unit 203 Authentication request unit 204 Authenticated person tracking unit 205 Passage permission notification unit 206 Table management unit 207 Message output unit 208, 304, 405 Storage unit 302 Intruder detection unit 303 Gate control unit 311 Processor 312 Memory 313 Communication interface 402 User registration unit 403 Authentication unit 404 Gate passage notification processing unit

Claims (14)

  1.  所定の位置における人物を被認証者として検出する、被認証者検出手段と、
     前記検出された被認証者の生体情報を含む認証要求をサーバ装置に送信する、要求手段と、
     前記検出された被認証者を追跡する、追跡手段と、
     前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する、通知手段と、
     を備える、生体認証制御ユニット。     A person to be authenticated who detects a person at a predetermined position as a person to be authenticated, and a means for detecting the person to be authenticated.
    A requesting means for transmitting an authentication request including the detected biometric information of the person to be authenticated to the server device, and
    A tracking means for tracking the detected person to be authenticated, and
    Based on the result of the biometric authentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device, it is determined whether or not the person to be authenticated can pass through the gate device. , A notification means for notifying the gate device of the determination result,
    A biometric authentication control unit.
  2.  前記追跡手段は、前記ゲート装置の入り口における進入者が検出されたことに応じて、前記被認証者の追跡に関する最終判定を行い、
     前記通知手段は、前記生体認証の結果と前記最終判定の結果に基づいて、前記被認証者が前記ゲート装置を通行できるか否か判定する、請求項1に記載の生体認証制御ユニット。     The tracking means makes a final determination regarding the tracking of the authenticated person in response to the detection of an intruder at the entrance of the gate device.
    The biometric authentication control unit according to claim 1, wherein the notification means determines whether or not the person to be authenticated can pass through the gate device based on the result of the biometric authentication and the result of the final determination.
  3.  前記通知手段は、前記生体認証の結果が認証成功であり、且つ、前記追跡に関する最終判定の結果が成功である場合に、前記被認証者が前記ゲート装置を通過できることを示す通行許可通知を前記ゲート装置に送信する、請求項2に記載の生体認証制御ユニット。 The notification means provides a pass permission notification indicating that the person to be authenticated can pass through the gate device when the result of the biometric authentication is successful and the result of the final determination regarding the tracking is successful. The biometric authentication control unit according to claim 2, which is transmitted to the gate device.
  4.  前記被認証者検出手段は、前記所定の位置で撮影された画像データに含まれる顔画像から計算された目間距離に基づいて前記被認証者の検出を行う、請求項1乃至3のいずれか一項に記載の生体認証制御ユニット。 Any one of claims 1 to 3, wherein the authenticated person detecting means detects the authenticated person based on the inter-eye distance calculated from the face image included in the image data taken at the predetermined position. The biometric authentication control unit according to item 1.
  5.  前記追跡手段は、前記要求手段による前記認証要求の送信と同時に、前記被認証者の追跡を開始する、請求項1乃至4のいずれか一項に記載の生体認証制御ユニット。 The biometric authentication control unit according to any one of claims 1 to 4, wherein the tracking means starts tracking of the person to be authenticated at the same time as transmission of the authentication request by the requesting means.
  6.  前記被認証者検出手段は、前記被認証者を検出すると、被認証者情報テーブルにエントリを追加し、
     前記要求手段は、前記サーバ装置から前記生体認証の結果を受信すると、前記受信した生体認証の結果を前記追加されたエントリの認証ステータスフィールドに設定し、
     前記追跡手段は、前記追跡判定の結果を前記追加されたエントリの追跡ステータスフィールドに設定し、
     前記通知手段は、前記認証ステータスフィールドの設定値と前記追跡ステータスフィールドの設定値に基づき、前記被認証者が前記ゲート装置を通行できるか否か判定する、請求項1乃至5のいずれか一項に記載の生体認証制御ユニット。     When the authenticated person detecting means detects the authenticated person, the authenticated person detecting means adds an entry to the authenticated person information table and adds an entry to the authenticated person information table.
    When the requesting means receives the biometric authentication result from the server device, the requesting means sets the received biometric authentication result in the authentication status field of the added entry.
    The tracking means sets the result of the tracking determination in the tracking status field of the added entry.
    One of claims 1 to 5, wherein the notification means determines whether or not the authenticated person can pass through the gate device based on the set value of the authentication status field and the set value of the tracking status field. The biometric authentication control unit described in.
  7.  前記被認証者情報テーブルに追加されてから所定期間経過したエントリを削除する、テーブル管理手段をさらに備える、請求項6に記載の生体認証制御ユニット。 The biometric authentication control unit according to claim 6, further comprising a table management means for deleting an entry for which a predetermined period has passed since it was added to the authenticated person information table.
  8.  前記追跡手段は、前記検出された被認証者の顔追跡を行う、請求項1乃至7のいずれか一項に記載の生体認証制御ユニット。 The biometric authentication control unit according to any one of claims 1 to 7, wherein the tracking means tracks the face of the detected person to be authenticated.
  9.  前記生体情報は、顔画像又は顔画像から生成された特徴量である、請求項1乃至8のいずれか一項に記載の生体認証制御ユニット。 The biometric authentication control unit according to any one of claims 1 to 8, wherein the biometric information is a face image or a feature amount generated from the face image.
  10.  複数の利用者それぞれの生体情報を記憶し、生体認証を行うサーバ装置と、
     前記サーバ装置と接続された生体認証制御ユニットと、
     前記生体認証制御ユニットと接続されたゲート装置と、
     を含み、
     前記生体認証制御ユニットは、
     所定の位置における人物を被認証者として検出する、被認証者検出手段と、
     前記検出された被認証者の生体情報を含む認証要求を前記サーバ装置に送信する、要求手段と、
     前記検出された被認証者を追跡する、追跡手段と、
     前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する、通知手段と、
     を備える、システム。     A server device that stores biometric information for each of multiple users and performs biometric authentication,
    The biometric authentication control unit connected to the server device,
    The gate device connected to the biometric authentication control unit and
    Including
    The biometric authentication control unit is
    A person to be authenticated who detects a person at a predetermined position as a person to be authenticated, and a means for detecting the person to be authenticated.
    A requesting means for transmitting an authentication request including the detected biometric information of the person to be authenticated to the server device, and
    A tracking means for tracking the detected person to be authenticated, and
    Based on the result of the biometric authentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device, it is determined whether or not the person to be authenticated can pass through the gate device. , A notification means for notifying the gate device of the determination result,
    The system.
  11.  前記サーバ装置は、前記複数の利用者それぞれの生体情報と前記認証要求に含まれる生体情報を用いた照合処理を行う、請求項10に記載のシステム。 The system according to claim 10, wherein the server device performs collation processing using the biometric information of each of the plurality of users and the biometric information included in the authentication request.
  12.  前記サーバ装置は、前記照合処理の結果特定された利用者が前記ゲート装置を通行する資格を備えているか否か判定する、請求項11に記載のシステム。 The system according to claim 11, wherein the server device determines whether or not the user specified as a result of the collation process is qualified to pass through the gate device.
  13.  生体認証制御ユニットにおいて、
     所定の位置における人物を被認証者として検出し、
     前記検出された被認証者の生体情報を含む認証要求をサーバ装置に送信し、
     前記検出された被認証者を追跡し、
     前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する、生体認証制御ユニットの制御方法。     In the biometric control unit
    Detects a person in a predetermined position as a person to be authenticated,
    An authentication request including the detected biometric information of the person to be authenticated is transmitted to the server device, and the authentication request is transmitted to the server device.
    Track the detected person to be authenticated and
    Based on the result of the biometric authentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device, it is determined whether or not the person to be authenticated can pass through the gate device. , A control method of the biometric authentication control unit for notifying the gate device of the determination result.
  14.  生体認証制御ユニットに搭載されたコンピュータに、
     所定の位置における人物を被認証者として検出する処理と、
     前記検出された被認証者の生体情報を含む認証要求をサーバ装置に送信する処理と、
     前記検出された被認証者を追跡する処理と、
     前記サーバ装置による前記被認証者の生体認証の結果と、ゲート装置の入り口における前記被認証者の追跡判定の結果と、に基づいて前記被認証者が前記ゲート装置を通行できるか否か判定し、判定結果を前記ゲート装置に通知する処理と、
     を実行させるためのプログラムが記録されたコンピュータ読み取り可能な記録媒体。     For the computer installed in the biometric authentication control unit,
    The process of detecting a person in a predetermined position as a person to be authenticated,
    The process of transmitting an authentication request including the detected biometric information of the person to be authenticated to the server device, and
    The process of tracking the detected person to be authenticated and
    Based on the result of the biometric authentication of the person to be authenticated by the server device and the result of the tracking determination of the person to be authenticated at the entrance of the gate device, it is determined whether or not the person to be authenticated can pass through the gate device. , The process of notifying the gate device of the determination result,
    A computer-readable recording medium on which the program for executing the program is recorded.
PCT/JP2021/044024 2021-01-05 2021-12-01 Biometric authentication control unit, system, control method for biometric authentication control unit, and recording medium WO2022149376A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2022573944A JPWO2022149376A5 (en) 2021-12-01 Biometrics control unit, system, control method for biometrics control unit, and computer program

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2021-000311 2021-01-05
JP2021000311 2021-01-05

Publications (1)

Publication Number Publication Date
WO2022149376A1 true WO2022149376A1 (en) 2022-07-14

Family

ID=82357240

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/044024 WO2022149376A1 (en) 2021-01-05 2021-12-01 Biometric authentication control unit, system, control method for biometric authentication control unit, and recording medium

Country Status (1)

Country Link
WO (1) WO2022149376A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007303239A (en) * 2006-05-15 2007-11-22 Konica Minolta Holdings Inc Authentication apparatus, method of controlling authentication apparatus, and control program of authentication apparatus
JP2015001790A (en) * 2013-06-14 2015-01-05 セコム株式会社 Face authentication system
JP2020077399A (en) * 2019-10-10 2020-05-21 日本電気株式会社 Information processing device
JP2020086780A (en) * 2018-11-21 2020-06-04 日本電気株式会社 Information processing device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007303239A (en) * 2006-05-15 2007-11-22 Konica Minolta Holdings Inc Authentication apparatus, method of controlling authentication apparatus, and control program of authentication apparatus
JP2015001790A (en) * 2013-06-14 2015-01-05 セコム株式会社 Face authentication system
JP2020086780A (en) * 2018-11-21 2020-06-04 日本電気株式会社 Information processing device
JP2020077399A (en) * 2019-10-10 2020-05-21 日本電気株式会社 Information processing device

Also Published As

Publication number Publication date
JPWO2022149376A1 (en) 2022-07-14

Similar Documents

Publication Publication Date Title
US11568695B1 (en) Information-based, biometric, asynchronous access control system
US20230401914A1 (en) Information processing apparatus, information processing system, and information processing method
JP2005242775A (en) Gate system
US20220415105A1 (en) Information processing apparatus, information processing system, and information processing method
WO2022064830A1 (en) Image processing device, image processing system, image processing method, and program
WO2022149376A1 (en) Biometric authentication control unit, system, control method for biometric authentication control unit, and recording medium
JP2023153850A (en) Gate device, authentication system, gate device control method, and storage medium
WO2021186628A1 (en) Gate device, authentication system, gate control method, and storage medium
WO2023032011A1 (en) Biometric authentication control unit, system, control method for biometric authentication control unit, and recording medium
WO2022234613A1 (en) System, gate device, control method for gate device, and storage medium
JP7287574B2 (en) Information processing device, information processing system, information processing method and program
US20230025272A1 (en) Gate apparatus, server apparatus, emigration and immigration examination system,control method of gate apparatus, and control method of server apparatus
WO2022208640A1 (en) Gate device, biometric authentication control unit, system, gate device control method, and storage medium
JPWO2022208640A5 (en)
KR102538649B1 (en) Parking management method and apparatus based on occupant authentication
WO2022079762A1 (en) Server device, visitor notification system, visitor notification method, and storage medium
WO2023176167A1 (en) Registration device, registration method, and program
JP7327650B2 (en) GATE DEVICE, AUTHENTICATION SYSTEM, GATE DEVICE CONTROL METHOD AND PROGRAM
AU2024202070A1 (en) Gate device, authentication system, gate control method, and storage medium
JP7276523B2 (en) MANAGEMENT SERVER, SYSTEM, TOKEN ISSUING METHOD AND COMPUTER PROGRAM
JP7363981B2 (en) System, server device, control method and program for server device
WO2023162041A1 (en) Server device, system, server device control method, and storage medium
WO2023157158A1 (en) System, server device, server device control method, and storage medium
WO2020129675A1 (en) Authentication device, authentication method, and program
WO2021260773A1 (en) Authentication system, authentication terminal, method for controlling authentication terminal, and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21917597

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022573944

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21917597

Country of ref document: EP

Kind code of ref document: A1